package oracle.security.jazn.oc4j;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import oracle.security.jazn.ApplicationServerProxy;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.JAZNException;
import oracle.security.jazn.JAZNWebAppConfig;
import oracle.security.jazn.action.GetJAZNConfigPropertyAction;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmPrincipal;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.util.Env;
import oracle.security.jazn.util.Misc;

/* loaded from: input_file:oracle/security/jazn/oc4j/JAZNFilter.class */
public class JAZNFilter implements Filter {
    private FilterConfig _filterConfig;
    private GenericUserManager _userMgr;
    private JAZNConfig _jaznConfig;
    private JAZNWebAppConfig _jwaConfig;

    public JAZNFilter() {
    }

    public JAZNFilter(JAZNConfig jAZNConfig) {
        this(jAZNConfig, null);
    }

    public JAZNFilter(JAZNConfig jAZNConfig, JAZNWebAppConfig jAZNWebAppConfig) {
        this(null, jAZNConfig, jAZNWebAppConfig);
    }

    public JAZNFilter(GenericUserManager genericUserManager, JAZNConfig jAZNConfig, JAZNWebAppConfig jAZNWebAppConfig) {
        this._userMgr = genericUserManager;
        this._jaznConfig = jAZNConfig;
        this._jwaConfig = jAZNWebAppConfig;
    }

    private final JAZNConfig getJAZNConfig() {
        return this._jaznConfig;
    }

    private final JAZNWebAppConfig getJAZNWebAppConfig() {
        return this._jwaConfig;
    }

    private final Realm getRealm(Principal principal) {
        Realm realm = null;
        if (principal != null && (principal instanceof JAZNUserAdaptor)) {
            realm = ((JAZNUserAdaptor) principal).getRealm();
        }
        if (realm == null && this._userMgr != null) {
            realm = this._userMgr.getDefaultRealm();
        }
        return realm;
    }

    private final void addGrantedRoles(RealmPrincipal realmPrincipal, Subject subject) throws ServletException, JAZNException {
        if (realmPrincipal != null) {
            Iterator it = realmPrincipal.getRealm().getRoleManager().getGrantedRoles(realmPrincipal, !getBooleanFilterProperty(Env.RBAC_HIERARCHY, true)).iterator();
            while (it.hasNext()) {
                subject.getPrincipals().add((Principal) it.next());
            }
        }
    }

    private final Subject getSubject(HttpServletRequest httpServletRequest, Realm realm) throws ServletException {
        Subject subject = null;
        try {
            boolean z = true;
            Principal principal = null;
            String runAsRole = ApplicationServerProxy.getRunAsRole(httpServletRequest);
            if (runAsRole != null) {
                subject = new Subject();
                z = false;
                List groupsForRole = ApplicationServerProxy.getGroupsForRole(runAsRole);
                if (groupsForRole != null) {
                    Iterator it = groupsForRole.iterator();
                    while (it.hasNext()) {
                        RealmRole role = realm.getRoleManager().getRole((String) it.next());
                        subject.getPrincipals().add(role);
                        addGrantedRoles(role, subject);
                    }
                }
            }
            if (subject == null && z) {
                Principal userPrincipal = httpServletRequest.getUserPrincipal();
                if (userPrincipal == null) {
                    subject = (Subject) JAZNUserManager.getThrAttr(Env.JAAS_SUBJECT);
                } else if (userPrincipal != null) {
                    if (userPrincipal instanceof JAZNUserAdaptor) {
                        subject = ((JAZNUserAdaptor) userPrincipal).getSubject();
                        if (subject == null) {
                            subject = new Subject();
                            principal = ((JAZNUserAdaptor) userPrincipal).getRealmUser();
                            subject.getPrincipals().add(principal);
                            addGrantedRoles(principal, subject);
                        }
                    } else {
                        subject.getPrincipals().add(userPrincipal);
                    }
                }
            }
            if (subject == null) {
                subject = new Subject();
            }
            if (getBooleanFilterProperty(Env.CSIV2_IDENTITY_ASSERTION, false) && getFilterProperty(Env.PROP_AUTH_METHOD).equalsIgnoreCase(KerberosAuthenticator.SSO_REALM)) {
                subject.getPublicCredentials().add(ApplicationServerProxy.createGSSUPName(principal.getName(), "default"));
            }
            return subject;
        } catch (JAZNException e) {
            throw new ServletException(Misc.getResourceBundle().getString("The system is unable to retrieve the user information."));
        } catch (Exception e2) {
            throw new ServletException(Misc.getResourceBundle().getString("The system is unable to retrieve the user information."));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        JAZNServletRequest jAZNServletRequest = (HttpServletRequest) servletRequest;
        JAZNServletResponse jAZNServletResponse = (HttpServletResponse) servletResponse;
        String filterProperty = getFilterProperty(Env.PROP_AUTH_METHOD);
        if ((filterProperty != null && filterProperty.equals(KerberosAuthenticator.SSO_REALM)) || getBoolJAZNProperty(Env.ROLE_MAPPING_DYNAMIC, Env.ROLE_MAPPING_DYNAMIC_DEFAULT)) {
            jAZNServletRequest = jAZNServletRequest instanceof JAZNServletRequest ? jAZNServletRequest : new JAZNServletRequest(getJAZNConfig(), getJAZNWebAppConfig(), jAZNServletRequest);
            jAZNServletResponse = jAZNServletResponse instanceof JAZNServletResponse ? jAZNServletResponse : new JAZNServletResponse(jAZNServletRequest, jAZNServletResponse);
        }
        ApplicationServerProxy.setCertificateAsAttribute(servletRequest, "java.security.cert.X509Certificate");
        if (!getBooleanFilterProperty(Env.PROP_RUNAS_MODE, false)) {
            filterChain.doFilter(jAZNServletRequest, jAZNServletResponse);
            return;
        }
        boolean booleanFilterProperty = getBooleanFilterProperty(Env.PROP_DOASPRIV_MODE, true);
        Subject subject = getSubject(jAZNServletRequest, getRealm(jAZNServletRequest.getUserPrincipal()));
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction(this, filterChain, jAZNServletRequest, jAZNServletResponse) { // from class: oracle.security.jazn.oc4j.JAZNFilter.1
            private final FilterChain val$fchain;
            private final HttpServletRequest val$fhreq;
            private final HttpServletResponse val$fhresp;
            private final JAZNFilter this$0;

            {
                this.this$0 = this;
                this.val$fchain = filterChain;
                this.val$fhreq = jAZNServletRequest;
                this.val$fhresp = jAZNServletResponse;
            }

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    this.val$fchain.doFilter(this.val$fhreq, this.val$fhresp);
                    return null;
                } catch (Exception e) {
                    throw new ServletException(e.getMessage(), e);
                }
            }
        };
        try {
            if (booleanFilterProperty) {
                Subject.doAsPrivileged(subject, privilegedExceptionAction, (AccessControlContext) null);
            } else {
                Subject.doAs(subject, privilegedExceptionAction);
            }
        } catch (PrivilegedActionException e) {
            throw new ServletException(Misc.getResourceBundle().getString("The system encounters errors while running as the authenticated identity."), e);
        }
    }

    private static void printSet(Set set, PrintWriter printWriter) {
        try {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                printWriter.println(new StringBuffer().append("\t\t").append(it.next()).toString());
            }
        } catch (Exception e) {
        }
    }

    private static void printSubject(Subject subject, PrintWriter printWriter) {
        if (subject == null) {
            return;
        }
        try {
            printWriter.println("Current Subject");
            Set<Principal> principals = subject.getPrincipals();
            if (principals != null) {
                printWriter.println("\tPrincipals:");
                printSet(principals, printWriter);
            } else {
                printWriter.println("\tNULL");
            }
            Set<Object> publicCredentials = subject.getPublicCredentials();
            if (publicCredentials != null) {
                printWriter.println("\tPublic Credentials:");
                printSet(publicCredentials, printWriter);
            } else {
                printWriter.println("\tNULL");
            }
            Set<Object> privateCredentials = subject.getPrivateCredentials();
            if (privateCredentials != null) {
                printWriter.println("\tPrivate Credentials:");
                printSet(privateCredentials, printWriter);
            } else {
                printWriter.println("\tNULL");
            }
        } catch (Exception e) {
        }
    }

    public void init(FilterConfig filterConfig) {
        this._filterConfig = filterConfig;
    }

    public void destroy() {
        this._filterConfig = null;
        this._userMgr = null;
        this._jaznConfig = null;
        this._jwaConfig = null;
    }

    protected boolean getBooleanFilterProperty(String str, boolean z) {
        String filterProperty = getFilterProperty(str);
        return filterProperty == null ? z : filterProperty.equals("true");
    }

    protected String getFilterProperty(String str) {
        return getFilterProperty(str, null);
    }

    protected String getFilterProperty(String str, String str2) {
        String initParameter = this._filterConfig.getInitParameter(str);
        if (initParameter == null && this._jwaConfig != null) {
            initParameter = this._jwaConfig.getProperty(str);
        }
        if (initParameter == null && this._jaznConfig != null) {
            initParameter = getJAZNProperty(str, str2);
        }
        return initParameter;
    }

    private final String getJAZNProperty(String str) {
        return getJAZNProperty(str, null);
    }

    private final String getJAZNProperty(String str, String str2) {
        return (String) AccessController.doPrivileged((PrivilegedAction) new GetJAZNConfigPropertyAction(getJAZNConfig(), str, str2));
    }

    private boolean getBoolJAZNProperty(String str, String str2) {
        return Boolean.valueOf(getJAZNProperty(str, str2)).booleanValue();
    }
}
