package org.apache.wiki.auth;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;
import org.apache.wiki.InternalWikiException;
import org.apache.wiki.WikiEngine;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.UserManager;
import org.apache.wiki.auth.authorize.Group;
import org.apache.wiki.auth.authorize.GroupDatabase;
import org.apache.wiki.auth.authorize.GroupManager;
import org.apache.wiki.auth.authorize.Role;
import org.apache.wiki.auth.authorize.WebContainerAuthorizer;
import org.apache.wiki.auth.permissions.AllPermission;
import org.apache.wiki.auth.permissions.GroupPermission;
import org.apache.wiki.auth.permissions.PagePermission;
import org.apache.wiki.auth.permissions.PermissionFactory;
import org.apache.wiki.auth.permissions.WikiPermission;
import org.apache.wiki.auth.user.UserDatabase;
import org.apache.wiki.auth.user.UserProfile;
import org.apache.wiki.ui.Installer;
import org.freshcookies.security.policy.PolicyReader;
import org.jdom2.JDOMException;

/* loaded from: input_file:WEB-INF/lib/jspwiki-war-2.10.2.jar:org/apache/wiki/auth/SecurityVerifier.class */
public final class SecurityVerifier {
    private static final long serialVersionUID = -3859563355089169941L;
    private WikiEngine m_engine;
    private boolean m_isSecurityPolicyConfigured = false;
    private Principal[] m_policyPrincipals = new Principal[0];
    private WikiSession m_session;
    public static final String ERROR = "Error.";
    public static final String WARNING = "Warning.";
    public static final String INFO = "Info.";
    public static final String ERROR_POLICY = "Error.Policy";
    public static final String WARNING_POLICY = "Warning.Policy";
    public static final String INFO_POLICY = "Info.Policy";
    public static final String ERROR_JAAS = "Error.Jaas";
    public static final String WARNING_JAAS = "Warning.Jaas";
    public static final String ERROR_ROLES = "Error.Roles";
    public static final String INFO_ROLES = "Info.Roles";
    public static final String ERROR_DB = "Error.UserDatabase";
    public static final String WARNING_DB = "Warning.UserDatabase";
    public static final String INFO_DB = "Info.UserDatabase";
    public static final String ERROR_GROUPS = "Error.GroupDatabase";
    public static final String WARNING_GROUPS = "Warning.GroupDatabase";
    public static final String INFO_GROUPS = "Info.GroupDatabase";
    public static final String INFO_JAAS = "Info.Jaas";
    private static final String BG_GREEN = "bgcolor=\"#c0ffc0\"";
    private static final String BG_RED = "bgcolor=\"#ffc0c0\"";
    private static final String[] CONTAINER_ACTIONS = {"View pages", "Comment on existing pages", "Edit pages", "Upload attachments", "Create a new group", "Rename an existing page", "Delete pages"};
    private static final String[] CONTAINER_JSPS = {"/Wiki.jsp", "/Comment.jsp", "/Edit.jsp", "/Upload.jsp", "/NewGroup.jsp", "/Rename.jsp", "/Delete.jsp"};
    private static final Logger LOG = Logger.getLogger(SecurityVerifier.class.getName());

    public SecurityVerifier(WikiEngine wikiEngine, WikiSession wikiSession) {
        this.m_engine = wikiEngine;
        this.m_session = wikiSession;
        this.m_session.clearMessages();
        verifyJaas();
        verifyPolicy();
        try {
            verifyPolicyAndContainerRoles();
        } catch (WikiException e) {
            this.m_session.addMessage(ERROR_ROLES, e.getMessage());
        }
        verifyGroupDatabase();
        verifyUserDatabase();
    }

    public Principal[] policyPrincipals() {
        return this.m_policyPrincipals;
    }

    public String policyRoleTable() {
        Principal[] principalArr = this.m_policyPrincipals;
        String applicationName = this.m_engine.getApplicationName();
        String[] strArr = {"Main", "Index", "GroupTest", "GroupAdmin"};
        String[] strArr2 = {"view", "edit", PagePermission.MODIFY_ACTION, PagePermission.RENAME_ACTION, "delete"};
        String[] strArr3 = {Installer.ADMIN_GROUP, "TestGroup", "Foo"};
        String[] strArr4 = {"view", "edit", null, null, "delete"};
        String str = (strArr2.length <= 0 || principalArr.length <= 0) ? "67%" : (67.0f / (strArr2.length * principalArr.length)) + "%";
        StringBuilder sb = new StringBuilder();
        sb.append("<table class=\"wikitable\" border=\"1\">\n");
        sb.append("  <colgroup span=\"1\" width=\"33%\"/>\n");
        sb.append("  <colgroup span=\"" + (strArr2.length * principalArr.length) + "\" width=\"" + str + "\" align=\"center\"/>\n");
        sb.append("  <tr>\n");
        sb.append("    <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n");
        for (int i = 0; i < principalArr.length; i++) {
            sb.append("    <th colspan=\"" + strArr2.length + "\" title=\"" + principalArr[i].getClass().getName() + "\">" + principalArr[i].getName() + "</th>\n");
        }
        sb.append("  </tr>\n");
        sb.append("  <tr>\n");
        for (int i2 = 0; i2 < principalArr.length; i2++) {
            for (String str2 : strArr2) {
                sb.append("    <th title=\"" + str2 + "\">" + str2.substring(0, 1) + "</th>\n");
            }
        }
        sb.append("  </tr>\n");
        for (String str3 : strArr) {
            sb.append("  <tr>\n");
            sb.append("    <td>PagePermission \"" + applicationName + ":" + str3 + "\"</td>\n");
            for (Principal principal : principalArr) {
                for (String str4 : strArr2) {
                    sb.append(printPermissionTest(PermissionFactory.getPagePermission(applicationName + ":" + str3, str4), principal, 1));
                }
            }
            sb.append("  </tr>\n");
        }
        for (String str5 : strArr3) {
            sb.append("  <tr>\n");
            sb.append("    <td>GroupPermission \"" + applicationName + ":" + str5 + "\"</td>\n");
            for (Principal principal2 : principalArr) {
                for (String str6 : strArr4) {
                    GroupPermission groupPermission = null;
                    if (str6 != null) {
                        groupPermission = new GroupPermission(applicationName + ":" + str5, str6);
                    }
                    sb.append(printPermissionTest(groupPermission, principal2, 1));
                }
            }
            sb.append("  </tr>\n");
        }
        for (String str7 : new String[]{WikiPermission.CREATE_GROUPS_ACTION, WikiPermission.CREATE_PAGES_ACTION, WikiPermission.LOGIN_ACTION, WikiPermission.EDIT_PREFERENCES_ACTION, WikiPermission.EDIT_PROFILE_ACTION}) {
            sb.append("  <tr>\n");
            sb.append("    <td>WikiPermission \"" + applicationName + "\",\"" + str7 + "\"</td>\n");
            for (Principal principal3 : principalArr) {
                sb.append(printPermissionTest(new WikiPermission(applicationName, str7), principal3, strArr2.length));
            }
            sb.append("  </tr>\n");
        }
        sb.append("  <tr>\n");
        sb.append("    <td>AllPermission \"" + applicationName + "\"</td>\n");
        for (Principal principal4 : principalArr) {
            sb.append(printPermissionTest(new AllPermission(applicationName), principal4, strArr2.length));
        }
        sb.append("  </tr>\n");
        sb.append("</table>");
        return sb.toString();
    }

    private String printPermissionTest(Permission permission, Principal principal, int i) {
        StringBuilder sb = new StringBuilder();
        if (permission == null) {
            sb.append("    <td colspan=\"" + i + "\" align=\"center\" title=\"N/A\">");
            sb.append("&nbsp;</td>\n");
        } else {
            boolean verifyStaticPermission = verifyStaticPermission(principal, permission);
            sb.append("    <td colspan=\"" + i + "\" align=\"center\" title=\"");
            sb.append(verifyStaticPermission ? "ALLOW: " : "DENY: ");
            sb.append(permission.getClass().getName());
            sb.append(" &quot;");
            sb.append(permission.getName());
            sb.append("&quot;");
            if (permission.getName() != null) {
                sb.append(",&quot;");
                sb.append(permission.getActions());
                sb.append("&quot;");
            }
            sb.append(" ");
            sb.append(principal.getClass().getName());
            sb.append(" &quot;");
            sb.append(principal.getName());
            sb.append("&quot;");
            sb.append("\"");
            sb.append(verifyStaticPermission ? "bgcolor=\"#c0ffc0\">" : "bgcolor=\"#ffc0c0\">");
            sb.append("&nbsp;</td>\n");
        }
        return sb.toString();
    }

    public String containerRoleTable() throws WikiException {
        Authorizer authorizer = this.m_engine.getAuthorizationManager().getAuthorizer();
        if (!(authorizer instanceof WebContainerAuthorizer)) {
            throw new IllegalStateException("Authorizer should be WebContainerAuthorizer");
        }
        StringBuilder sb = new StringBuilder();
        Principal[] roles = authorizer.getRoles();
        sb.append("<table class=\"wikitable\" border=\"1\">\n");
        sb.append("<thead>\n");
        sb.append("  <tr>\n");
        sb.append("    <th rowspan=\"2\">Action</th>\n");
        sb.append("    <th rowspan=\"2\">Page</th>\n");
        sb.append("    <th colspan=\"" + roles.length + "1\">Roles</th>\n");
        sb.append("  </tr>\n");
        sb.append("  <tr>\n");
        sb.append("    <th>Anonymous</th>\n");
        for (Principal principal : roles) {
            sb.append("    <th>" + principal.getName() + "</th>\n");
        }
        sb.append("</tr>\n");
        sb.append("</thead>\n");
        sb.append("<tbody>\n");
        try {
            WebContainerAuthorizer webContainerAuthorizer = (WebContainerAuthorizer) authorizer;
            for (int i = 0; i < CONTAINER_ACTIONS.length; i++) {
                String str = CONTAINER_ACTIONS[i];
                String str2 = CONTAINER_JSPS[i];
                boolean z = !webContainerAuthorizer.isConstrained(str2, Role.ALL);
                sb.append("  <tr>\n");
                sb.append("    <td>" + str + "</td>\n");
                sb.append("    <td>" + str2 + "</td>\n");
                sb.append("    <td title=\"");
                sb.append(z ? "ALLOW: " : "DENY: ");
                sb.append(str2);
                sb.append(" Anonymous");
                sb.append("\"");
                sb.append(z ? "bgcolor=\"#c0ffc0\">" : "bgcolor=\"#ffc0c0\">");
                sb.append("&nbsp;</td>\n");
                for (Principal principal2 : roles) {
                    boolean z2 = z || webContainerAuthorizer.isConstrained(str2, (Role) principal2);
                    sb.append("    <td title=\"");
                    sb.append(z2 ? "ALLOW: " : "DENY: ");
                    sb.append(str2);
                    sb.append(" ");
                    sb.append(principal2.getClass().getName());
                    sb.append(" &quot;");
                    sb.append(principal2.getName());
                    sb.append("&quot;");
                    sb.append("\"");
                    sb.append(z2 ? "bgcolor=\"#c0ffc0\">" : "bgcolor=\"#ffc0c0\">");
                    sb.append("&nbsp;</td>\n");
                }
                sb.append("  </tr>\n");
            }
            sb.append("</tbody>\n");
            sb.append("</table>\n");
            return sb.toString();
        } catch (JDOMException e) {
            LOG.error("Malformed XML in web.xml", e);
            throw new InternalWikiException(e.getClass().getName() + ": " + e.getMessage());
        }
    }

    public boolean isSecurityPolicyConfigured() {
        return this.m_isSecurityPolicyConfigured;
    }

    public Principal[] webContainerRoles() throws WikiException {
        Authorizer authorizer = this.m_engine.getAuthorizationManager().getAuthorizer();
        return authorizer instanceof WebContainerAuthorizer ? ((WebContainerAuthorizer) authorizer).getRoles() : new Principal[0];
    }

    protected void verifyPolicyAndContainerRoles() throws WikiException {
        Principal[] roles = this.m_engine.getAuthorizationManager().getAuthorizer().getRoles();
        boolean z = false;
        for (Principal principal : this.m_policyPrincipals) {
            if (principal instanceof Role) {
                Role role = (Role) principal;
                boolean contains = ArrayUtils.contains(roles, role);
                if (!Role.isBuiltInRole(role) && !contains) {
                    this.m_session.addMessage(ERROR_ROLES, "Role '" + role.getName() + "' is defined in security policy but not in web.xml.");
                    z = true;
                }
            }
        }
        if (z) {
            return;
        }
        this.m_session.addMessage(INFO_ROLES, "Every non-standard role defined in the security policy was also found in web.xml.");
    }

    protected void verifyGroupDatabase() {
        GroupManager groupManager = this.m_engine.getGroupManager();
        GroupDatabase groupDatabase = null;
        try {
            groupDatabase = this.m_engine.getGroupManager().getGroupDatabase();
        } catch (WikiSecurityException e) {
            this.m_session.addMessage(ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage());
        }
        if (groupManager == null || groupDatabase == null) {
            if (groupManager == null) {
                this.m_session.addMessage(ERROR_GROUPS, "GroupManager is null; JSPWiki could not initialize it. Check the error logs.");
            }
            if (groupDatabase == null) {
                this.m_session.addMessage(ERROR_GROUPS, "GroupDatabase is null; JSPWiki could not initialize it. Check the error logs.");
                return;
            }
            return;
        }
        this.m_session.addMessage(INFO_GROUPS, "GroupDatabase is of type '" + groupDatabase.getClass().getName() + "'. It appears to be initialized properly.");
        try {
            int length = groupDatabase.groups().length;
            this.m_session.addMessage(INFO_GROUPS, "The group database contains " + length + " groups.");
            try {
                Group parseGroup = groupManager.parseGroup("TestGroup" + System.currentTimeMillis(), "", true);
                parseGroup.add(new WikiPrincipal("TestUser"));
                groupDatabase.save(parseGroup, new WikiPrincipal("SecurityVerifier"));
                if (groupDatabase.groups().length == length) {
                    this.m_session.addMessage(ERROR_GROUPS, "Could not add a test group to the database.");
                    return;
                }
                this.m_session.addMessage(INFO_GROUPS, "The group database allows new groups to be created, as it should.");
                try {
                    groupDatabase.delete(parseGroup);
                    if (groupDatabase.groups().length != length) {
                        this.m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database.");
                    } else {
                        this.m_session.addMessage(INFO_GROUPS, "The group database allows groups to be deleted, as it should.");
                        this.m_session.addMessage(INFO_GROUPS, "The group database configuration looks fine.");
                    }
                } catch (WikiSecurityException e2) {
                    this.m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database: " + e2.getMessage());
                }
            } catch (WikiSecurityException e3) {
                this.m_session.addMessage(ERROR_GROUPS, "Could not add a group to the database: " + e3.getMessage());
            }
        } catch (WikiSecurityException e4) {
            this.m_session.addMessage(ERROR_GROUPS, "Could not obtain a list of current groups: " + e4.getMessage());
        }
    }

    protected void verifyJaas() {
        String property = this.m_engine.getWikiProperties().getProperty("jspwiki.loginModule.class");
        if (property == null || property.length() == 0) {
            this.m_session.addMessage(ERROR_JAAS, "The value of the 'jspwiki.loginModule.class' property was null or blank. This is a fatal error. This value should be set to a valid LoginModule implementation on the classpath.");
            return;
        }
        Class<?> cls = null;
        try {
            this.m_session.addMessage(INFO_JAAS, "The property 'jspwiki.loginModule.class' specified the class '" + property + ".'");
            cls = Class.forName(property);
        } catch (ClassNotFoundException e) {
            this.m_session.addMessage(ERROR_JAAS, "We could not find the the class '" + property + "' on the classpath. This is fatal error.");
        }
        if (LoginModule.class.isAssignableFrom(cls)) {
            this.m_session.addMessage(INFO_JAAS, "We found the the class '" + property + "' on the classpath, and it is a LoginModule implementation. Good!");
        } else {
            this.m_session.addMessage(ERROR_JAAS, "We found the the class '" + property + "' on the classpath, but it does not seem to be LoginModule implementation! This is fatal error.");
        }
    }

    protected File getFileFromProperty(String str) {
        File file;
        try {
            String property = System.getProperty(str);
            if (property == null) {
                this.m_session.addMessage(ERROR + str, "The system property '" + str + "' is null.");
                return null;
            }
            if (property.startsWith("=")) {
                property = property.substring(1);
            }
            try {
                this.m_session.addMessage(INFO + str, "The system property '" + str + "' is set to: " + property + ".");
                if (!property.startsWith("file:")) {
                    property = "file:" + property;
                }
                file = new File(new URL(property).getPath());
            } catch (MalformedURLException e) {
            }
            if (file.exists()) {
                this.m_session.addMessage(INFO + str, "File '" + property + "' exists in the filesystem.");
                return file;
            }
            this.m_session.addMessage(ERROR + str, "File '" + property + "' doesn't seem to exist. This might be a problem.");
            return null;
        } catch (SecurityException e2) {
            this.m_session.addMessage(ERROR + str, "We could not read system property '" + str + "'. This is probably because you are running with a security manager.");
            return null;
        }
    }

    protected void verifyPolicy() {
        String path = AuthenticationManager.findConfigFile(this.m_engine, "jspwiki.policy").getPath();
        if (path.startsWith("file:")) {
            path = path.substring(5);
        }
        try {
            PolicyReader policyReader = new PolicyReader(new File(path));
            this.m_session.addMessage(INFO_POLICY, "The security policy '" + policyReader.getFile() + "' exists.");
            if (policyReader.getKeyStore() == null) {
                this.m_session.addMessage(WARNING_POLICY, "Policy file does not have a keystore... at least not one that we can locate. If your policy file does not contain any 'signedBy' blocks, this is probably ok.");
            } else {
                this.m_session.addMessage(INFO_POLICY, "The security policy specifies a keystore, and we were able to locate it in the filesystem.");
            }
            policyReader.read();
            List messages = policyReader.getMessages();
            if (messages.size() > 0) {
                Iterator it = messages.iterator();
                while (it.hasNext()) {
                    this.m_session.addMessage(ERROR_POLICY, ((Exception) it.next()).getMessage());
                }
            } else {
                this.m_session.addMessage(INFO_POLICY, "The security policy looks fine.");
                this.m_isSecurityPolicyConfigured = true;
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.add(Role.ALL);
            linkedHashSet.add(Role.ANONYMOUS);
            linkedHashSet.add(Role.ASSERTED);
            linkedHashSet.add(Role.AUTHENTICATED);
            for (ProtectionDomain protectionDomain : policyReader.getProtectionDomains()) {
                for (Principal principal : protectionDomain.getPrincipals()) {
                    linkedHashSet.add(principal);
                }
            }
            this.m_policyPrincipals = (Principal[]) linkedHashSet.toArray(new Principal[linkedHashSet.size()]);
        } catch (IOException e) {
            this.m_session.addMessage(ERROR_POLICY, e.getMessage());
        }
    }

    protected boolean verifyStaticPermission(Principal principal, final Permission permission) {
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        if (((Boolean) Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() { // from class: org.apache.wiki.auth.SecurityVerifier.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    AccessController.checkPermission(permission);
                    return Boolean.TRUE;
                } catch (AccessControlException e) {
                    return Boolean.FALSE;
                }
            }
        }, (AccessControlContext) null)).booleanValue()) {
            return true;
        }
        return this.m_engine.getAuthorizationManager().allowedByLocalPolicy(new Principal[]{principal}, permission);
    }

    protected void verifyUserDatabase() {
        UserDatabase userDatabase = this.m_engine.getUserManager().getUserDatabase();
        if (userDatabase == null) {
            this.m_session.addMessage(ERROR_DB, "UserDatabase is null; JSPWiki could not initialize it. Check the error logs.");
            return;
        }
        if (userDatabase instanceof UserManager.DummyUserDatabase) {
            this.m_session.addMessage(ERROR_DB, "UserDatabase is DummyUserDatabase; JSPWiki may not have been able to initialize the database you supplied in jspwiki.properties, or you left the 'jspwiki.userdatabase' property blank. Check the error logs.");
        }
        this.m_session.addMessage(INFO_DB, "UserDatabase is of type '" + userDatabase.getClass().getName() + "'. It appears to be initialized properly.");
        try {
            int length = userDatabase.getWikiNames().length;
            this.m_session.addMessage(INFO_DB, "The user database contains " + length + " users.");
            String str = "TestUser" + System.currentTimeMillis();
            try {
                UserProfile newProfile = userDatabase.newProfile();
                newProfile.setEmail("jspwiki.tests@mailinator.com");
                newProfile.setLoginName(str);
                newProfile.setFullname("FullName" + str);
                newProfile.setPassword("password");
                userDatabase.save(newProfile);
                if (userDatabase.getWikiNames().length == length) {
                    this.m_session.addMessage(ERROR_DB, "Could not add a test user to the database.");
                    return;
                }
                this.m_session.addMessage(INFO_DB, "The user database allows new users to be created, as it should.");
                try {
                    userDatabase.deleteByLoginName(str);
                    if (userDatabase.getWikiNames().length != length) {
                        this.m_session.addMessage(ERROR_DB, "Could not delete a test user from the database.");
                    } else {
                        this.m_session.addMessage(INFO_DB, "The user database allows users to be deleted, as it should.");
                        this.m_session.addMessage(INFO_DB, "The user database configuration looks fine.");
                    }
                } catch (WikiSecurityException e) {
                    this.m_session.addMessage(ERROR_DB, "Could not delete a test user to the database: " + e.getMessage());
                }
            } catch (WikiSecurityException e2) {
                this.m_session.addMessage(ERROR_DB, "Could not add a test user to the database: " + e2.getMessage());
            }
        } catch (WikiSecurityException e3) {
            this.m_session.addMessage(ERROR_DB, "Could not obtain a list of current users: " + e3.getMessage());
        }
    }
}
