package org.apache.wiki.auth.authorize;

import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.apache.wiki.InternalWikiException;
import org.apache.wiki.WikiEngine;
import org.apache.wiki.WikiSession;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.JDOMException;
import org.jdom2.Namespace;
import org.jdom2.input.SAXBuilder;
import org.jdom2.xpath.XPath;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/jspwiki-war-2.10.5.jar:org/apache/wiki/auth/authorize/WebContainerAuthorizer.class */
public class WebContainerAuthorizer implements WebAuthorizer {
    private static final String J2EE_SCHEMA_25_NAMESPACE = "http://java.sun.com/xml/ns/javaee";
    protected static final Logger log = Logger.getLogger(WebContainerAuthorizer.class);
    protected WikiEngine m_engine;
    protected Role[] m_containerRoles = new Role[0];
    protected boolean m_containerAuthorized = false;
    private Document m_webxml = null;

    /* loaded from: input_file:WEB-INF/lib/jspwiki-war-2.10.5.jar:org/apache/wiki/auth/authorize/WebContainerAuthorizer$LocalEntityResolver.class */
    public class LocalEntityResolver implements EntityResolver {
        public LocalEntityResolver() {
        }

        @Override // org.xml.sax.EntityResolver
        public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
            String substring = str2.substring(str2.lastIndexOf(47) + 1);
            URL resource = WebContainerAuthorizer.this.m_engine.getServletContext() == null ? WebContainerAuthorizer.class.getClassLoader().getResource("WEB-INF/dtd/" + substring) : WebContainerAuthorizer.this.m_engine.getServletContext().getResource("/WEB-INF/dtd/" + substring);
            if (resource == null) {
                WebContainerAuthorizer.log.info("Please note: There are no local DTD references in /WEB-INF/dtd/" + substring + "; falling back to default behaviour. This may mean that the XML parser will attempt to connect to the internet to find the DTD. If you are running JSPWiki locally in an unconnected network, you might want to put the DTD files in place to avoid nasty UnknownHostExceptions.");
                return null;
            }
            InputSource inputSource = new InputSource(resource.openStream());
            WebContainerAuthorizer.log.debug("Resolved systemID=" + str2 + " using local file " + resource);
            return inputSource;
        }
    }

    @Override // org.apache.wiki.auth.Authorizer
    public void initialize(WikiEngine wikiEngine, Properties properties) {
        this.m_engine = wikiEngine;
        this.m_containerAuthorized = false;
        try {
            this.m_webxml = getWebXml();
            if (this.m_webxml != null) {
                this.m_webxml.getRootElement().setNamespace(Namespace.getNamespace(J2EE_SCHEMA_25_NAMESPACE));
                this.m_containerAuthorized = isConstrained("/Delete.jsp", Role.ALL) && isConstrained("/Login.jsp", Role.ALL);
            }
            if (this.m_containerAuthorized) {
                this.m_containerRoles = getRoles(this.m_webxml);
                log.info("JSPWiki is using container-managed authentication.");
            } else {
                log.info("JSPWiki is using custom authentication.");
            }
            if (this.m_containerRoles.length > 0) {
                String str = "";
                for (Role role : this.m_containerRoles) {
                    str = str + role + " ";
                }
                log.info(" JSPWiki determined the web container manages these roles: " + str);
            }
            log.info("Authorizer WebContainerAuthorizer initialized successfully.");
        } catch (IOException e) {
            log.error("Initialization failed: ", e);
            throw new InternalWikiException(e.getClass().getName() + ": " + e.getMessage(), e);
        } catch (JDOMException e2) {
            log.error("Malformed XML in web.xml", e2);
            throw new InternalWikiException(e2.getClass().getName() + ": " + e2.getMessage(), e2);
        }
    }

    @Override // org.apache.wiki.auth.authorize.WebAuthorizer
    public boolean isUserInRole(HttpServletRequest httpServletRequest, Principal principal) {
        return httpServletRequest.isUserInRole(principal.getName());
    }

    @Override // org.apache.wiki.auth.Authorizer
    public boolean isUserInRole(WikiSession wikiSession, Principal principal) {
        if (wikiSession == null || principal == null) {
            return false;
        }
        return wikiSession.hasPrincipal(principal);
    }

    @Override // org.apache.wiki.auth.Authorizer
    public Principal findRole(String str) {
        for (Role role : this.m_containerRoles) {
            if (role.getName().equals(str)) {
                return role;
            }
        }
        return null;
    }

    public boolean isConstrained(String str, Role role) throws JDOMException {
        Element rootElement = this.m_webxml.getRootElement();
        XPath newInstance = XPath.newInstance("//j:web-app/j:security-constraint[j:web-resource-collection/j:url-pattern=\"" + str + "\"]");
        newInstance.addNamespace("j", J2EE_SCHEMA_25_NAMESPACE);
        List<?> selectNodes = newInstance.selectNodes(rootElement);
        XPath newInstance2 = XPath.newInstance("//j:web-app/j:security-constraint[j:auth-constraint/j:role-name=\"" + role.getName() + "\"]");
        newInstance2.addNamespace("j", J2EE_SCHEMA_25_NAMESPACE);
        List<?> selectNodes2 = newInstance2.selectNodes(rootElement);
        if (selectNodes.size() == 0) {
            return false;
        }
        if (role.equals(Role.ALL)) {
            return true;
        }
        if (selectNodes2.size() == 0) {
            return false;
        }
        Iterator<?> it = selectNodes.iterator();
        while (it.hasNext()) {
            Element element = (Element) it.next();
            Iterator<?> it2 = selectNodes2.iterator();
            while (it2.hasNext()) {
                if (element.equals((Element) it2.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean isContainerAuthorized() {
        return this.m_containerAuthorized;
    }

    @Override // org.apache.wiki.auth.Authorizer
    public Principal[] getRoles() {
        return (Principal[]) this.m_containerRoles.clone();
    }

    protected Role[] getRoles(Document document) throws JDOMException {
        HashSet hashSet = new HashSet();
        Element rootElement = document.getRootElement();
        XPath newInstance = XPath.newInstance("//j:web-app/j:security-constraint/j:auth-constraint/j:role-name");
        newInstance.addNamespace("j", J2EE_SCHEMA_25_NAMESPACE);
        Iterator<?> it = newInstance.selectNodes(rootElement).iterator();
        while (it.hasNext()) {
            hashSet.add(new Role(((Element) it.next()).getTextTrim()));
        }
        XPath newInstance2 = XPath.newInstance("//j:web-app/j:security-role/j:role-name");
        newInstance2.addNamespace("j", J2EE_SCHEMA_25_NAMESPACE);
        Iterator<?> it2 = newInstance2.selectNodes(rootElement).iterator();
        while (it2.hasNext()) {
            hashSet.add(new Role(((Element) it2.next()).getTextTrim()));
        }
        return (Role[]) hashSet.toArray(new Role[hashSet.size()]);
    }

    protected Document getWebXml() throws JDOMException, IOException {
        URL resource;
        SAXBuilder sAXBuilder = new SAXBuilder();
        sAXBuilder.setValidation(false);
        sAXBuilder.setEntityResolver(new LocalEntityResolver());
        if (this.m_engine.getServletContext() == null) {
            resource = WebContainerAuthorizer.class.getClassLoader().getResource("WEB-INF/web.xml");
            if (resource != null) {
                log.info("Examining " + resource.toExternalForm());
            }
        } else {
            resource = this.m_engine.getServletContext().getResource("/WEB-INF/web.xml");
            if (resource != null) {
                log.info("Examining " + resource.toExternalForm());
            }
        }
        if (resource == null) {
            throw new IOException("Unable to find web.xml for processing.");
        }
        log.debug("Processing web.xml at " + resource.toExternalForm());
        return sAXBuilder.build(resource);
    }
}
