package com.ibm.ws.webcontainer.collaborator;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.deploy.DeployedModule;
import com.ibm.ws.security.web.WebReply;
import com.ibm.ws.security.web.WebSecurityCollaborator;
import com.ibm.ws.security.web.WebSecurityConfigException;
import com.ibm.ws.security.web.WebSecurityException;
import com.ibm.ws.webcontainer.WSWebContainer;
import com.ibm.ws.webcontainer.osgi.SecurityCollaboratorExtensionPoint;
import com.ibm.ws.webcontainer.osgi.SecurityCollaboratorRegistryItem;
import com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator;
import com.ibm.wsspi.webcontainer.extension.ExtensionProcessor;
import com.ibm.wsspi.webcontainer.logging.LoggerFactory;
import com.ibm.wsspi.webcontainer.osgi.BundleClassLoader;
import com.ibm.wsspi.webcontainer.security.SecurityViolationException;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import com.ibm.wsspi.webcontainer.webapp.WebAppConfig;
import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jst.j2ee.application.WebModule;
import org.eclipse.jst.j2ee.commonarchivecore.internal.exception.UncontainedModuleFileException;
import org.eclipse.jst.j2ee.webapplication.WebApp;

/* loaded from: input_file:wasJars/com.ibm.ws.webcontainer.jar:com/ibm/ws/webcontainer/collaborator/WebAppSecurityCollaboratorImpl.class */
public class WebAppSecurityCollaboratorImpl implements IWebAppSecurityCollaborator {
    private static WebSecurityCollaborator securityCollaborator = null;
    private static Object lock = new Object();
    protected static Logger logger = LoggerFactory.getInstance().getLogger("com.ibm.ws.webcontainer.collaborator");
    private static final String CLASS_NAME = "com.ibm.ws.webcontainer.collaborator.WebAppSecurityCollaboratorImpl";
    private String _webContextRoot;
    private String _vHostName;
    private WebAppConfig webAppConfig;

    public WebAppSecurityCollaboratorImpl() {
        this._webContextRoot = null;
        this._vHostName = null;
    }

    private static void createSecurityCollabImpl() {
        try {
            if (WSSecurityHelper.isServerSecurityEnabled() || WSSecurityHelper.isGlobalSecurityEnabled()) {
                new SecurityCollaboratorExtensionPoint().loadExtensionPoint("com.ibm.wsspi.extension.security-collaborator", "security-collaborators", "security-collaborator");
                Collection<SecurityCollaboratorRegistryItem> securityCollaboratorRegistry = WSWebContainer.getSecurityCollaboratorRegistry();
                if (securityCollaboratorRegistry.size() > 0) {
                    for (SecurityCollaboratorRegistryItem securityCollaboratorRegistryItem : securityCollaboratorRegistry) {
                        String classname = securityCollaboratorRegistryItem.getClassname();
                        BundleClassLoader classloader = securityCollaboratorRegistryItem.getClassloader();
                        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                            logger.logp(Level.FINE, CLASS_NAME, "createSecurityCollabImpl", "Registering SecurityCollaborator class -->[" + classname + ", priority -->[" + securityCollaboratorRegistryItem.getPriority() + "]");
                        }
                        securityCollaborator = (WebSecurityCollaborator) classloader.loadClass(classname).newInstance();
                    }
                } else {
                    if (logger.isLoggable(Level.INFO)) {
                        logger.logp(Level.INFO, CLASS_NAME, "createSecurityCollabImpl", "using default ejs collaborator since there is nothing in the extension points");
                    }
                    securityCollaborator = (WebSecurityCollaborator) Class.forName("com.ibm.ws.security.web.EJSWebCollaborator").newInstance();
                }
            } else {
                securityCollaborator = (WebSecurityCollaborator) Class.forName("com.ibm.ws.security.web.NullWebSecurityCollaborator").newInstance();
                if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                    logger.logp(Level.FINE, CLASS_NAME, "createSecurityCollabImpl", "NullWebSecurityCollaborator initialized");
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.WebAppSecurityCollaborator", "90");
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASS_NAME, "createSecurityCollabImpl", "WebAppSecurityCollaborator", (Throwable) e);
            }
        }
    }

    public WebAppSecurityCollaboratorImpl(String str, String str2, String str3, WebApp webApp, DeployedModule deployedModule, WebAppConfig webAppConfig, WebModule webModule) {
        this._webContextRoot = null;
        this._vHostName = null;
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "createSecurityCollabImpl", new Object[]{str, str2, str3, webApp, webAppConfig, webModule});
        }
        this.webAppConfig = webAppConfig;
        try {
            this._webContextRoot = webModule.getContextRoot();
            this._vHostName = deployedModule.getBinding().getVirtualHostName();
            securityCollaborator.addWebAppConfig(this._vHostName + ":" + this._webContextRoot, webApp, deployedModule.getDeployedApplication().getName(), deployedModule);
        } catch (WebSecurityConfigException e) {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASS_NAME, "WebAppSecurityCollaboratorImpl", "caught exception ", e);
            }
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.WebAppSecurityCollaborator", "118", this);
        } catch (UncontainedModuleFileException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.WebAppSecurityCollaborator", "123", this);
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASS_NAME, "WebAppSecurityCollaboratorImpl", "caught exception ", e2);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "WebAppSecurityCollaboratorImpl");
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public Object preInvoke() throws SecurityViolationException {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "preInvoke");
            }
            Object preInvoke = securityCollaborator.preInvoke();
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "preInvoke");
            }
            return preInvoke;
        } catch (WebSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASS_NAME, "preInvoke", "caught WebSecurityException");
            }
            throw convertWebSecurityException(e);
        }
    }

    private SecurityViolationException convertWebSecurityException(WebSecurityException webSecurityException) {
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "convertWebSecurityException");
        }
        int i = 403;
        WebReply webReply = webSecurityException.getWebReply();
        if (webReply != null) {
            i = webReply.getStatusCode();
        }
        SecurityViolationException securityViolationException = new SecurityViolationException(webSecurityException.getMessage(), i);
        securityViolationException.initCause(webSecurityException);
        securityViolationException.setWebSecurityContext(webSecurityException.getWebSecurityContext());
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "convertWebSecurityException");
        }
        return securityViolationException;
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public void postInvoke(Object obj) throws ServletException {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "postInvoke");
            }
            securityCollaborator.postInvoke(obj);
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "postInvoke");
            }
        } catch (WebSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASS_NAME, "preInvoke", "caught WebSecurityException");
            }
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.postInvoke", "143", this);
            throw new ServletException("Web Security Exception", e);
        }
    }

    protected WebAppConfig getWebAppConfig() {
        return this.webAppConfig;
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public Object preInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws SecurityViolationException, IOException {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "preInvoke", new Object[]{httpServletRequest, httpServletResponse, str, Boolean.valueOf(z)});
            }
            Object preInvoke = securityCollaborator.preInvoke(httpServletRequest, httpServletResponse, this._webContextRoot, this._vHostName, str, z);
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "preInvoke");
            }
            return preInvoke;
        } catch (WebSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASS_NAME, "preInvoke", "caught WebSecurityException");
            }
            throw convertWebSecurityException(e);
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public Object preInvoke(String str) throws SecurityViolationException, IOException {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "preInvoke", str);
            }
            Object preInvoke = securityCollaborator.preInvoke(this._webContextRoot, this._vHostName, str);
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "preInvoke");
            }
            return preInvoke;
        } catch (WebSecurityException e) {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASS_NAME, "preInvoke", "caught WebSecurityException");
            }
            throw convertWebSecurityException(e);
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws ServletException, IOException {
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "handleException");
        }
        securityCollaborator.handleException(httpServletRequest, httpServletResponse, (WebSecurityException) th);
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.exiting(CLASS_NAME, "handleException");
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public Principal getUserPrincipal() {
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "getUserPrincipal");
            logger.exiting(CLASS_NAME, "getUserPrincipal");
        }
        return securityCollaborator.getUserPrincipal();
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public boolean isUserInRole(String str, HttpServletRequest httpServletRequest) {
        if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
            logger.entering(CLASS_NAME, "isUserInRole");
            logger.exiting(CLASS_NAME, "isUserInRole");
        }
        return securityCollaborator.isUserInRole(str, this._webContextRoot, this._vHostName, httpServletRequest);
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public ExtensionProcessor getFormLoginExtensionProcessor(IServletContext iServletContext) {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "getFormLoginExtensionProcessor");
            }
            ExtensionProcessor extensionProcessor = (ExtensionProcessor) Class.forName("com.ibm.ws.security.web.FormLoginExtensionProcessor").getConstructor(IServletContext.class).newInstance(iServletContext);
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "getFormLoginExtensionProcessor");
            }
            return extensionProcessor;
        } catch (Exception e) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASS_NAME, "getFormLoginExtensionProcessor", "Could not create LoginProcessor.", (Throwable) e);
            }
            if (!TraceComponent.isAnyTracingEnabled() || !logger.isLoggable(Level.FINE)) {
                return null;
            }
            logger.exiting(CLASS_NAME, "getFormLoginExtensionProcessor");
            return null;
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    public ExtensionProcessor getFormLogoutExtensionProcessor(IServletContext iServletContext) {
        try {
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.entering(CLASS_NAME, "getFormLogoutExtensionProcessor");
            }
            ExtensionProcessor extensionProcessor = (ExtensionProcessor) Class.forName("com.ibm.ws.security.web.FormLogoutExtensionProcessor").getConstructor(IServletContext.class).newInstance(iServletContext);
            if (TraceComponent.isAnyTracingEnabled() && logger.isLoggable(Level.FINE)) {
                logger.exiting(CLASS_NAME, "getFormLogoutExtensionProcessor");
            }
            return extensionProcessor;
        } catch (Exception e) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.logp(Level.SEVERE, CLASS_NAME, "getFormLogoutExtensionProcessor", "Could not create LogoutProcessor.", (Throwable) e);
            }
            if (!TraceComponent.isAnyTracingEnabled() || !logger.isLoggable(Level.FINE)) {
                return null;
            }
            logger.exiting(CLASS_NAME, "getFormLogoutExtensionProcessor");
            return null;
        }
    }

    static {
        createSecurityCollabImpl();
    }
}
