package org.w3c.jigsaw.auth;

import java.net.InetAddress;
import java.util.Enumeration;
import org.sbml.jsbml.ext.groups.GroupsConstants;
import org.w3c.jigsaw.html.HtmlGenerator;
import org.w3c.jigsaw.http.Client;
import org.w3c.jigsaw.http.HTTPException;
import org.w3c.jigsaw.http.Reply;
import org.w3c.jigsaw.http.Request;
import org.w3c.jigsaw.http.httpd;
import org.w3c.tools.resources.AttributeRegistry;
import org.w3c.tools.resources.FramedResource;
import org.w3c.tools.resources.InvalidResourceException;
import org.w3c.tools.resources.ProtocolException;
import org.w3c.tools.resources.ResourceReference;
import org.w3c.tools.resources.StringArrayAttribute;
import org.w3c.www.http.HttpChallenge;
import org.w3c.www.http.HttpFactory;

/* loaded from: input_file:jigsaw-2.2.6.jar:org/w3c/jigsaw/auth/GenericAuthFilter.class */
public class GenericAuthFilter extends AuthFilter {
    protected static int ATTR_ALLOWED_USERS;
    protected static int ATTR_ALLOWED_GROUPS;
    protected IPMatcher ipmatcher = null;
    protected RealmsCatalog catalog = null;
    protected ResourceReference rr_realm = null;
    protected String loaded_realm = null;
    protected HttpChallenge challenge = null;

    protected synchronized void acquireRealm() {
        if (this.catalog == null) {
            this.catalog = ((httpd) ((FramedResource) getTargetResource()).getServer()).getRealmsCatalog();
        }
        String realm = getRealm();
        if (realm == null) {
            return;
        }
        if (this.rr_realm == null || !realm.equals(this.loaded_realm)) {
            this.rr_realm = this.catalog.loadRealm(realm);
            if (this.rr_realm != null) {
                try {
                    AuthRealm authRealm = (AuthRealm) this.rr_realm.lock();
                    Enumeration enumerateUserNames = authRealm.enumerateUserNames();
                    if (enumerateUserNames.hasMoreElements()) {
                        this.ipmatcher = new IPMatcher();
                    }
                    while (enumerateUserNames.hasMoreElements()) {
                        String str = (String) enumerateUserNames.nextElement();
                        ResourceReference loadUser = authRealm.loadUser(str);
                        try {
                            try {
                                short[][] iPTemplates = ((AuthUser) loadUser.lock()).getIPTemplates();
                                if (iPTemplates != null) {
                                    for (short[] sArr : iPTemplates) {
                                        this.ipmatcher.add(sArr, loadUser);
                                    }
                                }
                                loadUser.unlock();
                            } catch (Throwable th) {
                                loadUser.unlock();
                                throw th;
                            }
                        } catch (InvalidResourceException e) {
                            System.out.println(new StringBuffer().append("Invalid user reference : ").append(str).toString());
                            loadUser.unlock();
                        }
                    }
                    this.rr_realm.unlock();
                } catch (InvalidResourceException e2) {
                    this.rr_realm.unlock();
                } catch (Throwable th2) {
                    this.rr_realm.unlock();
                    throw th2;
                }
            }
        }
    }

    protected synchronized boolean checkRealm() {
        acquireRealm();
        return this.ipmatcher != null;
    }

    public String[] getAllowedUsers() {
        return (String[]) getValue(ATTR_ALLOWED_USERS, (Object) null);
    }

    public String[] getAllowedGroups() {
        return (String[]) getValue(ATTR_ALLOWED_GROUPS, (Object) null);
    }

    public synchronized ResourceReference lookupUser(InetAddress inetAddress) {
        if (this.ipmatcher == null) {
            acquireRealm();
        }
        return (ResourceReference) this.ipmatcher.lookup(inetAddress.getAddress());
    }

    public synchronized ResourceReference lookupUser(String str) {
        if (this.rr_realm == null) {
            acquireRealm();
        }
        try {
            ResourceReference loadUser = ((AuthRealm) this.rr_realm.lock()).loadUser(str);
            this.rr_realm.unlock();
            return loadUser;
        } catch (InvalidResourceException e) {
            this.rr_realm.unlock();
            return null;
        } catch (Throwable th) {
            this.rr_realm.unlock();
            throw th;
        }
    }

    protected ResourceReference checkBasicAuth(BasicAuthContext basicAuthContext) {
        ResourceReference lookupUser = lookupUser(basicAuthContext.user);
        if (lookupUser == null) {
            return null;
        }
        try {
            AuthUser authUser = (AuthUser) lookupUser.lock();
            if (authUser == null) {
                lookupUser.unlock();
                return null;
            }
            if (!authUser.definesAttribute("password")) {
                lookupUser.unlock();
                return lookupUser;
            }
            ResourceReference resourceReference = authUser.getPassword().equals(basicAuthContext.password) ? lookupUser : null;
            lookupUser.unlock();
            return resourceReference;
        } catch (InvalidResourceException e) {
            lookupUser.unlock();
            return null;
        } catch (Throwable th) {
            lookupUser.unlock();
            throw th;
        }
    }

    protected boolean checkUser(AuthUser authUser) {
        String[] groups;
        String[] allowedUsers = getAllowedUsers();
        if (allowedUsers != null) {
            for (String str : allowedUsers) {
                if (str.equals(authUser.getName())) {
                    return true;
                }
            }
        }
        String[] allowedGroups = getAllowedGroups();
        if (allowedGroups != null && (groups = authUser.getGroups()) != null) {
            for (String str2 : groups) {
                for (String str3 : allowedGroups) {
                    if (str3.equals(str2)) {
                        return true;
                    }
                }
            }
        }
        return allowedUsers == null && allowedGroups == null;
    }

    @Override // org.w3c.tools.resources.ResourceFrame, org.w3c.tools.resources.FramedResource, org.w3c.tools.resources.Resource, org.w3c.tools.resources.AttributeHolder
    public void setValue(int i, Object obj) {
        super.setValue(i, obj);
        if (i == ATTR_REALM) {
            this.challenge = HttpFactory.makeChallenge("Basic");
            this.challenge.setAuthParameter("realm", getRealm());
        }
    }

    @Override // org.w3c.jigsaw.auth.AuthFilter
    public void authenticate(Request request) throws ProtocolException {
        Client client;
        Reply makeReply;
        BasicAuthContext basicAuthContext;
        ResourceReference checkBasicAuth;
        if (checkRealm() && (client = request.getClient()) != null) {
            boolean z = false;
            ResourceReference lookupUser = lookupUser(client.getInetAddress());
            if (lookupUser != null) {
                try {
                    AuthUser authUser = (AuthUser) lookupUser.lock();
                    if (authUser != null) {
                        z = true;
                        if (!authUser.definesAttribute("password") && checkUser(authUser)) {
                            request.setState(AuthFilter.STATE_AUTHUSER, authUser.getName());
                            request.setState(AuthFilter.STATE_AUTHTYPE, "ip");
                            lookupUser.unlock();
                            return;
                        }
                    }
                    lookupUser.unlock();
                } catch (InvalidResourceException e) {
                    lookupUser.unlock();
                } catch (Throwable th) {
                    lookupUser.unlock();
                    throw th;
                }
            }
            if ((request.hasAuthorization() && !request.isProxy()) || (request.isProxy() && request.hasProxyAuthorization())) {
                try {
                    basicAuthContext = new BasicAuthContext(request);
                } catch (BasicAuthContextException e2) {
                    basicAuthContext = null;
                }
                if (basicAuthContext != null && (checkBasicAuth = checkBasicAuth(basicAuthContext)) != null) {
                    try {
                        AuthUser authUser2 = (AuthUser) checkBasicAuth.lock();
                        if (authUser2 != null && checkUser(authUser2) && (!authUser2.definesAttribute("ipaddress") || z)) {
                            request.setState(AuthFilter.STATE_AUTHUSER, basicAuthContext.user);
                            request.setState(AuthFilter.STATE_AUTHTYPE, "Basic");
                            checkBasicAuth.unlock();
                            return;
                        }
                        checkBasicAuth.unlock();
                    } catch (InvalidResourceException e3) {
                        checkBasicAuth.unlock();
                    } catch (Throwable th2) {
                        checkBasicAuth.unlock();
                        throw th2;
                    }
                }
            }
            if (request.isProxy()) {
                makeReply = request.makeReply(407);
                makeReply.setProxyAuthenticate(this.challenge);
            } else {
                makeReply = request.makeReply(401);
                makeReply.setWWWAuthenticate(this.challenge);
            }
            HtmlGenerator htmlGenerator = new HtmlGenerator("Unauthorized");
            htmlGenerator.append("<h1>Unauthorized access</h1><p>You are denied access to this resource.");
            makeReply.setStream(htmlGenerator);
            throw new HTTPException(makeReply);
        }
    }

    @Override // org.w3c.tools.resources.FramedResource, org.w3c.tools.resources.Resource, org.w3c.tools.resources.AttributeHolder
    public void initialize(Object[] objArr) {
        super.initialize(objArr);
        if (getRealm() != null) {
            this.challenge = HttpFactory.makeChallenge("Basic");
            this.challenge.setAuthParameter("realm", getRealm());
        }
    }

    static {
        ATTR_ALLOWED_USERS = -1;
        ATTR_ALLOWED_GROUPS = -1;
        Class<?> cls = null;
        try {
            cls = Class.forName("org.w3c.jigsaw.auth.GenericAuthFilter");
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
        ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(cls, new StringArrayAttribute("users", null, 2));
        ATTR_ALLOWED_GROUPS = AttributeRegistry.registerAttribute(cls, new StringArrayAttribute(GroupsConstants.shortLabel, null, 2));
    }
}
