package com.ecyrd.jspwiki.auth;

import com.ecyrd.jspwiki.NoRequiredPropertyException;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.WikiException;
import com.ecyrd.jspwiki.WikiPage;
import com.ecyrd.jspwiki.WikiSession;
import com.ecyrd.jspwiki.auth.acl.Acl;
import com.ecyrd.jspwiki.auth.acl.AclEntry;
import com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal;
import com.ecyrd.jspwiki.auth.authorize.Role;
import com.ecyrd.jspwiki.auth.permissions.AllPermission;
import com.ecyrd.jspwiki.auth.permissions.PagePermission;
import com.ecyrd.jspwiki.auth.permissions.WikiPermission;
import com.ecyrd.jspwiki.auth.user.UserDatabase;
import com.ecyrd.jspwiki.event.WikiEventListener;
import com.ecyrd.jspwiki.event.WikiEventManager;
import com.ecyrd.jspwiki.event.WikiSecurityEvent;
import com.ecyrd.jspwiki.util.ClassUtil;
import java.io.File;
import java.net.URL;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Map;
import java.util.Properties;
import java.util.WeakHashMap;
import org.apache.log4j.Logger;
import org.freshcookies.security.policy.LocalPolicy;
import org.freshcookies.security.policy.PolicyException;

/* loaded from: input_file:WEB-INF/lib/jspwiki.jar:com/ecyrd/jspwiki/auth/AuthorizationManager.class */
public final class AuthorizationManager {
    private static final Logger log = Logger.getLogger(AuthorizationManager.class);
    public static final String DEFAULT_AUTHORIZER = "com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer";
    protected static final String POLICY = "jspwiki.policy.file";
    protected static final String DEFAULT_POLICY = "jspwiki.policy";
    public static final String PROP_AUTHORIZER = "jspwiki.authorizer";
    private Authorizer m_authorizer = null;
    private Map<Principal, ProtectionDomain> m_cachedPds = new WeakHashMap();
    private WikiEngine m_engine = null;
    private LocalPolicy m_localPolicy = null;
    private boolean m_useJAAS = true;

    public final boolean checkPermission(WikiSession wikiSession, Permission permission) {
        if (!this.m_useJAAS) {
            return (permission == null || WikiPermission.LOGIN_ACTION.equals(permission.getActions())) ? false : true;
        }
        if (wikiSession == null || permission == null) {
            fireEvent(52, null, permission);
            return false;
        }
        Principal loginPrincipal = wikiSession.getLoginPrincipal();
        if (checkStaticPermission(wikiSession, new AllPermission(this.m_engine.getApplicationName()))) {
            fireEvent(51, loginPrincipal, permission);
            return true;
        }
        if (!checkStaticPermission(wikiSession, permission)) {
            fireEvent(52, loginPrincipal, permission);
            return false;
        }
        if (!(permission instanceof PagePermission)) {
            fireEvent(51, loginPrincipal, permission);
            return true;
        }
        WikiPage page = this.m_engine.getPage(((PagePermission) permission).getPage());
        Acl permissions = page == null ? null : this.m_engine.getAclManager().getPermissions(page);
        if (page == null || permissions == null || permissions.isEmpty()) {
            fireEvent(51, loginPrincipal, permission);
            return true;
        }
        Principal[] findPrincipals = permissions.findPrincipals(permission);
        log.debug("Checking ACL entries...");
        log.debug("Acl for this page is: " + permissions);
        log.debug("Checking for principal: " + String.valueOf(findPrincipals));
        log.debug("Permission: " + permission);
        int length = findPrincipals.length;
        for (int i = 0; i < length; i++) {
            Principal principal = findPrincipals[i];
            if (principal instanceof UnresolvedPrincipal) {
                AclEntry entry = permissions.getEntry(principal);
                principal = resolvePrincipal(principal.getName());
                if (entry != null && !(principal instanceof UnresolvedPrincipal)) {
                    entry.setPrincipal(principal);
                }
            }
            if (hasRoleOrPrincipal(wikiSession, principal)) {
                fireEvent(51, loginPrincipal, permission);
                return true;
            }
        }
        fireEvent(52, loginPrincipal, permission);
        return false;
    }

    public final boolean isUserInRole(WikiSession wikiSession, Principal principal) {
        if (wikiSession == null || principal == null || AuthenticationManager.isUserPrincipal(principal)) {
            return false;
        }
        if ((principal instanceof Role) && Role.isBuiltInRole((Role) principal)) {
            return wikiSession.hasPrincipal(principal);
        }
        if (wikiSession.isAuthenticated() && AuthenticationManager.isRolePrincipal(principal)) {
            return wikiSession.hasPrincipal(principal);
        }
        return false;
    }

    public final Authorizer getAuthorizer() throws WikiSecurityException {
        if (this.m_authorizer != null) {
            return this.m_authorizer;
        }
        throw new WikiSecurityException("Authorizer did not initialize properly. Check the logs.");
    }

    protected boolean hasRoleOrPrincipal(WikiSession wikiSession, Principal principal) {
        if (wikiSession == null || principal == null) {
            return false;
        }
        if (AuthenticationManager.isRolePrincipal(principal)) {
            return isUserInRole(wikiSession, principal);
        }
        if (!wikiSession.isAuthenticated() || !AuthenticationManager.isUserPrincipal(principal)) {
            return false;
        }
        String name = principal.getName();
        for (Principal principal2 : wikiSession.getPrincipals()) {
            if (principal2.getName().equals(name)) {
                return true;
            }
        }
        return false;
    }

    public final void initialize(WikiEngine wikiEngine, Properties properties) throws WikiException {
        this.m_engine = wikiEngine;
        this.m_useJAAS = AuthenticationManager.SECURITY_JAAS.equals(properties.getProperty(AuthenticationManager.PROP_SECURITY, AuthenticationManager.SECURITY_JAAS));
        if (this.m_useJAAS) {
            this.m_authorizer = getAuthorizerImplementation(properties);
            this.m_authorizer.initialize(wikiEngine, properties);
            try {
                URL findConfigFile = AuthenticationManager.findConfigFile(wikiEngine, properties.getProperty(POLICY, DEFAULT_POLICY));
                if (findConfigFile != null) {
                    File file = new File(findConfigFile.getPath());
                    this.m_localPolicy = new LocalPolicy(file, wikiEngine.getContentEncoding());
                    this.m_localPolicy.refresh();
                    log.info("Initialized default security policy: " + file.getAbsolutePath());
                    return;
                }
                StringBuffer stringBuffer = new StringBuffer("JSPWiki was unable to initialize the ");
                stringBuffer.append("default security policy (WEB-INF/jspwiki.policy) file. ");
                stringBuffer.append("Please ensure that the jspwiki.policy file exists in the default location. ");
                stringBuffer.append("This file should exist regardless of the existance of a global policy file. ");
                stringBuffer.append("The global policy file is identified by the java.security.policy variable. ");
                WikiSecurityException wikiSecurityException = new WikiSecurityException(stringBuffer.toString());
                log.fatal(stringBuffer.toString(), wikiSecurityException);
                throw wikiSecurityException;
            } catch (PolicyException e) {
                log.error("Could not initialize local security policy: " + e.getMessage());
                throw new WikiException("Could not initialize local security policy: " + e.getMessage(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isJAASAuthorized() {
        return this.m_useJAAS;
    }

    private final Authorizer getAuthorizerImplementation(Properties properties) throws WikiException {
        return (Authorizer) locateImplementation(properties.getProperty(PROP_AUTHORIZER, DEFAULT_AUTHORIZER));
    }

    private final Object locateImplementation(String str) throws WikiException {
        if (str == null) {
            throw new NoRequiredPropertyException("Unable to find a jspwiki.authorizer entry in the properties.", PROP_AUTHORIZER);
        }
        try {
            return ClassUtil.findClass("com.ecyrd.jspwiki.auth.authorize", str).newInstance();
        } catch (ClassNotFoundException e) {
            log.fatal("Authorizer " + str + " cannot be found", e);
            throw new WikiException("Authorizer " + str + " cannot be found", e);
        } catch (IllegalAccessException e2) {
            log.fatal("You are not allowed to access this authorizer class", e2);
            throw new WikiException("You are not allowed to access this authorizer class", e2);
        } catch (InstantiationException e3) {
            log.fatal("Authorizer " + str + " cannot be created", e3);
            throw new WikiException("Authorizer " + str + " cannot be created", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean allowedByLocalPolicy(Principal[] principalArr, Permission permission) {
        for (Principal principal : principalArr) {
            ProtectionDomain protectionDomain = this.m_cachedPds.get(principal);
            if (protectionDomain == null) {
                protectionDomain = new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, getClass().getClassLoader(), new Principal[]{principal});
                this.m_cachedPds.put(principal, protectionDomain);
            }
            if (this.m_localPolicy.implies(protectionDomain, permission)) {
                return true;
            }
        }
        return false;
    }

    protected final boolean checkStaticPermission(final WikiSession wikiSession, final Permission permission) {
        if (this.m_useJAAS) {
            return ((Boolean) WikiSession.doPrivileged(wikiSession, new PrivilegedAction<Boolean>() { // from class: com.ecyrd.jspwiki.auth.AuthorizationManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    try {
                        AccessController.checkPermission(permission);
                        return Boolean.TRUE;
                    } catch (AccessControlException e) {
                        return (AuthorizationManager.this.allowedByLocalPolicy(wikiSession.getRoles(), permission) || AuthorizationManager.this.allowedByLocalPolicy(wikiSession.getPrincipals(), permission)) ? Boolean.TRUE : Boolean.FALSE;
                    }
                }
            })).booleanValue();
        }
        return true;
    }

    public final Principal resolvePrincipal(String str) {
        if (!this.m_useJAAS) {
            return new UnresolvedPrincipal(str);
        }
        Role role = new Role(str);
        if (Role.isBuiltInRole(role)) {
            return role;
        }
        Principal findRole = this.m_authorizer.findRole(str);
        if (findRole != null) {
            return findRole;
        }
        Principal findRole2 = this.m_engine.getGroupManager().findRole(str);
        if (findRole2 != null) {
            return findRole2;
        }
        UserDatabase userDatabase = this.m_engine.getUserManager().getUserDatabase();
        try {
            for (Principal principal : userDatabase.getPrincipals(userDatabase.find(str).getLoginName())) {
                if (principal.getName().equals(str)) {
                    return principal;
                }
            }
        } catch (NoSuchPrincipalException e) {
        }
        return new UnresolvedPrincipal(str);
    }

    public final synchronized void addWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.addWikiEventListener(this, wikiEventListener);
    }

    public final synchronized void removeWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.removeWikiEventListener(this, wikiEventListener);
    }

    protected final void fireEvent(int i, Principal principal, Object obj) {
        if (WikiEventManager.isListening(this)) {
            WikiEventManager.fireEvent(this, new WikiSecurityEvent(this, i, principal, obj));
        }
    }
}
