package org.mortbay.jetty.security;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.config.SecureActionConfig;
import org.codehaus.plexus.components.io.fileselectors.AllFilesFileSelector;
import org.mortbay.jetty.Handler;
import org.mortbay.jetty.HttpConnection;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.log.Log;
import org.mortbay.log.Logger;
import org.mortbay.resource.Resource;
import org.mortbay.util.StringUtil;
import org.mortbay.util.URIUtil;
import org.testng.reporters.XMLReporterConfig;

/* loaded from: input_file:org/mortbay/jetty/security/HTAccessHandler.class */
public class HTAccessHandler extends SecurityHandler {
    private Handler a;
    private static Logger b;
    private String c = null;
    private String d = ".htaccess";
    private transient HashMap e = new HashMap();
    private static Class f;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/mortbay/jetty/security/HTAccessHandler$DummyPrincipal.class */
    public class DummyPrincipal implements Principal {
        private String a;

        public DummyPrincipal(HTAccessHandler hTAccessHandler, String str) {
            this.a = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.a;
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    }

    /* loaded from: input_file:org/mortbay/jetty/security/HTAccessHandler$HTAccess.class */
    class HTAccess {
        private String a;
        private Resource b;
        private long d;
        private String e;
        private Resource f;
        private long h;
        private String j;
        private String k;
        private String n;
        private int o;
        private long r;
        private boolean s;
        private HashMap c = null;
        private HashMap g = null;
        private int i = 0;
        private HashMap l = new HashMap();
        private HashSet m = new HashSet();
        private ArrayList p = new ArrayList();
        private ArrayList q = new ArrayList();

        public HTAccess(Resource resource) {
            this.s = false;
            try {
                a(new BufferedReader(new InputStreamReader(resource.getInputStream())));
                this.r = resource.lastModified();
                if (this.a != null) {
                    this.b = Resource.newResource(this.a);
                    if (!this.b.exists()) {
                        this.s = true;
                        HTAccessHandler.a().warn(new StringBuffer("Could not find ht user file: ").append(this.a).toString(), null, null);
                    } else if (HTAccessHandler.a().isDebugEnabled()) {
                        HTAccessHandler.a().debug(new StringBuffer("user file: ").append(this.b).toString(), null, null);
                    }
                }
                if (this.e != null) {
                    this.f = Resource.newResource(this.e);
                    if (!this.f.exists()) {
                        this.s = true;
                        HTAccessHandler.a().warn(new StringBuffer("Could not find ht group file: ").append(this.f).toString(), null, null);
                    } else if (HTAccessHandler.a().isDebugEnabled()) {
                        HTAccessHandler.a().debug(new StringBuffer("group file: ").append(this.f).toString(), null, null);
                    }
                }
            } catch (IOException e) {
                this.s = true;
                HTAccessHandler.a().warn("LogSupport.EXCEPTION", e);
            }
        }

        public boolean isForbidden() {
            return this.s;
        }

        public HashMap getMethods() {
            return this.l;
        }

        public long getLastModified() {
            return this.r;
        }

        public Resource getUserResource() {
            return this.b;
        }

        public Resource getGroupResource() {
            return this.f;
        }

        public int getSatisfy() {
            return this.i;
        }

        public String getName() {
            return this.k;
        }

        public String getType() {
            return this.j;
        }

        public final boolean a(String str, String str2) {
            boolean z = false;
            boolean z2 = false;
            if (this.p.size() == 0 && this.q.size() == 0) {
                return true;
            }
            int i = 0;
            while (true) {
                if (i >= this.p.size()) {
                    break;
                }
                String str3 = (String) this.p.get(i);
                if (str3.equals(AllFilesFileSelector.ROLE_HINT)) {
                    z = true;
                    break;
                }
                char charAt = str3.charAt(0);
                if (charAt < '0' || charAt > '9') {
                    if (str.endsWith(str3)) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    if (str2.startsWith(str3)) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            int i2 = 0;
            while (true) {
                if (i2 >= this.q.size()) {
                    break;
                }
                String str4 = (String) this.q.get(i2);
                if (str4.equals(AllFilesFileSelector.ROLE_HINT)) {
                    z2 = true;
                    break;
                }
                char charAt2 = str4.charAt(0);
                if (charAt2 < '0' || charAt2 > '9') {
                    if (str.endsWith(str4)) {
                        z2 = true;
                        break;
                    }
                    i2++;
                } else {
                    if (str2.startsWith(str4)) {
                        z2 = true;
                        break;
                    }
                    i2++;
                }
            }
            return this.o < 0 ? !z2 || z : z && !z2;
        }

        public final boolean a(String str, String str2, UserRealm userRealm, Request request) {
            if (this.n == null) {
                return true;
            }
            if ((userRealm == null ? null : userRealm.authenticate(str, str2, request)) == null) {
                String a = a(str);
                String crypt = (str == null || str2 == null) ? null : UnixCrypt.crypt(str2, a != null ? a.substring(0, 2) : str);
                if (a == null) {
                    return false;
                }
                if ((a.equals("") && !str2.equals("")) || !a.equals(crypt)) {
                    return false;
                }
            }
            if (this.n.equalsIgnoreCase("user")) {
                return this.m.contains(str);
            }
            if (!this.n.equalsIgnoreCase(XMLReporterConfig.TAG_GROUP)) {
                return this.n.equalsIgnoreCase("valid-user");
            }
            ArrayList b = b(str);
            if (b == null) {
                return false;
            }
            int size = b.size();
            do {
                int i = size;
                size--;
                if (i <= 0) {
                    return false;
                }
            } while (!this.m.contains(b.get(size)));
            return true;
        }

        public boolean isAccessLimited() {
            return this.p.size() > 0 || this.q.size() > 0;
        }

        public boolean isAuthLimited() {
            return this.n != null;
        }

        /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
            jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:30:0x00ea
            	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
            */
        private java.lang.String a(java.lang.String r7) {
            /*
                Method dump skipped, instructions count: 260
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.mortbay.jetty.security.HTAccessHandler.HTAccess.a(java.lang.String):java.lang.String");
        }

        /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
            jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:40:0x0120
            	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
            */
        private java.util.ArrayList b(java.lang.String r7) {
            /*
                Method dump skipped, instructions count: 314
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.mortbay.jetty.security.HTAccessHandler.HTAccess.b(java.lang.String):java.util.ArrayList");
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("AuthUserFile=");
            stringBuffer.append(this.a);
            stringBuffer.append(", AuthGroupFile=");
            stringBuffer.append(this.e);
            stringBuffer.append(", AuthName=");
            stringBuffer.append(this.k);
            stringBuffer.append(", AuthType=");
            stringBuffer.append(this.j);
            stringBuffer.append(", Methods=");
            stringBuffer.append(this.l);
            stringBuffer.append(", satisfy=");
            stringBuffer.append(this.i);
            if (this.o < 0) {
                stringBuffer.append(", order=deny,allow");
            } else if (this.o > 0) {
                stringBuffer.append(", order=allow,deny");
            } else {
                stringBuffer.append(", order=mutual-failure");
            }
            stringBuffer.append(", Allow from=");
            stringBuffer.append(this.p);
            stringBuffer.append(", deny from=");
            stringBuffer.append(this.q);
            stringBuffer.append(", requireName=");
            stringBuffer.append(this.n);
            stringBuffer.append(" ");
            stringBuffer.append(this.m);
            return stringBuffer.toString();
        }

        private void a(BufferedReader bufferedReader) {
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return;
                }
                String trim = readLine.trim();
                if (!trim.startsWith("#")) {
                    if (trim.startsWith("AuthUserFile")) {
                        this.a = trim.substring(13).trim();
                    } else if (trim.startsWith("AuthGroupFile")) {
                        this.e = trim.substring(14).trim();
                    } else if (trim.startsWith("AuthName")) {
                        this.k = trim.substring(8).trim();
                    } else if (trim.startsWith("AuthType")) {
                        this.j = trim.substring(8).trim();
                    } else if (trim.startsWith("<Limit")) {
                        int length = trim.length();
                        int indexOf = trim.indexOf(62);
                        int i = indexOf;
                        if (indexOf < 0) {
                            i = length;
                        }
                        StringTokenizer stringTokenizer = new StringTokenizer(trim.substring(6, i));
                        while (stringTokenizer.hasMoreTokens()) {
                            this.l.put(stringTokenizer.nextToken(), Boolean.TRUE);
                        }
                        while (true) {
                            String readLine2 = bufferedReader.readLine();
                            if (readLine2 != null) {
                                String trim2 = readLine2.trim();
                                if (!trim2.startsWith("#")) {
                                    if (trim2.startsWith("satisfy")) {
                                        int i2 = 7;
                                        int length2 = trim2.length();
                                        while (i2 < length2 && trim2.charAt(i2) <= ' ') {
                                            i2++;
                                        }
                                        int i3 = i2;
                                        while (i3 < length2 && trim2.charAt(i3) > ' ') {
                                            i3++;
                                        }
                                        String substring = trim2.substring(i2, i3);
                                        if (substring.equals(AllFilesFileSelector.ROLE_HINT)) {
                                            this.i = 1;
                                        } else if (substring.equals(SecureActionConfig.ANY)) {
                                            this.i = 0;
                                        }
                                    } else if (trim2.startsWith("require")) {
                                        int i4 = 7;
                                        int length3 = trim2.length();
                                        while (i4 < length3 && trim2.charAt(i4) <= ' ') {
                                            i4++;
                                        }
                                        int i5 = i4;
                                        while (i5 < length3 && trim2.charAt(i5) > ' ') {
                                            i5++;
                                        }
                                        this.n = trim2.substring(i4, i5).toLowerCase();
                                        if ("user".equals(this.n)) {
                                            this.n = "user";
                                        } else if (XMLReporterConfig.TAG_GROUP.equals(this.n)) {
                                            this.n = XMLReporterConfig.TAG_GROUP;
                                        } else if ("valid-user".equals(this.n)) {
                                            this.n = "valid-user";
                                        }
                                        int i6 = i5 + 1;
                                        int i7 = i6;
                                        if (i6 < length3) {
                                            while (i7 < length3 && trim2.charAt(i7) <= ' ') {
                                                i7++;
                                            }
                                            StringTokenizer stringTokenizer2 = new StringTokenizer(trim2.substring(i7));
                                            while (stringTokenizer2.hasMoreTokens()) {
                                                this.m.add(stringTokenizer2.nextToken());
                                            }
                                        }
                                    } else if (trim2.startsWith("order")) {
                                        if (HTAccessHandler.a().isDebugEnabled()) {
                                            HTAccessHandler.a().debug(new StringBuffer("orderline=").append(trim2).append("order=").append(this.o).toString(), null, null);
                                        }
                                        if (trim2.indexOf("allow,deny") > 0) {
                                            HTAccessHandler.a().debug("==>allow+deny", null, null);
                                            this.o = 1;
                                        } else if (trim2.indexOf("deny,allow") > 0) {
                                            HTAccessHandler.a().debug("==>deny,allow", null, null);
                                            this.o = -1;
                                        } else if (trim2.indexOf("mutual-failure") > 0) {
                                            HTAccessHandler.a().debug("==>mutual", null, null);
                                            this.o = 0;
                                        }
                                    } else if (trim2.startsWith("allow from")) {
                                        int i8 = 10;
                                        int length4 = trim2.length();
                                        while (i8 < length4 && trim2.charAt(i8) <= ' ') {
                                            i8++;
                                        }
                                        if (HTAccessHandler.a().isDebugEnabled()) {
                                            HTAccessHandler.a().debug(new StringBuffer("allow process:").append(trim2.substring(i8)).toString(), null, null);
                                        }
                                        StringTokenizer stringTokenizer3 = new StringTokenizer(trim2.substring(i8));
                                        while (stringTokenizer3.hasMoreTokens()) {
                                            this.p.add(stringTokenizer3.nextToken());
                                        }
                                    } else if (trim2.startsWith("deny from")) {
                                        int i9 = 9;
                                        int length5 = trim2.length();
                                        while (i9 < length5 && trim2.charAt(i9) <= ' ') {
                                            i9++;
                                        }
                                        if (HTAccessHandler.a().isDebugEnabled()) {
                                            HTAccessHandler.a().debug(new StringBuffer("deny process:").append(trim2.substring(i9)).toString(), null, null);
                                        }
                                        StringTokenizer stringTokenizer4 = new StringTokenizer(trim2.substring(i9));
                                        while (stringTokenizer4.hasMoreTokens()) {
                                            this.q.add(stringTokenizer4.nextToken());
                                        }
                                    } else if (trim2.startsWith("</Limit>")) {
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    @Override // org.mortbay.jetty.security.SecurityHandler, org.mortbay.jetty.handler.HandlerWrapper, org.mortbay.jetty.Handler
    public void handle(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        Request request = httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpConnection.getCurrentConnection().getRequest();
        Response response = httpServletResponse instanceof Response ? (Response) httpServletResponse : HttpConnection.getCurrentConnection().getResponse();
        String str2 = null;
        String str3 = null;
        if (b.isDebugEnabled()) {
            b.debug(new StringBuffer("HTAccessHandler pathInContext=").append(str).toString(), null, null);
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            String decode = B64Code.decode(header.substring(header.indexOf(32) + 1), StringUtil.__ISO_8859_1);
            int indexOf = decode.indexOf(58);
            str2 = decode.substring(0, indexOf);
            str3 = decode.substring(indexOf + 1);
            if (b.isDebugEnabled()) {
                b.debug(new StringBuffer("User=").append(str2).append(", password=").append("******************************".substring(0, str3.length())).toString(), null, null);
            }
        }
        try {
            Resource resource = null;
            String parentPath = str.endsWith(URIUtil.SLASH) ? str : URIUtil.parentPath(str);
            while (true) {
                String str4 = parentPath;
                if (parentPath == null) {
                    break;
                }
                resource = ((ContextHandler) getProtegee()).getResource(new StringBuffer().append(str4).append(this.d).toString());
                if (b.isDebugEnabled()) {
                    b.debug(new StringBuffer("directory=").append(str4).append(" resource=").append(resource).toString(), null, null);
                }
                if (resource != null && resource.exists() && !resource.isDirectory()) {
                    break;
                }
                resource = null;
                parentPath = URIUtil.parentPath(str4);
            }
            boolean z = true;
            if (resource == null && this.c != null) {
                Resource newResource = Resource.newResource(this.c);
                resource = newResource;
                if (!newResource.exists() || resource.isDirectory()) {
                    z = false;
                }
            }
            if (resource == null) {
                z = false;
            }
            if (str.endsWith(this.d) || str.endsWith(new StringBuffer().append(this.d).append("~").toString()) || str.endsWith(new StringBuffer().append(this.d).append(".bak").toString())) {
                httpServletResponse.sendError(403);
                request.setHandled(true);
                return;
            }
            if (z) {
                if (b.isDebugEnabled()) {
                    b.debug(new StringBuffer("HTACCESS=").append(resource).toString(), null, null);
                }
                HTAccess hTAccess = (HTAccess) this.e.get(resource);
                HTAccess hTAccess2 = hTAccess;
                if (hTAccess == null || hTAccess2.getLastModified() != resource.lastModified()) {
                    hTAccess2 = new HTAccess(resource);
                    this.e.put(resource, hTAccess2);
                    if (b.isDebugEnabled()) {
                        b.debug(new StringBuffer("HTCache loaded ").append(hTAccess2).toString(), null, null);
                    }
                }
                if (hTAccess2.isForbidden()) {
                    b.warn(new StringBuffer("Mis-configured htaccess: ").append(hTAccess2).toString(), null, null);
                    httpServletResponse.sendError(403);
                    request.setHandled(true);
                    return;
                }
                HashMap methods = hTAccess2.getMethods();
                if (methods.size() > 0 && !methods.containsKey(httpServletRequest.getMethod())) {
                    return;
                }
                int satisfy = hTAccess2.getSatisfy();
                boolean a = hTAccess2.a("", httpServletRequest.getRemoteAddr());
                if (b.isDebugEnabled()) {
                    b.debug(new StringBuffer("IPValid = ").append(a).toString(), null, null);
                }
                if (a && satisfy == 0) {
                    return;
                }
                if (!a && satisfy == 1) {
                    httpServletResponse.sendError(403);
                    request.setHandled(true);
                    return;
                } else {
                    if (!hTAccess2.a(str2, str3, getUserRealm(), request)) {
                        b.debug("Auth Failed", null, null);
                        httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer("basic realm=").append(hTAccess2.getName()).toString());
                        httpServletResponse.sendError(401);
                        response.complete();
                        request.setHandled(true);
                        return;
                    }
                    if (str2 != null) {
                        request.setAuthType("BASIC");
                        request.setUserPrincipal(getPrincipal(str2, getUserRealm()));
                    }
                }
            }
            if (getHandler() != null) {
                getHandler().handle(str, httpServletRequest, httpServletResponse, i);
            }
        } catch (Exception e) {
            b.warn("Exception", e);
            if (0 != 0) {
                httpServletResponse.sendError(500);
                request.setHandled(true);
            }
        }
    }

    public Principal getPrincipal(String str, UserRealm userRealm) {
        return userRealm == null ? new DummyPrincipal(this, str) : userRealm.getPrincipal(str);
    }

    public void setDefault(String str) {
        this.c = str;
    }

    public void setAccessFile(String str) {
        if (str == null) {
            this.d = ".htaccess";
        } else {
            this.d = str;
        }
    }

    protected Handler getProtegee() {
        return this.a;
    }

    public void setProtegee(Handler handler) {
        this.a = handler;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static Logger a() {
        return b;
    }

    static {
        Class cls;
        if (f == null) {
            cls = class$("org.mortbay.jetty.security.HTAccessHandler");
            f = cls;
        } else {
            cls = f;
        }
        b = Log.getLogger(cls.getName());
    }
}
