package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.deploy.DeployedModule;
import com.ibm.ws.security.audit.AuditHandlerImpl;
import com.ibm.ws.security.audit.AuditServiceImpl;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.Identity;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.authorize.WSPolicyContextHandlerImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.AccessException;
import com.ibm.ws.security.core.AccessManager;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.PermissionRoleMap;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.ws.security.core.WSPrincipal;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.WCCMHelper;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.util.WSUtil;
import com.ibm.ws.webcontainer.metadata.WebComponentMetaData;
import com.ibm.ws.webcontainer.srt.IPrivateRequestAttributes;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.J2EEAuditEventFactory;
import com.ibm.wsspi.security.auth.callback.WSCallbackHandlerFactory;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpUtils;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.common.SecurityRoleRef;
import org.eclipse.jst.j2ee.internal.web.operations.IWebToolingConstants;
import org.eclipse.jst.j2ee.webapplication.WebApp;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/security/web/WebCollaborator.class */
public abstract class WebCollaborator {
    private static final String nullString = "";
    public static final String pnWebServer = "$webServer";
    public static final String pnVirtualHost = "$virtualHost";
    public static final String pnRemoteHost = "$remoteHost";
    public static final String pnUri = "$uri";
    public static final String pnMethod = "$method";
    public static final String pnIsSSL = "$isSSL";
    public static final String pnCertificate = "$certificate";
    public static final String pnCipher = "$cipher";
    public static final String pnAuthorization = "Authorization";
    public static final String pnCookie = "Cookie";
    private static final TraceComponent tc;
    protected boolean securityEnabled;
    protected static WebAuthenticator authenticator;
    protected static ContextManager contextManager;
    protected static final int PUBLIC = 0;
    protected static final int ACCESSID = 1;
    protected static final int GROUPID = 2;
    private static Object _lockObject;
    private static boolean custom_auth_mech;
    private static String custom_jaas_config;
    private static TrustAssociationManager taManager;
    private static AuthCache cache;
    private static WSCallbackHandlerFactory cbkFactory;
    private WebAttributes webSecAttrs;
    private static AuditHandlerImpl auditHandler;
    private static J2EEAuditEventFactory auditFactory;
    private static final String providerName = "WebSphere";
    private static final boolean providerSuccess = true;
    private static String[] jaccHandlerKeyArray;
    private static WSPolicyContextHandlerImpl wpch;
    private static boolean initialized;
    private static boolean persistCred;
    private static boolean alwaysLogin;
    private static final String PERSIST_CRED = "persisting";
    private static final String ALWAYS_LOGIN = "always";
    static Class class$com$ibm$ws$security$web$WebCollaborator;
    private static final String[] nullStringArray = new String[0];
    protected static WebReply PERMIT_REPLY = new PermitReply();
    protected static WebReply DENY_AUTHZ_FAILED = new DenyReply("AuthorizationFailed");
    protected static WebReply DENY_AUTHN_FAILED = new DenyReply("AuthenticationFailed");
    protected static WebReply DENY_CONFIG_ERROR = new DenyReply("Configuration error");
    protected AccessManager authorizer = null;
    protected boolean authDone = false;
    private WebAppCache webCache = null;
    private ArrayList adminAppList = null;

    protected abstract WebAppCache getWebCache();

    public WebCollaborator() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        initialize();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public void createAuthorizationManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthorizationManager");
        }
        this.authorizer = new WebAccessManager();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAuthorizationManager");
        }
    }

    public void initialize() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize");
        }
        this.securityEnabled = false;
        try {
            this.securityEnabled = SecurityContext.isSecurityEnabled();
            if (this.securityEnabled && !initialized) {
                contextManager = ContextManagerFactory.getInstance();
                if (((String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism")).equals(SecurityConfig.AUTH_MECHANISM_SWAM)) {
                    custom_jaas_config = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundLoginConfig");
                } else {
                    taManager = TrustAssociationManager.getInstance();
                    cache = AuthCache.getInstance();
                    custom_jaas_config = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundLoginConfig");
                    String str = (String) SecurityConfig.getConfig().getValue("security.enablePluggableAuthentication");
                    if (str.equalsIgnoreCase("true") || str.equalsIgnoreCase("yes")) {
                        custom_auth_mech = true;
                    }
                }
                AuditServiceImpl auditServiceImpl = (AuditServiceImpl) AuditServiceImpl.getAuditService();
                if (auditServiceImpl != null) {
                    auditHandler = (AuditHandlerImpl) auditServiceImpl.newAuditHandler("WAS.security", "WAS.security");
                    if (auditHandler != null) {
                        auditFactory = (J2EEAuditEventFactory) auditHandler.getAuditEventFactory(CommonConstants.AUDIT_J2EE_FACTORY_NAME);
                    }
                    if (auditFactory != null && !Class.forName("com.ibm.wsspi.security.audit.J2EEAuditEventFactory").isInstance(auditFactory)) {
                        auditFactory = null;
                    }
                }
                authenticator = WebAuthenticator.create(custom_jaas_config, auditHandler, auditFactory);
                if (SecurityConfig.isJACCEnabled()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting the PolicyContextHandlers for JACCfor web.");
                    }
                    jaccHandlerKeyArray = new String[]{CommonConstants.JACC_SUBJECT_KEY, "javax.servlet.http.HttpServletRequest"};
                    wpch = WSPolicyContextHandlerImpl.getInstance();
                }
                String str2 = (String) SecurityConfig.getConfig().getValue("com.ibm.wsspi.security.web.webAuthReq");
                if (str2 != null) {
                    if (str2.equalsIgnoreCase(PERSIST_CRED)) {
                        persistCred = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Persist authenticated credential even URI is not protected.");
                        }
                    }
                    if (str2.equalsIgnoreCase("always")) {
                        alwaysLogin = true;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "always set credential on executed thread regardless authorization.");
                        }
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.initialize", "335", this);
            if (this.securityEnabled) {
                Tr.error(tc, "security.web.initerror");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "initialize", new Object[]{e});
            }
        }
        initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    public void addWebApp(String str, String str2, WebApp webApp, DeployedModule deployedModule) throws WebSecurityConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addWebApp", new Object[]{str, str2, webApp});
        }
        if (this.webCache == null) {
            this.webCache = getWebCache();
        }
        try {
            this.webCache.addWebApp(str, str2, webApp, deployedModule);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addWebApp");
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.web.WebCollaborator.addWebApp", "371", this);
            WebSecurityConfigException webSecurityConfigException = new WebSecurityConfigException(th.getMessage(), null);
            webSecurityConfigException.initCause(th);
            if (tc.isEventEnabled()) {
                Tr.debug(tc, "addWebApp excption", webSecurityConfigException);
            }
            throw webSecurityConfigException;
        }
    }

    private boolean isAdminApp(String str) {
        return WSAccessManager.checkIfAdminApp(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WebReply authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z, String str2) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authorize", new Object[]{httpServletRequest, httpServletResponse, str, new Boolean(z), str2});
        }
        if (auditHandler != null) {
            auditHandler.setAppName(null);
        }
        WebReply webReply = null;
        AuthenticationResult authenticationResult = null;
        Subject subject = null;
        ArrayList arrayList = null;
        String str3 = "???";
        boolean z2 = false;
        String uri = getURI(httpServletRequest);
        if (uri == null || uri.length() == 0) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize: throw WebSecurityException");
            }
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 4)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.DENIED, AuditOutcome.INVALID_RESOURCE, httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, httpServletRequest.getMethod(), providerName, true, "security.audit.service.bad.uri.denied.audit", null);
            }
            return new DenyReply("Invalid URI passed to Security Collaborator.");
        }
        String method = httpServletRequest.getMethod();
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str2, str);
        WebAttributes webAttributes = null;
        if (webAccessContext != null) {
            webAttributes = webAccessContext.getWebAttributes();
        }
        if (!httpServletRequest.isSecure()) {
            webReply = checkDataConstraints(webAccessContext, uri, method, httpServletRequest);
            if (webReply != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize: ", webReply);
                }
                return webReply;
            }
        }
        if (webAttributes != null && (persistCred || alwaysLogin)) {
            z2 = true;
            authenticationResult = SetAuthenticatedSubjectIfNeeded(webAttributes, httpServletRequest, httpServletResponse);
            if (alwaysLogin) {
                webReply = handleAlwaysLogin(authenticationResult, webAttributes, uri, method);
            }
            if (webReply != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize", webReply);
                }
                return webReply;
            }
        }
        WebReply validSecAttrs = validSecAttrs(str, uri, method, false, str2);
        if (validSecAttrs != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize: ", validSecAttrs);
            }
            return validSecAttrs;
        }
        if (webAccessContext.getEnterpriseAppName() != null) {
            if (auditHandler != null) {
                auditHandler.setAppName(webAccessContext.getEnterpriseAppName());
            }
        } else if (auditHandler != null) {
            auditHandler.setAppName(webAccessContext.getWebAppName());
        }
        if (unsupportedAuthMech(webAttributes)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Digest Authentication Mechanism is used and is not supported : sending DenyReply response");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize: ");
            }
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 4)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.DENIED, AuditOutcome.UNSUPPORTED_AUTHN_MECH, httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, httpServletRequest.getMethod(), providerName, true, "security.audit.service.unsupported.auth.mechanism.audit", new Object[]{webAttributes.getChallengeType()});
            }
            return new DenyReply("Authentication Failed : DIGEST not supported");
        }
        SecurityRole[] requiredRoles = getRequiredRoles(webAccessContext, uri, method);
        if (requiredRoles == PermissionRoleMap.NO_REQUIRED_ROLES) {
            WebReply webReply2 = PERMIT_REPLY;
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer("No required roles for ");
                stringBuffer.append(uri).append(".").append(method);
                Tr.debug(tc, stringBuffer.toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize", webReply2);
            }
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 0)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, httpServletRequest.getMethod(), providerName, true, "security.audit.service.no.auth.constraint.audit", null);
            }
            return webReply2;
        }
        if (this.authorizer.isEveryoneGranted(webAccessContext, requiredRoles)) {
            WebReply webReply3 = PERMIT_REPLY;
            if (tc.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("Unprotected URI is ");
                stringBuffer2.append(uri).append(".").append(method);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, stringBuffer2.toString());
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize", webReply3);
            }
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 0)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, httpServletRequest.getMethod(), providerName, true, "security.audit.service.everyone.audit", null);
            }
            return webReply3;
        }
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer3 = new StringBuffer("URI -  ");
            stringBuffer3.append(uri).append(".").append(method).append(" is protected");
            Tr.debug(tc, stringBuffer3.toString());
        }
        Subject subject2 = null;
        try {
            subject2 = contextManager.getCallerSubject();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Saving previous subject ").append(subject2).toString());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.authorize", "614", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred when trying to get initial Caller Subject ");
            }
        }
        if (z) {
            if (!z2) {
                authenticationResult = authenticator.authenticate(webAttributes, httpServletRequest, httpServletResponse);
            }
            if (authenticationResult == null) {
                Tr.error(tc, "authResult is null");
                return DENY_AUTHN_FAILED;
            }
            WebReply checkAuthStatus = checkAuthStatus(authenticationResult, webAttributes);
            if (checkAuthStatus != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize", checkAuthStatus);
                }
                return checkAuthStatus;
            }
            subject = authenticationResult.getSubject();
            arrayList = authenticationResult.getCookies();
            str3 = authenticationResult.getUserName();
            if (!z2) {
                try {
                    contextManager.setCallerSubject(subject);
                } catch (Exception e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.authorize", "657", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred when setting credentials for 'current'. ");
                    }
                }
            }
        } else {
            try {
                Subject callerSubject = contextManager.getCallerSubject();
                if (callerSubject != null) {
                    subject = callerSubject;
                }
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "670", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid credentials retrieved from security  'current'.");
                }
            }
        }
        boolean z3 = false;
        try {
            checkAuthorization(webAccessContext, requiredRoles, subject);
            z3 = true;
        } catch (AccessException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "692", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("checkAuthorization() failed, here is the message in the exception: ").append(e4.getMessage()).toString());
            }
            Tr.audit(tc, "security.web.authz.failed.foruser", new Object[]{str3, method, new StringBuffer().append(str).append(uri).toString(), e4.getMessage()});
            try {
                contextManager.setCallerSubject(subject2);
            } catch (Exception e5) {
                FFDCFilter.processException(e5, "com.ibm.ws.security.web.WebCollaborator.authorize", "701", this);
            }
        }
        if (z3) {
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(1, 0)) {
                auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, method, providerName, true, subject, "security.audit.authz.success.audit", null);
            }
        } else if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(1, 4)) {
            auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.DENIED, "DENIED", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, method, providerName, true, subject, "security.audit.authz.denied.audit", null);
        }
        WebReply createReply = createReply(z3, uri, arrayList);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "authorize", createReply);
        }
        return createReply;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WebReply authorizeForJACC(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z, String str2, String str3) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authorizeForJACC");
        }
        if (isAdminApp(str3)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("authorizeForJACC: app is an adminApp: ").append(str3).toString());
            }
            return authorize(httpServletRequest, httpServletResponse, str, z, str3);
        }
        WebReply webReply = null;
        String uri = getURI(httpServletRequest);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("URI resolved is: ").append(uri).toString());
        }
        String method = httpServletRequest.getMethod();
        String[] strArr = {method};
        boolean z2 = false;
        Subject subject = null;
        ArrayList arrayList = null;
        String str4 = "???";
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str3, str);
        WebAttributes webAttributes = null;
        if (webAccessContext != null) {
            webAttributes = webAccessContext.getWebAttributes();
        }
        AuthenticationResult authenticationResult = null;
        StringBuffer stringBuffer = new StringBuffer(WSAccessManager.getContextID(str3));
        if (stringBuffer == null) {
            throw new WebSecurityException(new StringBuffer().append("Cannot get the contextID for application: ").append(str3).toString(), new DenyReply(new StringBuffer().append("Cannot get the contextID for application: ").append(str3).toString()));
        }
        stringBuffer.append("/").append(str2);
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("contextID = ").append(stringBuffer2).toString());
        }
        if (!httpServletRequest.isSecure() && !checkDataConstraints(stringBuffer2, httpServletRequest, new WebUserDataPermission(uri, strArr, null))) {
            webReply = getRedirectURL(httpServletRequest, uri, method);
            if (webReply != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorizeForJACC: ", webReply);
                }
                return webReply;
            }
        }
        if (webAttributes != null && (persistCred || alwaysLogin)) {
            z2 = true;
            authenticationResult = SetAuthenticatedSubjectIfNeeded(webAttributes, httpServletRequest, httpServletResponse);
            if (alwaysLogin) {
                webReply = handleAlwaysLogin(authenticationResult, webAttributes, uri, method);
            }
            if (webReply != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize", webReply);
                }
                return webReply;
            }
        }
        WebReply validSecAttrs = validSecAttrs(str, uri, method, true, str3);
        if (validSecAttrs != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorizeForJACC: ", validSecAttrs);
            }
            return validSecAttrs;
        }
        if (httpServletRequest.isSecure()) {
            WebUserDataPermission webUserDataPermission = new WebUserDataPermission(uri, strArr, "CONFIDENTIAL");
            if (!checkDataConstraints(stringBuffer2, httpServletRequest, webUserDataPermission)) {
                WebReply webReply2 = DENY_AUTHZ_FAILED;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("WebUserDataPermission: ").append(webUserDataPermission).append(" is Excluded.").toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorizeForJACC: ", webReply2);
                }
                return webReply2;
            }
        }
        WebResourcePermission webResourcePermission = new WebResourcePermission(uri, strArr);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("preAuthorize: WebResourcePermission = ").append(webResourcePermission).toString());
        }
        if (checkJaccAccess(webResourcePermission, stringBuffer2, httpServletRequest, null, null, method)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("preAuthorize is true for web: ").append(uri).append(". exit value true").toString());
            }
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 0)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, httpServletRequest.getMethod(), providerName, true, "security.audit.service.everyone.audit", null);
            }
            return PERMIT_REPLY;
        }
        if (z) {
            if (!z2) {
                authenticationResult = authenticator.authenticate(webAttributes, httpServletRequest, httpServletResponse);
            }
            if (authenticationResult == null) {
                Tr.error(tc, "authResult is null");
                return DENY_AUTHN_FAILED;
            }
            WebReply checkAuthStatus = checkAuthStatus(authenticationResult, webAttributes);
            if (checkAuthStatus != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorizeForJACC", checkAuthStatus);
                }
                return checkAuthStatus;
            }
            subject = authenticationResult.getSubject();
            arrayList = authenticationResult.getCookies();
            str4 = authenticationResult.getUserName();
            if (!z2) {
                try {
                    contextManager.setCallerSubject(subject);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.authorize", "905", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred when setting credentials for 'current'. ");
                    }
                }
            }
        } else {
            try {
                Subject callerSubject = contextManager.getCallerSubject();
                if (callerSubject != null) {
                    subject = callerSubject;
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.authorize", "918", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid credentials retrieved from security  'current'.");
                }
            }
        }
        boolean checkJaccAccess = checkJaccAccess(webResourcePermission, stringBuffer2, httpServletRequest, subject, str4, method);
        if (checkJaccAccess) {
            if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(1, 0)) {
                auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, method, providerName, true, subject, "security.audit.authz.success.audit", null);
            }
        } else if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(1, 4)) {
            auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.DENIED, "DENIED", httpServletRequest.getSession().getId(), null, uri, J2EEAuditEventFactory.WEB, method, providerName, true, subject, "security.audit.authz.denied.audit", null);
        }
        WebReply createReply = createReply(checkJaccAccess, uri, arrayList);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "authorizeForJACC", createReply);
        }
        return createReply;
    }

    private boolean checkJaccAccess(WebResourcePermission webResourcePermission, String str, HttpServletRequest httpServletRequest, Subject subject, String str2, String str3) {
        boolean z = false;
        try {
            try {
                HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str, hashMap, subject, httpServletRequest, webResourcePermission) { // from class: com.ibm.ws.security.web.WebCollaborator.1
                    private final String val$contextID;
                    private final HashMap val$handlerObjects;
                    private final Subject val$jaccSubject;
                    private final HttpServletRequest val$req;
                    private final WebResourcePermission val$webPerm;
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                        this.val$contextID = str;
                        this.val$handlerObjects = hashMap;
                        this.val$jaccSubject = subject;
                        this.val$req = httpServletRequest;
                        this.val$webPerm = webResourcePermission;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(this.val$contextID);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        this.val$handlerObjects.put(WebCollaborator.jaccHandlerKeyArray[0], this.val$jaccSubject);
                        this.val$handlerObjects.put(WebCollaborator.jaccHandlerKeyArray[1], this.val$req);
                        ProtectionDomain nullProtectionDomain = (this.val$jaccSubject == null || this.val$jaccSubject.getPrincipals().size() <= 0) ? SecurityConfig.getNullProtectionDomain() : new ProtectionDomain(SecurityConfig.getNullCodeSource(), null, null, (Principal[]) this.val$jaccSubject.getPrincipals().toArray(new Principal[this.val$jaccSubject.getPrincipals().size()]));
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(this.val$handlerObjects);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(nullProtectionDomain, this.val$webPerm));
                    }
                })).booleanValue();
                if (tc.isDebugEnabled()) {
                    if (z) {
                        if (subject == null) {
                            Tr.debug(tc, "hasAccess is true for web during preauthorize");
                        } else {
                            Tr.debug(tc, "hasAccess is true for web during authorize");
                        }
                    } else if (subject == null) {
                        Tr.debug(tc, "hasAccess is false for web during preauthorize");
                    } else {
                        Tr.debug(tc, "hasAccess is false for web during authorize");
                    }
                }
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.2
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } finally {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.2
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e2).toString());
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.authorize", "1036", this);
                }
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "1020", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("checkAuthorization() failed with the exception: ").append(e3).toString());
            }
            Tr.audit(tc, "security.web.authz.failed.foruser", new Object[]{str2, str3, str, e3.getMessage()});
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.2
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e4).toString());
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "1036", this);
            }
        }
        return z;
    }

    protected boolean checkDataConstraints(String str, HttpServletRequest httpServletRequest, WebUserDataPermission webUserDataPermission) throws WebSecurityException {
        boolean z;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkConstraints");
        }
        try {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("WebUserDataPermission = ").append(webUserDataPermission).toString());
                }
                HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(this, str, hashMap, httpServletRequest, webUserDataPermission) { // from class: com.ibm.ws.security.web.WebCollaborator.3
                    private final String val$contextID;
                    private final HashMap val$handlerObjects;
                    private final HttpServletRequest val$httpRequest;
                    private final WebUserDataPermission val$webUDPerm;
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                        this.val$contextID = str;
                        this.val$handlerObjects = hashMap;
                        this.val$httpRequest = httpServletRequest;
                        this.val$webUDPerm = webUserDataPermission;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(this.val$contextID);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        this.val$handlerObjects.put(WebCollaborator.jaccHandlerKeyArray[1], this.val$httpRequest);
                        ProtectionDomain nullProtectionDomain = SecurityConfig.getNullProtectionDomain();
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(this.val$handlerObjects);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(nullProtectionDomain, this.val$webUDPerm));
                    }
                })).booleanValue();
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.4
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.checkDataConstraints", "1107", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Exception during checkDataConstraints call: ").append(e2).toString());
                }
                Tr.audit(tc, "security.web.authz.checkdataconstraint.failed", new Object[]{str, e2});
                z = false;
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.4
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e3).toString());
                    }
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "1124", this);
                }
            }
            if (tc.isDebugEnabled()) {
                if (z) {
                    Tr.debug(tc, "hasUserDataJaccAccess is true for web");
                } else {
                    Tr.debug(tc, "hasUserDataJaccAccess is false for web");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkConstraints", String.valueOf(z));
            }
            return z;
        } finally {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.4
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e4).toString());
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "1124", this);
            }
        }
    }

    private boolean isSSLRequired(WebAccessContext webAccessContext, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSSLRequired");
        }
        return webAccessContext.getConstraints().isSSLRequired(webAccessContext, new WebAccessPermission(str, str2));
    }

    protected SecurityRole[] getRequiredRoles(WebAccessContext webAccessContext, String str, String str2) {
        return webAccessContext.getConstraints().getRequiredRoles(webAccessContext, new WebAccessPermission(str, str2));
    }

    protected void checkAuthorization(WebAccessContext webAccessContext, String str, String str2, Subject subject) throws AccessException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAuthorization");
        }
        if (!this.securityEnabled) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization");
            }
            if (auditFactory == null || !auditFactory.isActive(1, 0)) {
                return;
            }
            auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str, J2EEAuditEventFactory.WEB, str2, providerName, true, subject, "security.audit.authz.disabled.audit", null);
            return;
        }
        try {
            this.authorizer.checkAccess(webAccessContext, str, str2, new WSPrincipal(subject));
            if (auditFactory != null && auditFactory.isActive(1, 0)) {
                auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str, J2EEAuditEventFactory.WEB, str2, providerName, true, subject, "security.audit.authz.success.audit", null);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization");
            }
        } catch (AccessException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.checkAuthorization", "1247", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization: throw AccessException");
            }
            if (auditFactory != null && auditFactory.isActive(1, 4)) {
                auditFactory.sendAuthzAuditEvent(auditHandler, AuditOutcome.DENIED, "DENIED", null, e, str, J2EEAuditEventFactory.WEB, str2, providerName, true, subject, "security.audit.authz.denied.audit", null);
            }
            throw e;
        }
    }

    protected void checkAuthorization(WebAccessContext webAccessContext, SecurityRole[] securityRoleArr, Subject subject) throws AccessException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkAuthorization");
        }
        if (this.securityEnabled) {
            if (this.authorizer.isGrantedAnyRole(webAccessContext, securityRoleArr, subject)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthorization");
                    return;
                }
                return;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkAuthorization: throw AccessException");
            }
            StringBuffer stringBuffer = new StringBuffer(128);
            stringBuffer.append("Authorization failed, Not granted any of the required roles: ");
            for (SecurityRole securityRole : securityRoleArr) {
                stringBuffer.append(securityRole.getRoleName()).append(" ");
            }
            throw new AccessException(stringBuffer.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkAuthorization");
        }
    }

    protected String getCookieValue(String str, String str2) {
        String nextToken;
        int indexOf;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str2);
        }
        if (str == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getCookieValue", "no cookie");
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",;");
        while (stringTokenizer.hasMoreElements() && (indexOf = (nextToken = stringTokenizer.nextToken()).indexOf("=")) != 0 && indexOf != nextToken.length()) {
            String trim = nextToken.substring(0, indexOf).trim();
            if (trim.equals(str2) || trim.charAt(0) != '$') {
                String substring = nextToken.substring(indexOf + 1);
                if (substring.startsWith("\"") && substring.endsWith("\"")) {
                    substring = substring.substring(1, substring.length() - 1);
                }
                if (trim.charAt(0) == '$') {
                    if (trim.equalsIgnoreCase("$Version")) {
                        Integer.parseInt(substring);
                    } else if (!trim.equalsIgnoreCase("$Domain") && trim.equalsIgnoreCase("$Path")) {
                    }
                } else if (trim.equalsIgnoreCase(str2)) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getCookieValue", substring);
                    }
                    return substring;
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getCookieValue: null");
        return null;
    }

    private String getCookieValue(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str);
        }
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValue", str2);
        }
        return str2;
    }

    public boolean isUserInRole(String str, String str2, String str3, HttpServletRequest httpServletRequest) {
        if (!SecurityConfig.isJACCEnabled()) {
            return isUserInRole(str, str2, str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUserInRoleForJACC");
        }
        Subject subject = null;
        boolean z = false;
        if (this.securityEnabled) {
            try {
                WebComponentMetaData componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
                Subject callerSubject = contextManager.getCallerSubject();
                if (callerSubject != null) {
                    subject = callerSubject;
                }
                new StringBuffer().append(str3).append(":").append(str2).toString();
                if (componentMetaData != null) {
                    String moduleName = componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
                    String name = componentMetaData.getModuleMetaData().getApplicationMetaData().getName();
                    if (isAdminApp(name)) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, new StringBuffer().append("isUserInRoleForJACC: The app is an adminApp: ").append(name).toString());
                        }
                        return isUserInRole(str, str2, str3);
                    }
                    SecurityMetaData securityMetaData = (SecurityMetaData) componentMetaData.getSecurityMetaData();
                    String str4 = null;
                    if (securityMetaData != null) {
                        str4 = securityMetaData.getServletName();
                    }
                    try {
                        z = str4 != null ? checkJaccUserInRolePerm(str4, str, name, moduleName, subject, httpServletRequest) : checkJaccUserInRolePerm("", str, name, moduleName, subject, httpServletRequest);
                    } catch (Exception e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "1487", this);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception: ", e);
                        }
                        z = false;
                    }
                    if (tc.isDebugEnabled()) {
                        if (z) {
                            Tr.debug(tc, "hasJaccAccess is true for web role ref");
                        } else {
                            Tr.debug(tc, "hasJaccAccess is false for web role ref");
                        }
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "1502", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception: ", e2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isUserInRoleForJACC", String.valueOf(z));
        }
        return z;
    }

    private boolean checkJaccUserInRolePerm(String str, String str2, String str3, String str4, Subject subject, HttpServletRequest httpServletRequest) {
        boolean z;
        StringBuffer stringBuffer = new StringBuffer(WSAccessManager.getContextID(str3));
        if (stringBuffer == null) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, new StringBuffer().append("Cannot get the contextID for application: ").append(str3).append(". Returning false.").toString());
            return false;
        }
        stringBuffer.append("/").append(str4);
        String stringBuffer2 = stringBuffer.toString();
        try {
            try {
                WebRoleRefPermission webRoleRefPermission = new WebRoleRefPermission(str, str2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("WebRoleRefPermission = ").append(webRoleRefPermission).toString());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("contextID: ").append(stringBuffer2).toString());
                }
                HashMap hashMap = new HashMap();
                new Boolean(false);
                z = ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction(this, stringBuffer2, hashMap, subject, httpServletRequest, webRoleRefPermission) { // from class: com.ibm.ws.security.web.WebCollaborator.5
                    private final String val$contextID;
                    private final HashMap val$handlerObjects;
                    private final Subject val$jaccSubject;
                    private final HttpServletRequest val$httpRequest;
                    private final WebRoleRefPermission val$webRolePerm;
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                        this.val$contextID = stringBuffer2;
                        this.val$handlerObjects = hashMap;
                        this.val$jaccSubject = subject;
                        this.val$httpRequest = httpServletRequest;
                        this.val$webRolePerm = webRoleRefPermission;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PolicyContextException {
                        PolicyContext.setContextID(this.val$contextID);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Registering JACC context handlers");
                        }
                        for (int i = 0; i < WebCollaborator.jaccHandlerKeyArray.length; i++) {
                            PolicyContext.registerHandler(WebCollaborator.jaccHandlerKeyArray[i], WebCollaborator.wpch, true);
                        }
                        this.val$handlerObjects.put(WebCollaborator.jaccHandlerKeyArray[0], this.val$jaccSubject);
                        this.val$handlerObjects.put(WebCollaborator.jaccHandlerKeyArray[1], this.val$httpRequest);
                        ProtectionDomain nullProtectionDomain = (this.val$jaccSubject == null || this.val$jaccSubject.getPrincipals().size() <= 0) ? SecurityConfig.getNullProtectionDomain() : new ProtectionDomain(SecurityConfig.getNullCodeSource(), null, null, (Principal[]) this.val$jaccSubject.getPrincipals().toArray(new Principal[this.val$jaccSubject.getPrincipals().size()]));
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Setting JACC handler data");
                        }
                        PolicyContext.setHandlerData(this.val$handlerObjects);
                        if (WebCollaborator.tc.isDebugEnabled()) {
                            Tr.debug(WebCollaborator.tc, "Calling JACC implies");
                        }
                        return new Boolean(Policy.getPolicy().implies(nullProtectionDomain, this.val$webRolePerm));
                    }
                })).booleanValue();
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.6
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e) {
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security. web.WebCollaborator.checkUserInRole", "1582", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Exception during isUserInRolecall: ").append(e2).toString());
                }
                Tr.audit(tc, "security.web.authz.isuserinrole.failed", new Object[]{stringBuffer2, e2});
                z = false;
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.6
                        private final WebCollaborator this$0;

                        {
                            this.this$0 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() {
                            PolicyContext.setHandlerData(null);
                            return null;
                        }
                    });
                } catch (Exception e3) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e3).toString());
                    }
                    FFDCFilter.processException(e3, "com.ibm.ws.security.web.WebCollaborator.authorize", "1600", this);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isUserInRole", String.valueOf(z));
            }
            return z;
        } finally {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: com.ibm.ws.security.web.WebCollaborator.6
                    private final WebCollaborator this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() {
                        PolicyContext.setHandlerData(null);
                        return null;
                    }
                });
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Exception when setting setHandler data: ").append(e4).toString());
                }
                FFDCFilter.processException(e4, "com.ibm.ws.security.web.WebCollaborator.authorize", "1600", this);
            }
        }
    }

    protected static IPrivateRequestAttributes getPrivateAttributes(HttpServletRequest httpServletRequest) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateAttributes");
        }
        IPrivateRequestAttributes iPrivateRequestAttributes = null;
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            }
        }
        if (httpServletRequest2 != null && (httpServletRequest2 instanceof SRTServletRequest)) {
            iPrivateRequestAttributes = (IPrivateRequestAttributes) httpServletRequest2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateAttributes", new Object[]{iPrivateRequestAttributes});
        }
        return iPrivateRequestAttributes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setPrivateAttributes(HttpServletRequest httpServletRequest, String str, Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPrivateAttributes", new Object[]{str, obj});
        }
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        if (httpServletRequest2 instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
            while (true) {
                httpServletRequest2 = (HttpServletRequest) request;
                if (httpServletRequest2 == null || !(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                    break;
                } else {
                    request = ((HttpServletRequestWrapper) httpServletRequest2).getRequest();
                }
            }
        }
        if (httpServletRequest2 != null && (httpServletRequest2 instanceof SRTServletRequest)) {
            ((IPrivateRequestAttributes) httpServletRequest2).setPrivateAttribute(str, obj);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPrivateAttributes");
        }
    }

    public Principal getUserPrincipal() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserPrincipal");
        }
        String str = null;
        if (this.securityEnabled) {
            try {
                Subject callerSubject = contextManager.getCallerSubject();
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(callerSubject);
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "Caller credential: ", wSCredentialFromSubject);
                }
                if (callerSubject != null && !wSCredentialFromSubject.isUnauthenticated()) {
                    if (contextManager.getPlatformHelper().isZOS()) {
                        try {
                            str = (String) AccessController.doPrivileged(new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ws.security.web.WebCollaborator.7
                                private final WSCredential val$cred;
                                private final WebCollaborator this$0;

                                {
                                    this.this$0 = this;
                                    this.val$cred = wSCredentialFromSubject;
                                }

                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    PlatformCredential platformCredential = null;
                                    String str2 = (String) this.val$cred.get(AttributeNameConstants.CALLER_PRINCIPAL_CLASS);
                                    if (WebCollaborator.tc.isDebugEnabled()) {
                                        Tr.debug(WebCollaborator.tc, new StringBuffer().append("Requested principal class is: ").append(str2).toString());
                                    }
                                    if (AttributeNameConstants.ZOS_CALLER_PRINCIPAL_CLASS.equals(str2)) {
                                        platformCredential = (PlatformCredential) this.val$cred.get("com.ibm.ws.security.zos.PlatformCredential");
                                    }
                                    if (platformCredential != null) {
                                        return platformCredential.getUserId();
                                    }
                                    return null;
                                }
                            });
                        } catch (PrivilegedActionException e) {
                            FFDCFilter.processException(e.getException(), "com.ibm.ws.security.WebCollaborator", "1729", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception getting CallerPrincipalClass: ", new Object[]{e.getException()});
                            }
                            str = null;
                        }
                    }
                    boolean booleanValue = ((Boolean) SecurityConfig.getConfig().getValue("security.FullyQualifiedUserName")).booleanValue();
                    if (str == null) {
                        str = wSCredentialFromSubject.getSecurityName();
                    }
                    if (booleanValue) {
                        String realmName = wSCredentialFromSubject.getRealmName();
                        if (realmName == null || realmName.length() == 0) {
                            realmName = (String) SecurityConfig.getConfig().getValue("security.activeUserRegistry.realm");
                        }
                        str = new StringBuffer().append(realmName).append("/").append(str).toString();
                    }
                }
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebCollaborator", "1758");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception", e2);
                }
                str = null;
            }
        }
        Identity identity = null;
        if (str != null) {
            identity = new Identity(new String(str));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserPrincipal", identity);
        }
        return identity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean SetUnauthenticatedSubjectIfNeeded(Subject subject, Subject subject2) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SetUnauthenticatedSubjectIfNeeded");
        }
        if (subject == null && subject2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invoked and received Subject are null, setting it anonymous/unauthenticated.");
            }
            try {
                contextManager.setInvocationSubject(SubjectHelper.createUnauthenticatedSubject());
                z = true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.SetUnauthenticatedSubjectIfNeeded", "1793", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("setUnauthenticated Subject threw an unexpected exception").append(e).toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("SetUnauthenticatedSubjectIfNeeded:").append(z).toString());
        }
        return z;
    }

    private int getHTTPSPort(int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("getHTTPSPort: ").append(i).toString());
        }
        Map map = (Map) SecurityConfig.getConfig().getValue("host.virtualhosts");
        List list = (List) SecurityConfig.getConfig().getValue("webcontainer.transports");
        for (String str : map.keySet()) {
            ArrayList arrayList = (ArrayList) map.get(str);
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                String str2 = (String) arrayList.get(i2);
                if (tc.isDebugEnabled() && str2 != null) {
                    Tr.debug(tc, new StringBuffer().append("Port ").append(str2).append(" in virtual host ").append(str).toString());
                }
                int i3 = -1;
                try {
                    i3 = Integer.parseInt(str2);
                } catch (NumberFormatException e) {
                }
                if (str2 != null && i3 == i) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Found HTTP port ").append(str2).append(" in virtual host ").append(str).toString());
                    }
                    for (int i4 = 0; i4 < list.size(); i4++) {
                        Integer num = (Integer) list.get(i4);
                        if (num != null) {
                            int intValue = num.intValue();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Checking if port ").append(intValue).append(" is in the same virtual host.").toString());
                            }
                            for (int i5 = 0; i5 < arrayList.size(); i5++) {
                                String str3 = (String) arrayList.get(i5);
                                int i6 = -1;
                                try {
                                    i6 = Integer.parseInt(str3);
                                } catch (NumberFormatException e2) {
                                }
                                if (str3 != null && tc.isDebugEnabled()) {
                                    Tr.debug(tc, new StringBuffer().append("Port ").append(i6).append(" in virtual host ").append(str).toString());
                                }
                                if (str3 != null && i6 == intValue) {
                                    if (tc.isEntryEnabled()) {
                                        Tr.exit(tc, new StringBuffer().append("Found HTTPS port ").append(intValue).append(" in virtual host ").append(str).toString());
                                    }
                                    return intValue;
                                }
                            }
                        }
                    }
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return -1;
        }
        Tr.exit(tc, "getHTTPSPort: SSL port not found");
        return -1;
    }

    protected boolean unsupportedAuthMech(WebAttributes webAttributes) {
        return webAttributes.getChallengeType().equalsIgnoreCase("DIGEST");
    }

    public boolean isUserInRole(String str, String str2, String str3) {
        WebComponentMetaData componentMetaData;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isUserInRole");
        }
        WebAccessContext webAccessContext = null;
        if (this.securityEnabled) {
            try {
                componentMetaData = ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData();
                Subject callerSubject = contextManager.getCallerSubject();
                r11 = callerSubject != null ? callerSubject : null;
                String stringBuffer = new StringBuffer().append(str3).append(":").append(str2).toString();
                webAccessContext = this.webCache.getWebAccessContext(componentMetaData != null ? componentMetaData.getModuleMetaData().getApplicationMetaData().getName() : null, stringBuffer);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.isUserInRole", "2008", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception: ", e);
                }
            }
            if (webAccessContext == null) {
                return false;
            }
            if (componentMetaData != null) {
                componentMetaData.getModuleMetaData().getConfiguration().getModuleName();
                SecurityMetaData securityMetaData = (SecurityMetaData) componentMetaData.getSecurityMetaData();
                if (securityMetaData != null) {
                    securityMetaData.getServletName();
                    for (SecurityRoleRef securityRoleRef : securityMetaData.getSecurityRoleRefs()) {
                        if (securityRoleRef.getName().equals(str)) {
                            String link = securityRoleRef.getLink();
                            return this.authorizer.isGrantedRole(webAccessContext, WCCMHelper.createSecurityRole(link, link), new WSPrincipal(r11));
                        }
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "In isUserInRole, security metadata is null");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "In isUserInRole, WebComponentMetaData is null");
            }
            SecurityRole createSecurityRole = WCCMHelper.createSecurityRole(str, str);
            if (createSecurityRole != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Found security role named ").append(str).toString());
                }
                if (webAccessContext == null || r11 == null) {
                    return false;
                }
                return this.authorizer.isGrantedRole(webAccessContext, createSecurityRole, new WSPrincipal(r11));
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Did not find security role named ").append(str).toString());
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "isUserInRole");
        return false;
    }

    protected WebReply checkDataConstraints(WebAccessContext webAccessContext, String str, String str2, HttpServletRequest httpServletRequest) throws WebSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkConstraints");
        }
        WebReply webReply = null;
        if (isSSLRequired(webAccessContext, str, str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Request should be over SSL to access the resource. Redirecting to HTTPS...");
            }
            webReply = getRedirectURL(httpServletRequest, str, str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkConstraints", webReply);
        }
        return webReply;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getURI(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            servletPath = servletPath.concat(pathInfo);
        }
        if (servletPath == null || servletPath.length() == 0) {
            servletPath = "/";
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("URI requested: ").append(servletPath).toString());
        }
        if (servletPath != null) {
            servletPath = WSUtil.resolveURI(servletPath);
            int indexOf = servletPath.indexOf(";");
            if (indexOf != -1) {
                servletPath = servletPath.substring(0, indexOf);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("URI returned: ").append(servletPath).toString());
        }
        return servletPath;
    }

    private boolean checkValidURI(String str) {
        return (str == null || str.length() == 0) ? false : true;
    }

    private WebReply unprotectedSpecialURI(WebAttributes webAttributes, String str, String str2) {
        String loginURL;
        String reloginURL;
        if (webAttributes == null || !webAttributes.getChallengeType().equals("FORM") || (loginURL = webAttributes.getLoginURL()) == null || (reloginURL = webAttributes.getReloginURL()) == null) {
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append(" We have a custom login or error page request, web app login URL:[").append(loginURL).append("], errorPage URL:[").append(reloginURL).append("], and the requested URI:[").append(str).append("]").toString());
        }
        if (loginURL.equals(str) || reloginURL.equals(str)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("authorize, login or error page[").append(str).append("]  requested, permit: ").toString(), PERMIT_REPLY);
            }
            if (auditFactory != null && auditFactory.isActive(3, 0)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str, J2EEAuditEventFactory.WEB, str2, providerName, true, "security.audit.service.login.audit", null);
            }
            return PERMIT_REPLY;
        }
        if (str == null || !str.equals("/j_security_check") || str2 == null || !str2.equals("POST")) {
            return null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("authorize, login or error page[").append(str).append("]  requested, permit: ").toString(), PERMIT_REPLY);
        }
        if (auditFactory != null && auditFactory.isActive(3, 0)) {
            auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str, J2EEAuditEventFactory.WEB, str2, providerName, true, "security.audit.service.login.audit", null);
        }
        return PERMIT_REPLY;
    }

    private WebReply handleAlwaysLogin(AuthenticationResult authenticationResult, WebAttributes webAttributes, String str, String str2) {
        WebReply unprotectedSpecialURI = unprotectedSpecialURI(webAttributes, str, str2);
        if (unprotectedSpecialURI != null) {
            return unprotectedSpecialURI;
        }
        if (authenticationResult != null) {
            return checkAuthStatus(authenticationResult, webAttributes);
        }
        Tr.error(tc, "authResult is null");
        return DENY_AUTHN_FAILED;
    }

    private AuthenticationResult SetAuthenticatedSubjectIfNeeded(WebAttributes webAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticate = authenticator.authenticate(webAttributes, httpServletRequest, httpServletResponse);
        if (authenticate != null && authenticate.getStatus() == 1) {
            try {
                contextManager.setCallerSubject(authenticate.getSubject());
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.WebCollaborator.SetAuthenticatedSubjectIfNeeded", "599", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred when setting credentials for 'current'. ");
                }
            }
        }
        return authenticate;
    }

    private WebReply validSecAttrs(String str, String str2, String str3, boolean z, String str4) {
        WebAccessContext webAccessContext = this.webCache.getWebAccessContext(str4, str);
        if (webAccessContext == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No Web App config found.");
            }
            DenyReply denyReply = new DenyReply(new StringBuffer("Cannot create a web security context for this request.").toString());
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "authorize", denyReply);
            }
            if (auditFactory != null && auditFactory.isActive(3, 4)) {
                auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.DENIED, AuditOutcome.CONTEXT_NONEXIST, null, null, str2, J2EEAuditEventFactory.WEB, str3, providerName, true, "security.audit.service.no.context.audit", null);
            }
            return denyReply;
        }
        if (webAccessContext.getEnterpriseAppName() != null) {
            if (auditHandler != null) {
                auditHandler.setAppName(webAccessContext.getEnterpriseAppName());
            }
        } else if (auditHandler != null) {
            auditHandler.setAppName(webAccessContext.getWebAppName());
        }
        WebAttributes webAttributes = webAccessContext.getWebAttributes();
        if (!z) {
            if (webAttributes == null) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("No WebAttributes for context root = ");
                    stringBuffer.append(str);
                    Tr.debug(tc, stringBuffer.toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize: ", PERMIT_REPLY);
                }
                if (auditFactory != null && auditFactory.isActive(3, 0)) {
                    auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str2, J2EEAuditEventFactory.WEB, str3, providerName, true, "security.audit.service.no.webattrs.audit", null);
                }
                return PERMIT_REPLY;
            }
            if (webAccessContext.getConstraints().getConstraints(webAccessContext, str2, str3) == null) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("No WebConstraints for URI = ");
                    stringBuffer2.append(str2);
                    stringBuffer2.append(", method = ");
                    stringBuffer2.append(str3);
                    Tr.debug(tc, stringBuffer2.toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "authorize: ", PERMIT_REPLY);
                }
                if (auditFactory != null && auditFactory.isActive(3, 0)) {
                    auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", null, null, str2, J2EEAuditEventFactory.WEB, str3, providerName, true, "security.audit.service.no.security.audit", null);
                }
                return PERMIT_REPLY;
            }
        }
        return unprotectedSpecialURI(webAttributes, str2, str3);
    }

    private WebReply checkAuthStatus(AuthenticationResult authenticationResult, WebAttributes webAttributes) {
        switch (authenticationResult.getStatus()) {
            case 0:
            case 6:
                Tr.audit(tc, "security.authn.failed", new Object[]{new Integer(authenticationResult.getStatus())});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Authentication failed. Status: ").append(authenticationResult.getStatus()).toString());
                }
                WebReply webReply = DENY_AUTHN_FAILED;
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", webReply);
                }
                return webReply;
            case 1:
            default:
                return null;
            case 2:
                WebReply webReply2 = DENY_AUTHN_FAILED;
                Tr.audit(tc, "security.authn.failed", new Object[]{authenticationResult.getReason()});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", webReply2);
                }
                return webReply2;
            case 3:
                ChallengeReply challengeReply = new ChallengeReply(webAttributes.getRealm());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "authentication failed - sending a 401");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", challengeReply);
                }
                return challengeReply;
            case 4:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "redirecting to another url");
                }
                RedirectReply redirectReply = authenticationResult.getCookies() != null ? new RedirectReply(authenticationResult.getRedirectURL(), authenticationResult.getCookies()) : new RedirectReply(authenticationResult.getRedirectURL());
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", redirectReply);
                }
                return redirectReply;
            case 5:
                TAIChallengeReply tAIChallengeReply = new TAIChallengeReply(authenticationResult.getTAIChallengeCode());
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("TAI authentication challenge - sending ").append(authenticationResult.getTAIChallengeCode()).toString());
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkAuthStatus", tAIChallengeReply);
                }
                return tAIChallengeReply;
        }
    }

    private WebReply createReply(boolean z, String str, ArrayList arrayList) {
        WebReply webReply;
        if (z) {
            webReply = new PermitReply(arrayList);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Authorization check for uri: ").append(str).append(" succeeded. ").toString());
            }
        } else {
            webReply = DENY_AUTHZ_FAILED;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Authorization check for uri: ").append(str).append(" failed. ").toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createReply", webReply);
        }
        return webReply;
    }

    private WebReply getRedirectURL(HttpServletRequest httpServletRequest, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRedirectURL");
        }
        StringBuffer requestURL = HttpUtils.getRequestURL(httpServletRequest);
        String stringBuffer = requestURL.toString();
        int indexOf = stringBuffer.indexOf(47) + 2;
        int indexOf2 = stringBuffer.indexOf(47, indexOf);
        String substring = stringBuffer.substring(indexOf, indexOf2);
        int lastIndexOf = substring.lastIndexOf(58);
        if (lastIndexOf != -1) {
            requestURL.replace(indexOf + lastIndexOf + 1, indexOf2, Integer.toString(getHTTPSPort(Integer.parseInt(substring.substring(lastIndexOf + 1)))));
        }
        requestURL.replace(0, 4, "https");
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append(IWebToolingConstants.HTTP_PARAMETER_SEPARATOR);
            requestURL.append(httpServletRequest.getQueryString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Redirected to ").append(requestURL.toString()).toString());
        }
        if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(3, 5)) {
            auditFactory.sendAccessAuditEvent(auditHandler, AuditOutcome.REDIRECT, AuditOutcome.DATA_REDIRECT, httpServletRequest.getSession().getId(), null, str, J2EEAuditEventFactory.WEB, str2, providerName, true, "security.audit.service.secure.redirect.audit", new Object[]{requestURL.toString()});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRedirectURL", requestURL.toString());
        }
        return new RedirectReply(requestURL.toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$WebCollaborator == null) {
            cls = class$("com.ibm.ws.security.web.WebCollaborator");
            class$com$ibm$ws$security$web$WebCollaborator = cls;
        } else {
            cls = class$com$ibm$ws$security$web$WebCollaborator;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        authenticator = null;
        _lockObject = new Object();
        custom_auth_mech = false;
        custom_jaas_config = null;
        taManager = null;
        cache = null;
        cbkFactory = null;
        auditHandler = null;
        auditFactory = null;
        initialized = false;
        persistCred = false;
        alwaysLogin = false;
    }
}
