package org.w3c.jigsaw.acl;

import com.sun.jdmk.comm.HttpDef;
import java.security.Principal;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.w3c.jigsaw.html.HtmlGenerator;
import org.w3c.jigsaw.http.HTTPException;
import org.w3c.jigsaw.http.Reply;
import org.w3c.jigsaw.http.Request;
import org.w3c.tools.resources.AttributeRegistry;
import org.w3c.tools.resources.BooleanAttribute;
import org.w3c.tools.resources.IntegerAttribute;
import org.w3c.tools.resources.LookupResult;
import org.w3c.tools.resources.LookupState;
import org.w3c.tools.resources.ProtocolException;
import org.w3c.tools.resources.ReplyInterface;
import org.w3c.tools.resources.RequestInterface;
import org.w3c.tools.resources.ResourceFilter;
import org.w3c.tools.resources.ResourceFrame;
import org.w3c.tools.resources.StringAttribute;
import org.w3c.www.http.HttpChallenge;

/* loaded from: input_file:jigsaw-2.2.6.jar:org/w3c/jigsaw/acl/AclFilter.class */
public class AclFilter extends ResourceFilter {
    protected static int ATTR_SECURITY_LEVEL;
    protected static int ATTR_ALGORITHM;
    protected static int ATTR_NONCE_TTL;
    protected static int ATTR_STRICT_ACL_MERGE_POLICY;
    protected static int ATTR_SHARED_CACHABILITY;
    protected static int ATTR_PRIVATE_CACHABILITY;
    protected static int ATTR_PUBLIC_CACHABILITY;
    protected static int ATTR_LENIENT;
    protected static Class JAcl_class;
    protected SecurityLevel security = null;

    public int getSecurityLevel() {
        return getInt(ATTR_SECURITY_LEVEL, 0);
    }

    public String getAlgorithm() {
        return (String) getValue(ATTR_ALGORITHM, MessageDigestAlgorithms.MD5);
    }

    public int getNonceTTL() {
        return getInt(ATTR_NONCE_TTL, 300);
    }

    public boolean isStrictAclMergePolicy() {
        return getBoolean(ATTR_STRICT_ACL_MERGE_POLICY, true);
    }

    public boolean getPublicCachability() {
        return getBoolean(ATTR_PUBLIC_CACHABILITY, false);
    }

    public boolean getPrivateCachability() {
        return getBoolean(ATTR_PRIVATE_CACHABILITY, false);
    }

    public boolean getSharedCachability() {
        return getBoolean(ATTR_SHARED_CACHABILITY, false);
    }

    public boolean isLenient() {
        return getBoolean(ATTR_LENIENT, false);
    }

    protected JAcl[] getAcls() {
        ResourceFrame[] collectFrames = collectFrames(JAcl_class);
        JAcl[] jAclArr = new JAcl[collectFrames.length];
        for (int i = 0; i < collectFrames.length; i++) {
            jAclArr[i] = (JAcl) collectFrames[i];
        }
        return jAclArr;
    }

    @Override // org.w3c.tools.resources.ResourceFilter, org.w3c.tools.resources.ResourceFrame, org.w3c.tools.resources.FramedResource, org.w3c.tools.resources.FilterInterface
    public boolean lookup(LookupState lookupState, LookupResult lookupResult) throws ProtocolException {
        JAcl[] acls = getAcls();
        if (acls == null || lookupState.getRequest() == null) {
            return false;
        }
        authenticate((Request) lookupState.getRequest(), acls);
        return false;
    }

    protected void authenticate(Request request, JAcl[] jAclArr) throws ProtocolException {
        Reply makeReply;
        HTTPPermission hTTPPermission = new HTTPPermission(request);
        Principal principal = this.security.getPrincipal(request, getAlgorithm());
        boolean isStrictAclMergePolicy = isStrictAclMergePolicy();
        boolean z = false;
        JAcl jAcl = jAclArr[0];
        if (principal != null) {
            if (isStrictAclMergePolicy) {
                z = true;
                int i = 0;
                while (true) {
                    if (i >= jAclArr.length) {
                        break;
                    }
                    if (!jAclArr[i].checkPermission(principal, hTTPPermission)) {
                        z = false;
                        jAcl = jAclArr[i];
                        break;
                    }
                    i++;
                }
            } else {
                int i2 = 0;
                while (true) {
                    if (i2 >= jAclArr.length) {
                        break;
                    }
                    if (jAclArr[i2].checkPermission(principal, hTTPPermission)) {
                        z = true;
                        break;
                    }
                    i2++;
                }
            }
        }
        if (z) {
            this.security.updateRequestStates(request, principal);
            return;
        }
        HttpChallenge challenge = this.security.getChallenge(jAcl.getName(), principal);
        if (request.isProxy()) {
            makeReply = request.makeReply(407);
            makeReply.setProxyAuthenticate(challenge);
        } else {
            makeReply = request.makeReply(401);
            makeReply.setWWWAuthenticate(challenge);
        }
        HtmlGenerator htmlGenerator = new HtmlGenerator(HttpDef.HTTP_ERROR_UNAUTHORIZED_REQUEST);
        htmlGenerator.append("<h1>Unauthorized access</h1><p>You are denied access to this resource.");
        makeReply.setStream(htmlGenerator);
        request.skipBody();
        throw new HTTPException(makeReply);
    }

    @Override // org.w3c.tools.resources.ResourceFilter
    public ReplyInterface outgoingFilter(RequestInterface requestInterface, ReplyInterface replyInterface) {
        Reply reply = (Reply) replyInterface;
        if (getPrivateCachability()) {
            reply.setMustRevalidate(true);
        } else if (getSharedCachability()) {
            reply.setProxyRevalidate(true);
        } else if (getPublicCachability()) {
            reply.setPublic(true);
        }
        this.security.updateReply(reply, (Request) requestInterface);
        return null;
    }

    @Override // org.w3c.tools.resources.ResourceFrame, org.w3c.tools.resources.FramedResource, org.w3c.tools.resources.Resource, org.w3c.tools.resources.AttributeHolder
    public void setValue(int i, Object obj) {
        super.setValue(i, obj);
        if (i == ATTR_SECURITY_LEVEL || i == ATTR_ALGORITHM || i == ATTR_LENIENT) {
            this.security = SecurityLevel.getSecurityLevel(this);
        }
    }

    @Override // org.w3c.tools.resources.FramedResource, org.w3c.tools.resources.Resource, org.w3c.tools.resources.AttributeHolder
    public void initialize(Object[] objArr) {
        super.initialize(objArr);
        this.security = SecurityLevel.getSecurityLevel(this);
    }

    static {
        ATTR_SECURITY_LEVEL = -1;
        ATTR_ALGORITHM = -1;
        ATTR_NONCE_TTL = -1;
        ATTR_STRICT_ACL_MERGE_POLICY = -1;
        ATTR_SHARED_CACHABILITY = -1;
        ATTR_PRIVATE_CACHABILITY = -1;
        ATTR_PUBLIC_CACHABILITY = -1;
        ATTR_LENIENT = -1;
        JAcl_class = null;
        Class<?> cls = null;
        try {
            cls = Class.forName("org.w3c.jigsaw.acl.AclFilter");
            JAcl_class = Class.forName("org.w3c.jigsaw.acl.JAcl");
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
        ATTR_SECURITY_LEVEL = AttributeRegistry.registerAttribute(cls, new IntegerAttribute("security-level", new Integer(0), 2));
        ATTR_STRICT_ACL_MERGE_POLICY = AttributeRegistry.registerAttribute(cls, new BooleanAttribute("strict-acl-merge-policy", Boolean.TRUE, 2));
        ATTR_ALGORITHM = AttributeRegistry.registerAttribute(cls, new StringAttribute("algorithm", null, 2));
        ATTR_NONCE_TTL = AttributeRegistry.registerAttribute(cls, new IntegerAttribute("nonce_ttl", new Integer(300), 2));
        ATTR_SHARED_CACHABILITY = AttributeRegistry.registerAttribute(cls, new BooleanAttribute("shared-cachability", Boolean.FALSE, 2));
        ATTR_PRIVATE_CACHABILITY = AttributeRegistry.registerAttribute(cls, new BooleanAttribute("private-cachability", Boolean.FALSE, 2));
        ATTR_PUBLIC_CACHABILITY = AttributeRegistry.registerAttribute(cls, new BooleanAttribute("public-cachability", Boolean.FALSE, 2));
        ATTR_LENIENT = AttributeRegistry.registerAttribute(cls, new BooleanAttribute("lenient", Boolean.FALSE, 2));
    }
}
