package com.enginframe.server.authorization;

import com.ef.servicemanager.XmlUtils;
import com.enginframe.common.User;
import com.enginframe.common.authorization.AuthorizationService;
import com.enginframe.common.io.EnginFrameFilterReader;
import com.enginframe.common.io.LimitExceededException;
import com.enginframe.common.io.LimitedReader;
import com.enginframe.common.license.LicenseUtil;
import com.enginframe.common.service.BaseService;
import com.enginframe.common.service.Service;
import com.enginframe.common.utils.Utils;
import com.enginframe.timing.Timing;
import com.enginframe.timing.Traced;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.Serializable;
import java.io.StringReader;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import org.apache.naming.ResourceRef;
import org.apache.tools.ant.taskdefs.compilers.AptCompilerAdapter;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/AbstractAuthorizationService.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/AbstractAuthorizationService.class
 */
/* loaded from: input_file:com/enginframe/server/authorization/AbstractAuthorizationService.class */
public abstract class AbstractAuthorizationService extends BaseService implements AuthorizationService {
    protected static final int SUCCESS = 0;
    protected static final int FAILURE = 1;
    protected static final String EF_LOGIN = "ef:login";
    protected static final String LOGIN_TITLE = "title";
    private static final String AUTHORIZATION = "authorization.";
    private static final String BIN = ".bin";
    private static final String LOGIN = ".login";
    private static final String RUN_AS_USER = ".runAsUser";
    private static final String USER_MAPPING_TAG = "ef:user-mapping";
    private static final String XML_START = "<?xml";
    private static final String EF_AUTH = "ef:auth";
    private static final String EF_RESULT = "ef:result";
    private static final String EF_GRANT_AUTHENTICATION = "ef:grant";
    private static final String EF_DENY_AUTHENTICATION = "ef:deny";
    private static final String EF_ERROR = "ef:error";
    private static final String EF_MESSAGE = "ef:message";
    private static final String YES = "YES";
    private static final String NO = "NO";
    private final String name;
    private String loginFile;
    private boolean isProcessed;
    private Document document;
    private Node loginNode;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static Annotation ajc$anno$0;
    private final List<ErrorPair> errorPairs = new ArrayList();
    private final List<String> optionIDs = new ArrayList();

    /* JADX WARN: Classes with same name are omitted:
      input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/AbstractAuthorizationService$AjcClosure1.class
      input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/AbstractAuthorizationService$AjcClosure1.class
     */
    /* loaded from: input_file:com/enginframe/server/authorization/AbstractAuthorizationService$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        @Override // org.aspectj.runtime.internal.AroundClosure
        public Object run(Object[] objArr) {
            Object[] objArr2 = this.state;
            AbstractAuthorizationService.waitFor_aroundBody0((AbstractAuthorizationService) objArr2[0], (Process) objArr2[1], (JoinPoint) objArr2[2]);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/AbstractAuthorizationService$ErrorPair.class
      input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/AbstractAuthorizationService$ErrorPair.class
     */
    /* loaded from: input_file:com/enginframe/server/authorization/AbstractAuthorizationService$ErrorPair.class */
    public static class ErrorPair implements Serializable {
        private final String msg;
        private final String cmd;

        ErrorPair(String str, String str2) {
            this.msg = str;
            this.cmd = str2;
        }
    }

    public AbstractAuthorizationService(String str) {
        this.name = str;
        setCode(1);
        setAttribute(Service.AVOID_CHMOD, Boolean.TRUE);
    }

    private void createLoginFile() {
        this.loginFile = Utils.expand(getClassProperty(LOGIN));
        if (!Utils.isVoid(this.loginFile)) {
            this.loginFile = this.loginFile.replace('/', File.separatorChar);
            return;
        }
        this.loginFile = Utils.expand("${EF_ROOT}/plugins/" + name() + "/etc/" + name() + LOGIN);
        if (hasCorrectPermssions(this.loginFile)) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("Property (authorization." + name() + LOGIN + ") not set. Using default login file (" + this.loginFile + ")");
                return;
            }
            return;
        }
        this.loginFile = Utils.expand("${EF_ROOT}/etc/" + name() + LOGIN);
        if (!hasCorrectPermssions(this.loginFile)) {
            this.loginFile = null;
        } else if (getLog().isDebugEnabled()) {
            getLog().debug("Property (authorization." + name() + LOGIN + ") not set. Using default login file (" + this.loginFile + ")");
        }
    }

    private boolean hasCorrectPermssions(String str) {
        boolean z = false;
        if (!Utils.isVoid(str)) {
            File file = new File(str);
            if (file.exists()) {
                if (file.isFile()) {
                    z = true;
                } else if (getLog().isWarnEnabled()) {
                    getLog().warn("login file (" + file.getAbsolutePath() + ") is a directory");
                }
            } else if (getLog().isWarnEnabled()) {
                getLog().warn("login file (" + file.getAbsolutePath() + ") doesn't exist");
            }
        }
        return z;
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public String name() {
        return this.name;
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public void init(String str, HttpServletRequest httpServletRequest) {
        setEnv("EF_ROOT", Utils.getEfRoot());
        setEnv(Utils.EF_ROOT_CONTEXT, Utils.getRootContext());
        setEnv(Utils.EF_CONF_ROOT, Utils.getEfConfRoot());
        setEnv("EF_DATA_ROOT", Utils.getEfDataRoot());
        if (httpServletRequest.getSession(false) != null) {
            setEnv(Service.EF_SESSION, httpServletRequest.getSession(false).getId());
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        setEnv(Service.REMOTE_HOST, remoteAddr);
        setEnv("REMOTE_ADDR", remoteAddr);
        for (String str2 : this.optionIDs) {
            String parameter = httpServletRequest.getParameter(str2);
            if (parameter != null) {
                setEnv(str2, parameter.trim());
            }
        }
        setEnv(Utils.EF_STREAM_SCRIPTS_PROPERTY, "false");
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public Document getDocument() {
        return this.document;
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public final boolean isAuthorized() {
        NodeList elementsByTagName;
        if (this.isProcessed) {
            return exitCode() == 0;
        }
        this.isProcessed = true;
        if (isThereApplicationStderr()) {
            if (getLog().isWarnEnabled()) {
                getLog().warn("Error content:" + ((Object) this.stderrBuffer));
            }
            addErrorMessage("The authentication process failed, the username or password is wrong.", this + ".isAuthorized");
            setCode(1);
            return false;
        }
        if (!isThereStdout()) {
            return exitCode() == 0;
        }
        if (!this.stdoutBuffer.toString().startsWith(XML_START)) {
            if (getLog().isErrorEnabled()) {
                getLog().error("Input is not XML, it does not start with (<?xml)");
            }
            addErrorMessage(this.stdoutBuffer.toString(), this + ".isAuthorized");
            return exitCode() == 0;
        }
        try {
            this.document = getParser().parse(new InputSource(new StringReader(this.stdoutBuffer.toString())));
            elementsByTagName = this.document.getElementsByTagName(EF_AUTH);
        } catch (IOException e) {
            if (getLog().isWarnEnabled()) {
                getLog().warn("During login result parsing --- ", e);
                getLog().warn("input is (" + this.stdoutBuffer.toString() + ")");
            }
            addErrorMessage(e.getMessage(), this + ".isAuthorized");
            setCode(1);
        } catch (SAXException e2) {
            if (getLog().isWarnEnabled()) {
                getLog().warn("During login result parsing --- ", e2);
                getLog().warn("input is (" + this.stdoutBuffer.toString() + ")");
            }
            addErrorMessage(e2.getMessage(), this + ".isAuthorized");
            setCode(1);
        }
        if (elementsByTagName == null || elementsByTagName.getLength() == 0) {
            setCode(1);
            addErrorMessage("No authentication XML response from the process", this + ".update");
            return exitCode() == 0;
        }
        Element element = (Element) elementsByTagName.item(0);
        boolean parseEfAuthResult = parseEfAuthResult(element);
        if (parseEfAuthResult) {
            setCode(parseEfAuthUserMapping(element) ? 0 : 1);
            return exitCode() == 0;
        }
        setCode(1);
        addErrorsFromList(element.getElementsByTagName("ef:error"));
        return parseEfAuthResult;
    }

    boolean parseEfAuthResult(Element element) {
        NodeList elementsByTagName = element.getElementsByTagName("ef:result");
        if (elementsByTagName.getLength() == 0) {
            getLog().error("No <ef:result> node.");
            return false;
        }
        Node item = elementsByTagName.item(0);
        if (!item.hasChildNodes()) {
            getLog().error("Empty <ef:result> node");
            return false;
        }
        Element element2 = (Element) item;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        if (element2.getElementsByTagName(EF_GRANT_AUTHENTICATION).getLength() > 0) {
            z = true;
        }
        if (element2.getElementsByTagName(EF_DENY_AUTHENTICATION).getLength() > 0) {
            z2 = true;
        }
        String nodeValue = item.getFirstChild().getNodeValue();
        if (nodeValue != null) {
            z3 = nodeValue.trim().equalsIgnoreCase(YES);
            if (!z3) {
                z4 = nodeValue.trim().equalsIgnoreCase(NO);
            }
        }
        if (!z2 && !z4 && (z || z3)) {
            return true;
        }
        if (!z2 && !z4) {
            return false;
        }
        if (!z && !z3) {
            return false;
        }
        getLog().error("Contradictory authentication result, it grants and denies");
        return false;
    }

    boolean parseEfAuthUserMapping(Element element) {
        Element element2;
        if (LicenseUtil.isElements()) {
            return true;
        }
        NodeList elementsByTagName = element.getElementsByTagName(USER_MAPPING_TAG);
        if (elementsByTagName.getLength() == 0 || (element2 = (Element) elementsByTagName.item(0)) == null) {
            return true;
        }
        String attribute = element2.getAttribute("name");
        if (Utils.isVoid(attribute) || !isAllowed(attribute)) {
            getLog().error("User mapping specified an invalid username: (" + attribute + ")");
            return false;
        }
        if (attribute.equals("root")) {
            getLog().error("User mapping to user (root) is NOT allowed");
            addErrorMessage("User mapping - User root is NOT allowed to authenticate into EnginFrame", this + ".update");
            return false;
        }
        if (getLog().isDebugEnabled()) {
            getLog().debug("User mapping to (" + attribute + ")");
        }
        if (getUser() == null) {
            setUser(new User(attribute, "xxxxxx", ""));
            return true;
        }
        String username = getUser().getUsername();
        getUser().setUsername(attribute);
        getLog().debug("loginName (" + username + "), effectiveUID (" + attribute + ")");
        getUser().setLoginName(username);
        return true;
    }

    private void addErrorsFromList(NodeList nodeList) {
        int length = nodeList.getLength();
        for (int i = 0; i < length; i++) {
            addErrorMessage(((Element) nodeList.item(i)).getElementsByTagName(EF_MESSAGE).item(0).getFirstChild().getNodeValue(), this + ".update");
        }
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public boolean isLocal() {
        return Utils.isVoid(bin());
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public AuthorizationService execute() {
        return this;
    }

    @Override // com.enginframe.common.authorization.AuthorizationService
    public String userRunningAuthorization() {
        String classProperty = getClassProperty(RUN_AS_USER);
        return (Utils.isVoid(classProperty) || (classProperty.equals("*") && Utils.isVoid(getProperty("EF_USER")))) ? new StringTokenizer(Utils.getProperty(Utils.EF_ADMIN), ",").nextToken() : classProperty.equals("*") ? getProperty("EF_USER") : classProperty;
    }

    @Override // com.enginframe.common.service.BaseService, com.enginframe.common.service.Service
    public String getProperty(String str) {
        return str.equals(Service.COMMAND) ? createCommandScript() : super.getProperty(str);
    }

    @Override // com.enginframe.common.service.BaseService, com.enginframe.common.service.Service
    public final boolean isReuseable() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getClassProperty(String str) {
        return Utils.getProperty(AUTHORIZATION + this.name + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String bin() {
        String createDefaultBin;
        String expand = Utils.expand(getClassProperty(BIN));
        if (Utils.isVoid(expand)) {
            createDefaultBin = createDefaultBin();
            if (getLog().isDebugEnabled()) {
                getLog().debug("Property (authorization." + name() + BIN + ") not set. Using default binary directory (" + createDefaultBin + ")");
            }
        } else {
            createDefaultBin = expand.replace('/', File.separatorChar);
            if (!createDefaultBin.endsWith(File.separator)) {
                createDefaultBin = String.valueOf(createDefaultBin) + File.separator;
            }
        }
        if (getLog().isDebugEnabled()) {
            getLog().debug("bin is (" + createDefaultBin + ")");
        }
        return createDefaultBin;
    }

    protected String createDefaultBin() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String uriToAgent() {
        return Utils.uriToAgent(URI());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.enginframe.common.service.BaseService
    public void setUser(User user) {
        super.setUser(user);
        if (user != null) {
            setEnv(AuthorizationService.PASSWORD, user.getPassword());
            setEnv(AuthorizationService.DOMAIN, user.getDomain());
        } else {
            setError(true);
            addErrorMessage("Unable to determine the EF_USER", this + ".setUser");
        }
    }

    protected String createCommandScript() {
        return "";
    }

    @Override // com.enginframe.common.service.BaseService, com.enginframe.common.service.Service
    public Node toNode() {
        if (this.loginNode == null) {
            try {
                Document parse = getParser().parse(new InputSource(createLoginReader()));
                if (!this.errorPairs.isEmpty()) {
                    addErrors(parse, this.errorPairs);
                }
                parseOptionIDs(parse);
                this.loginNode = parse.getDocumentElement();
                if (!this.loginNode.hasChildNodes()) {
                    this.loginNode = null;
                    throw new FileNotFoundException("Authority login file not found or is empty");
                }
            } catch (Exception e) {
                if (getLog().isErrorEnabled()) {
                    getLog().error("parsing login file --- ", e);
                }
                setError(true);
                return emptyLoginWithError(e);
            }
        }
        return this.loginNode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Node toNode(boolean z) {
        Node node = toNode();
        if (!z) {
            this.loginNode = null;
        }
        return node;
    }

    protected Node emptyLoginWithError(Exception exc) {
        Document newDocument = getParser().newDocument();
        Element createElementNS = newDocument.createElementNS("http://www.enginframe.com/2000/EnginFrame", "ef:login");
        createElementNS.setAttribute("title", "Login");
        newDocument.appendChild(createElementNS);
        addErrorMessage(exc.getMessage(), "");
        addErrors(newDocument, this.errorPairs);
        return newDocument.getDocumentElement();
    }

    protected Reader createLoginReader() {
        createLoginFile();
        try {
        } catch (FileNotFoundException e) {
            if (getLog().isWarnEnabled()) {
                getLog().warn("couldn't load login file <" + this.loginFile + ">", e);
            }
        }
        if (!Utils.isVoid(this.loginFile)) {
            return new FileReader(this.loginFile);
        }
        if (getLog().isDebugEnabled()) {
            getLog().debug("login file is undefined, going to use default credentials");
        }
        String createDefaultLogin = createDefaultLogin();
        if (getLog().isDebugEnabled()) {
            getLog().debug("default login (" + createDefaultLogin + ")");
        }
        return new StringReader(createDefaultLogin);
    }

    protected abstract String createDefaultLogin();

    private void parseOptionIDs(Document document) {
        NodeList elementsByTagName = document.getElementsByTagName("ef:option");
        int length = elementsByTagName.getLength();
        for (int i = 0; i < length; i++) {
            Node item = elementsByTagName.item(i);
            if (!item.getParentNode().getNodeName().trim().equals("ef:option") && item.getNodeType() == 1) {
                Element element = (Element) item;
                if (allowedOption(element.getAttribute("id"))) {
                    this.optionIDs.add(element.getAttribute("id"));
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean allowedOption(String str) {
        return (Utils.isVoid(str) || str.startsWith(XmlUtils.EF_METADATA_PREFIX) || str.equals("HOME") || str.equals("PATH")) ? false : true;
    }

    private void addErrors(Document document, List<ErrorPair> list) {
        Element createElementNS = document.createElementNS("http://www.enginframe.com/2000/EnginFrame", "ef:error-group");
        for (ErrorPair errorPair : list) {
            Element createElementNS2 = document.createElementNS("http://www.enginframe.com/2000/EnginFrame", "ef:error");
            createElementNS2.setAttribute("type", ResourceRef.AUTH);
            createElementNS2.setAttribute("service", URI());
            Element createElementNS3 = document.createElementNS("http://www.enginframe.com/2000/EnginFrame", "ef:title");
            createElementNS3.appendChild(document.createTextNode("Authentication Error"));
            createElementNS2.appendChild(createElementNS3);
            Element createElementNS4 = document.createElementNS("http://www.enginframe.com/2000/EnginFrame", EF_MESSAGE);
            createElementNS4.appendChild(document.createTextNode(errorPair.msg));
            createElementNS2.appendChild(createElementNS4);
            createElementNS.appendChild(createElementNS2);
        }
        list.clear();
        document.getDocumentElement().appendChild(createElementNS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addErrorMessage(String str, String str2) {
        this.errorPairs.add(new ErrorPair(str, str2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAllowed(String str) {
        if (Utils.isVoid(str)) {
            return false;
        }
        return Character.isLetterOrDigit(str.charAt(0));
    }

    protected void writeUserData(Process process) throws IOException {
    }

    @Override // com.enginframe.common.service.BaseService, com.enginframe.common.service.Service
    public void update(Process process) {
        try {
            writeUserData(process);
            waitFor(process);
            BufferedReader enginFrameFilterReader = new EnginFrameFilterReader(new LimitedReader(new InputStreamReader(process.getInputStream(), Utils.getPlatformCharset())), getUniqueID());
            try {
                StringBuilder sb = new StringBuilder();
                this.stdoutBuffer = sb;
                drainTo(enginFrameFilterReader, sb);
                enginFrameFilterReader.close();
            } catch (Throwable th) {
                enginFrameFilterReader.close();
                throw th;
            }
        } catch (IOException e) {
            if (e instanceof LimitExceededException) {
                if (getLog().isInfoEnabled()) {
                    getLog().info("was authenticating (" + getUser().getUsername() + ") on service (" + URI() + ")", e);
                }
                addErrorMessage("Byte limit exceeded during execution", this + ".update");
            } else {
                if (getLog().isWarnEnabled()) {
                    getLog().warn("caught exception while updating from STDOUT", e);
                }
                addErrorMessage(e.getMessage(), this + ".update");
            }
        } catch (InterruptedException e2) {
            if (getLog().isErrorEnabled()) {
                getLog().error("interrupted while updating from STDOUT", e2);
            }
            addErrorMessage(e2.getMessage(), this + ".update");
        }
        try {
            if (process.getErrorStream() != null) {
                EnginFrameFilterReader enginFrameFilterReader2 = new EnginFrameFilterReader(new InputStreamReader(process.getErrorStream()), getProperty(Service.UNIQUE_ID), true);
                try {
                    StringBuilder sb2 = new StringBuilder();
                    this.profileStderrBuffer = sb2;
                    drainTo(enginFrameFilterReader2, sb2);
                    enginFrameFilterReader2.setReadPreceding(false);
                    StringBuilder sb3 = new StringBuilder();
                    this.stderrBuffer = sb3;
                    drainTo(enginFrameFilterReader2, sb3);
                    enginFrameFilterReader2.close();
                } catch (Throwable th2) {
                    enginFrameFilterReader2.close();
                    throw th2;
                }
            }
        } catch (IOException e3) {
            if (getLog().isErrorEnabled()) {
                getLog().error("reading process", e3);
            }
            addErrorMessage(e3.getMessage(), this + ".update");
        }
        process.destroy();
        dumpStreamBuffers();
    }

    private void dumpStreamBuffers() {
        if (getLog().isDebugEnabled()) {
            getLog().debug("stdoutBuffer (" + ((Object) this.stdoutBuffer) + ")");
            getLog().debug("profileStderrBuffer (" + ((Object) this.profileStderrBuffer) + ")");
            getLog().debug("stderrBuffer (" + ((Object) this.stderrBuffer) + ")");
        }
    }

    @Traced
    private void waitFor(Process process) throws InterruptedException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, process);
        Timing aspectOf = Timing.aspectOf();
        ProceedingJoinPoint linkClosureAndJoinPoint = new AjcClosure1(new Object[]{this, process, makeJP}).linkClosureAndJoinPoint(69648);
        Annotation annotation = ajc$anno$0;
        if (annotation == null) {
            annotation = AbstractAuthorizationService.class.getDeclaredMethod("waitFor", Process.class).getAnnotation(Traced.class);
            ajc$anno$0 = annotation;
        }
        aspectOf.addTimingStatistics(linkClosureAndJoinPoint, (Traced) annotation);
    }

    static {
        ajc$preClinit();
    }

    static final void waitFor_aroundBody0(AbstractAuthorizationService abstractAuthorizationService, Process process, JoinPoint joinPoint) {
        int waitFor = process.waitFor();
        if (abstractAuthorizationService.getLog().isDebugEnabled()) {
            abstractAuthorizationService.getLog().debug("exit code (" + waitFor + ")");
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("AbstractAuthorizationService.java", AbstractAuthorizationService.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "waitFor", "com.enginframe.server.authorization.AbstractAuthorizationService", "java.lang.Process", AptCompilerAdapter.APT_METHOD_NAME, "java.lang.InterruptedException", "void"), 882);
    }
}
