package coldfusion.filter;

import coldfusion.runtime.SecurityException;
import coldfusion.server.ServiceFactory;
import java.net.URL;
import java.security.AccessControlContext;
import java.security.CodeSource;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Vector;
import javax.security.auth.Policy;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:coldfusion/filter/SecurityFilter.class */
public class SecurityFilter extends FusionFilter {
    private String templatePath;
    private static final HashSet emptySet = new HashSet();

    /* loaded from: input_file:coldfusion/filter/SecurityFilter$AuthorizationException.class */
    public static class AuthorizationException extends SecurityException {
        AuthorizationException(SecurityException securityException) {
            super(securityException.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:coldfusion/filter/SecurityFilter$RolePrincipal.class */
    public static class RolePrincipal implements Principal {
        String name;

        RolePrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    public SecurityFilter(FusionFilter fusionFilter) {
        super(fusionFilter);
    }

    @Override // coldfusion.filter.FusionFilter
    public void invoke(FusionContext fusionContext) throws Throwable {
        HttpServletRequest httpServletRequest = (HttpServletRequest) fusionContext.pageContext.getRequest();
        try {
            if (httpServletRequest.getUserPrincipal() != null) {
                Subject subject = getSubject(httpServletRequest);
                Subject.doAsPrivileged(subject, new PrivilegedExceptionAction(this, fusionContext) { // from class: coldfusion.filter.SecurityFilter.1
                    private final FusionContext val$context;
                    private final SecurityFilter this$0;

                    {
                        this.this$0 = this;
                        this.val$context = fusionContext;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        try {
                            this.this$0.next.invoke(this.val$context);
                            return null;
                        } catch (Error e) {
                            throw e;
                        } catch (Throwable th) {
                            throw ((Exception) th);
                        }
                    }
                }, getAccessControlContext(subject, httpServletRequest.getRequestURL().toString()));
            } else {
                this.next.invoke(fusionContext);
            }
        } catch (SecurityException e) {
            throw new AuthorizationException(e);
        }
    }

    private AccessControlContext getAccessControlContext(Subject subject, String str) throws Throwable {
        CodeSource codeSource = new CodeSource(new URL(str), (Certificate[]) null);
        return new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(codeSource, Policy.getPolicy().getPermissions(subject, codeSource))});
    }

    private Subject getSubject(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getUserPrincipal() == null) {
            return null;
        }
        ServiceFactory.getSecurityService();
        if (httpServletRequest.getContextPath().length() == 0) {
        }
        Vector vector = null;
        if (0 == 0) {
            return null;
        }
        HashSet hashSet = new HashSet();
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            String str = (String) vector.elementAt(i);
            if (httpServletRequest.isUserInRole(str)) {
                hashSet.add(new RolePrincipal(str));
            }
        }
        return new Subject(true, hashSet, emptySet, emptySet);
    }
}
