package coldfusion.security;

import coldfusion.filter.FusionContext;
import coldfusion.log.CFLogs;
import coldfusion.rds.Encryptor;
import coldfusion.rds.RdsGlobals;
import coldfusion.runtime.CFPage;
import coldfusion.runtime.FunctionPermission;
import coldfusion.runtime.Scope;
import coldfusion.runtime.SecurityScopeTracker;
import coldfusion.runtime.SecurityTable;
import coldfusion.runtime.SessionScope;
import coldfusion.server.ConfigMap;
import coldfusion.server.SecurityService;
import coldfusion.server.ServiceBase;
import coldfusion.server.ServiceException;
import coldfusion.server.ServiceRuntimeException;
import coldfusion.sql.DataSourcePermission;
import coldfusion.tagext.GenericTagPermission;
import coldfusion.tagext.lang.ModulePermission;
import coldfusion.util.RB;
import coldfusion.wddx.Base64Encoder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilePermission;
import java.io.SerializablePermission;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.security.SecurityPermission;
import java.sql.SQLPermission;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.PropertyPermission;

/* loaded from: input_file:coldfusion/security/SecurityManager.class */
public abstract class SecurityManager extends ServiceBase implements SecurityService {
    private File file;
    private ConfigMap contexts;
    private ConfigMap config;
    private File password_file;
    private String password;
    private String rdspassword;
    private boolean jvmSecurityEnabled = false;
    private boolean _sbsEnabled = false;
    private boolean adminSecurityEnabled = true;
    private boolean rdsSecurityEnabled = true;
    private BasicPolicy basic_policy;
    public static final Permission FILE_EXISTS = new FunctionPermission("fileexists");
    public static final Permission DIR_EXISTS = new FunctionPermission("directoryexists");
    public static final Permission EXP_PATH = new FunctionPermission("expandpath");
    public static final Permission DIR_FROM_PATH = new FunctionPermission("getdirectoryfrompath");
    public static final Permission FILE_FROM_PATH = new FunctionPermission("getfilefrompath");
    public static final Permission TEMP_DIR = new FunctionPermission("gettempdirectory");
    public static final Permission TEMP_FILE = new FunctionPermission("gettempfile");
    public static final Permission TEMPLATE_PATH = new FunctionPermission("gettemplatepath");
    public static final Permission BASE_TEMPLATE_PATH = new FunctionPermission("getbasetemplatepath");
    public static final Permission SET_PROFILE_STRING = new FunctionPermission("setprofilestring");
    public static final Permission GET_PROFILE_STRING = new FunctionPermission("getprofilestring");
    public static final Permission CREATE_OBJECT = new FunctionPermission("createobject");
    private static boolean VALID_VM_VERSION;

    /* loaded from: input_file:coldfusion/security/SecurityManager$UnauthenticatedCredentialsException.class */
    public class UnauthenticatedCredentialsException extends SecurityException {
        private final SecurityManager this$0;

        public UnauthenticatedCredentialsException(SecurityManager securityManager) {
            this.this$0 = securityManager;
        }
    }

    public SecurityManager(File file, File file2) {
        this.file = file;
        this.password_file = file2;
    }

    @Override // coldfusion.server.SecurityService
    public Map getContexts() {
        return this.contexts;
    }

    @Override // coldfusion.server.SecurityService
    public BasicPolicy getBasicPolicy() {
        return this.basic_policy;
    }

    @Override // coldfusion.server.SecurityService
    public boolean isJvmSecurityEnabled() {
        System.getSecurityManager();
        return System.getSecurityManager() != null;
    }

    @Override // coldfusion.server.SecurityService
    public void setSandboxSecurityEnabled(boolean z) {
        this._sbsEnabled = z;
        this.config.put("sbs.security.enabled", z ? Boolean.TRUE : Boolean.FALSE);
        try {
            store();
        } catch (ServiceException e) {
            throw new ServiceRuntimeException(e);
        }
    }

    @Override // coldfusion.server.SecurityService
    public boolean isSandboxSecurityEnabled() {
        return this._sbsEnabled;
    }

    @Override // coldfusion.server.SecurityService
    public void checkPermission(Permission permission) {
        if (this._sbsEnabled && permission != null && (VALID_VM_VERSION || isJvmSecurityEnabled())) {
            AccessController.checkPermission(permission);
        }
    }

    @Override // coldfusion.server.SecurityService
    public boolean isAdminSecurityEnabled() {
        return this.adminSecurityEnabled;
    }

    @Override // coldfusion.server.SecurityService
    public boolean isRdsSecurityEnabled() {
        return this.rdsSecurityEnabled;
    }

    @Override // coldfusion.server.SecurityService
    public void setJvmSecurityEnabled(boolean z) {
        authenticateAdmin();
        this.jvmSecurityEnabled = z;
        try {
            store();
        } catch (ServiceException e) {
            throw new ServiceRuntimeException(e);
        }
    }

    @Override // coldfusion.server.SecurityService
    public void setAdminSecurityEnabled(boolean z) {
        authenticateAdmin();
        this.adminSecurityEnabled = z;
        this.config.put("admin.security.enabled", z ? Boolean.TRUE : Boolean.FALSE);
    }

    @Override // coldfusion.server.SecurityService
    public void setRdsSecurityEnabled(boolean z) {
        authenticateAdmin();
        this.rdsSecurityEnabled = z;
        this.config.put("rds.security.enabled", z ? Boolean.TRUE : Boolean.FALSE);
    }

    private void savePasswordFile() {
        Properties properties = new Properties();
        properties.put("encrypted", "true");
        properties.put(RdsGlobals.PROP_RDS_PASSWORD, this.password);
        properties.put("rdspassword", this.rdspassword);
        try {
            properties.store(new FileOutputStream(this.password_file), (String) null);
        } catch (Exception e) {
            throw new ServiceRuntimeException(e);
        }
    }

    @Override // coldfusion.server.SecurityService
    public void setAdminPassword(String str) {
        authenticateAdmin();
        this.password = encrypt("admin", str);
        savePasswordFile();
    }

    public String getAdminPassword() {
        authenticateAdmin();
        return decrypt("admin", this.password);
    }

    @Override // coldfusion.server.SecurityService
    public void setRdsPassword(String str) {
        authenticateAdmin();
        this.rdspassword = encrypt("rds", str);
        savePasswordFile();
    }

    @Override // coldfusion.server.SecurityService
    public boolean checkAdminPassword(String str) {
        return this.password.equals(encrypt("admin", str));
    }

    @Override // coldfusion.server.SecurityService
    public boolean checkRdsPassword(String str) {
        return this.rdspassword.equals(encrypt("rds", str));
    }

    private String encrypt(String str, String str2) {
        return (str2 == null || str2.length() <= 0) ? str2 : CFPage.Encrypt(str2, str);
    }

    private String decrypt(String str, String str2) {
        return (str2 == null || str2.length() <= 0) ? str2 : CFPage.Decrypt(str2, str);
    }

    @Override // coldfusion.server.ServiceBase
    public void load() throws ServiceException {
        authenticateAdmin();
        this.jvmSecurityEnabled = System.getSecurityManager() != null;
        try {
            setSettings((Map) deserialize(this.file));
            Properties properties = new Properties();
            try {
                properties.load(new FileInputStream(this.password_file));
            } catch (Exception e) {
                properties.put("encrypted", "false");
                properties.put(RdsGlobals.PROP_RDS_PASSWORD, "admin");
                properties.put("rdspassword", "rds");
            }
            if ("true".equalsIgnoreCase(properties.getProperty("encrypted"))) {
                this.password = properties.getProperty(RdsGlobals.PROP_RDS_PASSWORD);
                this.rdspassword = properties.getProperty("rdspassword");
            } else {
                this.password = encrypt("admin", properties.getProperty(RdsGlobals.PROP_RDS_PASSWORD));
                this.rdspassword = encrypt("rds", properties.getProperty("rdspassword"));
                savePasswordFile();
            }
        } catch (Exception e2) {
            throw new ServiceException(e2);
        }
    }

    private Hashtable map2Permissions() {
        StringBuffer stringBuffer = new StringBuffer();
        Hashtable hashtable = new Hashtable();
        Iterator it = this.contexts.keySet().iterator();
        while (it.hasNext()) {
            ConfigMap configMap = (ConfigMap) this.contexts.get((String) it.next());
            for (String str : configMap.keySet()) {
                List list = (List) configMap.get(str);
                Permissions permissions = new Permissions();
                if (list.size() != 0) {
                    int i = 0;
                    while (i < list.size()) {
                        ConfigMap configMap2 = ConfigMap.toConfigMap(list.get(i));
                        configMap2.init(this, "permission");
                        String str2 = (String) configMap2.get("class");
                        String str3 = (String) configMap2.get("target");
                        String str4 = (String) configMap2.get("action");
                        try {
                            if ("java.net.NetPermission".equals(str2)) {
                                permissions.add(new NetPermission(str3));
                            } else if ("java.util.PropertyPermission".equals(str2)) {
                                permissions.add(new PropertyPermission(str3, str4));
                            } else if ("java.lang.reflect.ReflectPermission".equals(str2)) {
                                permissions.add(new ReflectPermission(str3));
                            } else if ("java.lang.RuntimePermission".equals(str2)) {
                                permissions.add(new RuntimePermission(str3));
                            } else if ("java.security.SecurityPermission".equals(str2)) {
                                permissions.add(new SecurityPermission(str3));
                            } else if ("java.io.SerializablePermission".equals(str2)) {
                                permissions.add(new SerializablePermission(str3));
                            } else if ("java.sql.SQLPermission".equals(str2)) {
                                permissions.add(new SQLPermission(str3));
                            } else if ("java.io.FilePermission".equals(str2)) {
                                permissions.add(new FilePermission(str3, str4));
                            } else if ("java.net.SocketPermission".equals(str2)) {
                                permissions.add(new SocketPermission(str3, str4));
                            } else if ("coldfusion.tagext.GenericTagPermission".equals(str2)) {
                                permissions.add(new GenericTagPermission(str3));
                            } else if ("coldfusion.runtime.FunctionPermission".equals(str2)) {
                                permissions.add(new FunctionPermission(str3));
                            } else if ("coldfusion.sql.DataSourcePermission".equals(str2)) {
                                permissions.add(new DataSourcePermission(str3));
                            } else if ("coldfusion.tagext.lang.ModulePermission".equals(str2)) {
                                permissions.add(new ModulePermission(str3));
                            }
                        } catch (Throwable th) {
                            list.remove(i);
                            i--;
                            stringBuffer.append(th.getLocalizedMessage());
                            stringBuffer.append(' ');
                        }
                        i++;
                    }
                }
                hashtable.put(str, permissions);
            }
        }
        if (stringBuffer.length() == 0) {
            return hashtable;
        }
        throw new IllegalArgumentException(stringBuffer.toString());
    }

    @Override // coldfusion.server.ServiceBase
    public void store() throws ServiceException {
        authenticateAdmin();
        Hashtable map2Permissions = map2Permissions();
        if (this._sbsEnabled && this.basic_policy != null) {
            this.basic_policy.setNewPermissions(map2Permissions);
        }
        savePasswordFile();
        serialize(this.config, this.file);
    }

    @Override // coldfusion.server.SecurityService
    public Map getSettings() {
        authenticateAdmin();
        return this.config;
    }

    @Override // coldfusion.server.SecurityService
    public void setSettings(Map map) throws ServiceException {
        authenticateAdmin();
        try {
            if (this.config == null) {
                this.config = new ConfigMap();
            }
            this.config.putAll(map);
            this.adminSecurityEnabled = ((Boolean) this.config.get("admin.security.enabled")).booleanValue();
            this.rdsSecurityEnabled = ((Boolean) this.config.get("rds.security.enabled")).booleanValue();
            try {
                this._sbsEnabled = ((Boolean) this.config.get("sbs.security.enabled")).booleanValue();
            } catch (NullPointerException e) {
                this._sbsEnabled = this.jvmSecurityEnabled;
            }
            this.contexts = (ConfigMap) this.config.get("contexts");
            this.contexts.init(this, "appcontexts");
            initMap(this.contexts, "contexts");
            Hashtable map2Permissions = map2Permissions();
            if (isSandboxSecurityEnabled()) {
                try {
                    if (this.basic_policy == null) {
                        this.basic_policy = new BasicPolicy(Policy.getPolicy(), map2Permissions);
                        Policy.setPolicy(this.basic_policy);
                    } else {
                        this.basic_policy.setNewPermissions(map2Permissions);
                    }
                } catch (Exception e2) {
                    CFLogs.SERVER_LOG.error(RB.getString(this, "SecurityManager.policyNotSet"), e2);
                    this.jvmSecurityEnabled = false;
                    this._sbsEnabled = false;
                }
            }
            Iterator it = this.contexts.values().iterator();
            while (it.hasNext()) {
                ((ConfigMap) it.next()).setConfigMapListener(this);
            }
            this.contexts.setConfigMapListener(this);
            this.config.setConfigMapListener(this);
        } catch (Exception e3) {
            throw new ServiceException(e3);
        }
    }

    @Override // coldfusion.server.ServiceBase, coldfusion.server.Service
    public Map getResourceBundle() {
        authenticateAdmin();
        if (this.rb == null) {
            this.rb = new HashMap();
            this.rb.put("permission.keys", "class,target,action");
            this.rb.put("permission.types", "java.lang.String,java.lang.String,java.lang.String");
            this.rb.put("permission.formats", "coldfusion.server.StringFormatter,coldfusion.server.StringFormatter,coldfusion.server.StringFormatter");
            this.rb.put("appcontexts.keys", "");
            this.rb.put("appcontexts.types", "coldfusion.server.ConfigMap");
            this.rb.put("appcontexts.formats", "coldfusion.server.MapFormatter");
            this.rb.put("appcontexts.value", "contexts");
            this.rb.put("contexts.keys", "");
            this.rb.put("contexts.types", "coldfusion.server.ConfigMap");
            this.rb.put("contexts.formats", "coldfusion.server.MapFormatter");
            this.rb.put("contexts.value", "");
        }
        return this.rb;
    }

    @Override // coldfusion.server.SecurityService
    public String getAdminHash() {
        try {
            return CFPage.Hash(this.password);
        } catch (Exception e) {
            return "";
        }
    }

    @Override // coldfusion.server.SecurityService
    public void authenticateAdmin() {
        int indexOf;
        FusionContext current = FusionContext.getCurrent();
        if (current != null && isAdminSecurityEnabled()) {
            String initParameter = current.getServletContext().getInitParameter("coldfusion.securityservice.disableadminauthentication");
            if (initParameter == null || !initParameter.equalsIgnoreCase("true")) {
                Object findAttribute = current.pageContext.findAttribute("cflogin.password");
                current.pageContext.findAttribute("cflogin.password");
                if (findAttribute == null) {
                    String str = null;
                    Scope scope = (Scope) current.pageContext.findAttribute("session");
                    if (scope instanceof SessionScope) {
                        str = (String) scope.get(SecurityScopeTracker.SECURE_COOKIE_NAME);
                    }
                    if (str == null) {
                        str = SecurityScopeTracker.getSecurityCookie(current.pageContext);
                    }
                    if (str == null) {
                        findAttribute = current.getSecurePassword();
                        if (findAttribute != null) {
                            current.getSecureUsername();
                        } else {
                            findAttribute = current.pageContext.findAttribute("j_password");
                            if (findAttribute != null) {
                                current.pageContext.findAttribute("j_username");
                            } else {
                                String header = current.getRequest().getHeader("authorization");
                                if (header != null && (indexOf = header.indexOf(" ")) != -1) {
                                    str = header.substring(indexOf + 1);
                                }
                            }
                        }
                    } else {
                        SecurityTable security = SecurityScopeTracker.getInstance().getSecurity(current.pageContext);
                        if (security != null) {
                            findAttribute = security.getPassword();
                        }
                    }
                    if (findAttribute == null && str != null) {
                        try {
                            str = new String(Base64Encoder.decode(str), RdsGlobals.RDS_CLIENT_ENCODING);
                        } catch (UnsupportedEncodingException e) {
                            str = new String(Base64Encoder.decode(str));
                        }
                        int indexOf2 = str.indexOf(":");
                        if (indexOf2 != -1) {
                            str.substring(0, indexOf2);
                            findAttribute = "";
                            if (indexOf2 + 1 != str.length()) {
                                int indexOf3 = str.indexOf(":", indexOf2 + 1);
                                if (indexOf3 == -1) {
                                    findAttribute = str.substring(indexOf2 + 1);
                                } else if (indexOf3 + 1 != str.length()) {
                                    findAttribute = str.substring(indexOf2 + 1, indexOf3);
                                }
                            }
                        }
                    }
                }
                if (findAttribute == null) {
                    throw new UnauthenticatedCredentialsException(this);
                }
                String encrypt = encrypt("admin", findAttribute.toString());
                if (encrypt.equals(this.password)) {
                    return;
                }
                try {
                    encrypt = encrypt("admin", Encryptor.decrypt(findAttribute.toString()));
                } catch (Exception e2) {
                }
                if (!encrypt.equals(this.password)) {
                    throw new UnauthenticatedCredentialsException(this);
                }
            }
        }
    }

    static {
        VALID_VM_VERSION = false;
        if (Double.parseDouble(((String) System.getProperties().get("java.runtime.version")).substring(0, 3)) >= 1.4d) {
            VALID_VM_VERSION = false;
        } else {
            VALID_VM_VERSION = true;
        }
    }
}
