package com.sun.web.server;

import com.sun.enterprise.container.common.spi.util.InjectionException;
import com.sun.enterprise.container.common.spi.util.InjectionManager;
import com.sun.enterprise.security.integration.AppServSecurityContext;
import com.sun.enterprise.security.integration.RealmInitializer;
import com.sun.enterprise.transaction.api.JavaEETransactionManager;
import com.sun.enterprise.util.Utility;
import com.sun.enterprise.web.WebComponentInvocation;
import com.sun.enterprise.web.WebModule;
import jakarta.servlet.Filter;
import jakarta.servlet.Servlet;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletRequestWrapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.annotation.Annotation;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.AuthPermission;
import org.apache.catalina.Context;
import org.apache.catalina.InstanceEvent;
import org.apache.catalina.InstanceListener;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.servlets.DefaultServlet;
import org.glassfish.api.invocation.InvocationManager;
import org.glassfish.hk2.api.ServiceHandle;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.ServerContext;
import org.glassfish.wasp.servlet.JspServlet;
import org.glassfish.web.LogFacade;

/* loaded from: input_file:com/sun/web/server/EEInstanceListener.class */
public final class EEInstanceListener implements InstanceListener {
    private static final Logger _logger = LogFacade.getLogger();
    private static final ResourceBundle _rb = _logger.getResourceBundle();
    private static AuthPermission doAsPrivilegedPerm = new AuthPermission("doAsPrivileged");
    private InvocationManager invocationManager;
    private JavaEETransactionManager eeTransactionManager;
    private InjectionManager injectionManager;
    private AppServSecurityContext securityContext;
    private boolean initialized;

    public void instanceEvent(InstanceEvent instanceEvent) {
        Context parent = instanceEvent.getWrapper().getParent();
        if (parent instanceof WebModule) {
            init((WebModule) parent);
            InstanceEvent.EventType type = instanceEvent.getType();
            _logger.log(Level.FINEST, LogFacade.INSTANCE_EVENT, type);
            if (type.isBefore) {
                handleBeforeEvent(instanceEvent, type);
            } else {
                handleAfterEvent(instanceEvent, type);
            }
        }
    }

    private synchronized void init(WebModule webModule) {
        if (this.initialized) {
            return;
        }
        ServerContext serverContext = webModule.getServerContext();
        if (serverContext == null) {
            throw new IllegalStateException(MessageFormat.format(_rb.getString(LogFacade.NO_SERVER_CONTEXT), webModule.getName()));
        }
        ServiceLocator defaultServices = serverContext.getDefaultServices();
        this.invocationManager = (InvocationManager) defaultServices.getService(InvocationManager.class, new Annotation[0]);
        this.eeTransactionManager = getJavaEETransactionManager(defaultServices);
        this.injectionManager = (InjectionManager) defaultServices.getService(InjectionManager.class, new Annotation[0]);
        this.securityContext = (AppServSecurityContext) defaultServices.getService(AppServSecurityContext.class, new Annotation[0]);
        if (this.securityContext != null) {
            _logger.log(Level.FINE, LogFacade.SECURITY_CONTEXT_OBTAINED, this.securityContext);
        } else {
            _logger.log(Level.FINE, LogFacade.SECURITY_CONTEXT_FAILED);
        }
        this.initialized = true;
    }

    private void handleBeforeEvent(InstanceEvent instanceEvent, InstanceEvent.EventType eventType) {
        WebModule webModule = (Context) instanceEvent.getWrapper().getParent();
        if (webModule instanceof WebModule) {
            WebModule webModule2 = webModule;
            Filter filter = eventType == InstanceEvent.EventType.BEFORE_FILTER_EVENT ? instanceEvent.getFilter() : instanceEvent.getServlet();
            if (webModule.getRealm() != null) {
                ServletRequest request = instanceEvent.getRequest();
                if (request instanceof HttpServletRequest) {
                    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
                    Principal userPrincipal = httpServletRequest.getUserPrincipal();
                    Principal basePrincipal = getBasePrincipal(httpServletRequest, userPrincipal);
                    if (userPrincipal != null && userPrincipal == basePrincipal && userPrincipal.getClass().getName().equals("com.sun.enterprise.security.web.integration.WebPrincipal")) {
                        this.securityContext.setSecurityContextWithPrincipal(userPrincipal);
                    } else if (userPrincipal != basePrincipal && userPrincipal != getCurrentCallerPrincipal()) {
                        checkObjectForDoAsPermission(httpServletRequest);
                        this.securityContext.setSecurityContextWithPrincipal(userPrincipal);
                    }
                }
            }
            WebComponentInvocation webComponentInvocation = eventType == InstanceEvent.EventType.BEFORE_INIT_EVENT ? new WebComponentInvocation(webModule2, filter, instanceEvent.getWrapper().getName()) : new WebComponentInvocation(webModule2, filter);
            try {
                this.invocationManager.preInvoke(webComponentInvocation);
                if (eventType == InstanceEvent.EventType.BEFORE_SERVICE_EVENT) {
                    webModule2.beforeServiceEvent(instanceEvent.getWrapper().getName());
                    if (this.eeTransactionManager != null) {
                        this.eeTransactionManager.enlistComponentResources();
                    }
                }
            } catch (Exception e) {
                this.invocationManager.postInvoke(webComponentInvocation);
                throw new RuntimeException(MessageFormat.format(_rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT), eventType, webModule2), e);
            }
        }
    }

    private Principal getBasePrincipal(HttpServletRequest httpServletRequest, Principal principal) {
        boolean z;
        Principal principal2 = principal;
        boolean z2 = false;
        while (true) {
            z = z2;
            if (principal != null) {
                if (!(httpServletRequest instanceof ServletRequestWrapper)) {
                    break;
                }
                ServletRequest request = ((ServletRequestWrapper) httpServletRequest).getRequest();
                if (!(request instanceof HttpServletRequest)) {
                    break;
                }
                httpServletRequest = (HttpServletRequest) request;
                z2 = true;
            } else {
                break;
            }
        }
        if (z) {
            principal2 = httpServletRequest.getUserPrincipal();
        } else if (!(httpServletRequest instanceof RequestFacade)) {
            principal2 = httpServletRequest.getUserPrincipal();
        } else if (httpServletRequest.getClass() != RequestFacade.class) {
            principal2 = ((RequestFacade) httpServletRequest).getUnwrappedCoyoteRequest().getUserPrincipal();
        }
        return principal2;
    }

    private Principal getCurrentCallerPrincipal() {
        AppServSecurityContext currentSecurityContext = this.securityContext.getCurrentSecurityContext();
        if (currentSecurityContext == null) {
            return null;
        }
        return currentSecurityContext.getCallerPrincipal();
    }

    private static void checkObjectForDoAsPermission(final Object obj) throws AccessControlException {
        if (System.getSecurityManager() != null) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.sun.web.server.EEInstanceListener.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    if (Policy.getPolicy().implies(obj.getClass().getProtectionDomain(), EEInstanceListener.doAsPrivilegedPerm)) {
                        return null;
                    }
                    throw new AccessControlException("permission required to override getUserPrincipal", EEInstanceListener.doAsPrivilegedPerm);
                }
            });
        }
    }

    private void handleAfterEvent(InstanceEvent instanceEvent, InstanceEvent.EventType eventType) {
        Wrapper wrapper = instanceEvent.getWrapper();
        WebModule webModule = (Context) wrapper.getParent();
        if (webModule instanceof WebModule) {
            WebModule webModule2 = webModule;
            Filter filter = eventType == InstanceEvent.EventType.AFTER_FILTER_EVENT ? instanceEvent.getFilter() : instanceEvent.getServlet();
            if (filter == null) {
                return;
            }
            if (filter instanceof Servlet) {
                if (eventType == InstanceEvent.EventType.AFTER_INIT_EVENT) {
                    webModule2.servletInitializedEvent(wrapper.getName());
                } else if (eventType == InstanceEvent.EventType.AFTER_DESTROY_EVENT) {
                    webModule2.servletDestroyedEvent(wrapper.getName());
                }
            }
            try {
                if (eventType == InstanceEvent.EventType.AFTER_DESTROY_EVENT && !DefaultServlet.class.equals(filter.getClass()) && !JspServlet.class.equals(filter.getClass())) {
                    this.injectionManager.destroyManagedObject(filter, false);
                }
            } catch (InjectionException e) {
                _logger.log(Level.SEVERE, MessageFormat.format(_rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT), eventType, webModule2), e);
            }
            WebComponentInvocation webComponentInvocation = new WebComponentInvocation(webModule2, filter);
            try {
                try {
                    this.invocationManager.postInvoke(webComponentInvocation);
                    if (eventType == InstanceEvent.EventType.AFTER_DESTROY_EVENT) {
                        if (this.eeTransactionManager != null) {
                            this.eeTransactionManager.componentDestroyed(filter, webComponentInvocation);
                            return;
                        }
                        return;
                    }
                    if (Utility.isOneOf(eventType, new InstanceEvent.EventType[]{InstanceEvent.EventType.AFTER_FILTER_EVENT, InstanceEvent.EventType.AFTER_SERVICE_EVENT})) {
                        if (eventType == InstanceEvent.EventType.AFTER_SERVICE_EVENT) {
                            HttpServletResponse response = instanceEvent.getResponse();
                            int i = -1;
                            if (response instanceof HttpServletResponse) {
                                i = response.getStatus();
                            }
                            webModule2.afterServiceEvent(wrapper.getName(), i);
                        }
                        if (this.invocationManager.getCurrentInvocation() == null) {
                            try {
                                RealmInitializer realm = webModule.getRealm();
                                if (realm instanceof RealmInitializer) {
                                    realm.logout();
                                }
                            } catch (Exception e2) {
                                _logger.log(Level.SEVERE, MessageFormat.format(_rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT), eventType, webModule2), (Throwable) e2);
                            }
                            if (this.eeTransactionManager != null) {
                                try {
                                    if (this.eeTransactionManager.getTransaction() != null) {
                                        this.eeTransactionManager.rollback();
                                    }
                                    this.eeTransactionManager.cleanTxnTimeout();
                                } catch (Exception e3) {
                                }
                            }
                        }
                        if (this.eeTransactionManager != null) {
                            this.eeTransactionManager.componentDestroyed(filter, webComponentInvocation);
                        }
                    }
                } catch (Exception e4) {
                    throw new RuntimeException(MessageFormat.format(_rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT), eventType, webModule2), e4);
                }
            } catch (Throwable th) {
                if (eventType == InstanceEvent.EventType.AFTER_DESTROY_EVENT) {
                    if (this.eeTransactionManager != null) {
                        this.eeTransactionManager.componentDestroyed(filter, webComponentInvocation);
                    }
                } else if (Utility.isOneOf(eventType, new InstanceEvent.EventType[]{InstanceEvent.EventType.AFTER_FILTER_EVENT, InstanceEvent.EventType.AFTER_SERVICE_EVENT})) {
                    if (eventType == InstanceEvent.EventType.AFTER_SERVICE_EVENT) {
                        HttpServletResponse response2 = instanceEvent.getResponse();
                        int i2 = -1;
                        if (response2 instanceof HttpServletResponse) {
                            i2 = response2.getStatus();
                        }
                        webModule2.afterServiceEvent(wrapper.getName(), i2);
                    }
                    if (this.invocationManager.getCurrentInvocation() == null) {
                        try {
                            RealmInitializer realm2 = webModule.getRealm();
                            if (realm2 instanceof RealmInitializer) {
                                realm2.logout();
                            }
                        } catch (Exception e5) {
                            _logger.log(Level.SEVERE, MessageFormat.format(_rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT), eventType, webModule2), (Throwable) e5);
                        }
                        if (this.eeTransactionManager != null) {
                            try {
                                if (this.eeTransactionManager.getTransaction() != null) {
                                    this.eeTransactionManager.rollback();
                                }
                                this.eeTransactionManager.cleanTxnTimeout();
                            } catch (Exception e6) {
                            }
                        }
                    }
                    if (this.eeTransactionManager != null) {
                        this.eeTransactionManager.componentDestroyed(filter, webComponentInvocation);
                    }
                }
                throw th;
            }
        }
    }

    private JavaEETransactionManager getJavaEETransactionManager(ServiceLocator serviceLocator) {
        ServiceHandle serviceHandle = serviceLocator.getServiceHandle(JavaEETransactionManager.class, new Annotation[0]);
        if (serviceHandle == null || !serviceHandle.isActive()) {
            return null;
        }
        return (JavaEETransactionManager) serviceHandle.getService();
    }
}
