package com.ibm.ws.security.javaeesec.cdi.extensions;

import com.ibm.websphere.csi.J2EEName;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.cdi.extension.WebSphereCDIExtension;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.runtime.metadata.ModuleMetaData;
import com.ibm.ws.security.javaeesec.ApplicationUtils;
import com.ibm.ws.security.javaeesec.cdi.beans.BasicHttpAuthenticationMechanism;
import com.ibm.ws.security.javaeesec.cdi.beans.CustomFormAuthenticationMechanism;
import com.ibm.ws.security.javaeesec.cdi.beans.FormAuthenticationMechanism;
import com.ibm.ws.security.javaeesec.properties.ModuleProperties;
import com.ibm.ws.threadContext.ModuleMetaDataAccessorImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import com.ibm.ws.webcontainer.security.util.WebConfigUtils;
import com.ibm.wsspi.webcontainer.metadata.WebModuleMetaData;
import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AnnotatedType;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.BeforeBeanDiscovery;
import javax.enterprise.inject.spi.DeploymentException;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.ProcessAnnotatedType;
import javax.enterprise.inject.spi.ProcessBean;
import javax.enterprise.inject.spi.ProcessBeanAttributes;
import javax.enterprise.inject.spi.WithAnnotations;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
import javax.security.enterprise.identitystore.IdentityStore;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.security.enterprise.identitystore.LdapIdentityStoreDefinition;
import javax.security.enterprise.identitystore.PasswordHash;
import javax.security.enterprise.identitystore.Pbkdf2PasswordHash;
import org.osgi.service.component.annotations.Component;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {WebSphereCDIExtension.class}, property = {"api.classes=javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;javax.security.enterprise.identitystore.IdentityStore;javax.security.enterprise.identitystore.IdentityStoreHandler;javax.security.enterprise.identitystore.RememberMeIdentityStore;javax.security.enterprise.SecurityContext;com.ibm.ws.security.javaeesec.properties.ModulePropertiesProvider", "bean.defining.annotations=javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;javax.security.enterprise.authentication.mechanism.http.FormAuthenticationMechanismDefinition;javax.security.enterprise.authentication.mechanism.http.LoginToContinue;javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;javax.security.enterprise.identitystore.LdapIdentityStoreDefinition"}, immediate = true)
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/javaeesec/cdi/extensions/JavaEESecCDIExtension.class */
public class JavaEESecCDIExtension<T> implements Extension, WebSphereCDIExtension {
    private static final TraceComponent tc = Tr.register(JavaEESecCDIExtension.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");
    private final Set<Bean> beansToAdd = new HashSet();
    private boolean identityStoreHandlerRegistered = false;
    private boolean identityStoreRegistered = false;
    private final Map<String, ModuleProperties> moduleMap = new HashMap();
    private final List<LdapIdentityStoreDefinition> ldapDefinitionList = new ArrayList();
    private final List<DatabaseIdentityStoreDefinition> databaseDefinitionList = new ArrayList();
    static final long serialVersionUID = 2763094261848980243L;

    /* JADX WARN: Multi-variable type inference failed */
    public void processApplicationHAMClass(@Observes ProcessAnnotatedType<? extends HttpAuthenticationMechanism> processAnnotatedType, BeanManager beanManager) {
        processAnnotatedType(processAnnotatedType, beanManager);
    }

    public <T> void processAnnotatedHAMandIS(@Observes @WithAnnotations({BasicAuthenticationMechanismDefinition.class, FormAuthenticationMechanismDefinition.class, CustomFormAuthenticationMechanismDefinition.class, LdapIdentityStoreDefinition.class, DatabaseIdentityStoreDefinition.class, LoginToContinue.class}) ProcessAnnotatedType<T> processAnnotatedType, BeanManager beanManager) {
        processAnnotatedType(processAnnotatedType, beanManager);
    }

    public <T> void processAnnotatedType(ProcessAnnotatedType<T> processAnnotatedType, BeanManager beanManager) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processAnnotatedType : instance : " + Integer.toHexString(hashCode()) + " BeanManager : " + Integer.toHexString(beanManager.hashCode()), new Object[0]);
        }
        AnnotatedType annotatedType = processAnnotatedType.getAnnotatedType();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processAnnotatedType : annotation : " + annotatedType, new Object[0]);
        }
        Class<?> javaClass = annotatedType.getJavaClass();
        boolean isAuthMechOverridden = isAuthMechOverridden();
        if (isApplicationAuthMech(javaClass)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found an application specific HttpAuthenticationMechanism : " + javaClass, new Object[0]);
            }
            if (isAuthMechOverridden) {
                createModulePropertiesProviderBeanForGlobalLogin(beanManager, javaClass);
            } else {
                createModulePropertiesProviderBeanForApplicationAuthMechToAdd(beanManager, annotatedType.getAnnotation(LoginToContinue.class), javaClass);
            }
        }
        for (Annotation annotation : annotatedType.getAnnotations()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Annotations found: " + annotation, new Object[0]);
                Tr.debug(tc, "Annotation class: ", new Object[]{annotation.getClass()});
            }
            Class<? extends Annotation> annotationType = annotation.annotationType();
            if (BasicAuthenticationMechanismDefinition.class.equals(annotationType)) {
                if (isAuthMechOverridden) {
                    createModulePropertiesProviderBeanForGlobalLogin(beanManager, javaClass);
                } else {
                    createModulePropertiesProviderBeanForBasicToAdd(beanManager, annotation, annotationType, javaClass);
                }
            } else if (FormAuthenticationMechanismDefinition.class.equals(annotationType) || CustomFormAuthenticationMechanismDefinition.class.equals(annotationType)) {
                if (isAuthMechOverridden) {
                    createModulePropertiesProviderBeanForGlobalLogin(beanManager, javaClass);
                } else {
                    createModulePropertiesProviderBeanForFormToAdd(beanManager, annotation, annotationType, javaClass);
                }
            } else if (LdapIdentityStoreDefinition.class.equals(annotationType)) {
                createLdapIdentityStoreBeanToAdd(beanManager, annotation, annotationType);
                this.identityStoreRegistered = true;
            } else if (DatabaseIdentityStoreDefinition.class.equals(annotationType)) {
                createDatabaseIdentityStoreBeanToAdd(beanManager, annotation, annotationType);
                this.identityStoreRegistered = true;
            }
        }
    }

    public void beforeBeanDiscovery(@Observes BeforeBeanDiscovery beforeBeanDiscovery, BeanManager beanManager) {
        beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(SecurityContextProducer.class), SecurityContextProducer.class.getName() + ":" + getClass().getClassLoader().hashCode());
        beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(AutoApplySessionInterceptor.class), AutoApplySessionInterceptor.class.getName() + ":" + getClass().getClassLoader().hashCode());
        beforeBeanDiscovery.addAnnotatedType(beanManager.createAnnotatedType(RememberMeInterceptor.class), RememberMeInterceptor.class.getName() + ":" + getClass().getClassLoader().hashCode());
    }

    public <T> void afterBeanDiscovery(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "afterBeanDiscovery : instance : " + Integer.toHexString(hashCode()) + " BeanManager : " + Integer.toHexString(beanManager.hashCode()), new Object[0]);
        }
        try {
            verifyConfiguration();
            if (!this.identityStoreHandlerRegistered) {
                this.beansToAdd.add(new IdentityStoreHandlerBean(beanManager));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "registering the default IdentityStoreHandler.", new Object[0]);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IdentityStoreHandler is not registered because a custom IdentityStoreHandler has been registered,", new Object[0]);
            }
        } catch (DeploymentException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "182", this, new Object[]{afterBeanDiscovery, beanManager});
            afterBeanDiscovery.addDefinitionError(e);
        }
        if (!isEmptyModuleMap()) {
            this.beansToAdd.add(new ModulePropertiesProviderBean(beanManager, this.moduleMap));
            ApplicationUtils.registerApplication(getApplicationName());
        }
        Iterator<Bean> it = this.beansToAdd.iterator();
        while (it.hasNext()) {
            afterBeanDiscovery.addBean(it.next());
        }
    }

    public void processBean(@Observes ProcessBean<?> processBean, BeanManager beanManager) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "processBean : instance : " + Integer.toHexString(hashCode()) + " BeanManager : " + Integer.toHexString(beanManager.hashCode()), new Object[0]);
        }
        if (!this.identityStoreHandlerRegistered && isIdentityStoreHandler(processBean)) {
            this.identityStoreHandlerRegistered = true;
        }
        if (this.identityStoreRegistered || !isIdentityStore(processBean)) {
            return;
        }
        this.identityStoreRegistered = true;
    }

    public void processBasicHttpAuthMechNeeded(@Observes ProcessBeanAttributes<BasicHttpAuthenticationMechanism> processBeanAttributes, BeanManager beanManager) {
        if (existAuthMech(BasicHttpAuthenticationMechanism.class)) {
            return;
        }
        processBeanAttributes.veto();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "BasicHttpAuthenticationMechanism is disabled since another HttpAuthorizationMechanism is registered.", new Object[0]);
        }
    }

    public void processFormAuthMechNeeded(@Observes ProcessBeanAttributes<FormAuthenticationMechanism> processBeanAttributes, BeanManager beanManager) {
        if (existAuthMech(FormAuthenticationMechanism.class)) {
            return;
        }
        processBeanAttributes.veto();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "FormAuthenticationMechanism is disabled since another HttpAuthorizationMechanism is registered.", new Object[0]);
        }
    }

    public void processCustomFormAuthMechNeeded(@Observes ProcessBeanAttributes<CustomFormAuthenticationMechanism> processBeanAttributes, BeanManager beanManager) {
        if (existAuthMech(CustomFormAuthenticationMechanism.class)) {
            return;
        }
        processBeanAttributes.veto();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "CustomFormAuthenticationMechanism is disabled since another HttpAuthorizationMechanism is registered.", new Object[0]);
        }
    }

    private <T> void createModulePropertiesProviderBeanForFormToAdd(BeanManager beanManager, Annotation annotation, Class<? extends Annotation> cls, Class<?> cls2) {
        try {
            addAuthMech(cls2, FormAuthenticationMechanismDefinition.class.equals(cls) ? FormAuthenticationMechanism.class : CustomFormAuthenticationMechanism.class, parseLoginToContinue((Annotation) cls.getMethod("loginToContinue", new Class[0]).invoke(annotation, new Object[0])));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "260", this, new Object[]{beanManager, annotation, cls, cls2});
            e.printStackTrace();
        }
    }

    private void createModulePropertiesProviderBeanForBasicToAdd(BeanManager beanManager, Annotation annotation, Class<? extends Annotation> cls, Class cls2) {
        try {
            String str = (String) cls.getMethod("realmName", new Class[0]).invoke(annotation, new Object[0]);
            Properties properties = new Properties();
            properties.put("realmName", str);
            addAuthMech(cls2, BasicHttpAuthenticationMechanism.class, properties);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "279", this, new Object[]{beanManager, annotation, cls, cls2});
            e.printStackTrace();
        }
    }

    private void createModulePropertiesProviderBeanForApplicationAuthMechToAdd(BeanManager beanManager, Annotation annotation, Class cls) {
        Properties properties = null;
        if (annotation != null) {
            try {
                properties = parseLoginToContinue(annotation);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "297", this, new Object[]{beanManager, annotation, cls});
                e.printStackTrace();
            }
        }
        addAuthMech(cls, cls, properties);
    }

    private void createModulePropertiesProviderBeanForGlobalLogin(BeanManager beanManager, Class cls) {
        Properties globalLoginBasicProps;
        Class<?> cls2;
        try {
            if (isAuthMechOverriddenByForm()) {
                globalLoginBasicProps = getGlobalLoginFormProps();
                cls2 = FormAuthenticationMechanism.class;
            } else {
                globalLoginBasicProps = getGlobalLoginBasicProps();
                cls2 = BasicHttpAuthenticationMechanism.class;
            }
            addAuthMech(cls, cls2, globalLoginBasicProps);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "323", this, new Object[]{beanManager, cls});
            e.printStackTrace();
        }
    }

    private void addAuthMech(Class<?> cls, Class<?> cls2, Properties properties) {
        Map<String, ModuleProperties> moduleMap = getModuleMap();
        String moduleFromClass = getModuleFromClass(cls, moduleMap);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "moduleName: " + moduleFromClass, new Object[0]);
        }
        if (moduleMap.containsKey(moduleFromClass)) {
            moduleMap.get(moduleFromClass).putToAuthMechMap(cls2, properties);
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Place the AuthMech to all modules since the module is not found  Module: " + moduleFromClass, new Object[0]);
        }
        Iterator<Map.Entry<String, ModuleProperties>> it = moduleMap.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().putToAuthMechMap(cls2, properties);
        }
    }

    private Map<Class<?>, Properties> getAuthMechs(String str) {
        Map<Class<?>, Properties> map = null;
        Map<String, ModuleProperties> moduleMap = getModuleMap();
        if (moduleMap.containsKey(str)) {
            map = moduleMap.get(str).getAuthMechMap();
        }
        return map;
    }

    private Properties parseLoginToContinue(Annotation annotation) throws Exception {
        Properties properties = new Properties();
        Class<? extends Annotation> annotationType = annotation.annotationType();
        properties.put("loginPage", getAnnotatedString(annotation, annotationType, "loginPage"));
        properties.put("errorPage", getAnnotatedString(annotation, annotationType, "errorPage"));
        properties.put("useForwardToLoginExpression", getAnnotatedString(annotation, annotationType, "useForwardToLoginExpression"));
        properties.put("useForwardToLogin", Boolean.valueOf(getAnnotatedBoolean(annotation, annotationType, "useForwardToLogin")));
        return properties;
    }

    private String getAnnotatedString(final Annotation annotation, final Class<? extends Annotation> cls, final String str) throws Exception {
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<String>() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.1
                static final long serialVersionUID = -280513778332454590L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension$1", AnonymousClass1.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
                    return (String) cls.getMethod(str, new Class[0]).invoke(annotation, new Object[0]);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "380", this, new Object[]{annotation, cls, str});
            throw e.getException();
        }
    }

    private boolean getAnnotatedBoolean(final Annotation annotation, final Class<? extends Annotation> cls, final String str) throws Exception {
        try {
            return ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.2
                static final long serialVersionUID = -4894770422010973215L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension$2", AnonymousClass2.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Boolean run() throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
                    return (Boolean) cls.getMethod(str, new Class[0]).invoke(annotation, new Object[0]);
                }
            })).booleanValue();
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "394", this, new Object[]{annotation, cls, str});
            throw e.getException();
        }
    }

    private void createLdapIdentityStoreBeanToAdd(BeanManager beanManager, Annotation annotation, Class<? extends Annotation> cls) {
        try {
            HashMap hashMap = new HashMap();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "JavaEESec.createLdapISBeanToAdd", new Object[0]);
            }
            for (Method method : cls.getMethods()) {
                Tr.debug(tc, method.getName(), new Object[0]);
                if (!method.getName().equals("equals")) {
                    hashMap.put(method.getName(), method.invoke(annotation, new Object[0]));
                }
            }
            LdapIdentityStoreDefinition instanceOfAnnotation = getInstanceOfAnnotation(hashMap);
            if (!containsLdapDefinition(instanceOfAnnotation, this.ldapDefinitionList)) {
                this.ldapDefinitionList.add(instanceOfAnnotation);
                this.beansToAdd.add(new LdapIdentityStoreBean(beanManager, instanceOfAnnotation));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "registering the default LdapIdentityStore.", new Object[0]);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the same annotation exists, skip registering..", new Object[0]);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "426", this, new Object[]{beanManager, annotation, cls});
            e.printStackTrace();
        }
    }

    private boolean containsLdapDefinition(LdapIdentityStoreDefinition ldapIdentityStoreDefinition, List<LdapIdentityStoreDefinition> list) {
        Iterator<LdapIdentityStoreDefinition> it = list.iterator();
        while (it.hasNext()) {
            if (equalsLdapDefinition(ldapIdentityStoreDefinition, it.next())) {
                return true;
            }
        }
        return false;
    }

    private LdapIdentityStoreDefinition getInstanceOfAnnotation(final Map<String, Object> map) {
        return new LdapIdentityStoreDefinition() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.3
            static final long serialVersionUID = 2746903800761409095L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension$3", AnonymousClass3.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");

            public Class<? extends Annotation> annotationType() {
                return null;
            }

            public String bindDn() {
                return (map == null || !map.containsKey("bindDn")) ? "" : (String) map.get("bindDn");
            }

            @Sensitive
            public String bindDnPassword() {
                return (map == null || !map.containsKey("bindDnPassword")) ? "" : (String) map.get("bindDnPassword");
            }

            public String callerBaseDn() {
                return (map == null || !map.containsKey("callerBaseDn")) ? "" : (String) map.get("callerBaseDn");
            }

            public String callerNameAttribute() {
                return (map == null || !map.containsKey("callerNameAttribute")) ? "uid" : (String) map.get("callerNameAttribute");
            }

            public String callerSearchBase() {
                return (map == null || !map.containsKey("callerSearchBase")) ? "" : (String) map.get("callerSearchBase");
            }

            public String callerSearchFilter() {
                return (map == null || !map.containsKey("callerSearchFilter")) ? "" : (String) map.get("callerSearchFilter");
            }

            public LdapIdentityStoreDefinition.LdapSearchScope callerSearchScope() {
                return (map == null || !map.containsKey("callerSearchScope")) ? LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE : (LdapIdentityStoreDefinition.LdapSearchScope) map.get("callerSearchScope");
            }

            public String callerSearchScopeExpression() {
                return (map == null || !map.containsKey("callerSearchScopeExpression")) ? "" : (String) map.get("callerSearchScopeExpression");
            }

            public String groupMemberAttribute() {
                return (map == null || !map.containsKey("groupMemberAttribute")) ? "member" : (String) map.get("groupMemberAttribute");
            }

            public String groupMemberOfAttribute() {
                return (map == null || !map.containsKey("groupMemberOfAttribute")) ? "memberOf" : (String) map.get("groupMemberOfAttribute");
            }

            public String groupNameAttribute() {
                return (map == null || !map.containsKey("groupNameAttribute")) ? "cn" : (String) map.get("groupNameAttribute");
            }

            public String groupSearchBase() {
                return (map == null || !map.containsKey("groupSearchBase")) ? "" : (String) map.get("groupSearchBase");
            }

            public String groupSearchFilter() {
                return (map == null || !map.containsKey("groupSearchFilter")) ? "" : (String) map.get("groupSearchFilter");
            }

            public LdapIdentityStoreDefinition.LdapSearchScope groupSearchScope() {
                return (map == null || !map.containsKey("groupSearchScope")) ? LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE : (LdapIdentityStoreDefinition.LdapSearchScope) map.get("groupSearchScope");
            }

            public String groupSearchScopeExpression() {
                return (map == null || !map.containsKey("groupSearchScopeExpression")) ? "" : (String) map.get("groupSearchScopeExpression");
            }

            public int maxResults() {
                if (map == null || !map.containsKey("maxResults")) {
                    return 1000;
                }
                return ((Integer) map.get("maxResults")).intValue();
            }

            public String maxResultsExpression() {
                return (map == null || !map.containsKey("maxResultsExpression")) ? "" : (String) map.get("maxResultsExpression");
            }

            public int priority() {
                if (map == null || !map.containsKey("priority")) {
                    return 80;
                }
                return ((Integer) map.get("priority")).intValue();
            }

            public String priorityExpression() {
                return (map == null || !map.containsKey("priorityExpression")) ? "" : (String) map.get("priorityExpression");
            }

            public int readTimeout() {
                if (map == null || !map.containsKey("readTimeout")) {
                    return 0;
                }
                return ((Integer) map.get("readTimeout")).intValue();
            }

            public String readTimeoutExpression() {
                return (map == null || !map.containsKey("readTimeoutExpression")) ? "" : (String) map.get("readTimeoutExpression");
            }

            public String url() {
                return (map == null || !map.containsKey("url")) ? "" : (String) map.get("url");
            }

            public IdentityStore.ValidationType[] useFor() {
                return (map == null || !map.containsKey("useFor")) ? new IdentityStore.ValidationType[]{IdentityStore.ValidationType.PROVIDE_GROUPS, IdentityStore.ValidationType.VALIDATE} : (IdentityStore.ValidationType[]) map.get("useFor");
            }

            public String useForExpression() {
                return (map == null || !map.containsKey("useForExpression")) ? "" : (String) map.get("useForExpression");
            }
        };
    }

    protected boolean equalsLdapDefinition(LdapIdentityStoreDefinition ldapIdentityStoreDefinition, LdapIdentityStoreDefinition ldapIdentityStoreDefinition2) {
        return ldapIdentityStoreDefinition.bindDn().equals(ldapIdentityStoreDefinition2.bindDn()) && ldapIdentityStoreDefinition.bindDnPassword().equals(ldapIdentityStoreDefinition2.bindDnPassword()) && ldapIdentityStoreDefinition.callerBaseDn().equals(ldapIdentityStoreDefinition2.callerBaseDn()) && ldapIdentityStoreDefinition.callerNameAttribute().equals(ldapIdentityStoreDefinition2.callerNameAttribute()) && ldapIdentityStoreDefinition.callerSearchBase().equals(ldapIdentityStoreDefinition2.callerSearchBase()) && ldapIdentityStoreDefinition.callerSearchFilter().equals(ldapIdentityStoreDefinition2.callerSearchFilter()) && ldapIdentityStoreDefinition.callerSearchScope().equals(ldapIdentityStoreDefinition2.callerSearchScope()) && ldapIdentityStoreDefinition.callerSearchScopeExpression().equals(ldapIdentityStoreDefinition2.callerSearchScopeExpression()) && ldapIdentityStoreDefinition.groupMemberAttribute().equals(ldapIdentityStoreDefinition2.groupMemberAttribute()) && ldapIdentityStoreDefinition.groupMemberOfAttribute().equals(ldapIdentityStoreDefinition2.groupMemberOfAttribute()) && ldapIdentityStoreDefinition.groupNameAttribute().equals(ldapIdentityStoreDefinition2.groupNameAttribute()) && ldapIdentityStoreDefinition.groupSearchBase().equals(ldapIdentityStoreDefinition2.groupSearchBase()) && ldapIdentityStoreDefinition.groupSearchFilter().equals(ldapIdentityStoreDefinition2.groupSearchFilter()) && ldapIdentityStoreDefinition.groupSearchScope().equals(ldapIdentityStoreDefinition2.groupSearchScope()) && ldapIdentityStoreDefinition.groupSearchScopeExpression().equals(ldapIdentityStoreDefinition2.groupSearchScopeExpression()) && ldapIdentityStoreDefinition.maxResults() == ldapIdentityStoreDefinition2.maxResults() && ldapIdentityStoreDefinition.maxResultsExpression().equals(ldapIdentityStoreDefinition2.maxResultsExpression()) && ldapIdentityStoreDefinition.priority() == ldapIdentityStoreDefinition2.priority() && ldapIdentityStoreDefinition.priorityExpression().equals(ldapIdentityStoreDefinition2.priorityExpression()) && ldapIdentityStoreDefinition.readTimeout() == ldapIdentityStoreDefinition2.readTimeout() && ldapIdentityStoreDefinition.readTimeoutExpression().equals(ldapIdentityStoreDefinition2.readTimeoutExpression()) && ldapIdentityStoreDefinition.url().equals(ldapIdentityStoreDefinition2.url()) && equalsUseFor(ldapIdentityStoreDefinition.useFor(), ldapIdentityStoreDefinition2.useFor()) && ldapIdentityStoreDefinition.useForExpression().equals(ldapIdentityStoreDefinition2.useForExpression());
    }

    private boolean equalsUseFor(IdentityStore.ValidationType[] validationTypeArr, IdentityStore.ValidationType[] validationTypeArr2) {
        if (validationTypeArr == validationTypeArr2) {
            return true;
        }
        if (validationTypeArr.length == validationTypeArr2.length && validationTypeArr.length == 1) {
            return validationTypeArr[0] == validationTypeArr2[0];
        }
        List asList = Arrays.asList(validationTypeArr);
        List asList2 = Arrays.asList(validationTypeArr2);
        return asList.contains(IdentityStore.ValidationType.PROVIDE_GROUPS) == asList2.contains(IdentityStore.ValidationType.PROVIDE_GROUPS) && asList.contains(IdentityStore.ValidationType.VALIDATE) == asList2.contains(IdentityStore.ValidationType.VALIDATE);
    }

    private void createDatabaseIdentityStoreBeanToAdd(BeanManager beanManager, Annotation annotation, Class<? extends Annotation> cls) {
        try {
            HashMap hashMap = new HashMap();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "JavaEESec.createDatabaseIdentityStoreBeanToAdd", new Object[0]);
            }
            for (Method method : cls.getMethods()) {
                Tr.debug(tc, method.getName(), new Object[0]);
                if (!method.getName().equals("equals")) {
                    hashMap.put(method.getName(), method.invoke(annotation, new Object[0]));
                }
            }
            DatabaseIdentityStoreDefinition instanceOfDBAnnotation = getInstanceOfDBAnnotation(hashMap);
            if (!containsDatabaseDefinition(instanceOfDBAnnotation, this.databaseDefinitionList)) {
                this.beansToAdd.add(new DatabaseIdentityStoreBean(beanManager, instanceOfDBAnnotation));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "registering the default DatabaseIdentityStore.", new Object[0]);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the same annotation exists, skip registering..", new Object[0]);
            }
        } catch (IllegalAccessException | InvocationTargetException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension", "645", this, new Object[]{beanManager, annotation, cls});
            if (tc.isEventEnabled()) {
                Tr.event(tc, "unexpected", new Object[]{e});
            }
        }
    }

    private boolean containsDatabaseDefinition(DatabaseIdentityStoreDefinition databaseIdentityStoreDefinition, List<DatabaseIdentityStoreDefinition> list) {
        Iterator<DatabaseIdentityStoreDefinition> it = list.iterator();
        while (it.hasNext()) {
            if (equalsDatabaseDefinition(databaseIdentityStoreDefinition, it.next())) {
                return true;
            }
        }
        return false;
    }

    protected boolean equalsDatabaseDefinition(DatabaseIdentityStoreDefinition databaseIdentityStoreDefinition, DatabaseIdentityStoreDefinition databaseIdentityStoreDefinition2) {
        return databaseIdentityStoreDefinition.callerQuery().equals(databaseIdentityStoreDefinition2.callerQuery()) && databaseIdentityStoreDefinition.dataSourceLookup().equals(databaseIdentityStoreDefinition2.dataSourceLookup()) && databaseIdentityStoreDefinition.groupsQuery().equals(databaseIdentityStoreDefinition2.groupsQuery()) && databaseIdentityStoreDefinition.hashAlgorithm().equals(databaseIdentityStoreDefinition2.hashAlgorithm()) && equalsHashAlgorithmParameters(databaseIdentityStoreDefinition.hashAlgorithmParameters(), databaseIdentityStoreDefinition2.hashAlgorithmParameters()) && databaseIdentityStoreDefinition.priority() == databaseIdentityStoreDefinition2.priority() && databaseIdentityStoreDefinition.priorityExpression().equals(databaseIdentityStoreDefinition2.priorityExpression()) && equalsUseFor(databaseIdentityStoreDefinition.useFor(), databaseIdentityStoreDefinition2.useFor()) && databaseIdentityStoreDefinition.useForExpression().equals(databaseIdentityStoreDefinition2.useForExpression());
    }

    private boolean equalsHashAlgorithmParameters(String[] strArr, String[] strArr2) {
        if (strArr == strArr2) {
            return true;
        }
        if (strArr.length != strArr2.length) {
            return false;
        }
        return new HashSet(Arrays.asList(strArr)).equals(new HashSet(Arrays.asList(strArr2)));
    }

    protected boolean isIdentityStoreHandler(ProcessBean<?> processBean) {
        Bean bean = processBean.getBean();
        if (bean.getBeanClass() == IdentityStoreHandler.class || !bean.getTypes().contains(IdentityStoreHandler.class)) {
            return false;
        }
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "found a custom IdentityStoreHandler : " + bean.getBeanClass(), new Object[0]);
        return true;
    }

    protected boolean isIdentityStore(ProcessBean<?> processBean) {
        Bean bean = processBean.getBean();
        if (bean.getBeanClass() == IdentityStore.class || !bean.getTypes().contains(IdentityStore.class)) {
            return false;
        }
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "found a custom IdentityStore : " + bean.getBeanClass(), new Object[0]);
        return true;
    }

    protected Set<Bean> getBeansToAdd() {
        return this.beansToAdd;
    }

    protected boolean getIdentityStoreHandlerRegistered() {
        return this.identityStoreHandlerRegistered;
    }

    protected boolean getIdentityStoreRegistered() {
        return this.identityStoreRegistered;
    }

    protected boolean isApplicationAuthMech(Class<?> cls) {
        return (!HttpAuthenticationMechanism.class.isAssignableFrom(cls) || BasicHttpAuthenticationMechanism.class.equals(cls) || FormAuthenticationMechanism.class.equals(cls) || CustomFormAuthenticationMechanism.class.equals(cls) || HttpAuthenticationMechanism.class.equals(cls)) ? false : true;
    }

    protected Map<String, ModuleProperties> getModuleMap() {
        if (this.moduleMap.isEmpty()) {
            initModuleMap();
        }
        return this.moduleMap;
    }

    protected void initModuleMap() {
        Map<String, URL> webModuleMap = getWebModuleMap();
        if (webModuleMap != null) {
            for (Map.Entry<String, URL> entry : webModuleMap.entrySet()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "moduleName : " + entry.getKey() + ", location : " + entry.getValue(), new Object[0]);
                }
                this.moduleMap.put(entry.getKey(), new ModuleProperties(entry.getValue()));
            }
        }
    }

    protected Map<URL, ModuleMetaData> getModuleMetaDataMap() {
        return ModuleMetaDataAccessorImpl.getModuleMetaDataAccessor().getModuleMetaDataMap();
    }

    protected WebAppSecurityConfig getWebAppSecurityConfig() {
        return WebConfigUtils.getWebAppSecurityConfig();
    }

    protected String getClassFileLocation(Class cls) {
        return cls.getProtectionDomain().getCodeSource().getLocation().getFile();
    }

    private DatabaseIdentityStoreDefinition getInstanceOfDBAnnotation(final Map<String, Object> map) {
        return new DatabaseIdentityStoreDefinition() { // from class: com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.4
            static final long serialVersionUID = -2722289357385431127L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension$4", AnonymousClass4.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");

            public Class<? extends Annotation> annotationType() {
                return null;
            }

            public String callerQuery() {
                return (map == null || !map.containsKey("callerQuery")) ? "" : (String) map.get("callerQuery");
            }

            public String dataSourceLookup() {
                return (map == null || !map.containsKey("dataSourceLookup")) ? "java:comp/DefaultDataSource" : (String) map.get("dataSourceLookup");
            }

            public String groupsQuery() {
                return (map == null || !map.containsKey("groupsQuery")) ? "" : (String) map.get("groupsQuery");
            }

            public Class<? extends PasswordHash> hashAlgorithm() {
                return (map == null || !map.containsKey("hashAlgorithm")) ? Pbkdf2PasswordHash.class : (Class) map.get("hashAlgorithm");
            }

            public String[] hashAlgorithmParameters() {
                return (map == null || !map.containsKey("hashAlgorithmParameters")) ? new String[0] : (String[]) map.get("hashAlgorithmParameters");
            }

            public int priority() {
                if (map == null || !map.containsKey("priority")) {
                    return 70;
                }
                return ((Integer) map.get("priority")).intValue();
            }

            public String priorityExpression() {
                return (map == null || !map.containsKey("priorityExpression")) ? "" : (String) map.get("priorityExpression");
            }

            public IdentityStore.ValidationType[] useFor() {
                return (map == null || !map.containsKey("useFor")) ? new IdentityStore.ValidationType[]{IdentityStore.ValidationType.PROVIDE_GROUPS, IdentityStore.ValidationType.VALIDATE} : (IdentityStore.ValidationType[]) map.get("useFor");
            }

            public String useForExpression() {
                return (map == null || !map.containsKey("useForExpression")) ? "" : (String) map.get("useForExpression");
            }
        };
    }

    private boolean isEmptyModuleMap() {
        boolean isEmpty = this.moduleMap.isEmpty();
        if (!isEmpty) {
            Iterator<Map.Entry<String, ModuleProperties>> it = this.moduleMap.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (!it.next().getValue().getAuthMechMap().isEmpty()) {
                    isEmpty = false;
                    break;
                }
                isEmpty = true;
            }
        }
        return isEmpty;
    }

    private Map<String, URL> getWebModuleMap() {
        Map<URL, ModuleMetaData> moduleMetaDataMap = getModuleMetaDataMap();
        HashMap hashMap = null;
        if (moduleMetaDataMap != null) {
            hashMap = new HashMap();
            for (Map.Entry<URL, ModuleMetaData> entry : moduleMetaDataMap.entrySet()) {
                ModuleMetaData value = entry.getValue();
                if (value instanceof WebModuleMetaData) {
                    String module = value.getJ2EEName().getModule();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "j2ee module name  : " + module, new Object[0]);
                    }
                    hashMap.put(module, entry.getKey());
                }
            }
        }
        return hashMap;
    }

    private void verifyConfiguration() throws DeploymentException {
        String module;
        Map<Class<?>, Properties> authMechs;
        LoginConfiguration loginConfiguration;
        Map<URL, ModuleMetaData> moduleMetaDataMap = getModuleMetaDataMap();
        if (moduleMetaDataMap != null) {
            Iterator<Map.Entry<URL, ModuleMetaData>> it = moduleMetaDataMap.entrySet().iterator();
            while (it.hasNext()) {
                WebModuleMetaData webModuleMetaData = (ModuleMetaData) it.next().getValue();
                if ((webModuleMetaData instanceof WebModuleMetaData) && (authMechs = getAuthMechs((module = webModuleMetaData.getJ2EEName().getModule()))) != null && !authMechs.isEmpty()) {
                    if (authMechs.size() != 1) {
                        String application = webModuleMetaData.getJ2EEName().getApplication();
                        String authMechNames = getAuthMechNames(authMechs);
                        Tr.error(tc, "JAVAEESEC_CDI_ERROR_MULTIPLE_HTTPAUTHMECHS", new Object[]{module, application, authMechNames});
                        throw new DeploymentException(Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_MULTIPLE_HTTPAUTHMECHS", new Object[]{module, application, authMechNames}));
                    }
                    SecurityMetadata securityMetadata = (SecurityMetadata) webModuleMetaData.getSecurityMetaData();
                    if (securityMetadata != null && (loginConfiguration = securityMetadata.getLoginConfiguration()) != null && !loginConfiguration.isAuthenticationMethodDefaulted()) {
                        String application2 = webModuleMetaData.getJ2EEName().getApplication();
                        String formatMessage = Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_LOGIN_CONFIG_EXISTS", new Object[]{module, application2});
                        Tr.error(tc, "JAVAEESEC_CDI_ERROR_LOGIN_CONFIG_EXISTS", new Object[]{module, application2});
                        throw new DeploymentException(formatMessage);
                    }
                }
            }
        }
    }

    private String getAuthMechNames(Map<Class<?>, Properties> map) {
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = true;
        for (Class<?> cls : map.keySet()) {
            if (z) {
                z = false;
            } else {
                stringBuffer.append(", ");
            }
            stringBuffer.append(cls.getName());
        }
        return stringBuffer.toString();
    }

    private String getApplicationName() {
        J2EEName j2EEName;
        String str = null;
        Map<URL, ModuleMetaData> moduleMetaDataMap = getModuleMetaDataMap();
        if (moduleMetaDataMap != null && !moduleMetaDataMap.isEmpty()) {
            Iterator<Map.Entry<URL, ModuleMetaData>> it = moduleMetaDataMap.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ModuleMetaData value = it.next().getValue();
                if ((value instanceof WebModuleMetaData) && (j2EEName = value.getJ2EEName()) != null) {
                    str = j2EEName.getApplication();
                    break;
                }
            }
        }
        return str;
    }

    private String getModuleFromClass(Class<?> cls, Map<String, ModuleProperties> map) {
        String classFileLocation = getClassFileLocation(cls);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "File name : " + classFileLocation, new Object[0]);
        }
        String str = null;
        Iterator<Map.Entry<String, ModuleProperties>> it = map.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, ModuleProperties> next = it.next();
            URL location = next.getValue().getLocation();
            String file = location.getFile();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "location : " + file, new Object[0]);
            }
            if (location.getProtocol().equals("file") && classFileLocation.startsWith(file)) {
                str = next.getKey();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "module name from the list  : " + str, new Object[0]);
                }
            }
        }
        if (str == null) {
            str = classFileLocation;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "no match. use filename as module name : " + str, new Object[0]);
            }
        }
        return str;
    }

    private Properties getGlobalLoginBasicProps() throws Exception {
        String basicAuthRealmName = getWebAppSecurityConfig().getBasicAuthRealmName();
        Properties properties = new Properties();
        if (basicAuthRealmName != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The container provided BasicAuthenticationMechanism will be used with the realm name  : " + basicAuthRealmName, new Object[0]);
            }
            properties.put("realmName", basicAuthRealmName);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "basicAuthenticationMechanismRealmName is not set. the default value defaultRealm is used.", new Object[0]);
        }
        return properties;
    }

    private Properties getGlobalLoginFormProps() throws Exception {
        WebAppSecurityConfig webAppSecurityConfig = getWebAppSecurityConfig();
        String loginFormURL = webAppSecurityConfig.getLoginFormURL();
        String loginErrorURL = webAppSecurityConfig.getLoginErrorURL();
        if (loginFormURL == null || loginFormURL.isEmpty()) {
            Tr.error(tc, "JAVAEESEC_CDI_ERROR_NO_URL", new Object[]{"loginFormURL"});
        }
        if (loginErrorURL == null || loginErrorURL.isEmpty()) {
            Tr.error(tc, "JAVAEESEC_CDI_ERROR_NO_URL", new Object[]{"loginErrorURL"});
        }
        String loginFormContextRoot = webAppSecurityConfig.getLoginFormContextRoot();
        if (loginFormContextRoot == null) {
            loginFormContextRoot = getFirstPathElement(loginFormURL);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "loginFormContextRoot is not set, use the first element of loginURL  : " + loginFormContextRoot, new Object[0]);
            }
        } else {
            if (!validateContextRoot(loginFormContextRoot, loginFormURL)) {
                Tr.error(tc, "JAVAEESEC_CDI_ERROR_INVALID_CONTEXT_ROOT", new Object[]{loginFormContextRoot, loginFormURL, "loginFormURL"});
            }
            if (!validateContextRoot(loginFormContextRoot, loginErrorURL)) {
                Tr.error(tc, "JAVAEESEC_CDI_ERROR_INVALID_CONTEXT_ROOT", new Object[]{loginFormContextRoot, loginErrorURL, "loginErrorURL"});
            }
        }
        String FixUpUrl = FixUpUrl(loginFormURL, loginFormContextRoot);
        String FixUpUrl2 = FixUpUrl(loginErrorURL, loginFormContextRoot);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The container provided FormAuthenticationMechanism will be used with the following attributes. login page  : " + FixUpUrl + ", error page : " + FixUpUrl2 + ", context root : " + loginFormContextRoot, new Object[0]);
        }
        Properties properties = new Properties();
        if (FixUpUrl != null) {
            properties.put("loginPage", FixUpUrl);
        }
        if (FixUpUrl2 != null) {
            properties.put("errorPage", FixUpUrl2);
        }
        properties.put("useForwardToLogin", true);
        properties.put("useGlobalLogin", true);
        if (loginFormContextRoot != null) {
            properties.put("formLoginContextRoot", loginFormContextRoot);
        }
        return properties;
    }

    private boolean isAuthMechOverridden() {
        WebAppSecurityConfig webAppSecurityConfig = getWebAppSecurityConfig();
        String overrideHttpAuthMethod = webAppSecurityConfig.getOverrideHttpAuthMethod();
        if (overrideHttpAuthMethod == null) {
            return false;
        }
        if (overrideHttpAuthMethod.equals("FORM") || overrideHttpAuthMethod.equals("BASIC")) {
            return true;
        }
        if (overrideHttpAuthMethod.equals("CLIENT_CERT")) {
            return webAppSecurityConfig.getAllowFailOverToFormLogin() || webAppSecurityConfig.getAllowFailOverToBasicAuth();
        }
        return false;
    }

    private boolean isAuthMechOverriddenByForm() {
        WebAppSecurityConfig webAppSecurityConfig = getWebAppSecurityConfig();
        String overrideHttpAuthMethod = webAppSecurityConfig.getOverrideHttpAuthMethod();
        if (overrideHttpAuthMethod == null) {
            return false;
        }
        if (overrideHttpAuthMethod.equals("FORM")) {
            return true;
        }
        return overrideHttpAuthMethod.equals("CLIENT_CERT") && webAppSecurityConfig.getAllowFailOverToFormLogin();
    }

    private String getFirstPathElement(String str) {
        String[] split = str.split("/");
        return split[0].isEmpty() ? "/" + split[1] : "/" + split[0];
    }

    private boolean validateContextRoot(String str, String str2) {
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        if (!str2.startsWith("/")) {
            str2 = "/" + str2;
        }
        return str2.startsWith(str) && str2.charAt(str.length()) == '/';
    }

    private String FixUpUrl(String str, String str2) {
        String str3 = str;
        if (str != null) {
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
            if (str.startsWith(str2) && str.charAt(str2.length()) == '/') {
                str3 = str.substring(str2.length());
            }
        }
        return str3;
    }

    private boolean existAuthMech(Class cls) {
        Iterator<Map.Entry<String, ModuleProperties>> it = getModuleMap().entrySet().iterator();
        while (it.hasNext()) {
            Iterator it2 = it.next().getValue().getAuthMechMap().keySet().iterator();
            while (it2.hasNext()) {
                if (((Class) it2.next()).equals(cls)) {
                    return true;
                }
            }
        }
        return false;
    }
}
