package coldfusion.security;

import coldfusion.Version;
import coldfusion.compiler.ASTruntimeCall;
import coldfusion.filter.FusionContext;
import coldfusion.log.CFLogs;
import coldfusion.log.Logger;
import coldfusion.rds.Encryptor;
import coldfusion.runtime.AppHelper;
import coldfusion.runtime.ApplicationException;
import coldfusion.runtime.Array;
import coldfusion.runtime.CFDummyComponent;
import coldfusion.runtime.Cast;
import coldfusion.runtime.CfJspPage;
import coldfusion.runtime.FunctionPermission;
import coldfusion.runtime.LockManager;
import coldfusion.runtime.MD5;
import coldfusion.runtime.NeoException;
import coldfusion.runtime.NeoPageContext;
import coldfusion.runtime.RequestMonitor;
import coldfusion.runtime.Scope;
import coldfusion.runtime.SecurityScopeTracker;
import coldfusion.runtime.SecurityTable;
import coldfusion.runtime.SessionScope;
import coldfusion.server.ConfigMap;
import coldfusion.server.RuntimeService;
import coldfusion.server.SecurityService;
import coldfusion.server.ServiceBase;
import coldfusion.server.ServiceException;
import coldfusion.server.ServiceFactory;
import coldfusion.server.ServiceRuntimeException;
import coldfusion.server.SystemInfo;
import coldfusion.server.j2ee.SecurityHelper;
import coldfusion.serverless.InMemoryFile;
import coldfusion.serverless.InMemoryOutputStream;
import coldfusion.serverless.ServerlessUtil;
import coldfusion.servicelayer.ExposedServiceManager;
import coldfusion.sql.DataSourcePermission;
import coldfusion.tagext.GenericTagPermission;
import coldfusion.tagext.io.cache.CacheTO;
import coldfusion.tagext.io.cache.GenericCache;
import coldfusion.tagext.io.cache.GenericCacheFactory;
import coldfusion.tagext.lang.IncludeTag;
import coldfusion.tagext.lang.ModulePermission;
import coldfusion.util.FastHashtable;
import coldfusion.util.FileLock;
import coldfusion.util.PasswordUtils;
import coldfusion.util.RB;
import coldfusion.util.UUIDUtils;
import coldfusion.vfs.VFilePermission;
import coldfusion.wddx.Base64Encoder;
import com.adobe.cfsetup.constants.CFSetupConstants;
import com.adobe.cfsetup.settings.simple.AdminPasswordSettings;
import com.adobe.coldfusion.connector.connectorinstaller.CIConstants;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FilePermission;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.io.SerializablePermission;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecurityPermission;
import java.sql.SQLPermission;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
import java.util.Observable;
import java.util.Observer;
import java.util.Properties;
import java.util.PropertyPermission;
import java.util.Random;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.logging.LoggingPermission;
import javax.management.MBeanPermission;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.ServletContext;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheException;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import net.sf.ehcache.Element;
import net.sf.ehcache.config.CacheConfiguration;
import net.sf.ehcache.config.Configuration;
import net.sf.ehcache.config.ConfigurationFactory;
import net.sf.ehcache.event.CacheEventListener;
import net.sf.ehcache.event.NotificationScope;
import org.apache.cxf.phase.Phase;
import org.apache.hadoop.hdfs.server.common.Storage;
import org.apache.oro.text.regex.Pattern;
import org.apache.oro.text.regex.PatternCompiler;
import org.apache.oro.text.regex.Perl5Compiler;
import org.apache.oro.text.regex.Perl5Matcher;
import org.apache.oro.text.regex.Perl5Substitution;
import org.apache.oro.text.regex.Util;
import org.apache.solr.spelling.suggest.fst.AnalyzingInfixLookupFactory;
import org.osgi.framework.AdminPermission;
import org.osgi.framework.ServicePermission;

/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager.class */
public final class SecurityManager extends ServiceBase implements SecurityService, Observer {
    private static final String DIGEST_NTLM = ":DIGEST-NTLM";
    private static final String COMMA = ",";
    private static final String SALT = "salt";
    private static final String ADMIN_USERID_ROOT_SALT = "admin.userid.root.salt";
    private String rootDir;
    public static final String tokenSeparator = "\r";
    private ServletContext servletContext;
    private static final int AUTH_TOKEN_MAPPING_TIMETOLIVE = 60;
    private static final String AUTH_CACHE_NAME = "authcache";
    private static final String AUTH_TOKEN_MAPPING_CACHE_NAME = "authtokenmappingcache";
    private static final String DISABLE_TOKEN_MAPPING_CACHE_PROPERTY = "coldfusion.security.disabletokenmappingcache";
    private static final String SEP = ":";
    private static final String USERNAME_REGEX = "^[\\p{Alnum}_]{5,20}$";
    private final SecureProfileHelper spHelper;
    private File file;
    private SecurityHelper helper;
    private ConfigMap contexts;
    private ConfigMap config;
    private FastHashtable AuthorizedUsers;
    private String allowedIPList;
    private File customRolesFile;
    private File password_file;
    private InMemoryFile imf;
    private String password;
    private String rdspassword;
    private boolean isEncrypted;
    private String rootSalt;
    private String seed;
    private BasicPolicy basic_policy;
    private String allowedAdminIPList;
    private ClientCertAuthenticationMappingConfig ccaMappingConfig;
    private String cfAdminCookieIdentifier;
    static final String CF_ROLES_FILE = "coldfusion/security/roles.properties";
    static final String CF_EXPOSED_SERVICES_FILE = "coldfusion/security/exposedservices.properties";
    public static final String CUSTOM_ROLES_FILE = "customroles.properties";
    static final String RB_CUSTOM_ROLES = "customrolenames";
    public static final String ROLE_ADMINISTRATOR = "coldfusion.administrator";
    public static final String ROLE_RDS = "coldfusion.rds";
    public static final String ROLE_ADMINAPI = "coldfusion.adminapi";
    static final String DEFAULT_ROOT_ADMIN_USER_ID = "admin";
    private static final String ADMIN_CLIENT_CERT_USE_CGI = "coldfusion.security.admin.clientcert.usecgi";
    private static final String ADMIN_CLIENT_CERT_SUBJECT_HEADER = "coldfusion.security.admin.clientcert.subject.header";
    private static final String ADMIN_CLIENT_CERT_SUBJECT_CNMATCH_CRITERIA = "cn";
    private static final String ADMIN_CLIENT_CERT_CGI_SUBJECT_HEADER = "CERT_SUBJECT";
    private static final int USER_SALT_SIZE = 16;
    private static CacheConfiguration auth_cache_config;
    private static CacheConfiguration auth_tokn_mapping_cache_config;
    private static Logger logger = CFLogs.SERVER_LOG;
    private static final int AUTH_TIMETOREFRESH = (Integer.getInteger("coldfusion.security.cflogin.token.refresh", 20).intValue() * 60) * 1000;
    private static ThreadLocal<SecurityState> authenticated = new ThreadLocal<>();
    private static final LockManager lockManager = LockManager.get();
    private static CacheManager ehcacheCacheMngr = null;
    public static final Permission FILE_EXISTS = new FunctionPermission("fileexists");
    public static final Permission FILE_COPY = new FunctionPermission("filecopy");
    public static final Permission FILE_MOVE = new FunctionPermission("filemove");
    public static final Permission FILE_DELETE = new FunctionPermission("filedelete");
    public static final Permission FILE_OPEN = new FunctionPermission("fileopen");
    public static final Permission FILE_READ = new FunctionPermission("fileread");
    public static final Permission FILE_WRITE = new FunctionPermission("filewrite");
    public static final Permission FILE_UPLOAD = new FunctionPermission("fileupload");
    public static final Permission FILE_UPLOADALL = new FunctionPermission("fileuploadall");
    public static final Permission FILE_SET_ATTRIBUTE = new FunctionPermission("filesetattribute");
    public static final Permission FILE_SET_ACCESSMODE = new FunctionPermission("filesetaccessmode");
    public static final Permission FILE_SET_LASTMODIFIED = new FunctionPermission("filesetlastmodified");
    public static final Permission FILE_GET_INFO = new FunctionPermission("getfileinfo");
    public static final Permission DIR_CREATE = new FunctionPermission("directorycreate");
    public static final Permission DIR_COPY = new FunctionPermission("directorycopy");
    public static final Permission DIR_LIST = new FunctionPermission("directorylist");
    public static final Permission DIR_DELETE = new FunctionPermission("directorydelete");
    public static final Permission DIR_RENAME = new FunctionPermission("directoryrename");
    public static final Permission DIR_EXISTS = new FunctionPermission("directoryexists");
    public static final Permission EXP_PATH = new FunctionPermission("expandpath");
    public static final Permission DIR_FROM_PATH = new FunctionPermission("getdirectoryfrompath");
    public static final Permission FILE_FROM_PATH = new FunctionPermission("getfilefrompath");
    public static final Permission TEMP_DIR = new FunctionPermission("gettempdirectory");
    public static final Permission TEMP_FILE = new FunctionPermission("gettempfile");
    public static final Permission TEMPLATE_PATH = new FunctionPermission("gettemplatepath");
    public static final Permission BASE_TEMPLATE_PATH = new FunctionPermission("getbasetemplatepath");
    public static final Permission SET_PROFILE_STRING = new FunctionPermission("setprofilestring");
    public static final Permission GET_PROFILE_STRING = new FunctionPermission("getprofilestring");
    public static final Permission CREATE_OBJECT = new FunctionPermission(ASTruntimeCall.CREATEOBJECT);
    public static final Permission CREATE_COM_OBJECT = new FunctionPermission("createobject(com)");
    public static final Permission CREATE_JAVA_OBJECT = new FunctionPermission("createobject(java)");
    public static final Permission CREATE_WS_OBJECT = new FunctionPermission("createobject(webservice)");
    public static final Permission CREATE_CORBA_OBJECT = new FunctionPermission("createobject(corba)");
    public static final Permission CREATE_DOTNET_OBJECT = new FunctionPermission("createobject(.net)");
    public static final Permission SEND_GATEWAY_MESSAGE = new FunctionPermission("sendgatewaymessage");
    public static final Permission GET_GATEWAY_HELPER = new FunctionPermission("getgatewayhelper");
    public static final Permission GET_PRINTER_INFO = new FunctionPermission("getprinterinfo");
    public static final Permission CREATE_DYNAMICPROXY = new FunctionPermission("createdynamicproxy");
    public static final Permission CACHE_PUT = new FunctionPermission("cacheput");
    public static final Permission CACHE_GET = new FunctionPermission("cacheget");
    public static final Permission CACHE_GET_METADATA = new FunctionPermission("cachegetmetadata");
    public static final Permission CACHE_GET_ALL_IDS = new FunctionPermission("cachegetallids");
    public static final Permission CACHE_REMOVE = new FunctionPermission("cacheremove");
    public static final Permission CACHE_SET_PROPERTIES = new FunctionPermission("cachesetproperties");
    public static final Permission CACHE_GET_PROPERTIES = new FunctionPermission("cachegetproperties");
    public static final Permission CACHE_GET_SESSION = new FunctionPermission("cachegetsession");
    public static final Permission CACHE_REGION_NEW = new FunctionPermission("cacheregionnew");
    public static final Permission CACHE_REGION_EXISTS = new FunctionPermission("cacheregionexists");
    public static final Permission CACHE_EXISTS = new FunctionPermission("cacheidexists");
    public static final Permission CACHE_REMOVE_ALL = new FunctionPermission("cacheremoveall");
    public static final Permission CACHE_REGION_REMOVE = new FunctionPermission("cacheregionremove");
    public static final Permission REMOVE_CACHED_QUERY = new FunctionPermission("removecachedquery");
    public static final Permission GET_SYSTEMFREEMEMORY = new FunctionPermission("getsystemfreememory");
    public static final Permission GET_SYSTEMTOTALMEMORY = new FunctionPermission("getsystemtotalmemory");
    public static final Permission GET_CPUUSAGE_DEFAULT = new FunctionPermission("getcpuusage");
    public static final Permission GET_TOTAL_SPACE = new FunctionPermission("gettotalspace");
    public static final Permission GET_FREE_SPACE = new FunctionPermission("getfreespace");
    public static final Permission GET_PAGE_CONTEXT = new FunctionPermission("getpagecontext");
    public static final Permission IS_LOCALHOST = new FunctionPermission("islocalhost");
    public static final Permission OBJECT_SAVE = new FunctionPermission("objectsave");
    public static final Permission OBJECT_LOAD = new FunctionPermission("objectload");
    public static final Permission GET_CLOUD_SERVICE = new FunctionPermission("getcloudservice");
    public static final Permission MONGO_SERVICE = new FunctionPermission("getmongoservice");
    public static final Permission ALLOW_JAVA_NATIVE_CALLS = new RuntimePermission("allowNativeJavaBlocks");
    private static final boolean clientCertAuthEnabled = Boolean.getBoolean("coldfusion.security.admin.clientcert.auth");
    private static final boolean rootAdminClientCertAuthEnabled = Boolean.valueOf(System.getProperty("coldfusion.security.rootadmin.clientcert.auth", String.valueOf(clientCertAuthEnabled))).booleanValue();
    private static final boolean IS_ADMIN_BEHIND_VIRTUAL_DIR = Boolean.getBoolean("coldfusion.admin.isbehindvdir");
    private static final String ADMIN_CLIENT_CERT_SUBJECT_MATCH_CRITERIA = "coldfusion.security.admin.clientcert.subject.matchcriteria";
    private static final String ADMIN_CLIENT_CERT_SUBJECT_EXACT_CRITERIA = "exact";
    private static final String subjectFormat = System.getProperty(ADMIN_CLIENT_CERT_SUBJECT_MATCH_CRITERIA, ADMIN_CLIENT_CERT_SUBJECT_EXACT_CRITERIA);
    private static final String tmpRoot = System.getProperty("coldfusion.temp.dir");
    private static String slash = File.separator;
    private static String[] admin_pages = {slash + "CFIDE" + slash + "administrator" + slash + "Application.cfm", slash + "CFIDE" + slash + "administrator" + slash + "security" + slash + "cfadminpassword.cfm", slash + "CFIDE" + slash + "administrator" + slash + "security" + slash + "userpassword.cfm", slash + "CFIDE" + slash + "administrator" + slash + "filedialog" + slash + "archivefilebrowser.cfm", slash + "CFIDE" + slash + "administrator" + slash + "filedialog" + slash + CIConstants.CF_DEFAULT_DOCUMENT, slash + "CFIDE" + slash + "componentutils" + slash + "Application.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "setdsn.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "geturldefaults.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "formatjdbcurl.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "getaccessdefaultsfromregistry.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "setmsaccessregistry.cfm", slash + "CFIDE" + slash + "adminapi" + slash + "_datasource" + slash + "setsldatasource.cfm"};
    private static String[] adminapi_cfcs = {slash + "CFIDE" + slash + "adminapi" + slash + "administrator.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "base.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "collections.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "datasource.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "debugging.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "eventgateway.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "extensions.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "flex.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "mail.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "office.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "runtime.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "security.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "serverinstance.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "servermonitoring.cfc", slash + "CFIDE" + slash + "adminapi" + slash + "scheduler.cfc"};
    private HashMap CompiledCrossSiteScriptPatterns = new HashMap();
    PatternCompiler compiler = new Perl5Compiler();
    private boolean jvmSecurityEnabled = false;
    private boolean _sbsEnabled = false;
    private boolean adminSecurityEnabled = true;
    private boolean isSecureProfile = false;
    private boolean rdsSecurityEnabled = true;
    private boolean rdsEnabled = true;
    private boolean useSingleRdsPassword = true;
    private final String OLDSEEDVAL = "0yJ!@1$r8p0L@r1$6yJ!@1rj";
    private long passwordLastModified = 0;
    private long customRolesLastModified = 0;
    private boolean allowConcurrentAdminLogin = true;
    private boolean adminUserIdRequired = false;
    private String rootAdminUserId = null;
    private RolesStore rolesStore = new RolesStore();
    private ExposedServiceManager exposedServiceMgr = ExposedServiceManager.getInstance();
    private Map<String, GenericCache> cacheMgrMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$AuthMappingCacheEventListener.class */
    public static class AuthMappingCacheEventListener implements CacheEventListener {
        AuthMappingCacheEventListener() {
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyElementEvicted(Ehcache ehcache, Element element) {
            removeAuthSecurityTable(element);
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyElementExpired(Ehcache ehcache, Element element) {
            removeAuthSecurityTable(element);
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyElementRemoved(Ehcache ehcache, Element element) throws CacheException {
            removeAuthSecurityTable(element);
        }

        private void removeAuthSecurityTable(Element element) {
            SecurityScopeTracker.getInstance().removeSecurity((String) element.getObjectKey());
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyElementPut(Ehcache ehcache, Element element) throws CacheException {
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyElementUpdated(Ehcache ehcache, Element element) throws CacheException {
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void notifyRemoveAll(Ehcache ehcache) {
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public void dispose() {
        }

        @Override // net.sf.ehcache.event.CacheEventListener
        public Object clone() throws CloneNotSupportedException {
            throw new CloneNotSupportedException();
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$AuthenticationFailedException.class */
    public final class AuthenticationFailedException extends ApplicationException {
        private static final long serialVersionUID = 1;

        public AuthenticationFailedException(Throwable th) {
            CFLogs.SECURITY_LOG.error(RB.getString(this, "MixedCookieFound"));
            CFLogs.SECURITY_LOG.error(th);
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$AuthorizedUserNotFound.class */
    public final class AuthorizedUserNotFound extends NeoException {
        private static final long serialVersionUID = 1;
        public final String username;

        public AuthorizedUserNotFound(String str) {
            this.username = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$SecurityState.class */
    public class SecurityState {
        private boolean isAuthenticated;
        private SecurityTable _secTab;

        public SecurityState(boolean z, SecurityTable securityTable) {
            this.isAuthenticated = z;
            this._secTab = securityTable;
        }

        public boolean isAuthenticated() {
            return this.isAuthenticated;
        }

        public SecurityTable get_secTab() {
            return this._secTab;
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$UnauthenticatedCredentialsException.class */
    public final class UnauthenticatedCredentialsException extends SecurityException {
        private static final long serialVersionUID = 1;

        public UnauthenticatedCredentialsException() {
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210020.jar:coldfusion/security/SecurityManager$UsernameValidationException.class */
    public final class UsernameValidationException extends NeoException {
        private static final long serialVersionUID = 1;

        public UsernameValidationException() {
        }
    }

    public SecurityManager(File file, File file2, File file3, String str, SecurityHelper securityHelper, ServletContext servletContext) {
        this.file = file;
        this.password_file = file2;
        this.customRolesFile = file3;
        this.rootDir = str;
        this.helper = securityHelper;
        this.servletContext = servletContext;
        setWatchFile(this.file);
        setWatchFile(file2);
        setWatchFile(file3);
        this.spHelper = new SecureProfileHelper(str);
    }

    public final Map getContexts() {
        return this.contexts;
    }

    public final BasicPolicy getBasicPolicy() {
        return this.basic_policy;
    }

    public final boolean isJvmSecurityEnabled() {
        return System.getSecurityManager() != null;
    }

    public final void setSandboxSecurityEnabled(boolean z) {
        authenticateAdmin();
        this._sbsEnabled = z;
        this.config.put(CFSetupConstants.SANDBOX_ENABLED_SETTING_KEY, z ? Boolean.TRUE : Boolean.FALSE);
    }

    public final boolean isSandboxSecurityEnabled() {
        return this._sbsEnabled;
    }

    public final void checkPermission(Permission permission) {
        if (this._sbsEnabled && permission != null && isJvmSecurityEnabled()) {
            AccessController.checkPermission(permission);
        }
    }

    public final boolean isAdminSecurityEnabled() {
        return this.adminSecurityEnabled;
    }

    public final boolean isRdsSecurityEnabled() {
        return this.rdsSecurityEnabled;
    }

    public boolean isRdsEnabled() {
        return this.rdsEnabled;
    }

    public final boolean isAdminUserIdRequired() {
        return this.adminUserIdRequired;
    }

    public final boolean isAdminClientCertAuthEnabled() {
        return clientCertAuthEnabled;
    }

    public final String getRootAdminUserId() {
        return this.rootAdminUserId;
    }

    public final void setAdminUserIdRequired(boolean z) {
        authenticateAdmin();
        this.adminUserIdRequired = z;
        this.config.put(CFSetupConstants.ADMIN_USERID_REQUIRED, z ? Boolean.TRUE : Boolean.FALSE);
    }

    public final List getAllAdminRoles() {
        authenticateAdmin();
        List allRoles = this.rolesStore.getAllRoles();
        allRoles.remove("coldfusion.admindefault");
        return allRoles;
    }

    public final Map getAllExposedServices() {
        authenticateAdmin();
        return this.exposedServiceMgr.getServices();
    }

    public final String getL10NRoleName(String str, String str2) {
        String str3 = null;
        Locale locale = new Locale(str2);
        try {
            str3 = RB.getMessage(this, "rolenames", locale, str, null);
        } catch (MissingResourceException e) {
        }
        if (str3 == null) {
            try {
                ResourceBundle bundle = ResourceBundle.getBundle(RB_CUSTOM_ROLES, locale);
                if (bundle != null) {
                    str3 = bundle.getString(str);
                }
            } catch (MissingResourceException e2) {
            }
        }
        if (str3 == null) {
            str3 = str;
        }
        return str3;
    }

    public final void setUseSingleRdsPassword(boolean z) {
        authenticateAdmin();
        this.useSingleRdsPassword = z;
        this.config.put(CFSetupConstants.RDS_USE_SINGLE_PASSWORD, z ? Boolean.TRUE : Boolean.FALSE);
    }

    public final boolean getUseSingleRdsPassword() {
        return this.useSingleRdsPassword;
    }

    public final void setAdminSecurityEnabled(boolean z) {
        authenticateAdmin();
        this.adminSecurityEnabled = z;
        this.config.put(CFSetupConstants.ADMIN_SECURITY_ENABLED, z ? Boolean.TRUE : Boolean.FALSE);
    }

    public final void setRdsSecurityEnabled(boolean z) {
        authenticateAdmin();
        this.rdsSecurityEnabled = z;
        this.config.put(CFSetupConstants.RDS_SECURITY_ENABLED, String.valueOf(z));
    }

    public final void setRdsEnabled(boolean z) {
        authenticateAdmin();
        this.rdsEnabled = z;
        this.config.put(CFSetupConstants.RDS_ENABLED, String.valueOf(z));
    }

    private void savePasswordFile() {
        boolean z;
        try {
            z = ServiceFactory.getRuntimeService().isFileLockEnabled();
        } catch (Exception e) {
            z = false;
        }
        if (!z || ServerlessUtil.isLambdaEnv()) {
            savePasswordFileWithoutLock();
        } else {
            savePasswordFileWithLock();
        }
    }

    private void savePasswordFileWithoutLock() {
        Properties properties = new Properties();
        if (this.isEncrypted) {
            properties.put("encrypted", "true");
        } else {
            properties.put("encrypted", "false");
        }
        properties.put("password", this.password);
        properties.put(AdminPasswordSettings.RDSPASSWORD, this.rdspassword);
        FileOutputStream fileOutputStream = null;
        try {
            try {
                if (ServerlessUtil.isLambdaEnv()) {
                    if (this.imf == null) {
                        this.imf = new InMemoryFile(this.password_file.getAbsolutePath(), this.file);
                    }
                    InMemoryOutputStream inMemoryOutputStream = new InMemoryOutputStream(this.imf);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    properties.store(byteArrayOutputStream, (String) null);
                    inMemoryOutputStream.write(byteArrayOutputStream.toByteArray());
                    byteArrayOutputStream.close();
                    inMemoryOutputStream.close();
                } else {
                    fileOutputStream = new FileOutputStream(this.password_file);
                    properties.store(fileOutputStream, (String) null);
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                        this.passwordLastModified = this.password_file.lastModified();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                throw new ServiceRuntimeException(e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileOutputStream.close();
                    this.passwordLastModified = this.password_file.lastModified();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private void savePasswordFileWithLock() {
        FileLock fileLock = new FileLock(this.password_file.getParent(), this.password_file.getName());
        try {
            try {
                fileLock.obtain();
                savePasswordFileWithoutLock();
                fileLock.release();
            } catch (Exception e) {
                throw new ServiceRuntimeException(e);
            }
        } catch (Throwable th) {
            fileLock.release();
            throw th;
        }
    }

    public final HashMap getCompiledCrossSiteScriptPatterns() {
        return this.CompiledCrossSiteScriptPatterns;
    }

    public final void setSeed(String str) throws Exception {
        authenticateAdmin();
        PasswordUtils.getInstance().setSeed(str);
    }

    public final void setAdminPassword(String str) {
        setAdminPassword(str, false);
    }

    public final void setAdminPassword(String str, boolean z) {
        authenticateAdmin();
        if (!isRootAdminUser()) {
            AuthorizedUser authorizedUser = getAuthorizedUser(UserUtils.getAuthUserInternal(), true, false);
            authorizedUser.password = str;
            setAuthorizedUser(authorizedUser, z);
            return;
        }
        try {
            if (getAdminPassword(getRootAdminUserId()).equals(z ? SecurityUtils.hash(str, "SHA-256", "", this.rootSalt) : SecurityUtils.hash(SecurityUtils.hash(str, "SHA-1", "", ""), "SHA-256", "", this.rootSalt))) {
                return;
            }
            this.rootSalt = getNewSalt();
            if (z) {
                this.password = SecurityUtils.hash(str, "SHA-256", "", this.rootSalt);
            } else {
                this.password = SecurityUtils.hash(SecurityUtils.hash(str, "SHA-1", "", ""), "SHA-256", "", this.rootSalt);
            }
            this.config.put(ADMIN_USERID_ROOT_SALT, this.rootSalt);
            savePasswordFile();
        } catch (IOException e) {
            logger.error("Unable to write password file", e);
        }
    }

    private String getRootAdminPassword() {
        return this.password;
    }

    private String getAdminPassword(String str) {
        String str2 = null;
        if (str.equalsIgnoreCase(this.rootAdminUserId)) {
            str2 = getRootAdminPassword();
        } else if (isAuthorizedUser(str)) {
            str2 = getAuthorizedUser(str, true, false).password;
        }
        return str2;
    }

    public final void setRdsPassword(String str) {
        authenticateAdmin();
        this.rdspassword = encryptPassword(str);
        savePasswordFile();
    }

    public final boolean isRdsPasswordSet() {
        return this.rdspassword.length() > 0;
    }

    public final boolean checkAdminPassword(String str) {
        return checkAdminUserIdPassword(this.rootAdminUserId, str);
    }

    public final boolean checkAdminPassword(String str, boolean z) {
        return checkAdminUserIdPassword(this.rootAdminUserId, str, false, z);
    }

    public final boolean checkAdminUserIdPassword(String str, String str2) {
        return checkAdminUserIdPassword(str, str2, false, false);
    }

    public final boolean checkAdminUserIdPassword(String str, String str2, boolean z) {
        return checkAdminUserIdPassword(str, str2, false, z);
    }

    private final boolean checkAdminUserIdPassword(String str, String str2, boolean z, boolean z2) {
        if (!isAdminUserIdRequired()) {
            if (str == null || str.equals("")) {
                str = this.rootAdminUserId;
            } else if (!str.equalsIgnoreCase(this.rootAdminUserId)) {
                return false;
            }
        }
        return checkUserIdPassword(str, str2, z, z2);
    }

    public final boolean checkRDSUserIdPassword(String str, String str2) {
        return checkRDSUserIdPassword(str, str2, true);
    }

    public final boolean checkRDSUserIdPassword(String str, String str2, boolean z) {
        if (str != null && !str.equalsIgnoreCase(this.rootAdminUserId)) {
            return checkUserIdPassword(str, str2);
        }
        boolean checkRdsPassword = checkRdsPassword(str2);
        if (!checkRdsPassword) {
            try {
                checkRdsPassword = checkRdsPassword(Encryptor.decrypt(str2));
            } catch (Exception e) {
            }
        }
        if (!checkRdsPassword && z) {
            checkRdsPassword = checkAdminPassword(str2);
        }
        return checkRdsPassword;
    }

    private boolean checkUserIdPassword(String str, String str2) {
        return checkUserIdPassword(str, str2, false);
    }

    private boolean checkUserIdPassword(String str, String str2, boolean z) {
        return checkUserIdPassword(str, str2, z, false);
    }

    private boolean checkUserIdPassword(String str, String str2, boolean z, boolean z2) {
        String str3;
        String str4;
        if (str2 == null || str == null) {
            return false;
        }
        if (str.equalsIgnoreCase(this.rootAdminUserId)) {
            str3 = getRootAdminPassword();
            str4 = this.rootSalt;
        } else {
            try {
                AuthorizedUser authorizedUser = getAuthorizedUser(str, true, false);
                str3 = authorizedUser.password;
                str4 = authorizedUser.salt;
            } catch (AuthorizedUserNotFound e) {
                return false;
            }
        }
        if (str3 == null) {
            return false;
        }
        if (z && str3.equals(str2)) {
            return true;
        }
        try {
            if (z2) {
                return str3.equals(SecurityUtils.hash(str2, "SHA-256", "", str4));
            }
            return str3.equals(SecurityUtils.hash(SecurityUtils.hash(str2, "SHA-1", "", ""), "SHA-256", "", str4));
        } catch (IOException e2) {
            return false;
        }
    }

    public String checkAdminUserClientCertificate() {
        return authenticateUsingClientCert(FusionContext.getCurrent());
    }

    public final boolean isAdminUser() {
        return UserUtils.isUserInRoleInternal("CFAdmin" + getAdminPassword(UserUtils.getAuthUserInternal()));
    }

    public final boolean isRootAdminUser() {
        return UserUtils.getAuthUserInternal().equals(getRootAdminUserId()) && isAdminUser();
    }

    public final boolean checkRdsPassword(String str) {
        if (str == null || str.length() <= 0) {
            return false;
        }
        try {
            return str.equals(decryptPassword(this.rdspassword));
        } catch (Exception e) {
            return false;
        }
    }

    private String encryptPassword(String str) {
        return (str == null || str.length() <= 0) ? str : PasswordUtils.encryptPassword(str, this.seed);
    }

    private String decryptPassword(String str) {
        return (str == null || str.length() <= 0) ? str : PasswordUtils.decryptPassword(str, this.seed);
    }

    public final boolean checkAuthorizedUsers(String str, String str2) {
        AuthorizedUser authorizedUser = getAuthorizedUser(str, true, false);
        try {
            return authorizedUser.username.equalsIgnoreCase(str) && authorizedUser.password.equals(SecurityUtils.hash(SecurityUtils.hash(str2, "SHA-1", "", ""), "SHA-256", "", authorizedUser.salt));
        } catch (IOException e) {
            return false;
        }
    }

    public final List getRoles(String str) {
        return getAuthorizedUser(str, false, false).roles;
    }

    public final FastHashtable getAuthorizedUsers() {
        authenticateAdmin();
        try {
            FastHashtable fastHashtable = (FastHashtable) this.AuthorizedUsers.duplicate(null);
            Set keySet = fastHashtable.keySet();
            if (keySet != null && !keySet.isEmpty()) {
                Iterator it = keySet.iterator();
                while (it.hasNext()) {
                    ((Map) fastHashtable.get((String) it.next())).remove("salt");
                }
            }
            return fastHashtable;
        } catch (IllegalAccessException e) {
            return this.AuthorizedUsers;
        }
    }

    private final boolean isAuthorizedUser(String str) {
        boolean z = false;
        if (this.AuthorizedUsers.containsKey(str)) {
            z = true;
        }
        return z;
    }

    public final AuthorizedUser getAuthorizedUser(String str) throws AuthorizedUserNotFound {
        return getAuthorizedUser(str, false, false);
    }

    private final AuthorizedUser getAuthorizedUser(String str, boolean z, boolean z2) throws AuthorizedUserNotFound {
        if (!this.AuthorizedUsers.containsKey(str)) {
            throw new AuthorizedUserNotFound(str);
        }
        AuthorizedUser authorizedUser = new AuthorizedUser((Map) this.AuthorizedUsers.get(str), z2);
        if (!z) {
            authorizedUser.salt = null;
        }
        return authorizedUser;
    }

    public final AuthorizedUser getAuthorizedUser(String str, boolean z) throws AuthorizedUserNotFound {
        if (!this.AuthorizedUsers.containsKey(str)) {
            throw new AuthorizedUserNotFound(str);
        }
        AuthorizedUser authorizedUser = new AuthorizedUser((Map) this.AuthorizedUsers.get(str), z);
        authorizedUser.salt = null;
        return authorizedUser;
    }

    public final void setAuthorizedUser(AuthorizedUser authorizedUser) {
        setAuthorizedUser(authorizedUser, false);
    }

    public final void setAuthorizedUser(AuthorizedUser authorizedUser, boolean z) {
        setAuthorizedUser(authorizedUser.username, authorizedUser.password, authorizedUser.description, authorizedUser.roles.contains("coldfusion.administrator"), authorizedUser.roles.contains("coldfusion.rds"), authorizedUser.roles.contains("coldfusion.adminapi"), authorizedUser.enabledds, authorizedUser.filepermissions, authorizedUser.roles, authorizedUser.exposedServices, z);
    }

    public final void setAuthorizedUser(String str, String str2, String str3, boolean z, boolean z2, boolean z3, List list, List list2, List list3, List list4) {
        setAuthorizedUser(str, str2, str3, z, z2, z3, list, list2, list3, list4, false);
    }

    public final void setAuthorizedUser(String str, String str2, String str3, boolean z, boolean z2, boolean z3, List list, List list2, List list3, List list4, boolean z4) {
        setAuthorizedUser(str, str2, str3, z, z2, z3, list, list2, list3, list4, z4, false);
    }

    public final void setAuthorizedUser(String str, String str2, String str3, boolean z, boolean z2, boolean z3, List list, List list2, List list3, List list4, boolean z4, boolean z5) {
        authenticateAdmin();
        try {
            HashMap hashMap = new HashMap();
            if (z5 && subjectFormat.equalsIgnoreCase(ADMIN_CLIENT_CERT_SUBJECT_EXACT_CRITERIA)) {
                if (str.length() < 5 || str.length() > 200) {
                    throw new UsernameValidationException();
                }
                new LdapName(str);
            } else if (str != null && !str.matches(USERNAME_REGEX)) {
                throw new UsernameValidationException();
            }
            hashMap.put("username", str);
            hashMap.put("description", str3);
            hashMap.put(CFSetupConstants.SANDBOXES, AuthorizedUser.constructSandbox(list, list2));
            hashMap.put(CFSetupConstants.EXPOSED_SERVICES, list4);
            if (z5) {
                hashMap.put("allowclientcertauth", Boolean.valueOf(z5));
            }
            if (!z) {
                list3.remove("coldfusion.administrator");
            } else if (z && !list3.contains("coldfusion.administrator")) {
                list3.add("coldfusion.administrator");
                z3 = true;
            }
            if (!z2) {
                list3.remove("coldfusion.rds");
            } else if (z2 && !list3.contains("coldfusion.rds")) {
                list3.add("coldfusion.rds");
            }
            if (!z3) {
                list3.remove("coldfusion.adminapi");
            } else if (z3 && !list3.contains("coldfusion.adminapi")) {
                list3.add("coldfusion.adminapi");
            }
            hashMap.put("roles", list3);
            if (isAuthorizedUser(str)) {
                AuthorizedUser authorizedUser = getAuthorizedUser(str, true, false);
                if (!authorizedUser.password.equals(str2)) {
                    authorizedUser.salt = getNewSalt();
                    authorizedUser.password = z4 ? SecurityUtils.hash(str2, "SHA-256", "", authorizedUser.salt) : SecurityUtils.hash(SecurityUtils.hash(str2, "SHA-1", "", ""), "SHA-256", "", authorizedUser.salt);
                }
                hashMap.put("salt", authorizedUser.salt);
                hashMap.put("password", authorizedUser.password);
            } else {
                String newSalt = getNewSalt();
                String hash = z4 ? SecurityUtils.hash(str2, "SHA-256", "", newSalt) : SecurityUtils.hash(SecurityUtils.hash(str2, "SHA-1", "", ""), "SHA-256", "", newSalt);
                hashMap.put("salt", newSalt);
                hashMap.put("password", hash);
            }
            this.AuthorizedUsers.put(str, hashMap);
            this.config.put("AuthorizedUsers", this.AuthorizedUsers);
            _store();
        } catch (ServiceException e) {
            throw new ServiceRuntimeException(e);
        } catch (IOException e2) {
            throw new ServiceRuntimeException(e2);
        } catch (PrivilegedActionException e3) {
            throw new ServiceRuntimeException(e3);
        } catch (InvalidNameException e4) {
            throw new ServiceRuntimeException("User Name must be a valid DN");
        }
    }

    public final void deleteAuthorizedUser(String str) {
        authenticateAdmin();
        if (!this.AuthorizedUsers.containsKey(str)) {
            throw new AuthorizedUserNotFound(str);
        }
        this.AuthorizedUsers.remove(str);
        try {
            this.config.put("AuthorizedUsers", this.AuthorizedUsers);
            _store();
        } catch (ServiceException | PrivilegedActionException e) {
            throw new ServiceRuntimeException(e);
        }
    }

    private String getNewSalt() {
        return MD5.stringify(SecurityUtils.generateRandom(16));
    }

    public final boolean canAccessPage(String str) {
        ArrayList rolesAllowedForPagePath;
        int indexOf;
        boolean z = false;
        if (isRootAdminUser()) {
            z = true;
        } else {
            if (IS_ADMIN_BEHIND_VIRTUAL_DIR && (indexOf = str.toLowerCase().indexOf("/cfide/administrator/")) != -1) {
                str = str.substring(indexOf);
            }
            ArrayList rolesAllowedForPage = this.rolesStore.getRolesAllowedForPage(str);
            if (rolesAllowedForPage != null) {
                z = UserUtils.isUserInRoleListInternal(rolesAllowedForPage);
            }
            if (!z && (rolesAllowedForPagePath = this.rolesStore.getRolesAllowedForPagePath(str)) != null) {
                z = UserUtils.isUserInRoleListInternal(rolesAllowedForPagePath);
            }
        }
        return z;
    }

    public final boolean canAccessAdministrator() {
        return isRootAdminUser() || UserUtils.isUserInRoleInternal("coldfusion.administrator");
    }

    public final boolean canAccessRDS() {
        return isRootAdminUser() || UserUtils.isUserInRoleInternal("coldfusion.rds");
    }

    public final boolean canAccessRDS(String str) {
        if (str.equals(getRootAdminUserId())) {
            return true;
        }
        return getAuthorizedUser(str, false, false).roles.contains("coldfusion.rds");
    }

    @Override // coldfusion.server.ServiceBase
    public void start() throws ServiceException {
        PasswordUtils.getInstance(this.rootDir).addObserver(this);
        super.start();
        store();
    }

    @Override // coldfusion.server.ServiceBase
    public final synchronized void load() throws ServiceException {
        loadSecurity();
        if (isSandboxSecurityEnabled() && System.getSecurityManager() == null) {
            try {
                System.setSecurityManager(new java.lang.SecurityManager());
            } catch (Exception e) {
            }
        }
        this.jvmSecurityEnabled = System.getSecurityManager() != null;
        loadPassword();
        loadRoles();
        loadExposedServices();
        ESAPIUtils.loadESAPIUtils();
    }

    private void loadSecurity() throws ServiceException {
        try {
            setSettings((ConfigMap) deserialize(this.file));
        } catch (Exception e) {
            throw new ServiceException(e);
        }
    }

    private void loadPassword() {
        Properties properties = new Properties();
        try {
            if (ServerlessUtil.isLambdaEnv()) {
                if (this.imf == null) {
                    this.imf = new InMemoryFile(this.password_file.getAbsolutePath(), this.password_file);
                }
                properties.load(new FileInputStream(this.password_file));
                InMemoryOutputStream inMemoryOutputStream = new InMemoryOutputStream(this.imf);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                properties.store(byteArrayOutputStream, (String) null);
                inMemoryOutputStream.write(byteArrayOutputStream.toByteArray());
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                if (inMemoryOutputStream != null) {
                    inMemoryOutputStream.close();
                }
            } else {
                properties.load(new FileInputStream(this.password_file));
            }
        } catch (Exception e) {
            properties.put("encrypted", "false");
            properties.put("password", DEFAULT_ROOT_ADMIN_USER_ID);
            properties.put(AdminPasswordSettings.RDSPASSWORD, "rds");
        }
        try {
            this.isEncrypted = Boolean.parseBoolean(properties.getProperty("encrypted").trim());
            this.password = properties.getProperty("password");
            this.rdspassword = properties.getProperty(AdminPasswordSettings.RDSPASSWORD);
            if (!this.isEncrypted) {
                this.password = SecurityUtils.hash(this.password, "SHA-1", "", "");
                this.rdspassword = encryptPassword(this.rdspassword);
            }
            if (this.rootSalt == null) {
                this.rootSalt = getNewSalt();
                this.config.put(ADMIN_USERID_ROOT_SALT, this.rootSalt);
                this.password = SecurityUtils.hash(this.password, "SHA-256", "", this.rootSalt);
                this.isEncrypted = true;
                savePasswordFile();
            } else if (!this.isEncrypted) {
                this.password = SecurityUtils.hash(this.password, "SHA-256", "", this.rootSalt);
                this.isEncrypted = true;
                savePasswordFile();
            }
        } catch (IOException e2) {
            logger.error("Error loading passwords.", e2);
            throw new ServiceRuntimeException("Error loading passwords.", e2);
        }
    }

    private void loadRoles() {
        this.rolesStore.reset();
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("coldfusion/security/roles.properties");
        try {
            Properties properties = new Properties();
            properties.load(resourceAsStream);
            this.rolesStore.load(properties);
        } catch (IOException e) {
            logger.error("Failed to load built-in roles. Login will be possible only by root administrator.", e);
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(this.customRolesFile);
            Properties properties2 = new Properties();
            properties2.load(fileInputStream);
            this.rolesStore.load(properties2);
        } catch (FileNotFoundException e2) {
            logger.debug("Custom roles file not found, custom roles not loaded.");
        } catch (IOException e3) {
            logger.error("Error loading custom roles file. Custom admin pages will be accessible only by root administrator.", e3);
        }
        this.customRolesLastModified = this.customRolesFile.lastModified();
    }

    private void loadExposedServices() {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("coldfusion/security/exposedservices.properties");
        try {
            Properties properties = new Properties();
            properties.load(resourceAsStream);
            this.exposedServiceMgr.load(properties);
        } catch (IOException e) {
            logger.error("Failed to load list of exposed services. No services will be exposed.", e);
        }
    }

    private GenericCache getAuthCacheManager() {
        String str = this.rootDir + File.separatorChar + "lib" + File.separatorChar + "auth-ehcache.xml";
        if (ehcacheCacheMngr == null) {
            synchronized (SecurityManager.class) {
                if (ehcacheCacheMngr == null) {
                    loadEhcacheAuthManager(str);
                }
            }
        }
        FusionContext current = FusionContext.getCurrent();
        String applicationName = current != null ? current.getApplicationName() != null ? current.getApplicationName() : "" : "";
        GenericCache genericCache = this.cacheMgrMap.get(applicationName);
        if (genericCache == null && !isCFAdmin()) {
            synchronized (SecurityManager.class) {
                GenericCache genericCache2 = this.cacheMgrMap.get(applicationName);
                if (genericCache2 != null) {
                    return genericCache2;
                }
                try {
                    Configuration parseEhcacheConfiguration = parseEhcacheConfiguration(str);
                    auth_cache_config = parseEhcacheConfiguration.getCacheConfigurations().get(AUTH_CACHE_NAME);
                    auth_tokn_mapping_cache_config = parseEhcacheConfiguration.getCacheConfigurations().get(AUTH_TOKEN_MAPPING_CACHE_NAME);
                    parseEhcacheConfiguration.setName("AuthCacheManager");
                    final GenericCache cFLoginRedisSessionStorage = (ServiceFactory.getRuntimeService().getCFLoginUseSessionStorageRedis() && ServiceFactory.getRuntimeService().getSessionStorage().equalsIgnoreCase("redis")) ? GenericCacheFactory.getCFLoginRedisSessionStorage() : GenericCacheFactory.getCache();
                    boolean z = Boolean.getBoolean(DISABLE_TOKEN_MAPPING_CACHE_PROPERTY);
                    if (!cFLoginRedisSessionStorage.cacheExists(AUTH_CACHE_NAME)) {
                        cFLoginRedisSessionStorage.createCache(AUTH_CACHE_NAME, (String) null, (String) null, (Map) null);
                    }
                    if (!z) {
                        boolean cacheExists = cFLoginRedisSessionStorage.cacheExists(AUTH_TOKEN_MAPPING_CACHE_NAME);
                        if (!cacheExists) {
                            cFLoginRedisSessionStorage.createCache(AUTH_TOKEN_MAPPING_CACHE_NAME, (String) null, (String) null, (Map) null);
                        }
                        final Boolean valueOf = Boolean.valueOf(cacheExists);
                        Runnable runnable = new Runnable() { // from class: coldfusion.security.SecurityManager.1
                            List<String> oldCacheIds;

                            @Override // java.lang.Runnable
                            public void run() {
                                if (valueOf != null) {
                                    CacheTO cacheTO = new CacheTO();
                                    cacheTO.setKey(SecurityManager.AUTH_TOKEN_MAPPING_CACHE_NAME);
                                    List<String> allCacheIds = cFLoginRedisSessionStorage.getAllCacheIds(cacheTO, true);
                                    if (this.oldCacheIds != null && allCacheIds != null) {
                                        for (String str2 : this.oldCacheIds) {
                                            if (!allCacheIds.contains(str2)) {
                                                SecurityScopeTracker.getInstance().removeSecurity(str2);
                                            }
                                        }
                                    }
                                    this.oldCacheIds = allCacheIds;
                                }
                            }
                        };
                        final ScheduledExecutorService newScheduledThreadPool = Executors.newScheduledThreadPool(1);
                        final ScheduledFuture<?> scheduleAtFixedRate = newScheduledThreadPool.scheduleAtFixedRate(runnable, 0L, 1L, TimeUnit.SECONDS);
                        Runtime.getRuntime().addShutdownHook(new Thread() { // from class: coldfusion.security.SecurityManager.2
                            @Override // java.lang.Thread, java.lang.Runnable
                            public void run() {
                                try {
                                    scheduleAtFixedRate.cancel(true);
                                    newScheduledThreadPool.shutdownNow();
                                } catch (Throwable th) {
                                }
                            }
                        });
                    }
                    this.cacheMgrMap.put(applicationName, cFLoginRedisSessionStorage);
                    return cFLoginRedisSessionStorage;
                } catch (Exception e) {
                    CFLogs.SERVER_LOG.error((Throwable) e);
                }
            }
        }
        return genericCache;
    }

    private void loadEhcacheAuthManager(String str) {
        Configuration parseEhcacheConfiguration = parseEhcacheConfiguration(str);
        parseEhcacheConfiguration.setName("AuthCacheManager");
        ehcacheCacheMngr = new CacheManager(parseEhcacheConfiguration);
        boolean z = Boolean.getBoolean(DISABLE_TOKEN_MAPPING_CACHE_PROPERTY);
        Cache cache = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME);
        if (z || cache == null) {
            return;
        }
        Cache cache2 = ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME);
        if (cache2 == null) {
            CacheConfiguration m2852clone = cache.getCacheConfiguration().m2852clone();
            m2852clone.setTimeToLiveSeconds(60L);
            m2852clone.setEternal(false);
            m2852clone.setName(AUTH_TOKEN_MAPPING_CACHE_NAME);
            cache2 = new Cache(m2852clone);
            ehcacheCacheMngr.addCache(cache2);
        }
        cache2.getCacheEventNotificationService().registerListener(new AuthMappingCacheEventListener(), NotificationScope.LOCAL);
        final Cache cache3 = cache2;
        Runnable runnable = new Runnable() { // from class: coldfusion.security.SecurityManager.3
            @Override // java.lang.Runnable
            public void run() {
                if (cache3 != null) {
                    cache3.evictExpiredElements();
                }
            }
        };
        final ScheduledExecutorService newScheduledThreadPool = Executors.newScheduledThreadPool(1);
        final ScheduledFuture<?> scheduleAtFixedRate = newScheduledThreadPool.scheduleAtFixedRate(runnable, 0L, cache2.getCacheConfiguration().getTimeToLiveSeconds(), TimeUnit.SECONDS);
        Runtime.getRuntime().addShutdownHook(new Thread() { // from class: coldfusion.security.SecurityManager.4
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                try {
                    scheduleAtFixedRate.cancel(true);
                    newScheduledThreadPool.shutdownNow();
                } catch (Throwable th) {
                }
            }
        });
    }

    private Configuration parseEhcacheConfiguration(final String str) {
        return System.getSecurityManager() == null ? ConfigurationFactory.parseConfiguration(new File(str)) : (Configuration) AccessController.doPrivileged(new PrivilegedAction<Configuration>() { // from class: coldfusion.security.SecurityManager.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Configuration run() {
                return ConfigurationFactory.parseConfiguration(new File(str));
            }
        });
    }

    private Hashtable map2Permissions() {
        StringBuilder sb = new StringBuilder();
        Hashtable hashtable = new Hashtable();
        Iterator it = this.contexts.keySet().iterator();
        while (it.hasNext()) {
            ConfigMap configMap = (ConfigMap) this.contexts.get((String) it.next());
            for (String str : configMap.keySet()) {
                List list = (List) configMap.get(str);
                Permissions permissions = new Permissions();
                permissions.add(new LoggingPermission("control", null));
                permissions.add(new MBeanPermission("*", "getMBeanInfo,getObjectInstance,queryMBeans,queryNames,getAttribute,invoke"));
                if (list.size() != 0) {
                    int i = 0;
                    while (i < list.size()) {
                        ConfigMap configMap2 = ConfigMap.toConfigMap(list.get(i));
                        configMap2.init(this, "permission");
                        String str2 = (String) configMap2.get("class");
                        String str3 = (String) configMap2.get("target");
                        String str4 = (String) configMap2.get("action");
                        try {
                            if ("java.net.NetPermission".equals(str2)) {
                                permissions.add(new NetPermission(str3));
                            } else if (CFSetupConstants.PROPERTY_PERMISSION_KEY.equals(str2)) {
                                permissions.add(new PropertyPermission(str3, str4));
                            } else if ("java.lang.reflect.ReflectPermission".equals(str2)) {
                                permissions.add(new ReflectPermission(str3));
                            } else if (CFSetupConstants.ENABLED_RUNTIME_PERMISSION.equals(str2)) {
                                permissions.add(new RuntimePermission(str3));
                            } else if ("java.security.SecurityPermission".equals(str2)) {
                                permissions.add(new SecurityPermission(str3));
                            } else if ("java.io.SerializablePermission".equals(str2)) {
                                permissions.add(new SerializablePermission(str3));
                            } else if ("java.sql.SQLPermission".equals(str2)) {
                                permissions.add(new SQLPermission(str3));
                            } else if (CFSetupConstants.FILE_PERMISSION_KEY.equals(str2)) {
                                permissions.add(new FilePermission(str3, str4));
                            } else if (CFSetupConstants.VFILE_PERMISSION_KEY.equals(str2)) {
                                permissions.add(new VFilePermission(str3, str4));
                            } else if (CFSetupConstants.SOCKET_PERMISSION_KEY.equals(str2)) {
                                permissions.add(new SocketPermission(str3, str4));
                            } else if (CFSetupConstants.DISABLED_TAG_KEY.equals(str2)) {
                                permissions.add(new GenericTagPermission(str3));
                            } else if (CFSetupConstants.DISABLED_FUNCTION_KEY.equals(str2)) {
                                permissions.add(new FunctionPermission(str3));
                            } else if (CFSetupConstants.ENABLED_DATASOURCES.equals(str2)) {
                                permissions.add(new DataSourcePermission(str3));
                            } else if ("coldfusion.tagext.lang.ModulePermission".equals(str2)) {
                                permissions.add(new ModulePermission(str3));
                            } else if ("org.osgi.framework.AdminPermission".equals(str2)) {
                                permissions.add(new AdminPermission());
                            } else if (CFSetupConstants.OSGISERVICE_PERMISSION_KEY.equals(str2)) {
                                permissions.add(new ServicePermission(str3, str4));
                            }
                        } catch (Throwable th) {
                            list.remove(i);
                            i--;
                            sb.append(th.getLocalizedMessage());
                            sb.append(' ');
                        }
                        i++;
                    }
                }
                for (File file : new File(this.rootDir + File.separatorChar + "lib").listFiles(new FilenameFilter() { // from class: coldfusion.security.SecurityManager.6
                    @Override // java.io.FilenameFilter
                    public boolean accept(File file2, String str5) {
                        int lastIndexOf = str5.lastIndexOf(46);
                        if (lastIndexOf == -1) {
                            return false;
                        }
                        String lowerCase = str5.substring(lastIndexOf + 1).toLowerCase();
                        return lowerCase.equals("jar") || lowerCase.equals("zip") || lowerCase.equals("dll") || lowerCase.equals("so");
                    }
                })) {
                    permissions.add(new FilePermission(file.getAbsolutePath(), Phase.READ));
                }
                permissions.add(new FilePermission(new File(this.rootDir + File.separatorChar + "stubs").getAbsolutePath() + File.separator + "-", Phase.READ));
                permissions.add(new FilePermission(new File(this.rootDir + File.separatorChar + "lib" + File.separator + "oosdk").getAbsolutePath() + File.separator + "-", Phase.READ));
                permissions.add(new FilePermission(this.rootDir + File.separator + "CustomTags" + File.separator + "com" + File.separator + "-", "read,execute"));
                if (this.servletContext != null) {
                    String realPath = this.servletContext.getRealPath(CFSetupConstants.CFIDE_MAPPING);
                    if (realPath != null && !realPath.endsWith(File.separator)) {
                        realPath = realPath + File.separator;
                    }
                    permissions.add(new FilePermission(realPath + "AIR" + File.separatorChar + "-", Phase.READ));
                    permissions.add(new FilePermission(realPath + "orm" + File.separatorChar + "-", Phase.READ));
                    permissions.add(new FilePermission(realPath + "portlets" + File.separatorChar + "-", Phase.READ));
                    permissions.add(new FilePermission(realPath + "services" + File.separatorChar + "-", Phase.READ));
                    permissions.add(new FilePermission(realPath + File.separator + "scripts" + File.separatorChar + "-", Phase.READ));
                    String realPath2 = this.servletContext.getRealPath("/WEB-INF");
                    if (realPath2 != null && !realPath2.endsWith(File.separator)) {
                        realPath2 = realPath2 + File.separator;
                    }
                    permissions.add(new FilePermission(realPath2 + "cftags" + File.separatorChar + '*', "read,execute"));
                    permissions.add(new FilePermission(realPath2 + "cftags" + File.separatorChar + "META-INF" + File.separatorChar + "taglib.cftld", "read,execute"));
                    permissions.add(new FilePermission(realPath2 + "cfclasses" + File.separator + "dotNetProxy" + File.separator + "-", "read,execute"));
                    permissions.add(new FilePermission(realPath2 + "cfclasses" + File.separator + "dotNetProxy", "read,execute"));
                }
                permissions.add(new FilePermission((null == tmpRoot ? this.rootDir + File.separatorChar + RuntimeService.TMPCACHE + File.separatorChar + "appClasses" : tmpRoot + File.separatorChar + RuntimeService.TMPCACHE + File.separatorChar + "appClasses") + File.separatorChar + "-", Phase.READ));
                permissions.add(new FilePermission(this.rootDir + File.separator + "ormindex", "read,write"));
                permissions.add(new FilePermission(this.rootDir + File.separator + "ormindex" + File.separator + "-", "read,write"));
                permissions.add(new SocketPermission("localhost:0", "listen"));
                hashtable.put(str, permissions);
            }
        }
        if (sb.length() == 0) {
            return hashtable;
        }
        throw new IllegalArgumentException(sb.toString());
    }

    private void _store() throws ServiceException, PrivilegedActionException {
        if (this.jvmSecurityEnabled) {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: coldfusion.security.SecurityManager.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws ServiceException {
                    SecurityManager.this.store();
                    return null;
                }
            });
        } else {
            store();
        }
    }

    @Override // coldfusion.server.ServiceBase
    public synchronized void store() throws ServiceException {
        Hashtable map2Permissions = map2Permissions();
        if (this._sbsEnabled && this.basic_policy != null) {
            this.basic_policy.setNewPermissions(map2Permissions);
        }
        serialize(this.config, this.file);
        this.helper.setSanboxSecuritySwitches(this._sbsEnabled);
    }

    public final Map getSettings() {
        authenticateAdmin();
        return this.config;
    }

    public final void setSettings(Map map) throws ServiceException {
        authenticateAdmin();
        try {
            if (map instanceof ConfigMap) {
                this.config = (ConfigMap) map;
            } else {
                this.config = new ConfigMap();
                this.config.putAll(map);
                this.config.setConfigMapListener(this);
                store();
            }
            this.adminSecurityEnabled = ((Boolean) this.config.get(CFSetupConstants.ADMIN_SECURITY_ENABLED)).booleanValue();
            this.rdsSecurityEnabled = Boolean.valueOf((String) this.config.get(CFSetupConstants.RDS_SECURITY_ENABLED)).booleanValue();
            this.rdsEnabled = Boolean.valueOf((String) this.config.get(CFSetupConstants.RDS_ENABLED)).booleanValue();
            if (this.config.containsKey(CFSetupConstants.RDS_USE_SINGLE_PASSWORD)) {
                this.useSingleRdsPassword = ((Boolean) this.config.get(CFSetupConstants.RDS_USE_SINGLE_PASSWORD)).booleanValue();
            }
            this.adminUserIdRequired = this.config.containsKey(CFSetupConstants.ADMIN_USERID_REQUIRED) && ((Boolean) this.config.get(CFSetupConstants.ADMIN_USERID_REQUIRED)).booleanValue();
            this.rootAdminUserId = (String) this.config.get("admin.userid.root");
            if (this.rootAdminUserId == null) {
                this.rootAdminUserId = DEFAULT_ROOT_ADMIN_USER_ID;
            }
            this.rootSalt = (String) this.config.get(ADMIN_USERID_ROOT_SALT);
            this.rootAdminUserId = this.rootAdminUserId.trim();
            try {
                this._sbsEnabled = ((Boolean) this.config.get(CFSetupConstants.SANDBOX_ENABLED_SETTING_KEY)).booleanValue();
            } catch (NullPointerException e) {
                this._sbsEnabled = this.jvmSecurityEnabled;
            }
            this.allowedIPList = (String) this.config.get(CFSetupConstants.ALLOWED_SERVICES_IP);
            if (this.allowedIPList == null) {
                this.allowedIPList = "";
            }
            this.allowedAdminIPList = (String) this.config.get(CFSetupConstants.ALLOWED_ADMIN_IP);
            if (this.allowedAdminIPList == null) {
                this.allowedAdminIPList = "";
            }
            loadCrossSiteScriptPatterns((ConfigMap) this.config.get("CrossSiteScriptPatterns"));
            FastHashtable fastHashtable = (FastHashtable) this.config.get("AuthorizedUsers");
            this.AuthorizedUsers = new FastHashtable();
            boolean loadUsers = loadUsers(fastHashtable);
            loadSandboxes((ConfigMap) this.config.get(AnalyzingInfixLookupFactory.CONTEXTS_FIELD_NAME));
            this.config.setConfigMapListener(this);
            if (this.config.containsKey("allowconcurrentadminlogin")) {
                this.allowConcurrentAdminLogin = ((Boolean) this.config.get("allowconcurrentadminlogin")).booleanValue();
            } else {
                this.config.put("allowconcurrentadminlogin", this.allowConcurrentAdminLogin ? Boolean.TRUE : Boolean.FALSE);
            }
            if (this.config.containsKey(CFSetupConstants.SECURE_PROFILE_ENABLED)) {
                this.isSecureProfile = ((Boolean) this.config.get(CFSetupConstants.SECURE_PROFILE_ENABLED)).booleanValue();
            } else {
                this.config.put(CFSetupConstants.SECURE_PROFILE_ENABLED, this.isSecureProfile ? Boolean.TRUE : Boolean.FALSE);
            }
            if (clientCertAuthEnabled) {
                this.ccaMappingConfig = getDefaultClientCertAuthMappingConfig();
            }
            boolean z = false;
            if (this.config.containsKey("cfadmin.cookieidentifier")) {
                this.cfAdminCookieIdentifier = (String) this.config.get("cfadmin.cookieidentifier");
            } else {
                this.cfAdminCookieIdentifier = Integer.toString(Math.abs(new Random().nextInt()));
                this.config.put("cfadmin.cookieidentifier", this.cfAdminCookieIdentifier);
                z = true;
            }
            if (loadUsers || z) {
                if (loadUsers) {
                    this.config.put("AuthorizedUsers", this.AuthorizedUsers);
                }
                store();
            }
        } catch (Exception e2) {
            throw new ServiceException(e2);
        }
    }

    public void loadSandboxes(ConfigMap configMap) {
        this.contexts = configMap;
        this.contexts.init(this, "appcontexts");
        initMap(this.contexts, AnalyzingInfixLookupFactory.CONTEXTS_FIELD_NAME);
        Hashtable map2Permissions = map2Permissions();
        if (isSandboxSecurityEnabled()) {
            try {
                if (this.basic_policy == null) {
                    this.basic_policy = new BasicPolicy(Policy.getPolicy(), map2Permissions);
                    this.basic_policy.getClass().getMethods();
                    Policy.setPolicy(this.basic_policy);
                } else {
                    this.basic_policy.setNewPermissions(map2Permissions);
                }
            } catch (Exception e) {
                CFLogs.SERVER_LOG.error(RB.getString(this, "SecurityManager.policyNotSet"), e);
                this.jvmSecurityEnabled = false;
                this._sbsEnabled = false;
            }
        }
        Iterator it = this.contexts.values().iterator();
        while (it.hasNext()) {
            ((ConfigMap) it.next()).setConfigMapListener(this);
        }
        this.contexts.setConfigMapListener(this);
    }

    public void setAuthorizedUsers(FastHashtable fastHashtable) {
        authenticateAdmin();
        try {
            if (loadUsers(fastHashtable)) {
                this.config.put("AuthorizedUsers", this.AuthorizedUsers);
                store();
            }
        } catch (Exception e) {
            CFLogs.SERVER_LOG.error((Throwable) e);
        }
    }

    public void setCrossSiteScriptPatterns(ConfigMap configMap) {
        authenticateAdmin();
        updateCrossSiteScriptPatterns(configMap);
    }

    private void updateCrossSiteScriptPatterns(ConfigMap configMap) {
        if (configMap != null) {
            if (this.config.get("CrossSiteScriptPatterns") == null) {
                this.config.put("CrossSiteScriptPatterns", new ConfigMap());
            }
            ConfigMap configMap2 = (ConfigMap) this.config.get("CrossSiteScriptPatterns");
            for (String str : configMap.keySet()) {
                try {
                    this.CompiledCrossSiteScriptPatterns.put(this.compiler.compile(str, 1), configMap.get(str));
                    configMap2.put(str, configMap.get(str));
                } catch (Exception e) {
                    CFLogs.SERVER_LOG.error((Throwable) e);
                }
            }
            this.config.put("CrossSiteScriptPatterns", configMap2);
            try {
                store();
            } catch (Exception e2) {
                CFLogs.SERVER_LOG.error((Throwable) e2);
            }
        }
    }

    private void loadCrossSiteScriptPatterns(ConfigMap configMap) {
        if (configMap != null) {
            for (String str : configMap.keySet()) {
                try {
                    this.CompiledCrossSiteScriptPatterns.put(this.compiler.compile(str, 1), configMap.get(str));
                } catch (Exception e) {
                    CFLogs.SERVER_LOG.error((Throwable) e);
                }
            }
        }
    }

    private boolean loadUsers(FastHashtable fastHashtable) throws IOException {
        boolean z = false;
        if (fastHashtable == null) {
            this.AuthorizedUsers = new FastHashtable();
            return true;
        }
        Set<String> keySet = fastHashtable.keySet();
        if (keySet != null && !keySet.isEmpty()) {
            for (String str : keySet) {
                if (!isAuthorizedUser(str)) {
                    Map map = (Map) fastHashtable.get(str);
                    if (((String) map.get("salt")) == null) {
                        String newSalt = getNewSalt();
                        String str2 = (String) map.get("password");
                        if (str2 != null) {
                            map.put("password", SecurityUtils.hash(str2, "SHA-256", "", newSalt));
                        }
                        map.put("salt", newSalt);
                    }
                    z = true;
                    this.AuthorizedUsers.put(str, map);
                }
            }
        }
        return z;
    }

    private ClientCertAuthenticationMappingConfig getDefaultClientCertAuthMappingConfig() {
        ClientCertAuthenticationMappingConfig clientCertAuthenticationMappingConfig = new ClientCertAuthenticationMappingConfig();
        boolean z = Boolean.getBoolean(ADMIN_CLIENT_CERT_USE_CGI);
        if (z) {
            clientCertAuthenticationMappingConfig.setUseCGI(z);
        } else {
            String property = System.getProperty(ADMIN_CLIENT_CERT_SUBJECT_HEADER);
            if (property == null) {
                return null;
            }
            clientCertAuthenticationMappingConfig.setSubjectHeader(property);
            clientCertAuthenticationMappingConfig.setMatchCriteria(subjectFormat);
        }
        return clientCertAuthenticationMappingConfig;
    }

    @Override // coldfusion.server.ServiceBase
    public final Map getResourceBundle() {
        if (this.rb == null) {
            this.rb = new HashMap();
            this.rb.put("permission.keys", "class,target,action");
            this.rb.put("permission.types", "java.lang.String,java.lang.String,java.lang.String");
            this.rb.put("permission.formats", "coldfusion.server.StringFormatter,coldfusion.server.StringFormatter,coldfusion.server.StringFormatter");
            this.rb.put("appcontexts.keys", "");
            this.rb.put("appcontexts.types", "coldfusion.server.ConfigMap");
            this.rb.put("appcontexts.formats", "coldfusion.server.MapFormatter");
            this.rb.put("appcontexts.value", AnalyzingInfixLookupFactory.CONTEXTS_FIELD_NAME);
            this.rb.put("contexts.keys", "");
            this.rb.put("contexts.types", "coldfusion.server.ConfigMap");
            this.rb.put("contexts.formats", "coldfusion.server.MapFormatter");
            this.rb.put("contexts.value", "");
            this.rb.put("CrossSiteScriptPatterns.keys", "");
            this.rb.put("CrossSiteScriptPatterns.types", "coldfusion.server.ConfigMap");
            this.rb.put("CrossSiteScriptPatterns.formats", "coldfusion.server.MapFormatter");
            this.rb.put("CrossSiteScriptPatterns.value", "");
            this.rb.put("authorizedUsers.keys", "");
            this.rb.put("authorizedUsers.types", "coldfusion.server.ConfigMap");
            this.rb.put("authorizedUsers.formats", "coldfusion.server.MapFormatter");
            this.rb.put("authorizedUsers.value", "");
        }
        return this.rb;
    }

    public final String getAdminHash(String str, Object obj) {
        if (!(obj instanceof NeoPageContext)) {
            throw new UnauthenticatedCredentialsException();
        }
        Object page = ((NeoPageContext) obj).getPage();
        IncludeTag includeTag = ((CfJspPage) page).parent;
        boolean z = false;
        if (SystemInfo.isWindows()) {
            z = true;
        } else if (0 == 0) {
            if (page instanceof CFDummyComponent) {
                if (((CfJspPage) page).getPagePath().contains("/cfide/")) {
                    z = true;
                }
            } else if ((page instanceof CfJspPage) && (includeTag instanceof IncludeTag) && includeTag.getCanonicalLocation().contains("/cfide/")) {
                z = true;
            }
        }
        if (IS_ADMIN_BEHIND_VIRTUAL_DIR) {
            z = true;
        }
        if (page instanceof CFDummyComponent) {
            String pagePath = ((CfJspPage) page).getPagePath();
            for (int i = 0; i < adminapi_cfcs.length; i++) {
                String str2 = adminapi_cfcs[i];
                if (pagePath.regionMatches(z, pagePath.length() - str2.length(), str2, 0, str2.length())) {
                    return getAdminPassword(str);
                }
            }
        } else if ((page instanceof CfJspPage) && (includeTag instanceof IncludeTag)) {
            String canonicalLocation = includeTag.getCanonicalLocation();
            for (int i2 = 0; i2 < admin_pages.length; i2++) {
                String str3 = admin_pages[i2];
                if (canonicalLocation.regionMatches(z, canonicalLocation.length() - str3.length(), str3, 0, str3.length())) {
                    return getAdminPassword(str);
                }
            }
        }
        throw new UnauthenticatedCredentialsException();
    }

    public final void authenticateAdmin() {
        FusionContext current = FusionContext.getCurrent();
        if (current != null && isAdminSecurityEnabled()) {
            String initParameter = current.getServletContext().getInitParameter("coldfusion.securityservice.disableadminauthentication");
            if (initParameter == null || !initParameter.equalsIgnoreCase("true")) {
                Object findAttribute = current.pageContext.findAttribute("cflogin.password");
                Object obj = null;
                if (findAttribute == null) {
                    String str = null;
                    Scope scope = (Scope) current.pageContext.findAttribute("session");
                    boolean z = false;
                    if (scope instanceof SessionScope) {
                        str = (String) scope.get(SecurityScopeTracker.getAppSecureCookieName());
                        if (str != null && !str.isEmpty()) {
                            z = true;
                        }
                    }
                    if (str == null) {
                        str = SecurityScopeTracker.getSecurityCookie(current.pageContext);
                    }
                    if (str == null) {
                        findAttribute = current.getSecurePassword();
                        if (findAttribute != null) {
                            obj = current.getSecureUsername();
                        } else {
                            findAttribute = current.pageContext.findAttribute("j_password");
                            if (findAttribute != null) {
                                obj = current.pageContext.findAttribute("j_username");
                            } else {
                                String header = current.getRequest().getHeader("authorization");
                                if (header != null) {
                                    int indexOf = header.indexOf(" ");
                                    if (indexOf != -1) {
                                        String substring = header.substring(indexOf + 1);
                                        try {
                                            substring = new String(Base64Encoder.decode(substring), "utf-8");
                                        } catch (UnsupportedEncodingException e) {
                                            substring = new String(Base64Encoder.decode(substring));
                                        }
                                        int indexOf2 = substring.indexOf(":");
                                        if (indexOf2 != -1) {
                                            obj = substring.substring(0, indexOf2);
                                            findAttribute = "";
                                            if (indexOf2 + 1 != substring.length()) {
                                                int indexOf3 = substring.indexOf(":", indexOf2 + 1);
                                                if (indexOf3 == -1) {
                                                    findAttribute = substring.substring(indexOf2 + 1);
                                                } else if (indexOf3 + 1 != substring.length()) {
                                                    findAttribute = substring.substring(indexOf2 + 1, indexOf3);
                                                }
                                            }
                                        }
                                    }
                                } else {
                                    authenticateUsingClientCert(current);
                                }
                            }
                        }
                    } else {
                        SecurityTable security = z ? SecurityScopeTracker.getInstance().getSecurity(str) : SecurityScopeTracker.getInstance().getSecurity(current.pageContext);
                        if (security != null) {
                            obj = security.getUserName();
                            findAttribute = security.getPassword();
                        }
                    }
                }
                if (findAttribute != null) {
                    boolean z2 = false;
                    if (isAdminUserIdRequired() && obj != null) {
                        String checkAdminUserClientCertificate = checkAdminUserClientCertificate();
                        if (checkAdminUserClientCertificate != null) {
                            z2 = checkAdminUserClientCertificate.equalsIgnoreCase(obj.toString());
                            if (!z2) {
                                throw new UnauthenticatedCredentialsException();
                            }
                        } else {
                            z2 = checkAdminUserIdPassword(obj.toString(), findAttribute.toString(), true, true);
                        }
                    } else if (!isAdminUserIdRequired()) {
                        String checkAdminUserClientCertificate2 = checkAdminUserClientCertificate();
                        if (checkAdminUserClientCertificate2 != null) {
                            z2 = checkAdminUserClientCertificate2.equalsIgnoreCase(this.rootAdminUserId);
                            if (!z2) {
                                throw new UnauthenticatedCredentialsException();
                            }
                        } else {
                            z2 = checkAdminUserIdPassword(this.rootAdminUserId, findAttribute.toString(), true, true);
                        }
                    }
                    if (!z2) {
                        try {
                            if (!encryptPassword(Encryptor.decrypt(findAttribute.toString())).equals(this.password)) {
                                throw new UnauthenticatedCredentialsException();
                            }
                        } catch (Exception e2) {
                            if (!isAuthenticated()) {
                                throw new UnauthenticatedCredentialsException();
                            }
                        }
                    }
                } else if (!isAuthenticated()) {
                    throw new UnauthenticatedCredentialsException();
                }
            }
        }
    }

    protected String authenticateUsingClientCert(FusionContext fusionContext) {
        Map map;
        Object obj;
        if (!clientCertAuthEnabled || this.ccaMappingConfig == null || fusionContext == null) {
            return null;
        }
        String header = fusionContext.getRequest().getHeader(this.ccaMappingConfig.isUseCGI() ? ADMIN_CLIENT_CERT_CGI_SUBJECT_HEADER : this.ccaMappingConfig.getSubjectHeader());
        if (header == null || header.trim().isEmpty()) {
            return null;
        }
        if (this.ccaMappingConfig.getMatchCriteria().equalsIgnoreCase("cn")) {
            header = getSubjectFromCN(header);
        } else if (!this.ccaMappingConfig.getMatchCriteria().equalsIgnoreCase(ADMIN_CLIENT_CERT_SUBJECT_EXACT_CRITERIA)) {
            header = null;
        }
        if (header == null) {
            return null;
        }
        if (this.rootAdminUserId.equalsIgnoreCase(header)) {
            if (rootAdminClientCertAuthEnabled) {
                return header;
            }
            return null;
        }
        if (!isAuthorizedUser(header) || (map = (Map) this.AuthorizedUsers.get(header)) == null || (obj = map.get("allowclientcertauth")) == null || !Cast._boolean(obj, false)) {
            return null;
        }
        return header;
    }

    protected String getSubjectFromCN(String str) {
        try {
            List rdns = new LdapName(str).getRdns();
            if (rdns == null || rdns.isEmpty() || !((Rdn) rdns.get(0)).getType().equalsIgnoreCase("CN")) {
                return null;
            }
            return (String) ((Rdn) rdns.get(0)).getValue();
        } catch (InvalidNameException e) {
            e.printStackTrace();
            return null;
        }
    }

    public final String crossSiteProtectString(String str) {
        String replace = str.replace((char) 0, ' ');
        HashMap compiledCrossSiteScriptPatterns = ServiceFactory.getSecurityService().getCompiledCrossSiteScriptPatterns();
        for (Pattern pattern : compiledCrossSiteScriptPatterns.keySet()) {
            replace = Util.substitute(new Perl5Matcher(), pattern, new Perl5Substitution((String) compiledCrossSiteScriptPatterns.get(pattern), 0), replace, -1);
        }
        return replace;
    }

    @Override // coldfusion.server.ServiceBase
    public final synchronized void filesModified(List list) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            File file = (File) it.next();
            try {
                String name = file.getName();
                if (name.equalsIgnoreCase(this.file.getName())) {
                    if (file.lastModified() > getLastModified()) {
                        loadSecurity();
                    }
                } else if (name.equalsIgnoreCase(this.password_file.getName())) {
                    if (file.lastModified() > this.passwordLastModified) {
                        loadPassword();
                    }
                } else if (name.equalsIgnoreCase(this.customRolesFile.getName()) && file.lastModified() > this.customRolesLastModified) {
                    loadRoles();
                }
            } catch (ServiceException e) {
                CFLogs.SERVER_LOG.error((Throwable) e);
            }
        }
    }

    public String getAllowedIPList() {
        return this.allowedIPList;
    }

    public void setAllowedIPList(String str) {
        authenticateAdmin();
        try {
            this.allowedIPList = str;
            this.config.put(CFSetupConstants.ALLOWED_SERVICES_IP, this.allowedIPList);
            store();
        } catch (ServiceException e) {
            throw new ServiceRuntimeException(e);
        }
    }

    @Override // java.util.Observer
    public void update(Observable observable, Object obj) {
        String str;
        String str2 = this.seed;
        if (!(observable instanceof PasswordUtils) || obj == null || !(obj instanceof String) || (str = (String) obj) == null || str.length() <= 0) {
            return;
        }
        this.seed = str;
        if (str2 == null) {
            return;
        }
        reEncryptPassword(str2);
    }

    private void reEncryptPassword(String str) {
        Properties properties = new Properties();
        try {
            properties.load(new FileInputStream(this.password_file));
        } catch (Exception e) {
            properties.put("encrypted", "false");
            properties.put("password", DEFAULT_ROOT_ADMIN_USER_ID);
            properties.put(AdminPasswordSettings.RDSPASSWORD, "rds");
        }
        properties.put(AdminPasswordSettings.RDSPASSWORD, this.rdspassword);
        properties.put("password", this.password);
        if ("true".equalsIgnoreCase(properties.getProperty("encrypted").trim())) {
            this.rdspassword = properties.getProperty(AdminPasswordSettings.RDSPASSWORD);
            try {
                this.rdspassword = PasswordUtils.reEncryptWithNewSeed(this.rdspassword, str, this.seed);
                properties.put(AdminPasswordSettings.RDSPASSWORD, this.rdspassword);
                properties.put("encrypted", "true");
                savePasswordFile();
            } catch (Exception e2) {
                CFLogs.SECURITY_LOG.error((Throwable) e2);
            }
        }
    }

    public String getRDSHash(String str, Object obj) {
        String adminHash = getAdminHash(str, obj);
        if (adminHash != null) {
            adminHash = encryptPassword(adminHash);
        }
        return adminHash;
    }

    public boolean isAllowConcurrentAdminLogin() {
        return this.allowConcurrentAdminLogin;
    }

    public void setAllowConcurrentAdminLogin(boolean z) {
        authenticateAdmin();
        this.allowConcurrentAdminLogin = z;
        this.config.put("allowconcurrentadminlogin", z ? Boolean.TRUE : Boolean.FALSE);
    }

    private String rotateAuthToken(String str, String str2, String str3, String str4, String str5) {
        String str6;
        String str7;
        GenericCache authCacheManager = getAuthCacheManager();
        String cacheKey = getCacheKey(str, str2);
        if (cacheKey == null) {
            return null;
        }
        boolean z = false;
        if (isCFAdmin()) {
            z = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME) != null;
        } else if (null != authCacheManager) {
            z = authCacheManager.cacheExists(AUTH_CACHE_NAME);
        }
        try {
            if (!z) {
                return null;
            }
            try {
                lockManager.requestNamedLock(cacheKey, false, getLockTimeOut());
                if (isCFAdmin()) {
                    Element element = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME).get((Serializable) cacheKey);
                    r15 = element != null ? (String) element.getObjectValue() : null;
                } else {
                    CacheTO cacheTO = new CacheTO();
                    cacheTO.setKey(AUTH_CACHE_NAME);
                    cacheTO.setId(cacheKey);
                    Object obj = authCacheManager.get(cacheTO, false);
                    if (obj != null) {
                        r15 = (String) obj;
                    }
                }
                if (r15 == null || (str6 = r15) == null) {
                    lockManager.releaseNamedLock(cacheKey, false);
                    return null;
                }
                String[] split = str6 != null ? str6.split(",") : null;
                boolean z2 = false;
                StringBuilder sb = new StringBuilder("");
                boolean z3 = false;
                if (split != null && split.length > 0) {
                    z2 = true;
                    for (String str8 : split) {
                        if (str8.startsWith(str4)) {
                            z3 = true;
                        } else {
                            sb.append(str8).append(",");
                        }
                    }
                }
                boolean cacheExists = isCFAdmin() ? ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME) != null : authCacheManager.cacheExists(AUTH_TOKEN_MAPPING_CACHE_NAME);
                if (cacheExists) {
                    if (isCFAdmin()) {
                        Element element2 = ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME).get((Serializable) str5);
                        r22 = element2 != null ? (String) element2.getObjectValue() : null;
                    } else {
                        CacheTO cacheTO2 = new CacheTO();
                        cacheTO2.setKey(AUTH_TOKEN_MAPPING_CACHE_NAME);
                        cacheTO2.setId(cacheKey);
                        Object obj2 = authCacheManager.get(cacheTO2, false);
                        if (obj2 != null) {
                            r22 = (String) obj2;
                        }
                    }
                    if (r22 != null) {
                        SecurityScopeTracker.getInstance().copySecurityTableIfAbsent(str5, r22);
                        String str9 = r22;
                        lockManager.releaseNamedLock(cacheKey, false);
                        return str9;
                    }
                }
                if (!z3) {
                    lockManager.releaseNamedLock(cacheKey, false);
                    return null;
                }
                StringBuilder sb2 = new StringBuilder();
                long currentTimeMillis = System.currentTimeMillis();
                String stringify = MD5.stringify(SecurityUtils.generateRandom(8));
                sb2.append(str).append("\r").append(str2).append("\r").append(currentTimeMillis).append("\r").append(stringify);
                String encodeBase64 = encodeBase64(sb2.toString());
                sb2.delete(0, sb2.length());
                String createAuthCacheEntry = createAuthCacheEntry(stringify, str3, str);
                if (z2) {
                    str7 = sb.append(createAuthCacheEntry).append(",").toString();
                    sb.delete(0, sb.length());
                } else {
                    str7 = createAuthCacheEntry;
                }
                Integer authCacheIdleTimeOut = getAuthCacheIdleTimeOut();
                if (isCFAdmin()) {
                    Element element3 = new Element((Serializable) cacheKey, (Serializable) str7);
                    if (authCacheIdleTimeOut != null) {
                        element3.setTimeToIdle(authCacheIdleTimeOut.intValue());
                    }
                    ehcacheCacheMngr.getCache(AUTH_CACHE_NAME).put(element3);
                } else {
                    CacheTO cacheTO3 = new CacheTO();
                    cacheTO3.setId(cacheKey);
                    cacheTO3.setValue(str7);
                    cacheTO3.setKey(AUTH_CACHE_NAME);
                    if (authCacheIdleTimeOut != null) {
                        cacheTO3.setTimetoidle(authCacheIdleTimeOut.intValue());
                    }
                    cacheTO3.setTimetoLive(auth_cache_config.getTimeToLiveSeconds());
                    cacheTO3.eternal = auth_cache_config.isEternal();
                    authCacheManager.put(cacheTO3, false);
                }
                if (cacheExists) {
                    if (isCFAdmin()) {
                        ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME).put(new Element((Serializable) str5, (Serializable) encodeBase64));
                    } else {
                        CacheTO cacheTO4 = new CacheTO();
                        cacheTO4.setId(str5);
                        cacheTO4.setValue(encodeBase64);
                        cacheTO4.setTimetoLive(auth_tokn_mapping_cache_config.getTimeToLiveSeconds());
                        cacheTO4.eternal = auth_tokn_mapping_cache_config.isEternal();
                        cacheTO4.setKey(AUTH_TOKEN_MAPPING_CACHE_NAME);
                        authCacheManager.put(cacheTO4, false);
                    }
                }
                SecurityScopeTracker securityScopeTracker = SecurityScopeTracker.getInstance();
                securityScopeTracker.copySecurityTableIfAbsent(str5, encodeBase64);
                if (!cacheExists) {
                    securityScopeTracker.removeSecurity(str5);
                }
                lockManager.releaseNamedLock(cacheKey, false);
                return encodeBase64;
            } catch (InterruptedException e) {
                CFLogs.SECURITY_LOG.error(RB.getString(this, "FetchCacheLockTimeOutError"), e);
                lockManager.releaseNamedLock(cacheKey, false);
                return null;
            }
        } catch (Throwable th) {
            lockManager.releaseNamedLock(cacheKey, false);
            throw th;
        }
    }

    public String createAuthToken(String str, String str2, String str3, boolean z, boolean z2) {
        StringBuilder sb = new StringBuilder();
        String str4 = "";
        if (z) {
            sb.append(UUIDUtils.createUUID(false));
            sb.append("\r");
            sb.append(str2);
            sb.append(DIGEST_NTLM);
        } else {
            long currentTimeMillis = System.currentTimeMillis();
            str4 = MD5.stringify(SecurityUtils.generateRandom(8));
            sb.append(str);
            sb.append("\r");
            sb.append(str2);
            sb.append("\r");
            sb.append(currentTimeMillis);
            sb.append("\r");
            sb.append(str4);
        }
        String sb2 = sb.toString();
        try {
            sb2 = encodeBase64(sb2);
            sb.delete(0, sb.length());
            if (!z) {
                addUpdateElemToAuthCache(getCacheKey(str, str2), createAuthCacheEntry(str4, str3, str), z2);
            }
        } catch (Exception e) {
            CFLogs.SECURITY_LOG.error(e.getMessage());
        }
        return sb2;
    }

    public String verifyAuth(String str) {
        return verifyAuth(str, true);
    }

    private String verifyAuth(String str, boolean z) {
        String str2 = str;
        if (str != null && str.length() > 0) {
            try {
                String decodeBase64 = decodeBase64(str);
                if (!decodeBase64.endsWith(DIGEST_NTLM)) {
                    String[] split = decodeBase64.split("\r", 4);
                    String str3 = split[0];
                    String str4 = split[1];
                    String str5 = split[2];
                    String str6 = split[3];
                    if (str5 != null && str6 != null && str3 != null && str4 != null) {
                        String cacheKey = getCacheKey(str3, str4);
                        String[] elemFromAuthCache = getElemFromAuthCache(cacheKey);
                        boolean z2 = false;
                        if (elemFromAuthCache != null && elemFromAuthCache.length > 0) {
                            int length = elemFromAuthCache.length;
                            int i = 0;
                            while (true) {
                                if (i >= length) {
                                    break;
                                }
                                String str7 = elemFromAuthCache[i];
                                String nonce = getNonce(str7);
                                if (nonce == null || !str6.equals(nonce)) {
                                    i++;
                                } else {
                                    z2 = true;
                                    if (System.currentTimeMillis() - Long.parseLong(str5) > AUTH_TIMETOREFRESH) {
                                        str2 = rotateAuthToken(str3, str4, retrivePassword(str7, str3), str6, str);
                                    }
                                }
                            }
                            if (z && !z2) {
                                str2 = getElemStrFromAuthMappingCache(cacheKey, str);
                                if (str2 != null) {
                                    return verifyAuth(str2, false);
                                }
                            }
                        }
                        if (!z2) {
                            str2 = null;
                        }
                    }
                }
            } catch (Exception e) {
                logger.error(e.getMessage());
                return str2;
            }
        }
        return str2;
    }

    public String[] parseAuthInfo(String str, String[] strArr) {
        String[] elemFromAuthCache;
        boolean z = false;
        if (str != null && str.length() > 0) {
            try {
                String decodeBase64 = decodeBase64(str);
                if (!decodeBase64.endsWith(DIGEST_NTLM)) {
                    String[] split = decodeBase64.split("\r", 4);
                    String str2 = split[0];
                    String str3 = split[1];
                    String str4 = split[2];
                    String str5 = split[3];
                    if (str4 != null && str5 != null && str2 != null && str3 != null) {
                        if (System.currentTimeMillis() - Long.parseLong(str4) <= AUTH_TIMETOREFRESH && (elemFromAuthCache = getElemFromAuthCache(getCacheKey(str2, str3))) != null && elemFromAuthCache.length > 0) {
                            int length = elemFromAuthCache.length;
                            int i = 0;
                            while (true) {
                                if (i < length) {
                                    String str6 = elemFromAuthCache[i];
                                    String nonce = getNonce(str6);
                                    if (nonce != null && str5.equals(nonce)) {
                                        strArr[0] = str2;
                                        strArr[1] = retrivePassword(str6, str2);
                                        z = true;
                                        break;
                                    }
                                    i++;
                                } else {
                                    break;
                                }
                            }
                        }
                    }
                    if (!z) {
                        removeElemFromAuthCache(getCacheKey(str2, str3), str5, Storage.STORAGE_DIR_CURRENT);
                        strArr = null;
                    }
                }
            } catch (Exception e) {
                throw new AuthenticationFailedException(e);
            }
        }
        return strArr;
    }

    public void processLogoutAuth(String str, String str2) {
        if (str == null || str.length() <= 0) {
            return;
        }
        try {
            String decodeBase64 = decodeBase64(str);
            if (!decodeBase64.endsWith(DIGEST_NTLM)) {
                String[] split = decodeBase64.split("\r", 5);
                String str3 = split[0];
                String str4 = split[1];
                String str5 = split[3];
                if (str4 != null && str5 != null && str3 != null) {
                    removeElemFromAuthCache(getCacheKey(str3, str4), str5, str2);
                }
            }
        } catch (Exception e) {
            CFLogs.SECURITY_LOG.error(e.getMessage());
        }
    }

    private boolean isDigest(String str) {
        return str.endsWith(DIGEST_NTLM);
    }

    private String decodeBase64(String str) {
        String str2;
        if (isDigest(str)) {
            return str;
        }
        try {
            str2 = new String(Base64Encoder.decode(str), "utf-8");
        } catch (UnsupportedEncodingException e) {
            str2 = new String(Base64Encoder.decode(str));
        }
        return str2;
    }

    private static String encodeBase64(String str) {
        byte[] bytes;
        try {
            bytes = str.getBytes("utf-8");
        } catch (UnsupportedEncodingException e) {
            bytes = str.getBytes();
        }
        return Base64Encoder.encode(bytes);
    }

    private String createAuthCacheEntry(String str, String str2, String str3) {
        return str + "_" + encryptPassword(str2, str3);
    }

    private String getNonce(String str) {
        String str2 = null;
        if (str != null && str.contains("_")) {
            str2 = str.substring(0, str.indexOf("_"));
        }
        return str2;
    }

    private String retrivePassword(String str, String str2) {
        String str3 = null;
        if (str != null && str.contains("_")) {
            str3 = decryptPassword(str.substring(str.indexOf("_") + 1), str2);
        }
        return str3;
    }

    private String encryptPassword(String str, String str2) {
        return str == null ? "" : PasswordUtils.encryptPassword(str, str2);
    }

    private String decryptPassword(String str, String str2) {
        return str == null ? "" : PasswordUtils.decryptPassword(str, str2);
    }

    private void addUpdateElemToAuthCache(String str, String str2, boolean z) {
        GenericCache authCacheManager = getAuthCacheManager();
        if (str != null) {
            boolean z2 = false;
            if (isCFAdmin()) {
                z2 = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME) != null;
            } else if (null != authCacheManager) {
                z2 = authCacheManager.cacheExists(AUTH_CACHE_NAME);
            }
            if (z2) {
                Integer authCacheIdleTimeOut = getAuthCacheIdleTimeOut();
                try {
                    try {
                        lockManager.requestNamedLock(str, false, getLockTimeOut());
                        String elementValue = isCFAdmin() ? getElementValue(str, ehcacheCacheMngr.getCache(AUTH_CACHE_NAME)) : getElementValue(AUTH_CACHE_NAME, authCacheManager, str);
                        String str3 = (!z || elementValue == null) ? str2 : elementValue + "," + str2;
                        if (isCFAdmin()) {
                            Element element = new Element((Serializable) str, (Serializable) str3);
                            if (authCacheIdleTimeOut != null) {
                                element.setTimeToIdle(authCacheIdleTimeOut.intValue());
                            }
                            ehcacheCacheMngr.getCache(AUTH_CACHE_NAME).put(element);
                        } else {
                            CacheTO cacheTO = new CacheTO();
                            cacheTO.setId(str);
                            cacheTO.setValue(str3);
                            cacheTO.setKey(AUTH_CACHE_NAME);
                            if (authCacheIdleTimeOut != null) {
                                cacheTO.setTimetoidle(authCacheIdleTimeOut.intValue());
                            } else {
                                cacheTO.setTimetoidle(auth_cache_config.getTimeToIdleSeconds());
                            }
                            cacheTO.setTimetoLive(auth_cache_config.getTimeToLiveSeconds());
                            cacheTO.eternal = auth_cache_config.isEternal();
                            authCacheManager.put(cacheTO, false);
                        }
                        lockManager.releaseNamedLock(str, false);
                    } catch (InterruptedException e) {
                        CFLogs.SECURITY_LOG.error(RB.getString(this, "FetchCacheLockTimeOutError"), e);
                        lockManager.releaseNamedLock(str, false);
                    }
                } catch (Throwable th) {
                    lockManager.releaseNamedLock(str, false);
                    throw th;
                }
            }
        }
    }

    private boolean isCFAdmin() {
        String str = null;
        FusionContext current = FusionContext.getCurrent();
        if (current != null) {
            str = current.getApplicationName();
            if (str == null && current.cacheConfig != null) {
                str = current.cacheConfig.applicationName;
            }
        }
        String str2 = str != null ? str : "";
        return str2.equalsIgnoreCase("componentutils") || str2.equalsIgnoreCase("cfadmin");
    }

    private String getElementValue(String str, GenericCache genericCache, String str2) {
        String str3;
        CacheTO cacheTO = new CacheTO();
        cacheTO.setKey(str);
        cacheTO.setId(str2);
        Object obj = genericCache.get(cacheTO, false);
        if (obj == null || (str3 = (String) obj) == null || str3.isEmpty()) {
            return null;
        }
        return str3;
    }

    private String getElementValue(String str, Cache cache) {
        String str2;
        Element element = cache.get((Serializable) str);
        if (element == null || (str2 = (String) element.getObjectValue()) == null || str2.isEmpty()) {
            return null;
        }
        return str2;
    }

    private Integer getAuthCacheIdleTimeOut() {
        FusionContext current = FusionContext.getCurrent();
        if (current == null) {
            return null;
        }
        AppHelper appHelper = current.getAppHelper();
        return appHelper != null ? Integer.valueOf(appHelper.getSessionTimeout()) : Integer.valueOf(Cast._int(ServiceFactory.getRuntimeService().getSessionTimeout()));
    }

    private String getElemStrFromAuthCache(String str) {
        GenericCache authCacheManager = getAuthCacheManager();
        String str2 = null;
        if (str != null) {
            boolean z = false;
            if (isCFAdmin()) {
                z = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME) != null;
            } else if (null != authCacheManager) {
                z = authCacheManager.cacheExists(AUTH_CACHE_NAME);
            }
            try {
                if (z) {
                    try {
                        lockManager.requestNamedLock(str, true, getLockTimeOut());
                        String str3 = null;
                        if (isCFAdmin()) {
                            Element element = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME).get((Serializable) str);
                            if (element != null) {
                                str3 = (String) element.getObjectValue();
                            }
                        } else {
                            CacheTO cacheTO = new CacheTO();
                            cacheTO.setKey(AUTH_CACHE_NAME);
                            cacheTO.setId(str);
                            Object obj = authCacheManager.get(cacheTO, false);
                            if (obj != null) {
                                str3 = (String) obj;
                            }
                        }
                        if (str3 != null) {
                            str2 = str3;
                        }
                        lockManager.releaseNamedLock(str, true);
                    } catch (InterruptedException e) {
                        CFLogs.SECURITY_LOG.error(RB.getString(this, "FetchCacheLockTimeOutError"), e);
                        lockManager.releaseNamedLock(str, true);
                    }
                }
            } catch (Throwable th) {
                lockManager.releaseNamedLock(str, true);
                throw th;
            }
        }
        return str2;
    }

    private String getElemStrFromAuthMappingCache(String str, String str2) {
        boolean cacheExists;
        GenericCache authCacheManager = getAuthCacheManager();
        String str3 = null;
        if (str2 != null) {
            if (isCFAdmin()) {
                cacheExists = ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME) != null;
            } else {
                cacheExists = authCacheManager.cacheExists(AUTH_TOKEN_MAPPING_CACHE_NAME);
            }
            try {
                if (cacheExists) {
                    try {
                        lockManager.requestNamedLock(str, false, getLockTimeOut());
                        String str4 = null;
                        if (isCFAdmin()) {
                            Element element = ehcacheCacheMngr.getCache(AUTH_TOKEN_MAPPING_CACHE_NAME).get((Serializable) str2);
                            if (element != null) {
                                str4 = (String) element.getObjectValue();
                            }
                        } else {
                            CacheTO cacheTO = new CacheTO();
                            cacheTO.setKey(AUTH_TOKEN_MAPPING_CACHE_NAME);
                            cacheTO.setId(str2);
                            Object obj = authCacheManager.get(cacheTO, false);
                            if (obj != null) {
                                str4 = (String) obj;
                            }
                        }
                        if (str4 != null) {
                            String str5 = str4;
                            str3 = str5;
                            if (str5 != null) {
                            }
                        }
                        lockManager.releaseNamedLock(str, false);
                    } catch (InterruptedException e) {
                        CFLogs.SECURITY_LOG.error(RB.getString(this, "FetchCacheLockTimeOutError"), e);
                        lockManager.releaseNamedLock(str, false);
                    }
                }
            } catch (Throwable th) {
                lockManager.releaseNamedLock(str, false);
                throw th;
            }
        }
        return str3;
    }

    private String[] getElemFromAuthCache(String str) {
        String elemStrFromAuthCache = getElemStrFromAuthCache(str);
        String[] strArr = null;
        if (elemStrFromAuthCache != null) {
            strArr = elemStrFromAuthCache.split(",");
        }
        return strArr;
    }

    private boolean removeElemFromAuthCache(String str, String str2, String str3) {
        String str4;
        GenericCache authCacheManager = getAuthCacheManager();
        boolean z = false;
        if (str != null) {
            Cache cache = ehcacheCacheMngr.getCache(AUTH_CACHE_NAME);
            boolean z2 = false;
            if (isCFAdmin()) {
                z2 = cache != null;
            } else if (null != authCacheManager) {
                z2 = authCacheManager.cacheExists(AUTH_CACHE_NAME);
            }
            try {
                if (z2) {
                    try {
                        CacheTO cacheTO = new CacheTO();
                        cacheTO.setId(str);
                        cacheTO.setKey(AUTH_CACHE_NAME);
                        cacheTO.exact = true;
                        lockManager.requestNamedLock(str, false, getLockTimeOut());
                        if (str3.equalsIgnoreCase("all")) {
                            z = isCFAdmin() ? cache.remove((Serializable) str) : authCacheManager.remove(cacheTO);
                        } else {
                            if (str2 == null || (str2 != null && str2.length() == 0)) {
                                z = isCFAdmin() ? cache.remove((Serializable) str) : authCacheManager.remove(cacheTO);
                                CFLogs.SECURITY_LOG.error(RB.getString(this, "IncompleteLogoutInfo"));
                            }
                            if (isCFAdmin()) {
                                Element element = cache.get((Serializable) str);
                                r16 = element != null ? (String) element.getObjectValue() : null;
                            } else {
                                CacheTO cacheTO2 = new CacheTO();
                                cacheTO2.setKey(AUTH_CACHE_NAME);
                                cacheTO2.setId(str);
                                Object obj = authCacheManager.get(cacheTO2, false);
                                if (obj != null) {
                                    r16 = (String) obj;
                                }
                            }
                            String str5 = "";
                            if (r16 != null && (str4 = r16) != null) {
                                String[] split = str4.split(",");
                                if (split != null && split.length > 0) {
                                    if (str3.equalsIgnoreCase(Storage.STORAGE_DIR_CURRENT)) {
                                        for (String str6 : split) {
                                            if (str6.startsWith(str2)) {
                                                z = true;
                                            } else {
                                                str5 = str5 + str6 + ",";
                                            }
                                        }
                                    } else if (str3.equalsIgnoreCase("others")) {
                                        int length = split.length;
                                        int i = 0;
                                        while (true) {
                                            if (i >= length) {
                                                break;
                                            }
                                            String str7 = split[i];
                                            if (str7.startsWith(str2)) {
                                                str5 = str5 + str7 + ",";
                                                z = true;
                                                break;
                                            }
                                            i++;
                                        }
                                    }
                                }
                                if (isCFAdmin()) {
                                    cache.put(new Element((Serializable) str, (Serializable) str5));
                                } else {
                                    CacheTO cacheTO3 = new CacheTO();
                                    cacheTO3.setKey(AUTH_CACHE_NAME);
                                    cacheTO3.setId(str);
                                    cacheTO3.setValue(str5);
                                    cacheTO3.setTimetoLive(auth_cache_config.getTimeToLiveSeconds());
                                    cacheTO3.eternal = auth_cache_config.isEternal();
                                    authCacheManager.put(cacheTO3, false);
                                }
                            } else if (isCFAdmin()) {
                                cache.remove((Serializable) str);
                            } else {
                                authCacheManager.remove(cacheTO);
                            }
                        }
                        lockManager.releaseNamedLock(str, false);
                    } catch (InterruptedException e) {
                        CFLogs.SECURITY_LOG.error(RB.getString(this, "FetchCacheLockTimeOutError"), e);
                        lockManager.releaseNamedLock(str, false);
                    }
                }
            } catch (Throwable th) {
                lockManager.releaseNamedLock(str, false);
                throw th;
            }
        }
        return z;
    }

    private String getCacheKey(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        return str + ":" + str2;
    }

    private long getLockTimeOut() {
        long requestTimeout = RequestMonitor.getRequestTimeout();
        return (requestTimeout == 0 ? 120L : requestTimeout) * 1000;
    }

    public String getAllowedAdminIPList() {
        return this.allowedAdminIPList;
    }

    public void setAllowedAdminIPList(String str) {
        authenticateAdmin();
        try {
            this.allowedAdminIPList = str;
            this.config.put(CFSetupConstants.ALLOWED_ADMIN_IP, this.allowedAdminIPList);
            store();
        } catch (ServiceException e) {
            throw new ServiceRuntimeException(e);
        }
    }

    public boolean isSecureProfile() {
        return this.isSecureProfile;
    }

    public void setSecureProfile(boolean z) {
        authenticateAdmin();
        this.isSecureProfile = z;
        this.config.put(CFSetupConstants.SECURE_PROFILE_ENABLED, z ? Boolean.TRUE : Boolean.FALSE);
    }

    public void enableSecureProfile() throws ServiceException {
        if (this.isSecureProfile) {
            return;
        }
        setSecureProfile(true);
        this.spHelper.enableSecureProfile();
    }

    public void disableSecureProfile() throws ServiceException {
        if (this.isSecureProfile) {
            setSecureProfile(false);
            this.spHelper.disableSecureProfile();
        }
    }

    public Set<SecureProfileSetting> getAllSecureProfileSettings() {
        return this.spHelper.getAllSecureProfileSettings();
    }

    public Array getAllSecureProfileSettingsInArray() {
        return this.spHelper.getAllSecureProfileSettingsInArray();
    }

    public void loadSecureProfileHelper() throws ServiceException {
        this.spHelper.load();
    }

    public void setAuthenticated(boolean z, SecurityTable securityTable) {
        authenticated.set(new SecurityState(z, securityTable));
    }

    public void removeAuthenticated() {
        authenticated.remove();
    }

    private boolean isAuthenticated() {
        SecurityState securityState = authenticated.get();
        return securityState != null && securityState.isAuthenticated();
    }

    public SecurityTable getSecurityState() {
        SecurityState securityState = authenticated.get();
        if (securityState != null) {
            return securityState.get_secTab();
        }
        return null;
    }

    public String getCFAdminCookieSuffix() {
        return Version.getMajor() + this.cfAdminCookieIdentifier;
    }
}
