public final class org.apache.wiki.auth.SecurityVerifier extends java.lang.Object { private final org.apache.wiki.api.core.Engine m_engine; private boolean m_isSecurityPolicyConfigured; private java.security.Principal[] m_policyPrincipals; private final org.apache.wiki.api.core.Session m_session; public static final java.lang.String ERROR; public static final java.lang.String WARNING; public static final java.lang.String INFO; public static final java.lang.String ERROR_POLICY; public static final java.lang.String WARNING_POLICY; public static final java.lang.String INFO_POLICY; public static final java.lang.String ERROR_JAAS; public static final java.lang.String WARNING_JAAS; public static final java.lang.String ERROR_ROLES; public static final java.lang.String INFO_ROLES; public static final java.lang.String ERROR_DB; public static final java.lang.String WARNING_DB; public static final java.lang.String INFO_DB; public static final java.lang.String ERROR_GROUPS; public static final java.lang.String WARNING_GROUPS; public static final java.lang.String INFO_GROUPS; public static final java.lang.String INFO_JAAS; private static final java.lang.String[] CONTAINER_ACTIONS; private static final java.lang.String[] CONTAINER_JSPS; private static final java.lang.String BG_GREEN; private static final java.lang.String BG_RED; private static final org.apache.logging.log4j.Logger LOG; public void (org.apache.wiki.api.core.Engine, org.apache.wiki.api.core.Session) { java.lang.Throwable v; java.security.Principal[] v; org.apache.wiki.auth.SecurityVerifier v; org.apache.wiki.api.core.Engine v; org.apache.wiki.api.core.Session v, v, v; java.lang.String v; v := @this: org.apache.wiki.auth.SecurityVerifier; v := @parameter: org.apache.wiki.api.core.Engine; v := @parameter: org.apache.wiki.api.core.Session; specialinvoke v.()>(); v = newarray (java.security.Principal)[0]; v. = v; v. = v; v. = v; v = v.; interfaceinvoke v.(); virtualinvoke v.(); virtualinvoke v.(); label: virtualinvoke v.(); label: goto label; label: v := @caughtexception; v = v.; v = virtualinvoke v.(); interfaceinvoke v.("Error.Roles", v); label: virtualinvoke v.(); virtualinvoke v.(); return; catch org.apache.wiki.api.exceptions.WikiException from label to label with label; } public java.security.Principal[] policyPrincipals() { java.security.Principal[] v; org.apache.wiki.auth.SecurityVerifier v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; return v; } public java.lang.String policyRoleTable() { org.apache.wiki.auth.permissions.WikiPermission v; java.lang.StringBuilder v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; org.apache.wiki.api.core.Engine v; org.apache.wiki.auth.permissions.GroupPermission v, v; java.security.Principal[] v; org.apache.wiki.auth.permissions.PagePermission v; java.security.Principal v, v, v, v, v; float v; org.apache.wiki.auth.SecurityVerifier v; java.lang.String[] v, v, v, v, v; int v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v; org.apache.wiki.auth.permissions.AllPermission v; java.lang.Class v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = v.; v = interfaceinvoke v.(); v = newarray (java.lang.String)[4]; v[0] = "Main"; v[1] = "Index"; v[2] = "GroupTest"; v[3] = "GroupAdmin"; v = newarray (java.lang.String)[5]; v[0] = "view"; v[1] = "edit"; v[2] = "modify"; v[3] = "rename"; v[4] = "delete"; v = newarray (java.lang.String)[3]; v[0] = "Admin"; v[1] = "TestGroup"; v[2] = "Foo"; v = newarray (java.lang.String)[5]; v[0] = "view"; v[1] = "edit"; v[2] = null; v[3] = null; v[4] = "delete"; v = lengthof v; v = lengthof v; if v <= 0 goto label; if v <= 0 goto label; v = v * v; v = 67.0F / v; v = dynamicinvoke "makeConcatWithConstants" (v) ("\u0001%"); goto label; label: v = "67%"; label: v = new java.lang.StringBuilder; specialinvoke v.()>(); virtualinvoke v.("\n"); virtualinvoke v.(" \n"); v = virtualinvoke v.(" (v); v = virtualinvoke v.("\" width=\""); v = virtualinvoke v.(v); virtualinvoke v.("\" align=\"center\"/>\n"); virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(" \n"); v = v + 1; goto label; label: virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); v = 0; label: if v >= v goto label; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(0, 1); v = virtualinvoke v.(" \n"); v = v + 1; goto label; label: v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = dynamicinvoke "makeConcatWithConstants" (v, v) ("\u0001:\u0001"); v = staticinvoke (v, v); v = specialinvoke v.(v, v, 1); virtualinvoke v.(v); v = v + 1; goto label; label: v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = v + 1; goto label; label: v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = null; if v == null goto label; v = new org.apache.wiki.auth.permissions.GroupPermission; v = dynamicinvoke "makeConcatWithConstants" (v, v) ("\u0001:\u0001"); specialinvoke v.(java.lang.String,java.lang.String)>(v, v); v = v; label: v = specialinvoke v.(v, v, 1); virtualinvoke v.(v); v = v + 1; goto label; label: v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = v + 1; goto label; label: v = newarray (java.lang.String)[5]; v[0] = "createGroups"; v[1] = "createPages"; v[2] = "login"; v[3] = "editPreferences"; v[4] = "editProfile"; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = new org.apache.wiki.auth.permissions.WikiPermission; specialinvoke v.(java.lang.String,java.lang.String)>(v, v); v = specialinvoke v.(v, v, v); virtualinvoke v.(v); v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = new org.apache.wiki.auth.permissions.AllPermission; specialinvoke v.(java.lang.String)>(v); v = specialinvoke v.(v, v, v); virtualinvoke v.(v); v = v + 1; goto label; label: virtualinvoke v.(" \n"); virtualinvoke v.("

Permission	(v); v = virtualinvoke v.("\" title=\""); v = virtualinvoke v.(); v = virtualinvoke v.(); v = virtualinvoke v.(v); v = virtualinvoke v.("\">"); v = interfaceinvoke v.(); v = virtualinvoke v.(v); virtualinvoke v.("
(v); v = virtualinvoke v.("\">"); v = virtualinvoke v.(v); virtualinvoke v.("
PagePermission \""); v = virtualinvoke v.(v); v = virtualinvoke v.(":"); v = virtualinvoke v.(v); virtualinvoke v.("\"
GroupPermission \""); v = virtualinvoke v.(v); v = virtualinvoke v.(":"); v = virtualinvoke v.(v); virtualinvoke v.("\"
WikiPermission \""); v = virtualinvoke v.(v); v = virtualinvoke v.("\",\""); v = virtualinvoke v.(v); virtualinvoke v.("\"
AllPermission \""); v = virtualinvoke v.(v); virtualinvoke v.("\"

"); v = virtualinvoke v.(); return v; } private java.lang.String printPermissionTest(java.security.Permission, java.security.Principal, int) { org.apache.wiki.auth.SecurityVerifier v; int v; java.lang.String v, v, v, v, v, v, v, v, v; boolean v; java.security.Principal v; java.security.Permission v; java.lang.Class v, v; java.lang.StringBuilder v, v, v, v, v; v := @this: org.apache.wiki.auth.SecurityVerifier; v := @parameter: java.security.Permission; v := @parameter: java.security.Principal; v := @parameter: int; v = new java.lang.StringBuilder; specialinvoke v.()>(); if v != null goto label; v = virtualinvoke v.(" (v); virtualinvoke v.("\" align=\"center\" title=\"N/A\">"); virtualinvoke v.(" \n"); goto label; label: v = virtualinvoke v.(v, v); v = virtualinvoke v.(" (v); virtualinvoke v.("\" align=\"center\" title=\""); if v == 0 goto label; v = "ALLOW: "; goto label; label: v = "DENY: "; label: virtualinvoke v.(v); v = virtualinvoke v.(); v = virtualinvoke v.(); virtualinvoke v.(v); virtualinvoke v.(" ""); v = virtualinvoke v.(); virtualinvoke v.(v); virtualinvoke v.("""); v = virtualinvoke v.(); if v == null goto label; virtualinvoke v.(",""); v = virtualinvoke v.(); virtualinvoke v.(v); virtualinvoke v.("""); label: virtualinvoke v.(" "); v = virtualinvoke v.(); v = virtualinvoke v.(); virtualinvoke v.(v); virtualinvoke v.(" ""); v = interfaceinvoke v.(); virtualinvoke v.(v); virtualinvoke v.("""); virtualinvoke v.("\""); if v == 0 goto label; v = "bgcolor=\"#c0ffc0\">"; goto label; label: v = "bgcolor=\"#ffc0c0\">"; label: virtualinvoke v.(v); virtualinvoke v.(" \n"); label: v = virtualinvoke v.(); return v; } public java.lang.String containerRoleTable() throws org.apache.wiki.api.exceptions.WikiException { java.lang.IllegalStateException v; boolean v, v, v, v, v, v, v; java.security.Principal[] v; java.security.Principal v, v; java.lang.StringBuilder v, v, v, v, v, v, v, v, v, v; org.apache.wiki.auth.Authorizer v; org.apache.wiki.auth.SecurityVerifier v; java.lang.String[] v, v, v; int v, v, v, v, v, v, v; java.lang.String v, v, v, v, v, v, v, v, v, v; org.apache.wiki.auth.authorize.Role v; org.apache.wiki.api.core.Engine v; java.lang.Class v; java.lang.Object v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/AuthorizationManager;"); v = interfaceinvoke v.(); v = v instanceof org.apache.wiki.auth.authorize.WebContainerAuthorizer; if v != 0 goto label; v = new java.lang.IllegalStateException; specialinvoke v.(java.lang.String)>("Authorizer should be WebContainerAuthorizer"); throw v; label: v = new java.lang.StringBuilder; specialinvoke v.()>(); v = interfaceinvoke v.(); virtualinvoke v.("\n"); virtualinvoke v.("\n"); virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(" \n"); v = v + 1; goto label; label: virtualinvoke v.("\n"); virtualinvoke v.("\n"); virtualinvoke v.("\n"); v = 0; label: v = ; v = lengthof v; if v >= v goto label; v = ; v = v[v]; v = ; v = v[v]; v = ; v = virtualinvoke v.(v, v); if v != 0 goto label; v = 1; goto label; label: v = 0; label: v = v; virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); v = virtualinvoke v.(" \n"); virtualinvoke v.(" \n"); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; if v != 0 goto label; v = virtualinvoke v.(v, v); if v == 0 goto label; label: v = 1; goto label; label: v = 0; label: v = v; virtualinvoke v.(" \n"); v = v + 1; goto label; label: virtualinvoke v.(" \n"); v = v + 1; goto label; label: virtualinvoke v.("\n"); virtualinvoke v.("

Action	Page	(v); v = virtualinvoke v.(1); virtualinvoke v.("\">Roles
Anonymous	"); v = interfaceinvoke v.(); v = virtualinvoke v.(v); virtualinvoke v.("
"); v = virtualinvoke v.(v); virtualinvoke v.("	"); v = virtualinvoke v.(v); virtualinvoke v.("	(v); virtualinvoke v.(v); virtualinvoke v.(" Anonymous"); virtualinvoke v.("\""); if v == 0 goto label; v = "bgcolor=\"#c0ffc0\">"; goto label; label: v = "bgcolor=\"#ffc0c0\">"; label: virtualinvoke v.(v); virtualinvoke v.("	(v); virtualinvoke v.(v); virtualinvoke v.(" "); v = virtualinvoke v.(); v = virtualinvoke v.(); virtualinvoke v.(v); virtualinvoke v.(" ""); v = interfaceinvoke v.(); virtualinvoke v.(v); virtualinvoke v.("""); virtualinvoke v.("\""); if v == 0 goto label; v = "bgcolor=\"#c0ffc0\">"; goto label; label: v = "bgcolor=\"#ffc0c0\">"; label: virtualinvoke v.(v); virtualinvoke v.("

\n"); v = virtualinvoke v.(); return v; } public boolean isSecurityPolicyConfigured() { boolean v; org.apache.wiki.auth.SecurityVerifier v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; return v; } public java.security.Principal[] webContainerRoles() throws org.apache.wiki.api.exceptions.WikiException { java.security.Principal[] v, v; org.apache.wiki.api.core.Engine v; org.apache.wiki.auth.SecurityVerifier v; java.lang.Object v; org.apache.wiki.auth.Authorizer v; boolean v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/AuthorizationManager;"); v = interfaceinvoke v.(); v = v instanceof org.apache.wiki.auth.authorize.WebContainerAuthorizer; if v == 0 goto label; v = interfaceinvoke v.(); return v; label: v = newarray (java.security.Principal)[0]; return v; } void verifyPolicyAndContainerRoles() throws org.apache.wiki.api.exceptions.WikiException { org.apache.wiki.auth.SecurityVerifier v; int v, v; org.apache.wiki.api.core.Session v, v; java.lang.String v, v; boolean v, v, v, v; java.security.Principal[] v, v; java.security.Principal v; org.apache.wiki.api.core.Engine v; java.lang.Object v; org.apache.wiki.auth.Authorizer v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/AuthorizationManager;"); v = interfaceinvoke v.(); v = interfaceinvoke v.(); v = 0; v = v.; v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = v instanceof org.apache.wiki.auth.authorize.Role; if v == 0 goto label; v = staticinvoke (v, v); v = staticinvoke (v); if v != 0 goto label; if v != 0 goto label; v = v.; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("Role \'\u0001\' is defined in security policy but not in web.xml."); interfaceinvoke v.("Error.Roles", v); v = 1; label: v = v + 1; goto label; label: if v != 0 goto label; v = v.; interfaceinvoke v.("Info.Roles", "Every non-standard role defined in the security policy was also found in web.xml."); label: return; } void verifyGroupDatabase() { org.apache.wiki.auth.SecurityVerifier v; org.apache.wiki.auth.authorize.Group[] v, v, v; long v; int v, v, v; org.apache.wiki.api.core.Session v, v, v, v, v, v, v, v, v; java.lang.String v, v, v, v; org.apache.wiki.auth.WikiPrincipal v, v; org.apache.wiki.auth.authorize.GroupDatabase v; org.apache.wiki.api.core.Engine v, v; java.lang.Class v; java.lang.Object v, v; org.apache.wiki.auth.authorize.Group v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/authorize/GroupManager;"); v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/authorize/GroupManager;"); v = interfaceinvoke v.(); if v == null goto label; if v != null goto label; label: if v != null goto label; v = v.; interfaceinvoke v.("Error.GroupDatabase", "GroupManager is null; JSPWiki could not initialize it. Check the error logs."); label: if v != null goto label; v = v.; interfaceinvoke v.("Error.GroupDatabase", "GroupDatabase is null; JSPWiki could not initialize it. Check the error logs."); label: return; label: v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("GroupDatabase is of type \'\u0001\'. It appears to be initialized properly."); interfaceinvoke v.("Info.GroupDatabase", v); v = interfaceinvoke v.(); v = lengthof v; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("The group database contains \u groups."); interfaceinvoke v.("Info.GroupDatabase", v); v = staticinvoke (); v = dynamicinvoke "makeConcatWithConstants" (v) ("TestGroup\u0001"); v = interfaceinvoke v.(v, "", 1); v = new org.apache.wiki.auth.WikiPrincipal; specialinvoke v.(java.lang.String)>("TestUser"); virtualinvoke v.(v); v = new org.apache.wiki.auth.WikiPrincipal; specialinvoke v.(java.lang.String)>("SecurityVerifier"); interfaceinvoke v.(v, v); v = interfaceinvoke v.(); v = lengthof v; if v != v goto label; v = v.; interfaceinvoke v.("Error.GroupDatabase", "Could not add a test group to the database."); return; label: v = v.; interfaceinvoke v.("Info.GroupDatabase", "The group database allows new groups to be created, as it should."); interfaceinvoke v.(v); v = interfaceinvoke v.(); v = lengthof v; if v == v goto label; v = v.; interfaceinvoke v.("Error.GroupDatabase", "Could not delete a test group from the database."); return; label: v = v.; interfaceinvoke v.("Info.GroupDatabase", "The group database allows groups to be deleted, as it should."); v = v.; interfaceinvoke v.("Info.GroupDatabase", "The group database configuration looks fine."); return; } void verifyJaas() { org.apache.wiki.auth.SecurityVerifier v; org.apache.wiki.api.core.Session v, v, v, v, v; java.lang.String v, v, v, v, v; boolean v, v; java.util.Properties v; org.apache.wiki.api.core.Engine v; java.lang.Class v, v; java.lang.ClassNotFoundException v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(); v = virtualinvoke v.("jspwiki.loginModule.class"); if v == null goto label; v = virtualinvoke v.(); if v == 0 goto label; label: v = v.; interfaceinvoke v.("Error.Jaas", "The value of the \'jspwiki.loginModule.class\' property was null or blank. This is a fatal error. This value should be set to a valid LoginModule implementation on the classpath."); return; label: v = null; label: v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("The property \'jspwiki.loginModule.class\' specified the class \'\u.\'"); interfaceinvoke v.("Info.Jaas", v); v = staticinvoke (v); label: goto label; label: v := @caughtexception; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("We could not find the the class \'\u0001\' on the classpath. This is fatal error."); interfaceinvoke v.("Error.Jaas", v); label: v = class "Ljavax/security/auth/spi/LoginModule;"; v = virtualinvoke v.(v); if v == 0 goto label; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("We found the the class \'\u0001\' on the classpath, and it is a LoginModule implementation. Good!"); interfaceinvoke v.("Info.Jaas", v); goto label; label: v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("We found the the class \'\u0001\' on the classpath, but it does not seem to be LoginModule implementation! This is fatal error."); interfaceinvoke v.("Error.Jaas", v); label: return; catch java.lang.ClassNotFoundException from label to label with label; } java.io.File getFileFromProperty(java.lang.String) { java.net.URL v; org.apache.wiki.auth.SecurityVerifier v; java.lang.SecurityException v; org.apache.wiki.api.core.Session v, v, v, v, v; java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v; boolean v, v, v; java.net.MalformedURLException v; java.io.File v; v := @this: org.apache.wiki.auth.SecurityVerifier; v := @parameter: java.lang.String; label: v = staticinvoke (v); if v != null goto label; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("Error.\u0001"); v = dynamicinvoke "makeConcatWithConstants" (v) ("The system property \'\u0001\' is null."); interfaceinvoke v.(v, v); label: return null; label: v = virtualinvoke v.("="); if v == 0 goto label; v = virtualinvoke v.(1); label: v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("Info.\u0001"); v = dynamicinvoke "makeConcatWithConstants" (v, v) ("The system property \'\u0001\' is set to: \u."); interfaceinvoke v.(v, v); v = virtualinvoke v.("file:"); if v != 0 goto label; v = dynamicinvoke "makeConcatWithConstants" (v) ("file:\u0001"); label: v = new java.net.URL; specialinvoke v.(java.lang.String)>(v); v = new java.io.File; v = virtualinvoke v.(); specialinvoke v.(java.lang.String)>(v); v = virtualinvoke v.(); if v == 0 goto label; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("Info.\u0001"); v = dynamicinvoke "makeConcatWithConstants" (v) ("File \'\u0001\' exists in the filesystem."); interfaceinvoke v.(v, v); label: return v; label: v := @caughtexception; label: v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("Error.\u0001"); v = dynamicinvoke "makeConcatWithConstants" (v) ("File \'\u0001\' doesn\'t seem to exist. This might be a problem."); interfaceinvoke v.(v, v); label: return null; label: v := @caughtexception; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("Error.\u0001"); v = dynamicinvoke "makeConcatWithConstants" (v) ("We could not read system property \'\u0001\'. This is probably because you are running with a security manager."); interfaceinvoke v.(v, v); return null; catch java.net.MalformedURLException from label to label with label; catch java.lang.SecurityException from label to label with label; catch java.lang.SecurityException from label to label with label; catch java.lang.SecurityException from label to label with label; } void verifyPolicy() { java.net.URL v; org.apache.wiki.api.core.Session v, v, v, v, v, v; boolean v, v; java.security.Principal[] v, v; java.security.KeyStore v; java.util.List v, v; java.lang.Object[] v; org.apache.wiki.auth.SecurityVerifier v; int v, v, v; java.lang.String v, v, v, v; java.util.LinkedHashSet v; org.apache.wiki.auth.authorize.Role v, v, v, v; java.util.Iterator v; org.freshcookies.security.policy.PolicyReader v; java.io.IOException v; java.io.File v, v; org.apache.wiki.api.core.Engine v; java.security.ProtectionDomain[] v; java.security.ProtectionDomain v; java.lang.Object v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.("jspwiki.policy"); v = virtualinvoke v.(); v = virtualinvoke v.("file:"); if v == 0 goto label; v = virtualinvoke v.(5); label: v = new java.io.File; specialinvoke v.(java.lang.String)>(v); label: v = new org.freshcookies.security.policy.PolicyReader; specialinvoke v.(java.io.File)>(v); v = v.; v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("The security policy \'\u0001\' exists."); interfaceinvoke v.("Info.Policy", v); v = virtualinvoke v.(); if v != null goto label; v = v.; interfaceinvoke v.("Warning.Policy", "Policy file does not have a keystore... at least not one that we can locate. If your policy file does not contain any \'signedBy\' blocks, this is probably ok."); goto label; label: v = v.; interfaceinvoke v.("Info.Policy", "The security policy specifies a keystore, and we were able to locate it in the filesystem."); label: virtualinvoke v.(); v = virtualinvoke v.(); v = interfaceinvoke v.(); if v <= 0 goto label; v = interfaceinvoke v.(); label: v = interfaceinvoke v.(); if v == 0 goto label; v = interfaceinvoke v.(); v = v.; v = virtualinvoke v.(); interfaceinvoke v.("Error.Policy", v); goto label; label: v = v.; interfaceinvoke v.("Info.Policy", "The security policy looks fine."); v. = 1; label: v = new java.util.LinkedHashSet; specialinvoke v.()>(); v = ; interfaceinvoke v.(v); v = ; interfaceinvoke v.(v); v = ; interfaceinvoke v.(v); v = ; interfaceinvoke v.(v); v = virtualinvoke v.(); v = lengthof v; v = 0; label: if v >= v goto label; v = v[v]; v = virtualinvoke v.(); v = staticinvoke (v); interfaceinvoke v.(v); v = v + 1; goto label; label: v = newarray (java.security.Principal)[0]; v = interfaceinvoke v.(v); v. = v; label: goto label; label: v := @caughtexception; v = v.; v = virtualinvoke v.(); interfaceinvoke v.("Error.Policy", v); label: return; catch java.io.IOException from label to label with label; } boolean verifyStaticPermission(java.security.Principal, java.security.Permission) { java.security.Principal[] v; org.apache.wiki.auth.SecurityVerifier v; java.util.Set v; java.security.PrivilegedAction v; javax.security.auth.Subject v; java.security.Principal v; org.apache.wiki.api.core.Engine v; java.security.Permission v; java.lang.Object v, v; boolean v, v; v := @this: org.apache.wiki.auth.SecurityVerifier; v := @parameter: java.security.Principal; v := @parameter: java.security.Permission; v = new javax.security.auth.Subject; specialinvoke v.()>(); v = virtualinvoke v.(); interfaceinvoke v.(v); v = staticinvoke (v); v = staticinvoke (v, v, null); v = virtualinvoke v.(); if v == 0 goto label; return 1; label: v = newarray (java.security.Principal)[1]; v[0] = v; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/AuthorizationManager;"); v = interfaceinvoke v.(v, v); return v; } void verifyUserDatabase() { org.apache.wiki.auth.SecurityVerifier v; long v; org.apache.wiki.auth.user.UserProfile v; int v, v, v; org.apache.wiki.api.core.Session v, v, v, v, v, v, v, v, v; java.lang.String v, v, v, v, v; boolean v; java.security.Principal[] v, v, v; org.apache.wiki.auth.user.UserDatabase v; org.apache.wiki.api.core.Engine v; java.lang.Class v; java.lang.Object v; v := @this: org.apache.wiki.auth.SecurityVerifier; v = v.; v = interfaceinvoke v.(class "Lorg/apache/wiki/auth/UserManager;"); v = interfaceinvoke v.(); if v != null goto label; v = v.; interfaceinvoke v.("Error.UserDatabase", "UserDatabase is null; JSPWiki could not initialize it. Check the error logs."); return; label: v = v instanceof org.apache.wiki.auth.user.DummyUserDatabase; if v == 0 goto label; v = v.; interfaceinvoke v.("Error.UserDatabase", "UserDatabase is DummyUserDatabase; JSPWiki may not have been able to initialize the database you supplied in jspwiki.properties, or you left the \'jspwiki.userdatabase\' property blank. Check the error logs."); label: v = v.; v = virtualinvoke v.(); v = virtualinvoke v.(); v = dynamicinvoke "makeConcatWithConstants" (v) ("UserDatabase is of type \'\u0001\'. It appears to be initialized properly."); interfaceinvoke v.("Info.UserDatabase", v); v = interfaceinvoke v.(); v = lengthof v; v = v.; v = dynamicinvoke "makeConcatWithConstants" (v) ("The user database contains \u users."); interfaceinvoke v.("Info.UserDatabase", v); v = staticinvoke (); v = dynamicinvoke "makeConcatWithConstants" (v) ("TestUser\u0001"); v = interfaceinvoke v.(); interfaceinvoke v.("jspwiki.tests@mailinator.com"); interfaceinvoke v.(v); v = dynamicinvoke "makeConcatWithConstants" (v) ("FullName\u0001"); interfaceinvoke v.(v); interfaceinvoke v.("password"); interfaceinvoke v.(v); v = interfaceinvoke v.(); v = lengthof v; if v != v goto label; v = v.; interfaceinvoke v.("Error.UserDatabase", "Could not add a test user to the database."); return; label: v = v.; interfaceinvoke v.("Info.UserDatabase", "The user database allows new users to be created, as it should."); interfaceinvoke v.(v); v = interfaceinvoke v.(); v = lengthof v; if v == v goto label; v = v.; interfaceinvoke v.("Error.UserDatabase", "Could not delete a test user from the database."); return; label: v = v.; interfaceinvoke v.("Info.UserDatabase", "The user database allows users to be deleted, as it should."); v = v.; interfaceinvoke v.("Info.UserDatabase", "The user database configuration looks fine."); return; } static void () { org.apache.logging.log4j.Logger v; java.lang.Class v; java.lang.String[] v, v; java.lang.String v; v = newarray (java.lang.String)[7]; v[0] = "View pages"; v[1] = "Comment on existing pages"; v[2] = "Edit pages"; v[3] = "Upload attachments"; v[4] = "Create a new group"; v[5] = "Rename an existing page"; v[6] = "Delete pages"; = v; v = newarray (java.lang.String)[7]; v[0] = "/Wiki.jsp"; v[1] = "/Comment.jsp"; v[2] = "/Edit.jsp"; v[3] = "/Upload.jsp"; v[4] = "/NewGroup.jsp"; v[5] = "/Rename.jsp"; v[6] = "/Delete.jsp"; = v; v = class "Lorg/apache/wiki/auth/SecurityVerifier;"; v = virtualinvoke v.(); v = staticinvoke (v); = v; return; } }