package com.ibm.ejs.security.web;

import com.ibm.WebSphereSecurity.BasicAuthData;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.util.Base64Coder;
import com.ibm.servlet.engine.srt.IPrivateRequestAttributes;
import com.ibm.websphere.security.TrustAssociationInterceptor;
import com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.WebTrustAssociationUserException;
import java.util.Enumeration;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/ibm/ejs/security/web/WebSealTrustAssociationInterceptor.class */
public class WebSealTrustAssociationInterceptor extends WebSphereBaseTrustAssociationInterceptor implements TrustAssociationInterceptor {
    private static TraceComponent tc;
    private static int sourceCnt;
    static Class class$com$ibm$ejs$security$web$WebSealTrustAssociationInterceptor;
    protected WebAuthenticator webAuth = null;
    protected String[] ServerSources = null;
    protected String[] ID = null;
    protected String WebSealLoginID = null;
    public String realm = "default";
    public boolean PDAlreadyAuthenticated = false;
    protected boolean UsingLocallySpecifiedWebSealUser = false;

    static {
        Class class$;
        if (class$com$ibm$ejs$security$web$WebSealTrustAssociationInterceptor != null) {
            class$ = class$com$ibm$ejs$security$web$WebSealTrustAssociationInterceptor;
        } else {
            class$ = class$("com.ibm.ejs.security.web.WebSealTrustAssociationInterceptor");
            class$com$ibm$ejs$security$web$WebSealTrustAssociationInterceptor = class$;
        }
        tc = Tr.register(class$);
        sourceCnt = 0;
    }

    public WebSealTrustAssociationInterceptor() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Created a WebSealTrustAssociationInterceptor.");
        }
    }

    protected void addASource(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addASource");
        }
        if (str != null && str.length() == 0) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addASource: No source added.");
                return;
            }
            return;
        }
        try {
            Integer.decode(str2);
            String[] strArr = this.ServerSources;
            int i = sourceCnt;
            sourceCnt = i + 1;
            strArr[i] = new StringBuffer(String.valueOf(str)).append(":").append(str2).toString();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer("addASource: Added source = ").append(str).append(":").append(str2).toString());
            }
        } catch (Exception unused) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "addASource: cannot add invalid port number.");
            }
        }
    }

    private int checkVia(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer("checkVia: ").append(str).append(":").append(str2).toString());
        }
        String stringBuffer = new StringBuffer(String.valueOf(str)).append(":0").toString();
        String stringBuffer2 = new StringBuffer(String.valueOf(str)).append(":").append(str2).toString();
        if (this.ServerSources == null || this.ServerSources.length == 0) {
            if (!tc.isEntryEnabled()) {
                return 0;
            }
            Tr.exit(tc, "checkVia: OK");
            return 0;
        }
        for (int i = 0; i < this.ServerSources.length; i++) {
            String str3 = this.ServerSources[i];
            if (str3.equalsIgnoreCase(stringBuffer) || str3.equalsIgnoreCase(stringBuffer2)) {
                if (!tc.isEntryEnabled()) {
                    return 0;
                }
                Tr.exit(tc, "checkVia: OK");
                return 0;
            }
        }
        if (!tc.isEntryEnabled()) {
            return -1;
        }
        Tr.exit(tc, "checkVia: -1 ");
        return -1;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public void cleanup() {
    }

    public String getAuthenticatedUsername(HttpServletRequest httpServletRequest) throws WebTrustAssociationUserException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthenticatedUsername");
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (true) {
            if (!headerNames.hasMoreElements()) {
                break;
            }
            String str = (String) headerNames.nextElement();
            if (str.equals("iv-user")) {
                String header = httpServletRequest.getHeader(str);
                if (header != null && header.trim().length() != 0) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, new StringBuffer("getAuthenticatedUsername:  ").append(header).toString());
                    }
                    return header;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthenticatedUsername: No username found.");
        }
        throw new WebTrustAssociationUserException("No valid value provided as username.");
    }

    protected Vector getCheckID() {
        Vector vector = new Vector();
        if (this.ID != null) {
            for (int i = 0; i < this.ID.length; i++) {
                vector.addElement(this.ID[i]);
            }
        }
        return vector;
    }

    private String[] getElements(String str) {
        Vector vector = new Vector();
        int i = 0;
        if (str == null || str.trim().length() <= 0) {
            return null;
        }
        while (true) {
            int indexOf = str.indexOf(44);
            if (indexOf == -1) {
                break;
            }
            vector.addElement(str.substring(0, indexOf).trim());
            i++;
            str = str.substring(indexOf + 1);
        }
        if (str.trim().length() > 0) {
            i++;
            vector.addElement(str.trim());
        }
        String[] strArr = new String[i];
        Enumeration elements = vector.elements();
        for (int i2 = 0; i2 < i; i2++) {
            strArr[i2] = (String) elements.nextElement();
        }
        return strArr;
    }

    public int init(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init()");
        }
        try {
            PropertyResourceBundle propertyResourceBundle = (PropertyResourceBundle) ResourceBundle.getBundle(str);
            String[] strArr = null;
            String[] strArr2 = null;
            setVersion("WebSeal Interceptor Version 1.1");
            try {
                this.ID = getElements(propertyResourceBundle.getString("com.ibm.websphere.security.webseal.id"));
            } catch (Exception unused) {
            }
            try {
                strArr = getElements(propertyResourceBundle.getString("com.ibm.websphere.security.webseal.hostnames"));
            } catch (Exception unused2) {
            }
            try {
                strArr2 = getElements(propertyResourceBundle.getString("com.ibm.websphere.security.webseal.ports"));
            } catch (Exception unused3) {
            }
            try {
                if (propertyResourceBundle.getString("com.ibm.websphere.security.webseal.mutualSSL").equals("true")) {
                    this.PDAlreadyAuthenticated = true;
                    Tr.warning(tc, "PD Authentication Disabled");
                }
            } catch (Exception unused4) {
            }
            try {
                this.WebSealLoginID = propertyResourceBundle.getString("com.ibm.websphere.security.webseal.loginId");
                this.UsingLocallySpecifiedWebSealUser = true;
                Tr.debug(tc, "Local WebSeal user specified");
            } catch (Exception unused5) {
            }
            if (strArr != null && strArr.length > 0 && strArr2 != null && strArr2.length > 0) {
                this.ServerSources = new String[strArr2.length * strArr.length];
            } else if (strArr != null && strArr.length > 0) {
                this.ServerSources = new String[strArr.length];
            }
            if (strArr != null) {
                for (String str2 : strArr) {
                    if (strArr2 != null) {
                        for (String str3 : strArr2) {
                            addASource(str2, str3);
                        }
                    } else {
                        addASource(str2, "0");
                    }
                }
            }
            try {
                this.WebSealLoginID = propertyResourceBundle.getString("com.ibm.websphere.security.webseal.loginId");
                Tr.audit(tc, new StringBuffer("WebSeal login id is [").append(this.WebSealLoginID).append("].").toString());
            } catch (Exception unused6) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No webseal login id provided.");
                }
                this.WebSealLoginID = null;
            }
            if (!tc.isEntryEnabled()) {
                return 0;
            }
            Tr.exit(tc, "init(): OK");
            return 0;
        } catch (Exception unused7) {
            if (!tc.isEntryEnabled()) {
                return -1;
            }
            Tr.exit(tc, "init(): -1");
            return -1;
        }
    }

    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTargetInterceptor");
        }
        boolean z = false;
        Vector checkID = getCheckID();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            checkID.remove(str);
            Tr.debug(tc, new StringBuffer("name=").append(str).toString());
            if (str.equals("via")) {
                z = true;
                String header = httpServletRequest.getHeader(str);
                Tr.debug(tc, new StringBuffer("VIA=").append(header).toString());
                if (header != null && header.trim().length() > 0) {
                    int indexOf = header.indexOf(32);
                    if (indexOf == -1) {
                        Tr.error(tc, "Unable to get source path from request header 'via'");
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "isTargetInterceptor: No, it is NOT via WebSeal.");
                        }
                        throw new WebTrustAssociationException("Invalid via value.");
                    }
                    String substring = header.substring(indexOf + 1);
                    int indexOf2 = substring.indexOf(58);
                    if (checkVia(substring.substring(0, indexOf2), substring.substring(indexOf2 + 1)) == -1) {
                        if (!tc.isEntryEnabled()) {
                            return false;
                        }
                        Tr.exit(tc, "isTargetInterceptor: No, it is NOT via WebSeal.");
                        return false;
                    }
                }
            }
        }
        if (checkID.size() > 0 || !z) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isTargetInterceptor: No, it is NOT via WebSeal.");
            return false;
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "isTargetInterceptor: Yes it is via WebSeal.");
        return true;
    }

    public void validateEstablishedTrust(HttpServletRequest httpServletRequest) throws WebTrustAssociationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "Entering validateEstablishedTrust...");
        }
        if (this.PDAlreadyAuthenticated) {
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exiting validateEstablishedTrust: Basic Auth information NOT found.");
            }
            throw new WebTrustAssociationFailedException("Basic Auth is expected in Trust Association mode.");
        }
        String base64Decode = Base64Coder.base64Decode(header.substring(6));
        int indexOf = base64Decode.indexOf(58);
        if (indexOf < 0) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "Exiting validateEstablishedTrust: Basic Auth username/password NOT found.");
            }
            throw new WebTrustAssociationFailedException("RPSS username/password field is missing.");
        }
        String substring = this.UsingLocallySpecifiedWebSealUser ? this.WebSealLoginID : base64Decode.substring(0, indexOf);
        String substring2 = base64Decode.substring(indexOf + 1);
        if (this.webAuth == null) {
            this.webAuth = WebAuthenticator.getInstance();
            if (this.webAuth == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "Exiting validateEstablishedTrust: No WebAuthenticator instance.");
                }
                throw new WebTrustAssociationFailedException("There is currently no web authenticator.");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer("Authenticating ").append(substring).toString());
        }
        int status = this.webAuth.basicAuthenticate(this.realm, substring, substring2).getStatus();
        if (status == 3 || status == 2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "validateEstablishedTrust authenticationf failure.");
            }
            throw new WebTrustAssociationFailedException("Basic Authentication failed.");
        }
        new BasicAuthData(substring, substring2);
        ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", "Basic");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validateEstablishedTrust: OK.");
        }
    }
}
