package flex.messaging.services.http.proxy;

import flex.messaging.FlexContext;
import flex.messaging.log.Log;
import flex.messaging.security.SecurityException;
import flex.messaging.util.Base64;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.StatusLine;
import org.apache.commons.httpclient.UsernamePasswordCredentials;

/* loaded from: input_file:lib/flex-messaging-proxy-1.0.jar:flex/messaging/services/http/proxy/SecurityFilter.class */
public class SecurityFilter extends ProxyFilter {
    private static final int EMPTY_ERROR = 10708;
    private static final int ONLY_HTTP_HTTPS = 10712;
    private static final int NO_HTTPS_VIA_HTTP = 10713;
    private static final int NO_BASIC_NOT_HTTP = 10714;
    private static final int NO_BASIC_FOR_SOAP = 10715;
    private static final int DOMAIN_ERROR = 10716;
    private static final int LOGIN_REQUIRED = 10717;
    private static final int UNAUTHORIZED_ERROR = 10718;

    @Override // flex.messaging.services.http.proxy.ProxyFilter
    public void invoke(ProxyContext proxyContext) {
        checkURL(proxyContext);
        setCredentials(proxyContext);
        if (this.next != null) {
            this.next.invoke(proxyContext);
        }
        sendSecurityInfo(proxyContext);
    }

    private void checkURL(ProxyContext proxyContext) {
        Target target = proxyContext.getTarget();
        if (!proxyContext.getTarget().getUrl().getProtocol().equalsIgnoreCase("http") && !target.isHTTPS()) {
            Log.getLogger("Service.HTTP").warn("PROXY SECURITY : Invalid URL - only HTTP or HTTPS URLs allowed");
            throw new ProxyException(ONLY_HTTP_HTTPS);
        }
        if (!target.isHTTPS() || proxyContext.isClientHttps()) {
            return;
        }
        Log.getLogger("Service.HTTP").warn("PROXY SECURITY : Invalid URL - can't access HTTPS URLs when accessing proxy via HTTP.");
        throw new ProxyException(NO_HTTPS_VIA_HTTP);
    }

    private void setCredentials(ProxyContext proxyContext) {
        Enumeration headers;
        String remoteUsername = proxyContext.getTarget().getRemoteUsername();
        String remotePassword = proxyContext.getTarget().getRemotePassword();
        String str = null;
        HttpServletRequest httpRequest = FlexContext.getHttpRequest();
        if (httpRequest != null) {
            str = httpRequest.getHeader(ProxyConstants.HEADER_CREDENTIALS);
        }
        if (str == null) {
            str = proxyContext.getCredentialsHeader();
        }
        if (str != null) {
            Base64.Decoder decoder = new Base64.Decoder();
            decoder.decode(str);
            String str2 = new String(decoder.drain());
            int indexOf = str2.indexOf(":");
            if (indexOf != -1) {
                remoteUsername = str2.substring(0, indexOf);
            }
            remotePassword = str2.substring(indexOf + 1);
        }
        if (httpRequest != null && (headers = httpRequest.getHeaders("Authorization")) != null) {
            while (headers.hasMoreElements()) {
                String str3 = (String) headers.nextElement();
                if (str3.startsWith("Basic")) {
                    if (proxyContext.isLocalDomainAndPort()) {
                        Base64.Decoder decoder2 = new Base64.Decoder();
                        decoder2.decode(str3.substring(6));
                        String str4 = new String(decoder2.drain());
                        int indexOf2 = str4.indexOf(":");
                        remoteUsername = str4.substring(0, indexOf2);
                        remotePassword = str4.substring(indexOf2 + 1);
                    } else if (Log.isInfo()) {
                        Log.getLogger("Service.HTTP").debug(new StringBuffer().append("Not sending on Authentication header. Proxy domain:port of ").append(httpRequest.getServerName()).append(":").append(httpRequest.getServerPort()).append(" does not match target domain:port of ").append(proxyContext.getTarget().getUrl().getHost()).append(":").append(proxyContext.getTarget().getUrl().getPort()).toString());
                    }
                }
            }
        }
        if (remoteUsername != null) {
            proxyContext.getHttpClient().getState().setCredentials(ProxyUtil.getDefaultAuthScope(), new UsernamePasswordCredentials(remoteUsername, remotePassword));
            proxyContext.setAuthorization(true);
            if (Log.isInfo()) {
                Log.getLogger("Service.HTTP").info(new StringBuffer().append("-- Authentication header being sent for ").append(remoteUsername).toString());
            }
        }
    }

    private void sendSecurityInfo(ProxyContext proxyContext) {
        Target target = proxyContext.getTarget();
        String host = target.getUrl().getHost();
        int i = 200;
        boolean useCustomAuthentication = target.useCustomAuthentication();
        StatusLine statusLine = proxyContext.getHttpMethod().getStatusLine();
        if (statusLine != null) {
            i = statusLine.getStatusCode();
        }
        proxyContext.setStatusCode(i);
        if (i == 401 || i == 403) {
            if (!useCustomAuthentication) {
                if (!proxyContext.isHttpRequest()) {
                    throw new ProxyException(NO_BASIC_NOT_HTTP);
                }
                if (proxyContext.isSoapRequest()) {
                    throw new ProxyException(NO_BASIC_FOR_SOAP);
                }
                if (proxyContext.isLocalDomainAndPort()) {
                    FlexContext.getHttpResponse().setStatus(i);
                    return;
                } else {
                    HttpServletRequest httpRequest = FlexContext.getHttpRequest();
                    Log.getLogger("Service.HTTP").error(new StringBuffer().append("The Flex proxy and the specified endpoint do not have the same domain, and so basic authentication cannot be used.  Please specify use-custom-authentication or run-as for services not located on the same domain as the Flex proxy. . The proxy domain:port is ").append(httpRequest.getServerName()).append(":").append(httpRequest.getServerPort()).append(" and the target domain:port is ").append(host).append(":").append(target.getUrl().getPort()).toString());
                    throw new ProxyException(DOMAIN_ERROR);
                }
            }
            String str = null;
            if (statusLine != null) {
                str = statusLine.toString();
            }
            if (i != 401) {
                ProxyException proxyException = new ProxyException();
                proxyException.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
                if (str == null) {
                    proxyException.setMessage(UNAUTHORIZED_ERROR);
                } else {
                    proxyException.setMessage(EMPTY_ERROR, new Object[]{str});
                }
                throw proxyException;
            }
            ProxyException proxyException2 = new ProxyException();
            proxyException2.setCode(SecurityException.CLIENT_AUTHENTICATION_CODE);
            if (str == null) {
                proxyException2.setMessage(LOGIN_REQUIRED);
            } else {
                proxyException2.setMessage(EMPTY_ERROR, new Object[]{str});
            }
            Header responseHeader = proxyContext.getHttpMethod().getResponseHeader(ProxyConstants.HEADER_AUTHENTICATE);
            if (responseHeader != null) {
                proxyException2.setDetails(responseHeader.getValue());
            }
            throw proxyException2;
        }
    }
}
