package org.wso2.carbon.security.pox;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import net.sf.jsr107cache.Cache;
import net.sf.jsr107cache.CacheManager;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.om.util.Base64;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.util.JavaUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.w3c.dom.Document;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.config.SecurityConfigAdmin;
import org.wso2.carbon.security.config.service.SecurityScenarioData;

/* loaded from: input_file:org/wso2/carbon/security/pox/POXSecurityHandler.class */
public class POXSecurityHandler implements Handler {
    private static Log log = LogFactory.getLog(POXSecurityHandler.class);
    private static String POX_SECURITY_MODULE = "POXSecurityModule";
    public static final String POX_ENABLED = "pox-security";
    private HandlerDescription description;

    public void cleanup() {
    }

    public void init(HandlerDescription handlerDescription) {
        this.description = handlerDescription;
    }

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        if (messageContext != null && !messageContext.isEngaged(POX_SECURITY_MODULE)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (messageContext == null || messageContext.getIncomingTransportName() == null) {
            return Handler.InvocationResponse.CONTINUE;
        }
        String basicAuthHeaders = getBasicAuthHeaders(messageContext);
        if ((!messageContext.isDoingREST() && !isSOAPWithoutSecHeader(messageContext)) || !messageContext.getIncomingTransportName().equals(SecurityConstants.HTTPS_TRANSPORT) || basicAuthHeaders == null) {
            return Handler.InvocationResponse.CONTINUE;
        }
        AxisService axisService = messageContext.getAxisService();
        if (axisService == null) {
            if (log.isDebugEnabled()) {
                log.debug("Service not dispatched");
            }
            return Handler.InvocationResponse.CONTINUE;
        }
        String str = (String) axisService.getParameterValue("adminService");
        if (str != null && JavaUtils.isTrueExplicitly(str)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        Cache cache = CacheManager.getInstance().getCache(POX_ENABLED);
        String str2 = (String) cache.getCacheEntry(axisService.getName()).getValue();
        if (str2 != null && JavaUtils.isFalseExplicitly(str2)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (log.isDebugEnabled()) {
            log.debug("Admin service check failed OR cache miss");
        }
        try {
            try {
                try {
                    SecurityScenarioData currentScenario = new SecurityConfigAdmin(messageContext.getConfigurationContext().getAxisConfiguration()).getCurrentScenario(axisService.getName());
                    if (currentScenario == null || !currentScenario.getScenarioId().equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
                        cache.put(axisService.getName(), "false");
                        Handler.InvocationResponse invocationResponse = Handler.InvocationResponse.CONTINUE;
                        DocumentBuilderFactoryImpl.setDOOMRequired(false);
                        return invocationResponse;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Processing POX security");
                    }
                    DocumentBuilderFactoryImpl.setDOOMRequired(true);
                    String str3 = null;
                    String str4 = null;
                    if (basicAuthHeaders != null && basicAuthHeaders.startsWith("Basic ")) {
                        String str5 = new String(Base64.decode(basicAuthHeaders.substring(6)));
                        int indexOf = str5.indexOf(58);
                        str3 = indexOf == -1 ? str5 : str5.substring(0, indexOf);
                        if (indexOf != -1) {
                            str4 = str5.substring(indexOf + 1);
                            if (str4 != null && str4.equals("")) {
                                str4 = null;
                            }
                        }
                    }
                    if (str3 != null && str4 != null && str4.trim().length() != 0 && str3.trim().length() != 0) {
                        Document documentFromSOAPEnvelope = Axis2Util.getDocumentFromSOAPEnvelope(messageContext.getEnvelope(), true);
                        WSSecHeader wSSecHeader = new WSSecHeader();
                        wSSecHeader.insertSecurityHeader(documentFromSOAPEnvelope);
                        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
                        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                        wSSecUsernameToken.setUserInfo(str3, str4);
                        wSSecUsernameToken.build(documentFromSOAPEnvelope, wSSecHeader);
                        new WSSecTimestamp().build(documentFromSOAPEnvelope, wSSecHeader);
                        messageContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(documentFromSOAPEnvelope, false));
                        DocumentBuilderFactoryImpl.setDOOMRequired(false);
                        return Handler.InvocationResponse.CONTINUE;
                    }
                    String firstProperty = ServerConfiguration.getInstance().getFirstProperty("Name");
                    if (firstProperty == null || firstProperty.trim().length() == 0) {
                        firstProperty = "WSO2 Carbon";
                    }
                    HttpServletResponse httpServletResponse = (HttpServletResponse) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
                    if (httpServletResponse != null) {
                        httpServletResponse.setContentLength(0);
                        httpServletResponse.setStatus(401);
                        httpServletResponse.addHeader("WWW-Authenticate", "BASIC realm=\"" + firstProperty + "\"");
                        httpServletResponse.flushBuffer();
                    } else {
                        messageContext.setProperty("NIO-ACK-Requested", "true");
                        messageContext.setProperty("HTTP_SC", 401);
                        HashMap hashMap = new HashMap();
                        hashMap.put("WWW-Authenticate", "BASIC realm=\"" + firstProperty + "\"");
                        messageContext.setProperty("TRANSPORT_HEADERS", hashMap);
                    }
                    Handler.InvocationResponse invocationResponse2 = Handler.InvocationResponse.ABORT;
                    DocumentBuilderFactoryImpl.setDOOMRequired(false);
                    return invocationResponse2;
                } catch (AxisFault e) {
                    throw e;
                }
            } catch (WSSecurityException e2) {
                throw new AxisFault("WSDoAllReceiver: Error in converting to Document", e2);
            } catch (Exception e3) {
                throw new AxisFault("System error", e3);
            }
        } catch (Throwable th) {
            DocumentBuilderFactoryImpl.setDOOMRequired(false);
            throw th;
        }
    }

    private boolean isSOAPWithoutSecHeader(MessageContext messageContext) {
        ArrayList headerBlocksWithNSURI;
        SOAPHeader header = messageContext.getEnvelope().getHeader();
        if (header == null || (headerBlocksWithNSURI = header.getHeaderBlocksWithNSURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) == null) {
            return true;
        }
        Iterator it = headerBlocksWithNSURI.iterator();
        while (it.hasNext()) {
            if ("Security".equals(((SOAPHeaderBlock) it.next()).getLocalName())) {
                return false;
            }
        }
        return true;
    }

    private String getBasicAuthHeaders(MessageContext messageContext) {
        Map map = (Map) messageContext.getProperty("TRANSPORT_HEADERS");
        if (map == null) {
            return null;
        }
        String str = (String) map.get("Authorization");
        if (str == null) {
            str = (String) map.get("authorization");
        }
        if (str == null || !str.trim().startsWith("Basic ")) {
            return null;
        }
        return str;
    }

    public void flowComplete(MessageContext messageContext) {
    }

    public HandlerDescription getHandlerDesc() {
        return this.description;
    }

    public String getName() {
        return "REST/POX Security handler";
    }

    public Parameter getParameter(String str) {
        return this.description.getParameter(str);
    }
}
