package org.wso2.micro.integrator.security.pox;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.util.Base64;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFault;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axiom.soap.impl.dom.soap11.SOAP11FaultCodeImpl;
import org.apache.axiom.soap.impl.dom.soap12.SOAP12FaultCodeImpl;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.HandlerDescription;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.util.JavaUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.w3c.dom.Document;
import org.wso2.micro.integrator.core.services.CarbonServerConfigurationService;

/* loaded from: input_file:client/modules/utsecurity-4.1.0.mar:org/wso2/micro/integrator/security/pox/POXSecurityHandler.class */
public class POXSecurityHandler implements Handler {
    public static final String POX_CACHE_MANAGER = "POX_CACHE_MANAGER";
    public static final String POX_ENABLED = "pox-security";
    private static Log log = LogFactory.getLog(POXSecurityHandler.class);
    private static String POX_SECURITY_MODULE = "POXSecurityModule";
    private HandlerDescription description;
    private static final String MESSAGE_TYPE = "messageType";

    public void cleanup() {
    }

    public void init(HandlerDescription handlerDescription) {
        this.description = handlerDescription;
    }

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        Document documentFromSOAPEnvelope;
        SOAPFault fault;
        if (messageContext != null && !messageContext.isEngaged(POX_SECURITY_MODULE)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (messageContext == null) {
            throw new AxisFault("Error in Axis message context.");
        }
        AxisService axisService = messageContext.getAxisService();
        if (axisService == null) {
            if (log.isDebugEnabled()) {
                log.debug("Service not dispatched");
            }
            return Handler.InvocationResponse.CONTINUE;
        }
        String str = (String) axisService.getParameterValue("adminService");
        if (str != null && JavaUtils.isTrueExplicitly(str)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        String str2 = (String) axisService.getParameterValue("hiddenService");
        if (str2 != null && JavaUtils.isTrueExplicitly(str2)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        String property = System.getProperty("reverseProxyMode");
        if (property != null && JavaUtils.isTrueExplicitly(property)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        boolean z = false;
        Parameter parameter = messageContext.getConfigurationContext().getAxisConfiguration().getParameter("enableBasicAuth");
        if (parameter != null && parameter.getValue() != null) {
            z = Boolean.parseBoolean(parameter.getValue().toString());
        }
        Parameter parameter2 = messageContext.getAxisService().getParameter("enableBasicAuth");
        if (parameter2 != null && parameter2.getValue() != null) {
            z = Boolean.parseBoolean(parameter2.getValue().toString());
        }
        if (messageContext.isFault()) {
            Integer num = 4;
            if (num.equals(Integer.valueOf(messageContext.getFLOW())) && z) {
                if (log.isDebugEnabled()) {
                    log.debug("SOAP Fault occurred and message flow equals to out fault flow. SOAP fault :" + messageContext.getEnvelope().toString());
                }
                try {
                    String str3 = null;
                    if (axisService.getPolicySubject().getAttachedPolicyComponent("UTOverTransport") != null) {
                        str3 = SecurityConstants.USERNAME_TOKEN_SCENARIO_ID;
                    }
                    if (str3 == null || !str3.equals(SecurityConstants.USERNAME_TOKEN_SCENARIO_ID)) {
                        return Handler.InvocationResponse.CONTINUE;
                    }
                    boolean z2 = false;
                    String str4 = null;
                    SOAP11FaultCodeImpl code = messageContext.getEnvelope().getBody().getFault().getCode();
                    if (code instanceof SOAP11FaultCodeImpl) {
                        str4 = code.getTextContent();
                    } else if (code instanceof SOAP12FaultCodeImpl) {
                        str4 = ((SOAP12FaultCodeImpl) code).getSubCode().getTextContent();
                    }
                    if (str4 != null && str4.contains("FailedAuthentication")) {
                        z2 = true;
                    }
                    if (z2) {
                        setAuthHeaders(messageContext);
                        if (messageContext.isDoingREST() && (fault = messageContext.getEnvelope().getBody().getFault()) != null) {
                            Iterator children = fault.getChildren();
                            while (children.hasNext()) {
                                if (((OMNode) children.next()) != null) {
                                    children.remove();
                                }
                            }
                        }
                    }
                    return Handler.InvocationResponse.CONTINUE;
                } catch (Exception e) {
                    throw new AxisFault("System error", messageContext.getFailureReason());
                }
            }
        }
        if (messageContext.getIncomingTransportName() == null) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if (!StringUtils.equals("https", messageContext.getIncomingTransportName()) && !StringUtils.equals("http", messageContext.getIncomingTransportName())) {
            return Handler.InvocationResponse.CONTINUE;
        }
        String basicAuthHeaders = getBasicAuthHeaders(messageContext);
        boolean isSOAPWithoutSecHeader = isSOAPWithoutSecHeader(messageContext);
        if (!messageContext.isDoingREST() && isSOAPWithoutSecHeader && basicAuthHeaders == null && !z) {
            return Handler.InvocationResponse.CONTINUE;
        }
        if ((!messageContext.isDoingREST() || z) && isSOAPWithoutSecHeader) {
            if (log.isDebugEnabled()) {
                log.debug("Admin service check failed OR cache miss");
            }
            try {
                if (axisService.getPolicySubject().getAttachedPolicyComponent("UTOverTransport") == null) {
                    return Handler.InvocationResponse.CONTINUE;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Processing POX security");
                }
                String str5 = null;
                String str6 = null;
                if (basicAuthHeaders != null && basicAuthHeaders.startsWith("Basic ")) {
                    String str7 = new String(Base64.decode(basicAuthHeaders.substring(6)));
                    int indexOf = str7.indexOf(58);
                    str5 = indexOf == -1 ? str7 : str7.substring(0, indexOf);
                    if (indexOf != -1) {
                        str6 = str7.substring(indexOf + 1);
                        if (StringUtils.equals("", str6)) {
                            str6 = null;
                        }
                    }
                }
                if (str5 == null || str6 == null || str6.trim().length() == 0 || str5.trim().length() == 0) {
                    setAuthHeaders(messageContext);
                    return Handler.InvocationResponse.ABORT;
                }
                SOAPEnvelope envelope = messageContext.getEnvelope();
                if (messageContext.getEnvelope().getHeader() == null) {
                    SOAPEnvelope defaultEnvelope = envelope.getOMFactory().getDefaultEnvelope();
                    Iterator children2 = envelope.getBody().getChildren();
                    while (children2.hasNext()) {
                        OMNode oMNode = (OMNode) children2.next();
                        if (oMNode != null) {
                            children2.remove();
                            defaultEnvelope.getBody().addChild(oMNode);
                        }
                    }
                    documentFromSOAPEnvelope = Axis2Util.getDocumentFromSOAPEnvelope(defaultEnvelope, true);
                } else {
                    documentFromSOAPEnvelope = Axis2Util.getDocumentFromSOAPEnvelope(envelope, true);
                }
                WSSecHeader wSSecHeader = new WSSecHeader();
                wSSecHeader.insertSecurityHeader(documentFromSOAPEnvelope);
                WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
                wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                wSSecUsernameToken.setUserInfo(str5, str6);
                wSSecUsernameToken.build(documentFromSOAPEnvelope, wSSecHeader);
                new WSSecTimestamp().build(documentFromSOAPEnvelope, wSSecHeader);
                messageContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(documentFromSOAPEnvelope, false));
                return Handler.InvocationResponse.CONTINUE;
            } catch (Exception e2) {
                throw new AxisFault("System error", e2);
            } catch (AxisFault e3) {
                throw e3;
            } catch (WSSecurityException e4) {
                throw new AxisFault("WSDoAllReceiver: Error in converting to Document", e4);
            }
        }
        return Handler.InvocationResponse.CONTINUE;
    }

    private void setAuthHeaders(MessageContext messageContext) throws IOException {
        MessageContext messageContext2;
        String firstProperty = CarbonServerConfigurationService.getInstance().getFirstProperty("Name");
        if (firstProperty == null || firstProperty.trim().length() == 0) {
            firstProperty = "WSO2 Carbon";
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
        if (messageContext.isFault() && httpServletResponse == null && (messageContext2 = (MessageContext) messageContext.getProperty("axis2.inMsgContext")) != null) {
            httpServletResponse = (HttpServletResponse) messageContext2.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
        }
        if (httpServletResponse != null) {
            if (messageContext.getProperty(MESSAGE_TYPE) != null) {
                httpServletResponse.setContentType(String.valueOf(messageContext.getProperty(MESSAGE_TYPE)));
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.addHeader("WWW-Authenticate", "BASIC realm=\"" + firstProperty + "\"");
            httpServletResponse.flushBuffer();
            return;
        }
        messageContext.getEnvelope().buildWithAttachments();
        messageContext.setProperty("NIO-ACK-Requested", "true");
        messageContext.setProperty("HTTP_SC", 401);
        HashMap hashMap = new HashMap();
        hashMap.put("WWW-Authenticate", "BASIC realm=\"" + firstProperty + "\"");
        messageContext.setProperty("TRANSPORT_HEADERS", hashMap);
    }

    private boolean isSOAPWithoutSecHeader(MessageContext messageContext) {
        ArrayList headerBlocksWithNSURI;
        SOAPHeader header = messageContext.getEnvelope().getHeader();
        if (header == null || (headerBlocksWithNSURI = header.getHeaderBlocksWithNSURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) == null) {
            return true;
        }
        for (Object obj : headerBlocksWithNSURI) {
            SOAPHeaderBlock sOAPHeaderBlock = null;
            OMElement oMElement = null;
            if (obj instanceof SOAPHeaderBlock) {
                try {
                    sOAPHeaderBlock = (SOAPHeaderBlock) obj;
                } catch (Exception e) {
                    log.error("Error while casting to soap header block", e);
                }
            } else {
                oMElement = ((OMElement) obj).cloneOMElement();
            }
            if (sOAPHeaderBlock != null && "Security".equals(sOAPHeaderBlock.getLocalName())) {
                return false;
            }
            if (oMElement != null && "Security".equals(oMElement.getLocalName())) {
                return false;
            }
        }
        return true;
    }

    private String getBasicAuthHeaders(MessageContext messageContext) {
        Map map = (Map) messageContext.getProperty("TRANSPORT_HEADERS");
        if (map == null) {
            return null;
        }
        String str = (String) map.get("Authorization");
        if (str == null) {
            str = (String) map.get("authorization");
        }
        if (str == null || !str.trim().startsWith("Basic ")) {
            return null;
        }
        return str;
    }

    public void flowComplete(MessageContext messageContext) {
    }

    public HandlerDescription getHandlerDesc() {
        return this.description;
    }

    public String getName() {
        return "REST/POX Security handler";
    }

    public Parameter getParameter(String str) {
        return this.description.getParameter(str);
    }
}
