package org.wso2.carbon.webapp.authenticator.framework.authenticator;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.StAXUtils;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.coyote.InputBuffer;
import org.apache.tomcat.util.buf.ByteChunk;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidatorFactory;

/* loaded from: input_file:org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.class */
public class BSTAuthenticator implements WebappAuthenticator {
    private Properties properties;
    private OAuth2TokenValidator tokenValidator;
    private static final List<String> APPLICABLE_CONTENT_TYPES = new ArrayList();
    private static final Log log = LogFactory.getLog(BSTAuthenticator.class);

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public void init() {
        if (this.properties == null) {
            throw new IllegalArgumentException("Required properties needed to initialize OAuthAuthenticator are not provided");
        }
        String replaceSystemProperty = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
        if (replaceSystemProperty == null || replaceSystemProperty.isEmpty()) {
            throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
        }
        String property = this.properties.getProperty("Username");
        if (property == null) {
            throw new IllegalArgumentException("Username to connect to the OAuth token validation endpoint is not provided");
        }
        String property2 = this.properties.getProperty("Password");
        if (property2 == null) {
            throw new IllegalArgumentException("Password to connect to the OAuth token validation endpoint is not provided");
        }
        boolean parseBoolean = Boolean.parseBoolean(this.properties.getProperty("IsRemote"));
        Properties properties = new Properties();
        properties.setProperty("MaxTotalConnections", this.properties.getProperty("MaxTotalConnections"));
        properties.setProperty("MaxConnectionsPerHost", this.properties.getProperty("MaxConnectionsPerHost"));
        this.tokenValidator = OAuthValidatorFactory.getValidator(replaceSystemProperty, property, property2, parseBoolean, properties);
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public boolean canHandle(Request request) {
        String contentType = request.getContentType();
        if (contentType == null) {
            return false;
        }
        if (!contentType.contains(Constants.ContentTypes.CONTENT_TYPE_APPLICATION_XML) && !contentType.contains("application/soap+xml") && !contentType.contains("application/text")) {
            return false;
        }
        try {
            return isBSTHeaderExists(request);
        } catch (IOException | XMLStreamException e) {
            log.error("Error occurred while checking if BST authenticator can handle the incoming SOAP message");
            return false;
        }
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public AuthenticationInfo authenticate(Request request, Response response) {
        String requestURI = request.getRequestURI();
        String method = request.getMethod();
        AuthenticationInfo authenticationInfo = new AuthenticationInfo();
        if (requestURI == null || "".equals(requestURI)) {
            authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
            return authenticationInfo;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(requestURI, "/");
        String nextToken = stringTokenizer.nextToken();
        if (nextToken == null || "".equals(nextToken)) {
            authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
        }
        String nextToken2 = stringTokenizer.nextToken();
        try {
            if (Constants.NO_MATCHING_AUTH_SCHEME.equals("any")) {
                AuthenticationFrameworkUtil.handleNoMatchAuthScheme(request, response, method, nextToken2, nextToken);
                authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
            } else {
                OAuthValidationResponse validateToken = this.tokenValidator.validateToken(new String(Base64.decodeBase64(request.getAttribute("BST").toString().getBytes())), requestURI + ":" + method);
                if (validateToken.isValid()) {
                    String userName = validateToken.getUserName();
                    String tenantDomain = validateToken.getTenantDomain();
                    authenticationInfo.setUsername(userName);
                    authenticationInfo.setTenantDomain(tenantDomain);
                    authenticationInfo.setTenantId(Utils.getTenantIdOFUser(userName + "@" + tenantDomain));
                    if (validateToken.isValid()) {
                        authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE);
                    }
                } else {
                    authenticationInfo.setMessage(validateToken.getErrorMsg());
                }
            }
        } catch (AuthenticationException e) {
            log.error("Failed to authenticate the incoming request", e);
        } catch (OAuthTokenValidationException e2) {
            log.error("Failed to authenticate the incoming request due to oauth token validation error.", e2);
        }
        return authenticationInfo;
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public String getName() {
        return "BSTAuthenticator";
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public void setProperties(Properties properties) {
        this.properties = properties;
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public Properties getProperties() {
        return this.properties;
    }

    @Override // org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator
    public String getProperty(String str) {
        return this.properties.getProperty(str);
    }

    private static byte[] getUTF8Bytes(String str) {
        byte[] bytes;
        try {
            bytes = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            log.error("Unable to extract bytes in UTF-8 encoding. Extracting bytes in the system default encoding" + e.getMessage());
            bytes = str.getBytes();
        }
        return bytes;
    }

    private boolean isBSTHeaderExists(Request request) throws IOException, XMLStreamException {
        String bSTHeader = getBSTHeader(request);
        if (bSTHeader == null || bSTHeader.isEmpty()) {
            return false;
        }
        request.setAttribute("BST", bSTHeader);
        return true;
    }

    private String getBSTHeader(Request request) throws IOException, XMLStreamException {
        org.apache.coyote.Request coyoteRequest = request.getCoyoteRequest();
        InputBuffer inputBuffer = coyoteRequest.getInputBuffer();
        ByteChunk byteChunk = new ByteChunk();
        inputBuffer.doRead(byteChunk, coyoteRequest);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(getUTF8Bytes(byteChunk.toString()));
        Throwable th = null;
        try {
            SOAPEnvelope documentElement = new StAXSOAPModelBuilder(StAXUtils.createXMLStreamReader(byteArrayInputStream)).getDocumentElement();
            documentElement.build();
            Iterator childrenWithLocalName = documentElement.getHeader().getChildrenWithLocalName("Security");
            if (!childrenWithLocalName.hasNext()) {
                return null;
            }
            Iterator childrenWithLocalName2 = ((OMElement) childrenWithLocalName.next()).getChildrenWithLocalName("BinarySecurityToken");
            if (!childrenWithLocalName2.hasNext()) {
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return null;
            }
            OMElement oMElement = (OMElement) childrenWithLocalName2.next();
            oMElement.build();
            String text = oMElement.getText();
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            return text;
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    static {
        APPLICABLE_CONTENT_TYPES.add(Constants.ContentTypes.CONTENT_TYPE_APPLICATION_XML);
        APPLICABLE_CONTENT_TYPES.add("application/soap+xml");
    }
}
