package org.wso2.carbon.messagebox.sqs.internal.module;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.util.MultipleEntryHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.utils.Base64;
import org.wso2.carbon.messagebox.MessageBoxConstants;
import org.wso2.carbon.messagebox.MessageBoxException;
import org.wso2.carbon.messagebox.sqs.internal.FaultResponse;
import org.wso2.carbon.messagebox.sqs.internal.util.Utils;

/* loaded from: input_file:org/wso2/carbon/messagebox/sqs/internal/module/AuthenticationHandler.class */
public class AuthenticationHandler extends AbstractHandler {
    private static final Log log = LogFactory.getLog(AuthenticationHandler.class);

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        if (messageContext.isEngaged("sqsAuthentication")) {
            MultipleEntryHashMap multipleEntryHashMap = (MultipleEntryHashMap) messageContext.getProperty("requestParameterMap");
            if (multipleEntryHashMap != null) {
                try {
                    if (!verifySignatureOnRestBasedRequest(messageContext, multipleEntryHashMap)) {
                        throw new FaultResponse(new MessageBoxException("AuthFailure"), messageContext.getMessageID()).createAxisFault();
                    }
                } catch (SQSAuthenticationException e) {
                    throw new AxisFault(e.getMessage());
                }
            } else {
                try {
                    if (!verifySignatureOnSOAPHeader(messageContext)) {
                        throw new FaultResponse(new MessageBoxException("AuthFailure"), messageContext.getMessageID()).createAxisFault();
                    }
                } catch (SQSAuthenticationException e2) {
                    throw new AxisFault(e2.getMessage());
                }
            }
        }
        return Handler.InvocationResponse.CONTINUE;
    }

    private boolean verifySignatureOnSOAPHeader(MessageContext messageContext) throws SQSAuthenticationException {
        String str = null;
        String str2 = null;
        String str3 = null;
        SOAPHeader header = messageContext.getEnvelope().getHeader();
        String soapAction = messageContext.getSoapAction();
        if (header == null) {
            return true;
        }
        Iterator childrenWithName = header.getChildrenWithName(MessageBoxConstants.ACCESS_KEY_ID_QNAME);
        if (childrenWithName != null && childrenWithName.hasNext()) {
            str = ((OMElement) childrenWithName.next()).getText().trim();
        }
        Iterator childrenWithName2 = header.getChildrenWithName(MessageBoxConstants.TIMESTAMP_QNAME);
        if (childrenWithName2 != null && childrenWithName2.hasNext()) {
            str2 = ((OMElement) childrenWithName2.next()).getText().trim();
        }
        Iterator childrenWithName3 = header.getChildrenWithName(MessageBoxConstants.SIGNATURE_QNAME);
        if (childrenWithName3 != null && childrenWithName3.hasNext()) {
            str3 = ((OMElement) childrenWithName3.next()).getText().trim();
        }
        if (str == null || soapAction == null || str2 == null || str3 == null) {
            return true;
        }
        if (!compareSignatures(messageContext, str, str2, soapAction, str3, "HmacSHA1", "0")) {
            return false;
        }
        String userName = Utils.getUserName(str, messageContext);
        Utils.onSuccessAdminLogin(messageContext, userName);
        log.info(userName + " is successfully authenticated for request with action, " + soapAction);
        return true;
    }

    private boolean verifySignatureOnRestBasedRequest(MessageContext messageContext, MultipleEntryHashMap multipleEntryHashMap) throws SQSAuthenticationException {
        Object obj = multipleEntryHashMap.get("AWSAccessKeyId");
        Object obj2 = multipleEntryHashMap.get("Action");
        Object obj3 = multipleEntryHashMap.get("Timestamp");
        Object obj4 = multipleEntryHashMap.get("Signature");
        Object obj5 = multipleEntryHashMap.get("SignatureMethod");
        Object obj6 = multipleEntryHashMap.get("SignatureVersion");
        if (obj == null || obj2 == null || obj3 == null || obj4 == null || obj6 == null) {
            return true;
        }
        multipleEntryHashMap.put("AWSAccessKeyId", obj);
        multipleEntryHashMap.put("Action", obj2);
        multipleEntryHashMap.put("Timestamp", obj3);
        multipleEntryHashMap.put("Signature", obj4);
        multipleEntryHashMap.put("SignatureMethod", obj5);
        multipleEntryHashMap.put("SignatureVersion", obj6);
        String trim = obj.toString().trim();
        String trim2 = obj3.toString().trim();
        String trim3 = obj2.toString().trim();
        String trim4 = obj4.toString().trim();
        if (obj5 == null) {
            throw new SQSAuthenticationException("Signature method can not be null in request!");
        }
        if (!compareSignatures(messageContext, trim, trim2, trim3, trim4, obj5.toString(), obj6.toString())) {
            log.info("Failed to authenticate request with access key id: " + trim + " and action:" + trim3);
            return false;
        }
        String userName = Utils.getUserName(trim, messageContext);
        Utils.onSuccessAdminLogin(messageContext, userName);
        log.info(userName + " is successfully authenticated for request with action, " + trim3);
        return true;
    }

    private boolean compareSignatures(MessageContext messageContext, String str, String str2, String str3, String str4, String str5, String str6) throws SQSAuthenticationException {
        String dataTobeSignedUsingVersion2;
        MultipleEntryHashMap multipleEntryHashMap = (MultipleEntryHashMap) messageContext.getProperty("requestParameterMap");
        if ("0".equals(str6)) {
            dataTobeSignedUsingVersion2 = str3 + str2;
        } else if ("1".equals(str6)) {
            dataTobeSignedUsingVersion2 = getDataTobeSignedUsingVersion1(convertMultipleEntryHashMapToMap(multipleEntryHashMap));
        } else {
            if (!"2".equals(str6)) {
                throw new SQSAuthenticationException("Signature version " + str6 + " is not supported.");
            }
            dataTobeSignedUsingVersion2 = getDataTobeSignedUsingVersion2(multipleEntryHashMap, ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getRequestURL().toString());
        }
        String userSecretAccessKey = Utils.getUserSecretAccessKey(str, messageContext);
        if (userSecretAccessKey == null) {
            throw new SQSAuthenticationException("Failed to get secretAccessKey of access key id:" + str);
        }
        return calculateRFC2104HMAC(dataTobeSignedUsingVersion2, userSecretAccessKey, str5).equals(str4);
    }

    private String getDataTobeSignedUsingVersion1(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(map);
        for (Map.Entry entry : treeMap.entrySet()) {
            sb.append(entry.getKey());
            sb.append(entry.getValue());
        }
        return sb.toString();
    }

    private String getDataTobeSignedUsingVersion2(MultipleEntryHashMap multipleEntryHashMap, String str) throws SQSAuthenticationException {
        try {
            URI uri = new URI(str);
            StringBuilder sb = new StringBuilder();
            sb.append("POST").append("\n");
            sb.append(getCanonicalizedEndpoint(uri)).append("\n");
            sb.append(getCanonicalizedResourcePath(uri)).append("\n");
            Map<String, String> convertMultipleEntryHashMapToMap = convertMultipleEntryHashMapToMap(multipleEntryHashMap);
            convertMultipleEntryHashMapToMap.remove("Signature");
            sb.append(getCanonicalizedQueryString(convertMultipleEntryHashMapToMap));
            return sb.toString();
        } catch (URISyntaxException e) {
            throw new SQSAuthenticationException("Queue URL:" + str + " is not valid.", e);
        }
    }

    private static String calculateRFC2104HMAC(String str, String str2, String str3) throws SQSAuthenticationException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(), str3);
            Mac mac = Mac.getInstance(str3);
            mac.init(secretKeySpec);
            return Base64.encode(mac.doFinal(str.getBytes()));
        } catch (Exception e) {
            throw new SQSAuthenticationException("Failed to generate HMAC : " + e.getMessage());
        }
    }

    private Map<String, String> convertMultipleEntryHashMapToMap(MultipleEntryHashMap multipleEntryHashMap) throws SQSAuthenticationException {
        HashMap hashMap = new HashMap();
        for (Object obj : multipleEntryHashMap.keySet()) {
            if (obj instanceof String) {
                try {
                    String str = (String) obj;
                    Object obj2 = multipleEntryHashMap.get(str);
                    if (obj2 != null) {
                        multipleEntryHashMap.put(str, obj2);
                        hashMap.put(URLDecoder.decode(str, "UTF-8"), URLDecoder.decode((String) obj2, "UTF-8"));
                    }
                } catch (UnsupportedEncodingException e) {
                    throw new SQSAuthenticationException("Failed to decode string " + e.getMessage(), e);
                }
            }
        }
        return hashMap;
    }

    private String getCanonicalizedQueryString(Map<String, String> map) {
        TreeMap treeMap = new TreeMap();
        treeMap.putAll(map);
        StringBuilder sb = new StringBuilder();
        Iterator it = treeMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            sb.append(urlEncode(str, false));
            sb.append("=");
            sb.append(urlEncode(str2, false));
            if (it.hasNext()) {
                sb.append("&");
            }
        }
        return sb.toString();
    }

    private String getCanonicalizedResourcePath(URI uri) {
        String path = uri.getPath();
        return (path == null || path.length() == 0) ? "/" : urlEncode(path, true);
    }

    private String getCanonicalizedEndpoint(URI uri) {
        String lowerCase = uri.getHost().toLowerCase();
        if (isUsingNonDefaultPort(uri)) {
            lowerCase = lowerCase + ":" + uri.getPort();
        }
        return lowerCase;
    }

    private String urlEncode(String str, boolean z) {
        try {
            String replace = URLEncoder.encode(str, "UTF-8").replace("+", "%20").replace("*", "%2A").replace("%7E", "~");
            if (z) {
                replace = replace.replace("%2F", "/");
            }
            return replace;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean isUsingNonDefaultPort(URI uri) {
        String lowerCase = uri.getScheme().toLowerCase();
        int port = uri.getPort();
        return port > 0 && !((lowerCase.equals("http") && port == 80) || (lowerCase.equals("https") && port == 443));
    }

    public void flowComplete(MessageContext messageContext) {
        Object property = messageContext.getProperty("sqsAuthenticated");
        messageContext.removeProperty("sqsAuthenticated");
        if (property == null || !((Boolean) property).booleanValue()) {
            return;
        }
        ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession().invalidate();
    }
}
