package com.buildforge.services.client.jfs.was;

import com.buildforge.services.client.api.APIClientConnection;
import com.buildforge.services.client.dbo.User;
import com.buildforge.services.common.ServiceException;
import com.buildforge.services.common.api.APIConstants;
import com.buildforge.services.common.dbo.UserDBO;
import com.buildforge.services.common.util.Base64;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/com.ibm.rational.buildforge.services.client.java_7.1.3.4110010.jar:com/buildforge/services/client/jfs/was/JazzAutomationTAI.class */
public class JazzAutomationTAI implements TrustAssociationInterceptor {
    private static final Logger log = Logger.getLogger(JazzAutomationTAI.class.getName());
    private static final String session_cookie_name = "bf_session";
    private static final String authorization_header = "Authorization";
    private static final String basic_auth_header = "Basic ";
    private static final String context_root = "/jazz";
    private String bf_admin_user = "root";
    private String bf_admin_pass = "root";
    private String bf_domain = "<default>";

    public void cleanup() {
    }

    public String getType() {
        return "JazzAutomationTAI";
    }

    public String getVersion() {
        return "1.0";
    }

    public int initialize(Properties properties) throws WebTrustAssociationFailedException {
        if (properties == null) {
            return 0;
        }
        if (properties.getProperty("bf_admin_user") != null) {
            this.bf_admin_user = properties.getProperty("bf_admin_user");
        }
        if (properties.getProperty("bf_admin_pass") != null) {
            this.bf_admin_pass = properties.getProperty("bf_admin_pass");
        }
        if (properties.getProperty("bf_domain") == null) {
            return 0;
        }
        this.bf_domain = properties.getProperty("bf_domain");
        return 0;
    }

    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        log.fine("Http Request URI: " + httpServletRequest.getRequestURI());
        if (!httpServletRequest.getRequestURI().startsWith(context_root)) {
            return false;
        }
        if (httpServletRequest.getHeader(session_cookie_name) != null) {
            log.fine("Found header: bf_session");
            return true;
        }
        String header = httpServletRequest.getHeader(authorization_header);
        if (header != null && header.startsWith(basic_auth_header)) {
            log.fine("Found Basic header: Authorization");
            return true;
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return false;
        }
        try {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(session_cookie_name)) {
                    log.fine("Found cookie: bf_session");
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.warning("Exception authenticating bf_session cookie user: " + e);
            return false;
        }
    }

    public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WebTrustAssociationFailedException {
        APIClientConnection aPIClientConnection = null;
        try {
            try {
                String str = null;
                JazzAutomationUserPrincipal jazzAutomationUserPrincipal = null;
                log.fine("Http Request URI: " + httpServletRequest.getRequestURI());
                log.fine(debugGetAllHttpHdrs(httpServletRequest));
                String header = httpServletRequest.getHeader(session_cookie_name);
                if (header != null) {
                    try {
                        str = loginWithToken(header);
                        jazzAutomationUserPrincipal = new JazzAutomationUserPrincipal(str);
                    } catch (Exception e) {
                        log.warning("Exception authenticating bf_session header user: " + e);
                    }
                }
                Cookie[] cookies = httpServletRequest.getCookies();
                if (cookies != null) {
                    try {
                        for (Cookie cookie : cookies) {
                            if (cookie.getName().equals(session_cookie_name)) {
                                String value = cookie.getValue();
                                log.fine("Found bf_session cookie: " + value);
                                str = loginWithToken(value);
                                jazzAutomationUserPrincipal = new JazzAutomationUserPrincipal(str);
                            }
                        }
                    } catch (Exception e2) {
                        clearSessionCookie(httpServletResponse);
                        log.warning("Exception authenticating bf_session cookie user: " + e2);
                    }
                }
                String header2 = httpServletRequest.getHeader(authorization_header);
                if (header2 != null && header2.startsWith(basic_auth_header)) {
                    try {
                        String str2 = new String(Base64.decode(header2.substring(6)));
                        int indexOf = str2.indexOf(58);
                        str = str2.substring(0, indexOf);
                        String substring = str2.substring(indexOf + 1);
                        log.fine("Authenticating basic user: " + str);
                        aPIClientConnection = new APIClientConnection();
                        String authUser = aPIClientConnection.authUser(str, substring, this.bf_domain);
                        jazzAutomationUserPrincipal = new JazzAutomationUserPrincipal(str);
                        if (authUser != null) {
                            setSessionCookie(authUser, httpServletResponse);
                        }
                    } catch (Exception e3) {
                        log.warning("Exception authenticating basic auth user: " + e3);
                    }
                }
                if (jazzAutomationUserPrincipal == null) {
                    log.fine("No principal created, sending back a forbidden status.");
                    TAIResult create = TAIResult.create(403);
                    if (aPIClientConnection != null) {
                        try {
                            aPIClientConnection.close();
                        } catch (IOException e4) {
                            log.log(Level.FINE, "IOException closing connection.", (Throwable) e4);
                        }
                    }
                    return create;
                }
                TAIResult create2 = TAIResult.create(200, str, JazzAutomationUserAssertion.getInstance().createWASSubject(jazzAutomationUserPrincipal, JazzAutomationUserAssertion.getInstance().getGroupsForUser(jazzAutomationUserPrincipal.getName(), this.bf_admin_user, this.bf_admin_pass, this.bf_domain)));
                if (aPIClientConnection != null) {
                    try {
                        aPIClientConnection.close();
                    } catch (IOException e5) {
                        log.log(Level.FINE, "IOException closing connection.", (Throwable) e5);
                    }
                }
                return create2;
            } catch (Exception e6) {
                String str3 = "Error during negotiate: " + e6.getClass().getName() + ": " + e6.getMessage();
                log.log(Level.FINE, str3, (Throwable) e6);
                throw new WebTrustAssociationFailedException(str3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    aPIClientConnection.close();
                } catch (IOException e7) {
                    log.log(Level.FINE, "IOException closing connection.", (Throwable) e7);
                }
            }
            throw th;
        }
    }

    private String debugGetAllHttpHdrs(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(APIConstants.COMMAND_USER_AUDIT_LOG);
        try {
            stringBuffer.append("Method: " + httpServletRequest.getMethod() + "\n");
            stringBuffer.append("Headers: \n\n");
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                if (str.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getHeader(str)).append("]\n");
                }
            }
            stringBuffer.append("Attributes: \n\n");
            Enumeration attributeNames = httpServletRequest.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str2 = (String) attributeNames.nextElement();
                if (str2.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str2).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getAttribute(str2)).append("]\n");
                }
            }
            stringBuffer.append("Parameters: \n\n");
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str3 = (String) parameterNames.nextElement();
                if (str3.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str3).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getParameter(str3)).append("]\n");
                }
            }
        } catch (Throwable th) {
            log.fine("Error getting debug info: " + th);
        }
        return stringBuffer.toString();
    }

    private void setSessionCookie(String str, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(session_cookie_name, str);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    private void clearSessionCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(session_cookie_name, UserDBO.UID_SYSTEM);
        cookie.setMaxAge(0);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    private String loginWithToken(String str) throws ServiceException, IOException {
        APIClientConnection aPIClientConnection = null;
        try {
            aPIClientConnection = new APIClientConnection().authToken(str);
            User findByUuid = User.findByUuid(aPIClientConnection, aPIClientConnection.getUserUuid());
            log.fine("Returning authenticated token user: " + findByUuid.getLogin());
            String login = findByUuid.getLogin();
            if (aPIClientConnection != null) {
                try {
                    aPIClientConnection.close();
                } catch (IOException e) {
                    log.log(Level.FINE, "IOException closing connection.", (Throwable) e);
                }
            }
            return login;
        } catch (Throwable th) {
            if (aPIClientConnection != null) {
                try {
                    aPIClientConnection.close();
                } catch (IOException e2) {
                    log.log(Level.FINE, "IOException closing connection.", (Throwable) e2);
                }
            }
            throw th;
        }
    }
}
