package com.worklight.core.auth.ext;

import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.core.auth.impl.AuthenticationContext;
import com.worklight.gadgets.api.GadgetAPIRequestCoder;
import com.worklight.gadgets.resource.Resource;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UserNamePasswordLoginModule;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/worklight/core/auth/ext/WebSphereLoginModule.class */
public class WebSphereLoginModule extends UserNamePasswordLoginModule {
    private String userName;
    private String password;
    private String userDisplayName;
    private HashMap<String, Object> attributes = new HashMap<>();
    private static final WorklightServerLogger logger = new WorklightServerLogger(WebSphereLoginModule.class, WorklightLogger.MessagesBundles.CORE);

    public void abort() {
        logger.entering("abort");
        clearUserInfo();
        logger.exiting("abort");
    }

    private void clearUserInfo() {
        this.userName = null;
        this.password = null;
        this.userDisplayName = null;
        this.attributes.clear();
    }

    public UserIdentity createIdentity(String str) {
        logger.entering("createIdentity");
        logger.exiting("createIdentity");
        return createUserIdentity(str, this.userName, this.password, this.userDisplayName, null, this.attributes);
    }

    public boolean login(Map<String, Object> map) {
        logger.entering(GadgetAPIRequestCoder.REQ_PATH_LOGIN);
        HttpServletResponse httpServletResponse = (HttpServletResponse) map.get("response");
        String str = (String) map.get(WebSphereFormBasedAuthenticator.HTTPONLY_COOKIE);
        try {
            Subject subject = null;
            this.userName = getUserName(map);
            this.password = getPassword(map);
            if (this.password != null) {
                LoginContext loginContext = new LoginContext("WSLogin", new WSCallbackHandlerImpl(this.userName, this.password));
                logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Attempting login for " + this.userName);
                loginContext.login();
                subject = loginContext.getSubject();
            } else {
                try {
                    logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Attempting to get user subject for globally authenticated user");
                    subject = WSSubject.getCallerSubject();
                    this.userName = WSSubject.getCallerPrincipal();
                } catch (WSSecurityException e) {
                    logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Failed to get caller subject for globally authenticated user");
                }
            }
            logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Getting credentials");
            if (subject != null) {
                for (SingleSignonToken singleSignonToken : subject.getPrivateCredentials(SingleSignonToken.class)) {
                    logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Found security credential");
                    try {
                        byte[] bytes = singleSignonToken.getBytes();
                        logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Credential is: " + singleSignonToken.getName());
                        logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Value is: " + Base64.encodeBase64String(bytes));
                        logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Base64 encode is: " + bytes);
                        if (singleSignonToken.getName().contains("LtpaToken")) {
                            logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Adding cookie. Token is: " + bytes);
                            String encodeBase64String = Base64.encodeBase64String(bytes);
                            Cookie generateCookie = generateCookie("LtpaToken", encodeBase64String, map);
                            if (str == null || !str.equalsIgnoreCase("true")) {
                                httpServletResponse.addCookie(generateCookie);
                            } else {
                                logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Cookie is being set as httponly");
                                setCookieUsingHeader(httpServletResponse, generateCookie);
                            }
                            this.attributes.put("LtpaToken", encodeBase64String);
                        }
                    } catch (Throwable th) {
                        logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Error while trying to get LtpaToken");
                    }
                }
            }
            logger.exiting(GadgetAPIRequestCoder.REQ_PATH_LOGIN);
            return subject != null;
        } catch (LoginException e2) {
            logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGIN, "Failure logging in " + this.userName + ": " + e2);
            logger.exiting(GadgetAPIRequestCoder.REQ_PATH_LOGIN);
            return false;
        }
    }

    public void logout() {
        logger.entering(GadgetAPIRequestCoder.REQ_PATH_LOGOUT);
        clearUserInfo();
        HttpServletRequest currentRequest = AuthenticationContext.getCurrentRequest();
        try {
            WSSecurityHelper.revokeSSOCookies(currentRequest, AuthenticationContext.getCurrentResponse());
            HttpSession session = currentRequest.getSession(false);
            if (session != null) {
                session.invalidate();
            }
        } catch (Throwable th) {
            logger.debug(GadgetAPIRequestCoder.REQ_PATH_LOGOUT, "exception trying to invoke WSSecurityHelper.revokeSSOCookies" + th.toString());
            servletLogout(currentRequest);
        }
        logger.exiting(GadgetAPIRequestCoder.REQ_PATH_LOGOUT);
    }

    private void servletLogout(HttpServletRequest httpServletRequest) {
        try {
            Method method = HttpServletRequest.class.getMethod(GadgetAPIRequestCoder.REQ_PATH_LOGOUT, (Class[]) null);
            logger.debug("servletLogout", "about to invoke req.logout() via reflection");
            method.invoke(httpServletRequest, new Object[0]);
        } catch (NoSuchMethodException e) {
            logger.debug("servletLogout", "logout() method not found on HttpServletRequest");
        } catch (Exception e2) {
            logger.debug("servletLogout", "exception trying to invoke logout(): " + e2.toString());
        }
    }

    public Cookie generateCookie(String str, String str2, Map<String, Object> map) {
        String sSODomainName;
        String str3 = (String) map.get("cookie-name");
        String str4 = (String) map.get(WebSphereFormBasedAuthenticator.COOKIE_DOMAIN);
        HttpServletRequest httpServletRequest = (HttpServletRequest) map.get("request");
        logger.debug("generateCookie", "Cookie name parameter is : " + str3);
        logger.debug("generateCookie", "Cookie domain parameter is : " + str4);
        if (str3 == null || str3.length() == 0) {
            str3 = str;
        }
        Cookie cookie = new Cookie(str3, str2);
        cookie.setPath(Resource.FILE_SEPARATOR);
        if (str4 != null && str4.length() != 0 && (sSODomainName = getSSODomainName(httpServletRequest, str4)) != null) {
            logger.debug("generateCookie", "SSO Domain name has been set. Domain name is: " + sSODomainName);
            cookie.setDomain(sSODomainName);
        }
        cookie.setSecure(httpServletRequest.getScheme().equalsIgnoreCase("https"));
        return cookie;
    }

    public void setCookieUsingHeader(HttpServletResponse httpServletResponse, Cookie cookie) {
        StringBuffer stringBuffer = new StringBuffer(cookie.getName());
        stringBuffer.append("=");
        stringBuffer.append(cookie.getValue());
        stringBuffer.append("; ");
        if (cookie.getPath() == null || cookie.getPath().length() <= 0) {
            stringBuffer.append("path=/");
        } else {
            stringBuffer.append("path=");
            stringBuffer.append(cookie.getPath());
        }
        if (cookie.getDomain() != null && cookie.getDomain().length() > 0) {
            stringBuffer.append("; domain=");
            stringBuffer.append(cookie.getDomain());
        }
        if (cookie.getSecure()) {
            stringBuffer.append("; secure");
        }
        stringBuffer.append("; HttpOnly");
        if (stringBuffer != null) {
            logger.debug("setCookieUsingHeader", "Setting cookie string into response: Set-Cookie: " + stringBuffer.toString());
            httpServletResponse.addHeader("Set-Cookie", stringBuffer.toString());
        }
    }

    public String getSSODomainName(HttpServletRequest httpServletRequest, String str) {
        try {
            String hostNameFromRequestURL = getHostNameFromRequestURL(httpServletRequest);
            if (hostNameFromRequestURL.equals(getHostIPAddr(hostNameFromRequestURL)) || hostNameFromRequestURL.indexOf(".") == -1) {
                logger.debug("getSSODomainName", "URL host is an IP or locahost, no SSO domain will be set.");
                return null;
            }
            if (hostNameFromRequestURL.substring(hostNameFromRequestURL.indexOf(".")).endsWith(str)) {
                return str;
            }
            return null;
        } catch (MalformedURLException e) {
            logger.debug("getSSODomainName", "Unexpected exception getting request SSO domain");
            return null;
        }
    }

    private String getHostNameFromRequestURL(HttpServletRequest httpServletRequest) throws MalformedURLException {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        logger.debug("getHostNameFromRequestURL", "URL: " + stringBuffer);
        return new URL(stringBuffer).getHost().trim();
    }

    private String getHostIPAddr(String str) {
        String str2 = "";
        try {
            str2 = InetAddress.getByName(str).getHostAddress().trim();
        } catch (UnknownHostException e) {
            logger.debug("getHostNameFromRequestURL", "Exception in getting IP address for URL host, assuming URL host is not an IP");
        }
        return str2;
    }
}
