package com.sun.enterprise.webservice;

import com.sun.ejb.Container;
import com.sun.enterprise.Switch;
import com.sun.enterprise.deployment.WebServiceEndpoint;
import com.sun.enterprise.security.SecurityContext;
import com.sun.logging.LogDomains;
import com.sun.web.security.RealmAdapter;
import com.sun.web.security.WebPrincipal;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.util.Base64;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;

/* loaded from: input_file:119167-16/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/webservice/EjbWebServiceValve.class */
public final class EjbWebServiceValve extends ValveBase implements Lifecycle {
    protected static final String info = "com.sun.enterprise.webservice.EjbWebServiceValve";
    private static Logger logger = LogDomains.getLogger(LogDomains.EJB_LOGGER);
    private static final Base64 base64Helper = new Base64();
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    private boolean started = false;
    private EjbWebServiceDispatcher webServiceDispatcher = new EjbWebServiceDispatcher();

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public int invoke(Request request, Response response) throws IOException, ServletException {
        ServletRequest request2 = request.getRequest();
        HttpServletRequest httpServletRequest = null;
        if (request2 instanceof HttpServletRequest) {
            httpServletRequest = (HttpServletRequest) request2;
        }
        boolean z = true;
        if (httpServletRequest != null) {
            String requestURI = httpServletRequest.getRequestURI();
            String substring = requestURI.charAt(0) == '/' ? requestURI.substring(1) : requestURI;
            String method = httpServletRequest.getMethod();
            String queryString = httpServletRequest.getQueryString();
            Switch.getSwitch();
            EjbRuntimeEndpointInfo ejbWebServiceEndpoint = WebServiceEjbEndpointRegistry.getRegistry().getEjbWebServiceEndpoint(substring, method, queryString);
            if (ejbWebServiceEndpoint != null) {
                z = false;
                dispatchToEjbEndpoint(request, response, ejbWebServiceEndpoint);
            }
        }
        return z ? 1 : 2;
    }

    private void dispatchToEjbEndpoint(Request request, Response response, EjbRuntimeEndpointInfo ejbRuntimeEndpointInfo) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String scheme = httpServletRequest.getScheme();
        String str = ejbRuntimeEndpointInfo.getEndpoint().isSecure() ? "https" : "http";
        if (!str.equalsIgnoreCase(scheme)) {
            logger.log(Level.WARNING, new StringBuffer().append("Invalid request scheme for Endpoint ").append(ejbRuntimeEndpointInfo.getEndpoint().getEndpointName()).append(". ").append("Expected ").append(str).append(" . Received ").append(scheme).toString());
            return;
        }
        Switch.getSwitch();
        Container container = ejbRuntimeEndpointInfo.getContainer();
        boolean z = false;
        try {
            try {
                container.externalPreInvoke();
                try {
                    z = doSecurity(request, ejbRuntimeEndpointInfo.getEndpoint());
                } catch (Exception e) {
                    logger.log(Level.WARNING, new StringBuffer().append("authentication failed for ").append(ejbRuntimeEndpointInfo.getEndpoint().getEndpointName()).toString(), (Throwable) e);
                }
                HttpServletResponse httpServletResponse = (HttpServletResponse) response.getResponse();
                if (z) {
                    this.webServiceDispatcher.invoke(httpServletRequest, httpServletResponse, ejbRuntimeEndpointInfo);
                    if (z) {
                        SecurityContext.setCurrent(null);
                    }
                    container.externalPostInvoke();
                    return;
                }
                httpServletResponse.sendError(401);
                if (z) {
                    SecurityContext.setCurrent(null);
                }
                container.externalPostInvoke();
            } catch (Throwable th) {
                logger.log(Level.WARNING, "", th);
                if (0 != 0) {
                    SecurityContext.setCurrent(null);
                }
                container.externalPostInvoke();
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                SecurityContext.setCurrent(null);
            }
            container.externalPostInvoke();
            throw th2;
        }
    }

    private boolean doSecurity(Request request, WebServiceEndpoint webServiceEndpoint) throws Exception {
        if (((HttpServletRequest) request).getMethod().equals("GET") || !webServiceEndpoint.hasAuthMethod()) {
            return true;
        }
        WebPrincipal webPrincipal = null;
        String endpointName = webServiceEndpoint.getEndpointName();
        if (webServiceEndpoint.hasBasicAuth()) {
            String authorization = request.getAuthorization();
            if (authorization == null) {
                return false;
            }
            String[] parseUsernameAndPassword = parseUsernameAndPassword(authorization);
            if (parseUsernameAndPassword != null) {
                webPrincipal = new WebPrincipal(parseUsernameAndPassword[0], parseUsernameAndPassword[1], SecurityContext.init());
            } else {
                logger.log(Level.WARNING, new StringBuffer().append("BASIC AUTH username/password http header parsing error for ").append(endpointName).toString());
            }
        } else {
            X509Certificate[] certificates = request.getConnector().getCertificates(request);
            if (certificates != null) {
                webPrincipal = new WebPrincipal(certificates, SecurityContext.init());
            } else {
                logger.log(Level.WARNING, new StringBuffer().append("CLIENT CERT authentication error for ").append(endpointName).toString());
            }
        }
        if (webPrincipal == null) {
            return false;
        }
        boolean authenticate = new RealmAdapter().authenticate(webPrincipal);
        if (!authenticate) {
            logger.fine(new StringBuffer().append("authentication failed for ").append(endpointName).toString());
        }
        return authenticate;
    }

    private String[] parseUsernameAndPassword(String str) {
        String[] strArr = null;
        if (str != null && str.startsWith("Basic ")) {
            String trim = str.substring(6).trim();
            Base64 base64 = base64Helper;
            String str2 = new String(Base64.decode(trim.getBytes()));
            int indexOf = str2.indexOf(58);
            if (indexOf > 0) {
                strArr = new String[]{str2.substring(0, indexOf).trim(), str2.substring(indexOf + 1).trim()};
            }
        }
        return strArr;
    }

    @Override // org.apache.catalina.Lifecycle
    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public LifecycleListener[] findLifecycleListeners() {
        return this.lifecycle.findLifecycleListeners();
    }

    @Override // org.apache.catalina.Lifecycle
    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException("EjbWebServiceValve.alreadyStarted");
        }
        this.lifecycle.fireLifecycleEvent("start", null);
        this.started = true;
    }

    @Override // org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException("EjbWebServiceValve.notStarted");
        }
        this.lifecycle.fireLifecycleEvent("stop", null);
        this.started = false;
    }
}
