package com.ibm.ws.sip.security.tai;

import com.ibm.sip.util.log.Log;
import com.ibm.sip.util.log.LogMgr;
import com.ibm.sip.util.log.Situation;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor;
import com.ibm.ws.jain.protocol.ip.sip.extensions.PAssertedIdentityHeader;
import com.ibm.ws.sip.container.parser.SecurityResourceCollection;
import com.ibm.ws.sip.container.parser.SipAppDesc;
import com.ibm.ws.sip.container.properties.PropertiesStore;
import com.ibm.ws.sip.container.servlets.IncomingSipServletRequest;
import com.ibm.ws.sip.container.servlets.SipServletMessageImpl;
import com.ibm.ws.sip.properties.CoreProperties;
import com.ibm.ws.sip.properties.SipPropertiesMap;
import com.ibm.ws.sip.security.auth.AuthorizationConstants;
import com.ibm.ws.sip.security.digest.AuthorizationResponse;
import com.ibm.ws.sip.security.digest.DigestTAI;
import com.ibm.ws.sip.security.digest.ldap.LdapConstants;
import com.ibm.ws.sip.security.digest.ldap.WASPropertiesReader;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.extension.BaseTrustAssociationInterceptor;
import jain.protocol.ip.sip.address.SipURL;
import jain.protocol.ip.sip.address.URI;
import jain.protocol.ip.sip.header.HeaderIterator;
import jain.protocol.ip.sip.header.HeaderParseException;
import jain.protocol.ip.sip.header.SecurityHeader;
import jain.protocol.ip.sip.message.Request;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import javax.security.auth.Subject;
import javax.servlet.sip.SipServletMessage;
import javax.servlet.sip.SipServletRequest;
import javax.servlet.sip.SipServletResponse;
import javax.servlet.sip.SipURI;

/* loaded from: input_file:com/ibm/ws/sip/security/tai/SIPBaseTrustAssociationInterceptor.class */
public abstract class SIPBaseTrustAssociationInterceptor extends BaseTrustAssociationInterceptor implements SIPTrustAssociationInterceptor {
    private static final String AUTHENTICATE_ACK = "doAuthenticateACK";
    private static final String AUTHENTICATE_CANCEL = "doAuthenticateCANCEL";
    private static final int BUFFER_TIME = 10000;
    private static final LogMgr c_logger = Log.get(SIPBaseTrustAssociationInterceptor.class);
    private int m_timerPeriod;
    private final String m_version = "0.0.1";
    private boolean m_disableSIPBasicAuth = false;
    private boolean m_doAuthAck = false;
    private boolean m_doAuthCancel = false;
    private Map<String, UserCache> m_usersCache = new HashMap(100, 0.75f);
    private Map<String, UserSubjectCache> m_usersSubjectCache = new HashMap(100, 0.75f);
    private Object m_usersCacheSemaphore = new Object();
    private boolean m_isInitialized = false;
    private Object m_initSemaphore = new Object();
    private Timer m_timer = null;
    private boolean m_isEnabled = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/sip/security/tai/SIPBaseTrustAssociationInterceptor$ClearUserCacheTask.class */
    public class ClearUserCacheTask extends TimerTask {
        ClearUserCacheTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            Date date = new Date();
            if (SIPBaseTrustAssociationInterceptor.c_logger.isTraceDebugEnabled()) {
                SIPBaseTrustAssociationInterceptor.c_logger.traceDebug(this, "run", "start clean on [" + date.toString() + "], map size[" + SIPBaseTrustAssociationInterceptor.this.m_usersCache.size() + "]");
            }
            synchronized (SIPBaseTrustAssociationInterceptor.this.m_usersCacheSemaphore) {
                Iterator it = SIPBaseTrustAssociationInterceptor.this.m_usersCache.entrySet().iterator();
                while (it.hasNext()) {
                    if (date.getTime() - ((UserCache) ((Map.Entry) it.next()).getValue()).getTime() > SIPBaseTrustAssociationInterceptor.this.m_timerPeriod) {
                        it.remove();
                    }
                }
                Iterator it2 = SIPBaseTrustAssociationInterceptor.this.m_usersSubjectCache.entrySet().iterator();
                while (it2.hasNext()) {
                    if (date.getTime() - ((UserSubjectCache) ((Map.Entry) it2.next()).getValue()).getTime() > SIPBaseTrustAssociationInterceptor.this.m_timerPeriod) {
                        it2.remove();
                    }
                }
            }
            if (SIPBaseTrustAssociationInterceptor.c_logger.isTraceDebugEnabled()) {
                SIPBaseTrustAssociationInterceptor.c_logger.traceDebug(this, "run", "clean ended, map size[" + SIPBaseTrustAssociationInterceptor.this.m_usersCache.size() + "]");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/sip/security/tai/SIPBaseTrustAssociationInterceptor$UserCache.class */
    public static class UserCache {
        private String userName;
        private long timeStamp = System.currentTimeMillis();

        public UserCache(String str) {
            this.userName = str;
        }

        public long getTime() {
            return this.timeStamp;
        }

        public void touch() {
            this.timeStamp = System.currentTimeMillis();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/sip/security/tai/SIPBaseTrustAssociationInterceptor$UserSubjectCache.class */
    public static class UserSubjectCache {
        private Subject subject;
        private long timeStamp;

        public UserSubjectCache(Subject subject) {
            setSubject(subject);
        }

        public Subject getSubject() {
            return this.subject;
        }

        public void setSubject(Subject subject) {
            this.subject = subject;
            this.timeStamp = System.currentTimeMillis();
        }

        public long getTime() {
            return this.timeStamp;
        }

        public void touch() {
            this.timeStamp = System.currentTimeMillis();
        }
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public boolean isTargetProtocolInterceptor(SipServletMessage sipServletMessage) throws WebTrustAssociationFailedException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "isTargetProtocolInterceptor", new Object[]{sipServletMessage});
        }
        if (!this.m_isEnabled) {
            if (!c_logger.isTraceDebugEnabled()) {
                return false;
            }
            c_logger.traceDebug(this, "isTargetProtocolInterceptor", "Digest TAI is disabled.");
            return false;
        }
        if (((SipServletMessageImpl) sipServletMessage).getMessage().getViaHeaders() == null) {
            if (!c_logger.isTraceDebugEnabled()) {
                return false;
            }
            c_logger.traceDebug(this, "isTargetProtocolInterceptor", "No via headers, internal message not need to authenticate.");
            return false;
        }
        if (!this.m_isInitialized) {
            synchronized (this.m_initSemaphore) {
                initialize(null);
            }
        }
        try {
            if (((PAssertedIdentityHeader) ((SipServletMessageImpl) sipServletMessage).getMessage().getHeader(PAssertedIdentityHeader.name, true)) != null) {
                return true;
            }
        } catch (Exception e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.parse", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        if (this.m_disableSIPBasicAuth) {
            return true;
        }
        SecurityHeader securityHeader = null;
        try {
            securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletMessage).getMessage().getHeader("Authorization", true);
            if (securityHeader == null) {
                securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletMessage).getMessage().getHeader("Proxy-Authorization", true);
            }
        } catch (HeaderParseException e2) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.parse", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e2);
            }
        }
        if (securityHeader == null) {
            return true;
        }
        if (!securityHeader.getScheme().equalsIgnoreCase(AuthorizationConstants.BASIC_HEADER)) {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "isTargetProtocolInterceptor", "*** found Authorization Header (non Basic) [" + securityHeader.getValue() + "]");
            }
            return doHandleAuthorizationHeader(securityHeader);
        }
        if (!c_logger.isTraceDebugEnabled()) {
            return false;
        }
        c_logger.traceDebug(this, "isTargetProtocolInterceptor", "*** true: found Basic Authorization Header");
        return false;
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public TAIResult negotiateValidateandEstablishProtocolTrust(SipServletRequest sipServletRequest, SipServletResponse sipServletResponse) throws WebTrustAssociationFailedException {
        Subject subject;
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "negotiateValidateandEstablishProtocolTrust", new Object[]{sipServletRequest, sipServletResponse});
        }
        if (sipServletResponse != null || ((!this.m_doAuthAck && sipServletRequest.getMethod().equalsIgnoreCase(Request.ACK)) || (!this.m_doAuthCancel && sipServletRequest.getMethod().equalsIgnoreCase(Request.CANCEL)))) {
            TAIResult checkPIdAuthentication = sipServletResponse != null ? checkPIdAuthentication((SipServletMessageImpl) sipServletResponse) : checkPIdAuthentication((SipServletMessageImpl) sipServletRequest);
            if (checkPIdAuthentication != null) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "negotiateValidateandEstablishProtocolTrust", "p-asserted-identity authentication was found");
                }
                return checkPIdAuthentication;
            }
            String authenticatedUsername = getAuthenticatedUsername(sipServletRequest, sipServletResponse);
            if (authenticatedUsername == null || authenticatedUsername.length() == 0) {
                authenticatedUsername = SipServletMessageImpl.UNAUTHENTICATED;
                ArrayList arrayList = new ArrayList();
                arrayList.add(SipServletMessageImpl.UNAUTHENTICATED);
                Hashtable hashtable = new Hashtable();
                hashtable.put("com.ibm.wsspi.security.cred.uniqueId", authenticatedUsername);
                hashtable.put("com.ibm.wsspi.security.cred.securityName", authenticatedUsername);
                hashtable.put("com.ibm.wsspi.security.cred.groups", arrayList);
                subject = new Subject();
                subject.getPublicCredentials().add(hashtable);
            } else {
                subject = getSubject(authenticatedUsername);
            }
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "negotiateValidateandEstablishProtocolTrust", "username=[" + authenticatedUsername + "],subject=[" + subject + "]");
            }
            return TAIResult.create(200, authenticatedUsername, subject);
        }
        TAIResult checkPIdAuthentication2 = checkPIdAuthentication((SipServletMessageImpl) sipServletRequest);
        if (checkPIdAuthentication2 != null) {
            return checkPIdAuthentication2;
        }
        SecurityHeader securityHeader = null;
        try {
            securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletRequest).getMessage().getHeader("Authorization", true);
            if (securityHeader == null) {
                securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletRequest).getMessage().getHeader("Proxy-Authorization", true);
            }
        } catch (HeaderParseException e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.parse", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        IncomingSipServletRequest incomingSipServletRequest = (IncomingSipServletRequest) sipServletRequest;
        try {
            AuthorizationResponse handleAuthorizationHeader = handleAuthorizationHeader(securityHeader, incomingSipServletRequest.getMethod(), SIPSecurityThreadLocalStorage.getSipAppDesc(), incomingSipServletRequest.getTransactionUser().getLogicalName().toString(), incomingSipServletRequest.getRawContent());
            if (!handleAuthorizationHeader.isAuthorized) {
                incomingSipServletRequest.getTransactionUser().setForwardToApplication(false);
                String response = handleAuthorizationHeader.getResponse();
                return (response == null || response.equals("")) ? sendError(incomingSipServletRequest, handleAuthorizationHeader.getStatusCode()) : sendNotAuthorized(incomingSipServletRequest, response);
            }
            if (0 != 0) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "negotiateValidateandEstablishProtocolTrust", "Adding Authentication-Info header with[" + ((String) null) + "]");
                }
                incomingSipServletRequest.setAuthInfoHeaderData(null);
            }
            String authenticatedUsername2 = getAuthenticatedUsername(sipServletRequest, sipServletResponse);
            return TAIResult.create(200, authenticatedUsername2, getSubject(authenticatedUsername2));
        } catch (IOException e2) {
            return sendError(incomingSipServletRequest, 500);
        }
    }

    private TAIResult checkPIdAuthentication(SipServletMessageImpl sipServletMessageImpl) {
        try {
            HeaderIterator headers = sipServletMessageImpl.getMessage().getHeaders(PAssertedIdentityHeader.name);
            String userFromMessage = getUserFromMessage(sipServletMessageImpl);
            if (headers != null) {
                while (headers.hasNext()) {
                    URI address = ((PAssertedIdentityHeader) headers.next()).getNameAddress().getAddress();
                    if (address instanceof SipURL) {
                        SipURL sipURL = (SipURL) address;
                        String userName = sipURL.getUserName();
                        StringBuffer stringBuffer = new StringBuffer(16);
                        if (userName != null) {
                            stringBuffer.append(userName);
                        }
                        stringBuffer.append('@');
                        stringBuffer.append(sipURL.getHost());
                        String stringBuffer2 = stringBuffer.toString();
                        updateCache(userFromMessage, stringBuffer2);
                        Subject subject = getSubject(stringBuffer2);
                        if (c_logger.isTraceDebugEnabled()) {
                            c_logger.traceDebug("user name [" + stringBuffer2 + ']');
                        }
                        if (subject != null) {
                            if (c_logger.isTraceDebugEnabled()) {
                                c_logger.traceDebug("subject [" + subject + ']');
                            }
                            return TAIResult.create(200, stringBuffer2, subject);
                        }
                    }
                }
            }
            return null;
        } catch (Exception e) {
            if (!c_logger.isErrorEnabled()) {
                return null;
            }
            c_logger.error("error.exception.parse", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            return null;
        }
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public int initialize(Properties properties) throws WebTrustAssociationFailedException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "initialize");
        }
        if (this.m_isInitialized) {
            if (!c_logger.isTraceDebugEnabled()) {
                return 0;
            }
            c_logger.traceDebug(this, "initialize", "already initialized");
            return 0;
        }
        SipPropertiesMap properties2 = PropertiesStore.getInstance().getProperties();
        if (properties2 != null) {
            String string = properties2.getString(CoreProperties.ENABLE_DIGEST_TAI_PROPERTY);
            String str = string != null ? string : CoreProperties.ENABLE_DIGEST_TAI_PROPERTY_DEFAULT;
            this.m_isEnabled = Boolean.parseBoolean(str);
            DigestTAI.logPropertyFound(CoreProperties.ENABLE_DIGEST_TAI_PROPERTY, str);
        }
        if (!this.m_isEnabled) {
            if (!c_logger.isTraceDebugEnabled()) {
                return 0;
            }
            c_logger.traceDebug(this, "isTargetProtocolInterceptor", "Digest TAI is disabled, aborting initialize.");
            return 0;
        }
        Properties properties3 = new WASPropertiesReader().getProperties();
        String str2 = (String) properties3.remove(LdapConstants.PROPERTY_DISABLE_SIP_BASIC_AUTH);
        if (str2 != null) {
            DigestTAI.logPropertyFound(LdapConstants.PROPERTY_DISABLE_SIP_BASIC_AUTH, str2);
            this.m_disableSIPBasicAuth = Boolean.parseBoolean(str2);
        } else if (c_logger.isTraceDebugEnabled()) {
            StringBuilder sb = new StringBuilder(100);
            sb.append("property [");
            sb.append(LdapConstants.PROPERTY_DISABLE_SIP_BASIC_AUTH);
            sb.append("] not found");
            c_logger.traceDebug(this, "initialize", sb.toString());
        }
        this.m_timer = new Timer(true);
        String property = properties3.getProperty(LdapConstants.PROPERTY_USER_CACHE_CLEAN_PERIOD, LdapConstants.DEFAULT_USER_CACHE_CLEAN_PERIOD);
        DigestTAI.logPropertyFound(LdapConstants.PROPERTY_USER_CACHE_CLEAN_PERIOD, property);
        this.m_timerPeriod = Integer.parseInt(property) * 1000 * 60;
        this.m_timer.schedule(new ClearUserCacheTask(), this.m_timerPeriod, this.m_timerPeriod);
        String str3 = (String) properties3.remove(AUTHENTICATE_ACK);
        if (str3 != null) {
            DigestTAI.logPropertyFound(AUTHENTICATE_ACK, str3);
            this.m_doAuthAck = Boolean.parseBoolean(str3);
        }
        String str4 = (String) properties3.remove(AUTHENTICATE_CANCEL);
        if (str4 != null) {
            DigestTAI.logPropertyFound(AUTHENTICATE_CANCEL, str4);
            this.m_doAuthCancel = Boolean.parseBoolean(str4);
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "init");
        }
        int init = init(properties3);
        this.m_isInitialized = true;
        return init;
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public String getVersion() {
        return "0.0.1";
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public String getType() {
        return null;
    }

    @Override // com.ibm.websphere.security.tai.extension.SIPTrustAssociationInterceptor
    public void cleanup() {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "cleanup");
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "clenup");
        }
    }

    private final String getAuthenticatedUsername(SipServletRequest sipServletRequest, SipServletResponse sipServletResponse) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getAuthenticatedUsername", new Object[]{sipServletRequest, sipServletResponse});
        }
        String str = "";
        if (sipServletResponse != null) {
            String userFromURI = getUserFromURI(sipServletResponse.getTo().getURI());
            UserCache userCache = this.m_usersCache.get(userFromURI);
            if (userCache != null) {
                str = userCache.userName;
                if (c_logger.isTraceEntryExitEnabled()) {
                    c_logger.traceExit(this, "getAuthenticatedUsername", "getting from cache from=[" + userFromURI + "],uid=[" + str + "]");
                }
            }
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "getAuthenticatedUsername", "this is sip response username=[" + str + "]");
            }
            return str;
        }
        if ((!this.m_doAuthAck && sipServletRequest.getMethod().equalsIgnoreCase(Request.ACK)) || (!this.m_doAuthCancel && sipServletRequest.getMethod().equalsIgnoreCase(Request.CANCEL))) {
            String userFromMessage = getUserFromMessage(sipServletRequest);
            UserCache userCache2 = this.m_usersCache.get(userFromMessage);
            if (userCache2 != null) {
                str = userCache2.userName;
                if (c_logger.isTraceEntryExitEnabled()) {
                    c_logger.traceExit(this, "getAuthenticatedUsername", "getting from cache from=[" + userFromMessage + "],uid=[" + str + "]");
                }
            }
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "getAuthenticatedUsername", "this is sip ACK/CANCEL request, username=[" + str + "]");
            }
            return str;
        }
        SecurityHeader securityHeader = null;
        try {
            securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletRequest).getMessage().getHeader("Authorization", true);
            if (securityHeader == null) {
                securityHeader = (SecurityHeader) ((SipServletMessageImpl) sipServletRequest).getMessage().getHeader("Proxy-Authorization", true);
            }
        } catch (HeaderParseException e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.parse", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        String authenticatedUsernameFromAuthorizationHeader = getAuthenticatedUsernameFromAuthorizationHeader(securityHeader);
        updateCache(getUserFromMessage(sipServletRequest), authenticatedUsernameFromAuthorizationHeader);
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "getAuthenticatedUsername", authenticatedUsernameFromAuthorizationHeader);
        }
        return authenticatedUsernameFromAuthorizationHeader;
    }

    private void updateCache(String str, String str2) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "updateCache", new Object[]{str, str2});
        }
        synchronized (this.m_usersCacheSemaphore) {
            UserCache userCache = this.m_usersCache.get(str);
            if (userCache == null) {
                this.m_usersCache.put(str, new UserCache(str2));
                return;
            }
            if (System.currentTimeMillis() - userCache.getTime() > this.m_timerPeriod / 2) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "updateCache", "putting to cache from=[" + str + "],uid=[" + str2 + "]");
                }
                userCache.touch();
            }
            if (c_logger.isTraceEntryExitEnabled()) {
                c_logger.traceExit(this, "updateCache");
            }
        }
    }

    private Subject validateUserSubject(String str) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "validateUserSubject", new Object[]{str});
        }
        synchronized (this.m_usersCacheSemaphore) {
            UserSubjectCache userSubjectCache = this.m_usersSubjectCache.get(str);
            if (userSubjectCache == null) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "validateUserSubject", "putting subject");
                }
                Subject userSubject = getUserSubject(str);
                this.m_usersSubjectCache.put(str, new UserSubjectCache(userSubject));
                return userSubject;
            }
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "validateUserSubject", "validating subject");
            }
            Subject subject = userSubjectCache.getSubject();
            long j = -1;
            try {
                j = ((WSCredential) subject.getPublicCredentials(WSCredential.class).iterator().next()).getExpiration();
            } catch (Exception e) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "validateUserSubject", "cached subject token not valid, recreating ,[" + e.getMessage() + "]");
                }
            }
            if (j <= System.currentTimeMillis() + 10000) {
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "validateUserSubject", "cached subject token not valid, recreating ");
                }
                subject = getUserSubject(str);
                userSubjectCache.setSubject(subject);
            } else if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "validateUserSubject", "subject valid");
            }
            if (c_logger.isTraceEntryExitEnabled()) {
                c_logger.traceExit(this, "validateUserSubject", subject);
            }
            return subject;
        }
    }

    private String getUserFromURI(javax.servlet.sip.URI uri) {
        if (!uri.isSipURI()) {
            return "";
        }
        SipURI sipURI = (SipURI) uri;
        String user = sipURI.getUser();
        StringBuffer stringBuffer = new StringBuffer(16);
        if (user != null) {
            stringBuffer.append(user);
        }
        stringBuffer.append('@');
        stringBuffer.append(sipURI.getHost());
        return stringBuffer.toString();
    }

    private String getUserFromMessage(SipServletMessage sipServletMessage) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getUserFromMessage", new Object[]{sipServletMessage});
        }
        String userFromURI = getUserFromURI(sipServletMessage.getFrom().getURI());
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "getUserFromMessage", userFromURI);
        }
        return userFromURI;
    }

    private TAIResult sendError(SipServletRequest sipServletRequest, int i) throws WebTrustAssociationFailedException {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "sendError", new Object[]{new Integer(i)});
        }
        try {
            sipServletRequest.createResponse(i).send();
        } catch (IOException e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.io", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "sendError");
        }
        return TAIResult.create(401);
    }

    private TAIResult sendNotAuthorized(SipServletRequest sipServletRequest, String str) throws WebTrustAssociationFailedException {
        SipServletResponse createResponse;
        TAIResult create;
        String method = sipServletRequest.getMethod();
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "sendNotAuthorized", new Object[]{method, str});
        }
        boolean z = false;
        if (sipServletRequest.isCommitted() || sipServletRequest.getMethod().equals(Request.ACK)) {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "sendNotAuthorized", "request commited or ACK");
            }
            return TAIResult.create(401);
        }
        Iterator it = SIPSecurityThreadLocalStorage.getSipAppDesc().getSipServlet(SIPSecurityThreadLocalStorage.getSipServletName()).getSecurityResourceCollections().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityResourceCollection securityResourceCollection = (SecurityResourceCollection) it.next();
            if (securityResourceCollection.isMethodInResource(method)) {
                z = securityResourceCollection.getSecurityConstraint().isProxyAuthenticate();
                if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "sendNotAuthorized", "found security constraint[" + securityResourceCollection.getSecurityConstraint().getDisplayName() + "collection[+" + securityResourceCollection.getResourceName() + "] proxy-auth=[" + z + "]");
                }
            }
        }
        if (z) {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "sendNotAuthorized", "create 407");
            }
            createResponse = sipServletRequest.createResponse(407);
            createResponse.addHeader("Proxy-Authenticate", str);
            createResponse.addHeader("Proxy-Authenticate", str);
            create = TAIResult.create(407);
        } else {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "sendNotAuthorized", "create 401");
            }
            createResponse = sipServletRequest.createResponse(401);
            createResponse.addHeader("WWW-Authenticate", str);
            create = TAIResult.create(401);
        }
        try {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "sendNotAuthorized", "Adding Authenticate request header[" + str + "]");
            }
            createResponse.send();
        } catch (IOException e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.io", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "sendNotAuthorized", new Integer(create.getStatus()));
        }
        return create;
    }

    private Subject getSubject(String str) {
        return validateUserSubject(str);
    }

    public abstract int init(Properties properties);

    public abstract boolean doHandleAuthorizationHeader(SecurityHeader securityHeader);

    public abstract AuthorizationResponse handleAuthorizationHeader(SecurityHeader securityHeader, String str, SipAppDesc sipAppDesc, String str2, byte[] bArr);

    public abstract String getAuthenticatedUsernameFromAuthorizationHeader(SecurityHeader securityHeader);

    public abstract Subject getUserSubject(String str);
}
