package com.ibm.ws.sip.security.digest;

import com.ibm.sip.util.log.Log;
import com.ibm.sip.util.log.LogMgr;
import com.ibm.sip.util.log.Situation;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.sip.container.parser.SipAppDesc;
import com.ibm.ws.sip.security.auth.DigestConstants;
import com.ibm.ws.sip.security.digest.ldap.LdapConstants;
import com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import jain.protocol.ip.sip.header.SecurityHeader;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sip/security/digest/DigestTAI.class */
public class DigestTAI extends SIPBaseTrustAssociationInterceptor {
    private static final LogMgr c_logger = Log.get(DigestTAI.class);
    private SIPDigestService m_digestService = null;
    private UserRegistry m_userRegistry = null;
    private boolean m_useAuthInt = false;
    private boolean m_useShortLogin = Boolean.parseBoolean(LdapConstants.DEFAULT_SHORT_AUTHENTICATED_NAME);
    private boolean m_isInitialized = false;
    private Object m_initSemaphore = new Object();

    private void initUserRegistry() {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "initUserRegistry");
        }
        if (!this.m_isInitialized) {
            synchronized (this.m_initSemaphore) {
                if (!this.m_isInitialized) {
                    try {
                        this.m_userRegistry = (UserRegistry) new InitialContext().lookup("UserRegistry");
                    } catch (NamingException e) {
                        if (c_logger.isErrorEnabled()) {
                            c_logger.error("error.exception.login", Situation.SITUATION_UNKNOWN, (Object[]) null, e);
                        }
                    }
                    this.m_isInitialized = true;
                }
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "initUserRegistry");
        }
    }

    @Override // com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor
    public int init(Properties properties) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "init");
        }
        String str = (String) properties.remove(LdapConstants.PROPERTY_USE_AUTH_INT);
        if (str != null) {
            logPropertyFound(LdapConstants.PROPERTY_USE_AUTH_INT, str);
            this.m_useAuthInt = Boolean.parseBoolean(str);
        }
        String str2 = (String) properties.remove(LdapConstants.PROPERTY_SHORT_AUTHENTICATED_NAME);
        if (str2 != null) {
            logPropertyFound(LdapConstants.PROPERTY_SHORT_AUTHENTICATED_NAME, str2);
            this.m_useShortLogin = Boolean.parseBoolean(str2);
        }
        String str3 = (String) properties.remove(LdapConstants.PROPERTY_DIGEST_PASSWORD_SERVER_CLASS);
        if (str3 == null) {
            str3 = LdapConstants.DEFAULT_DIGEST_PASSWORD_SERVER_CLASS;
        }
        if (str3 != null) {
            logPropertyFound(LdapConstants.PROPERTY_DIGEST_PASSWORD_SERVER_CLASS, str3);
            try {
                DigestPasswordServer digestPasswordServer = (DigestPasswordServer) Class.forName(str3, true, ExtClassLoader.getInstance()).newInstance();
                if (digestPasswordServer.initialize(properties) == 0) {
                    if (c_logger.isTraceDebugEnabled()) {
                        c_logger.traceDebug(this, "init", "digest password server init successfuly");
                    }
                } else if (c_logger.isTraceDebugEnabled()) {
                    c_logger.traceDebug(this, "init", "digest password server failed to initialize");
                }
                this.m_digestService = new SIPDigestService(digestPasswordServer, properties);
            } catch (ClassNotFoundException e) {
                if (!c_logger.isErrorEnabled()) {
                    return 1;
                }
                c_logger.error("error.exception.classnotfound", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
                return 1;
            } catch (IllegalAccessException e2) {
                if (!c_logger.isErrorEnabled()) {
                    return 1;
                }
                c_logger.error("error.exception.illegalaccess", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e2);
                return 1;
            } catch (InstantiationException e3) {
                if (!c_logger.isErrorEnabled()) {
                    return 1;
                }
                c_logger.error("error.exception.instantiate", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e3);
                return 1;
            }
        } else if (c_logger.isTraceDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("");
            stringBuffer.append("property [");
            stringBuffer.append(LdapConstants.PROPERTY_DIGEST_PASSWORD_SERVER_CLASS);
            stringBuffer.append("] not found");
            c_logger.traceDebug(this, "init", stringBuffer.toString());
            return 1;
        }
        if (!c_logger.isTraceEntryExitEnabled()) {
            return 0;
        }
        c_logger.traceExit(this, "init");
        return 0;
    }

    public static void logPropertyFound(String str, String str2) {
        if (c_logger.isTraceDebugEnabled()) {
            StringBuilder sb = new StringBuilder(100);
            sb.append("found property [").append(str).append("]=[").append(str2).append("]");
            c_logger.traceDebug(null, "init", sb.toString());
        }
    }

    @Override // com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor
    public boolean doHandleAuthorizationHeader(SecurityHeader securityHeader) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "doHandleAuthorizationHeader", new Object[]{securityHeader});
        }
        boolean z = false;
        if (securityHeader.getScheme().equalsIgnoreCase(DigestConstants.DIGEST)) {
            z = true;
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "doHandleAuthorizationHeader", new Boolean(z));
        }
        return z;
    }

    private String createChallange(SipAppDesc sipAppDesc, String str, boolean z) {
        String createNonce = this.m_digestService.createNonce();
        StringBuilder sb = new StringBuilder(150);
        if (this.m_useAuthInt) {
            sb.append(DigestConstants.DIGEST_FIRST_REQUEST_WITH_AUTH_INT);
        } else {
            sb.append(DigestConstants.DIGEST_FIRST_REQUEST);
        }
        sb.append("\"").append(createNonce).append("\",").append(DigestConstants.DIGEST_REALM).append("\"").append(sipAppDesc.getRealm()).append("\",").append(DigestConstants.PROPERTY_OPAQUE).append("=\"").append(str).append("\"");
        if (z) {
            sb.append(", ").append(DigestConstants.PROPERTY_STALE).append("=\"true\"");
        }
        return sb.toString();
    }

    @Override // com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor
    public AuthorizationResponse handleAuthorizationHeader(SecurityHeader securityHeader, String str, SipAppDesc sipAppDesc, String str2, byte[] bArr) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "handleAuthorizationHeader", new Object[]{securityHeader, str, sipAppDesc});
        }
        if (securityHeader == null) {
            return new AuthorizationResponse(createChallange(sipAppDesc, str2, false));
        }
        try {
            AuthorizationResponse authenticate = this.m_digestService.authenticate(securityHeader, str, str2, bArr);
            if (!authenticate.isAuthorized) {
                authenticate.setResponse(createChallange(sipAppDesc, str2, authenticate.isNonceStale));
                return authenticate;
            }
            String createNonce = this.m_digestService.createNonce();
            StringBuilder sb = new StringBuilder(40);
            sb.append(DigestConstants.DIGEST_AUTH_INFO_RESPONSE).append("\"").append(createNonce).append("\"");
            authenticate.setResponse(sb.toString());
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "negotiateAndValidateEstablishedTrust", "auth successful sending auth-info=[" + authenticate.getResponse() + "]");
            }
            if (c_logger.isTraceEntryExitEnabled()) {
                c_logger.traceExit(this, "handleAuthorizationHeader", authenticate.getResponse());
            }
            return authenticate;
        } catch (DigestPasswordServerException e) {
            return new AuthorizationResponse(500);
        }
    }

    @Override // com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor
    public String getAuthenticatedUsernameFromAuthorizationHeader(SecurityHeader securityHeader) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getAuthenticatedUsernameFromAuthorizationHeader", new Object[]{securityHeader});
        }
        String parameter = securityHeader.getParameter(DigestConstants.PROPERTY_USER_NAME);
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "getAuthenticatedUsernameFromAuthorizationHeader", parameter);
        }
        return parameter;
    }

    @Override // com.ibm.ws.sip.security.tai.SIPBaseTrustAssociationInterceptor
    public Subject getUserSubject(String str) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getUserSubject", new Object[]{str});
        }
        Subject subject = null;
        try {
            if (this.m_userRegistry == null) {
                initUserRegistry();
            }
            String uniqueUserId = this.m_userRegistry.getUniqueUserId(str);
            String userFromUniqueID = WSSecurityPropagationHelper.getUserFromUniqueID(uniqueUserId);
            String userSecurityName = this.m_useShortLogin ? str : this.m_userRegistry.getUserSecurityName(userFromUniqueID);
            List uniqueGroupIds = this.m_userRegistry.getUniqueGroupIds(userFromUniqueID);
            Hashtable hashtable = new Hashtable();
            hashtable.put("com.ibm.wsspi.security.cred.uniqueId", uniqueUserId);
            hashtable.put("com.ibm.wsspi.security.cred.securityName", userSecurityName);
            hashtable.put("com.ibm.wsspi.security.cred.groups", uniqueGroupIds);
            subject = new Subject(false, new HashSet(), new HashSet(), new HashSet());
            subject.getPublicCredentials().add(hashtable);
        } catch (Exception e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.login", Situation.SITUATION_UNKNOWN, (Object[]) null, (Throwable) e);
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "getUserSubject", subject);
        }
        return subject;
    }
}
