package com.sun.enterprise.webservice;

import com.sun.ejb.Container;
import com.sun.enterprise.Switch;
import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.WebServiceEndpoint;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.audit.AuditManagerFactory;
import com.sun.enterprise.webservice.monitoring.AuthenticationListener;
import com.sun.enterprise.webservice.monitoring.Endpoint;
import com.sun.enterprise.webservice.monitoring.WebServiceEngineImpl;
import com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet;
import com.sun.logging.LogDomains;
import com.sun.web.security.RealmAdapter;
import com.sun.web.security.WebPrincipal;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.util.Base64;
import org.apache.tomcat.util.http.BaseRequest;

/* loaded from: input_file:appserv-rt-unknown.jar:com/sun/enterprise/webservice/EjbWebServiceServlet.class */
public class EjbWebServiceServlet extends HttpServlet {
    private static final String AUTHORIZATION_HEADER = "authorization";
    private static Logger logger = LogDomains.getLogger(LogDomains.EJB_LOGGER);
    private static final Base64 base64Helper = new Base64();
    private static AuditManager auditManager = AuditManagerFactory.getAuditManagerInstance();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        EjbRuntimeEndpointInfo ejbWebServiceEndpoint;
        boolean z = true;
        String requestURI = httpServletRequest.getRequestURI();
        String substring = requestURI.charAt(0) == '/' ? requestURI.substring(1) : requestURI;
        String queryString = httpServletRequest.getQueryString();
        if ("Tester".equalsIgnoreCase(queryString)) {
            Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint(httpServletRequest.getRequestURI());
            if (endpoint.getDescriptor().isSecure() || endpoint.getDescriptor().getMessageSecurityBinding() != null) {
                new WsUtil().writeInvalidMethodType(httpServletResponse, endpoint.getDescriptor().getWebService().getName() + "is a secured web service; Tester feature is not supported for secured services");
                return;
            } else if (endpoint != null && Boolean.parseBoolean(endpoint.getDescriptor().getDebugging())) {
                z = false;
                WebServiceTesterServlet.invoke(httpServletRequest, httpServletResponse, endpoint.getDescriptor());
            }
        }
        if (!z || (ejbWebServiceEndpoint = WebServiceEjbEndpointRegistry.getRegistry().getEjbWebServiceEndpoint(substring, httpServletRequest.getMethod(), queryString)) == null) {
            return;
        }
        dispatchToEjbEndpoint(httpServletRequest, httpServletResponse, ejbWebServiceEndpoint);
    }

    private void dispatchToEjbEndpoint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, EjbRuntimeEndpointInfo ejbRuntimeEndpointInfo) {
        String scheme = httpServletRequest.getScheme();
        String str = ejbRuntimeEndpointInfo.getEndpoint().isSecure() ? BaseRequest.SCHEME_HTTPS : "http";
        if (!str.equalsIgnoreCase(scheme)) {
            logger.log(Level.WARNING, "Invalid request scheme for Endpoint " + ejbRuntimeEndpointInfo.getEndpoint().getEndpointName() + ". Expected " + str + " . Received " + scheme);
            return;
        }
        Switch.getSwitch();
        Container container = ejbRuntimeEndpointInfo.getContainer();
        boolean z = false;
        try {
            try {
                container.externalPreInvoke();
                String str2 = null;
                Application application = ejbRuntimeEndpointInfo.getEndpoint().getBundleDescriptor().getApplication();
                if (application != null) {
                    str2 = application.getRealm();
                }
                if (str2 == null) {
                    str2 = ejbRuntimeEndpointInfo.getEndpoint().getRealm();
                }
                if (str2 == null) {
                    str2 = httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort();
                }
                try {
                    z = doSecurity(httpServletRequest, ejbRuntimeEndpointInfo, str2);
                } catch (Exception e) {
                    sendAuthenticationEvents(false, httpServletRequest.getRequestURI(), null);
                    logger.log(Level.WARNING, "authentication failed for " + ejbRuntimeEndpointInfo.getEndpoint().getEndpointName(), (Throwable) e);
                }
                if (auditManager.isAuditOn()) {
                    auditManager.ejbAsWebServiceInvocation(ejbRuntimeEndpointInfo.getEndpoint().getEndpointName(), z);
                }
                if (z) {
                    ejbRuntimeEndpointInfo.getMessageDispatcher().invoke(httpServletRequest, httpServletResponse, getServletContext(), ejbRuntimeEndpointInfo);
                    if (z) {
                        SecurityContext.setCurrent(null);
                    }
                    container.externalPostInvoke();
                    return;
                }
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + str2 + "\"");
                httpServletResponse.sendError(401);
                if (z) {
                    SecurityContext.setCurrent(null);
                }
                container.externalPostInvoke();
            } catch (Throwable th) {
                logger.log(Level.WARNING, "", th);
                if (0 != 0) {
                    SecurityContext.setCurrent(null);
                }
                container.externalPostInvoke();
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                SecurityContext.setCurrent(null);
            }
            container.externalPostInvoke();
            throw th2;
        }
    }

    private boolean doSecurity(HttpServletRequest httpServletRequest, EjbRuntimeEndpointInfo ejbRuntimeEndpointInfo, String str) throws Exception {
        WebServiceContextImpl webServiceContextImpl = (WebServiceContextImpl) ejbRuntimeEndpointInfo.getWebServiceContext();
        if (webServiceContextImpl != null) {
            webServiceContextImpl.setUserPrincipal(null);
        }
        WebServiceEndpoint endpoint = ejbRuntimeEndpointInfo.getEndpoint();
        if (httpServletRequest.getMethod().equals("GET") || !endpoint.hasAuthMethod()) {
            return true;
        }
        WebPrincipal webPrincipal = null;
        String endpointName = endpoint.getEndpointName();
        if (endpoint.hasBasicAuth()) {
            String header = httpServletRequest.getHeader("authorization");
            if (header == null) {
                sendAuthenticationEvents(false, httpServletRequest.getRequestURI(), null);
                return false;
            }
            String[] parseUsernameAndPassword = parseUsernameAndPassword(header);
            if (parseUsernameAndPassword != null) {
                webPrincipal = new WebPrincipal(parseUsernameAndPassword[0], parseUsernameAndPassword[1], SecurityContext.init());
            } else {
                logger.log(Level.WARNING, "BASIC AUTH username/password http header parsing error for " + endpointName);
            }
        } else {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
            if (x509CertificateArr == null || x509CertificateArr.length < 1) {
                x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("org.apache.coyote.request.X509Certificate");
            }
            if (x509CertificateArr != null) {
                webPrincipal = new WebPrincipal(x509CertificateArr, SecurityContext.init());
            } else {
                logger.log(Level.WARNING, "CLIENT CERT authentication error for " + endpointName);
            }
        }
        if (webPrincipal == null) {
            sendAuthenticationEvents(false, httpServletRequest.getRequestURI(), null);
            return false;
        }
        boolean authenticate = new RealmAdapter(str).authenticate(webPrincipal);
        if (!authenticate) {
            sendAuthenticationEvents(false, httpServletRequest.getRequestURI(), webPrincipal);
            logger.fine("authentication failed for " + endpointName);
        }
        sendAuthenticationEvents(true, httpServletRequest.getRequestURI(), webPrincipal);
        if (ejbRuntimeEndpointInfo instanceof Ejb2RuntimeEndpointInfo) {
            return authenticate;
        }
        ejbRuntimeEndpointInfo.prepareInvocation(false);
        ((WebServiceContextImpl) ejbRuntimeEndpointInfo.getWebServiceContext()).setUserPrincipal(webPrincipal);
        return authenticate;
    }

    private String[] parseUsernameAndPassword(String str) {
        String[] strArr = null;
        if (str != null && str.startsWith("Basic ")) {
            String trim = str.substring(6).trim();
            Base64 base64 = base64Helper;
            String str2 = new String(Base64.decode(trim.getBytes()));
            int indexOf = str2.indexOf(58);
            if (indexOf > 0) {
                strArr = new String[]{str2.substring(0, indexOf).trim(), str2.substring(indexOf + 1).trim()};
            }
        }
        return strArr;
    }

    private void sendAuthenticationEvents(boolean z, String str, WebPrincipal webPrincipal) {
        Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint(str);
        if (endpoint == null) {
            return;
        }
        for (AuthenticationListener authenticationListener : WebServiceEngineImpl.getInstance().getAuthListeners()) {
            if (z) {
                authenticationListener.authSucess(endpoint.getDescriptor().getBundleDescriptor(), endpoint, webPrincipal);
            } else {
                authenticationListener.authFailure(endpoint.getDescriptor().getBundleDescriptor(), endpoint, webPrincipal);
            }
        }
    }
}
