package com.ibm.wps.sso;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.util.Base64Coder;
import com.ibm.websphere.security.TrustAssociationInterceptor;
import com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.WebTrustAssociationUserException;
import java.util.HashMap;
import java.util.MissingResourceException;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import sirrus.runtime.APIFactory;
import sirrus.runtime.RuntimeAPI;
import sirrus.runtime.RuntimeAPIException;
import sirrus.runtime.ServerDescriptor;
import sirrus.runtime.TokenException;

/* loaded from: input_file:wps.jar:com/ibm/wps/sso/RSATrustAssociationInterceptor.class */
public class RSATrustAssociationInterceptor extends WebSphereBaseTrustAssociationInterceptor implements TrustAssociationInterceptor {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-B88, (C) Copyright IBM Corp. 2001, 2002 - All Rights reserved.";
    private static final String TAI_VERSION = "RSA Clear Trust Trust Association Interceptor Version 1.0  IBM Corporation (C)opyright 2002";
    private static TraceComponent tc;
    private String userHeader;
    private RuntimeAPI runtimeAPI;
    private String sessionCookie;
    private boolean validateSessions;
    private String[] requiredHeaders;
    static Class class$com$ibm$wps$sso$RSATrustAssociationInterceptor;
    private final String USE_SSL_KEY = "usessl";
    private final String DISPATCHERSERVER_KEY = "dispatcher_hostname";
    private String DISPATCHER_SERVER_PORT_KEY = "dispatcher_port";
    private String USERHEADER_KEY = "userHeader";
    private String SESSIONCOOKIE_KEY = "sessionCookie";
    private String VALIDATESESSIONS_KEY = "validateSessions";
    private String REQUIREDHEADERS_KEY = "requiredHeaders";

    public void cleanup() {
        Tr.debug(tc, "cleanup(). Disconnecting Clear Trust RuntimeAPI");
        this.runtimeAPI.close();
    }

    public String getAuthenticatedUsername(HttpServletRequest httpServletRequest) throws WebTrustAssociationUserException {
        Tr.debug(tc, ">\t\tgetAuthenticatedUsername()");
        String rfc2047Decode = rfc2047Decode(httpServletRequest.getHeader(this.userHeader));
        Tr.debug(tc, new StringBuffer().append(this.userHeader).append(" header:  ").append(rfc2047Decode).toString());
        if (null == rfc2047Decode) {
            Tr.error(tc, new StringBuffer().append("The request does not contain an ").append(this.userHeader).append("  HTTP Header").toString());
            throw new WebTrustAssociationUserException(new StringBuffer().append("The request does not contain a ").append(this.userHeader).append(" HTTP Header").toString());
        }
        String trim = rfc2047Decode.trim();
        if (0 == trim.length()) {
            Tr.error(tc, new StringBuffer().append("The ").append(this.userHeader).append(" HTTP Header is empty").toString());
            throw new WebTrustAssociationUserException(new StringBuffer().append("The ").append(this.userHeader).append(" HTTP Header is empty").toString());
        }
        Tr.error(tc, new StringBuffer().append("User Name:  ").append(trim).toString());
        Tr.debug(tc, "<\t\tgetAuthenticatedUsername()");
        return trim;
    }

    public char getCharFromHex(String str) {
        return (char) Integer.valueOf(str, 16).intValue();
    }

    private String getCtCookieValue(HttpServletRequest httpServletRequest) {
        String str = new String();
        Cookie[] cookies = httpServletRequest.getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(this.sessionCookie)) {
                str = cookies[i].getValue();
            }
        }
        return trimPercentTwosOff(str);
    }

    public int init(String str) {
        setVersion(TAI_VERSION);
        try {
            PropertyResourceBundle propertyResourceBundle = (PropertyResourceBundle) ResourceBundle.getBundle(str);
            try {
                String trim = propertyResourceBundle.getString("dispatcher_hostname").trim();
                if (0 == trim.length()) {
                    Tr.error(tc, new StringBuffer().append("Please specify a value for the dispatcher_hostname Property in the ").append(str).append(" properties file").toString());
                    return -1;
                }
                Tr.debug(tc, new StringBuffer().append("Value of dispatcherServer ->").append(trim).toString());
                int intValue = new Integer(propertyResourceBundle.getString(this.DISPATCHER_SERVER_PORT_KEY)).intValue();
                Tr.debug(tc, new StringBuffer().append("Value of dispatcher_port ->").append(intValue).toString());
                this.userHeader = propertyResourceBundle.getString(this.USERHEADER_KEY).trim();
                if (0 == this.userHeader.length()) {
                    Tr.error(tc, new StringBuffer().append("Please specify a value for the ").append(this.USERHEADER_KEY).append(" Property in the ").append(str).append(" properties file").toString());
                    return -1;
                }
                Tr.debug(tc, new StringBuffer().append("Value of userHeader ->").append(this.userHeader).toString());
                this.sessionCookie = propertyResourceBundle.getString(this.SESSIONCOOKIE_KEY).trim();
                if (0 == this.sessionCookie.length()) {
                    Tr.error(tc, new StringBuffer().append("Please specify a value for the ").append(this.SESSIONCOOKIE_KEY).append(" Property in the ").append(str).append(" properties file").toString());
                    return -1;
                }
                Tr.debug(tc, new StringBuffer().append("Value of sessionCookie ->").append(this.sessionCookie).toString());
                StringTokenizer stringTokenizer = new StringTokenizer(propertyResourceBundle.getString(this.REQUIREDHEADERS_KEY), ",");
                this.requiredHeaders = new String[stringTokenizer.countTokens()];
                for (int i = 0; i < stringTokenizer.countTokens(); i++) {
                    this.requiredHeaders[i] = stringTokenizer.nextToken();
                    Tr.debug(tc, new StringBuffer().append("Value of requiredHeaders[").append(i).append("] ->").append(this.requiredHeaders[i]).toString());
                }
                this.validateSessions = new Boolean(propertyResourceBundle.getString(this.VALIDATESESSIONS_KEY)).booleanValue();
                Tr.debug(tc, new StringBuffer().append("Value of validateSessions ->").append(this.validateSessions).toString());
                try {
                    this.runtimeAPI = APIFactory.createFromServerDispatcher(new ServerDescriptor(trim, intValue, false));
                    Tr.debug(tc, "Connection to RSA OK");
                    Tr.debug(tc, "Init successful");
                    return 0;
                } catch (RuntimeAPIException e) {
                    Tr.debug(tc, "Error connecting to RSA .");
                    e.printStackTrace();
                    return -1;
                }
            } catch (MissingResourceException e2) {
                Tr.error(tc, new StringBuffer().append("Error in properties file \"").append(str).append("\", message:  ").append(e2.getMessage()).toString());
                return -1;
            }
        } catch (MissingResourceException e3) {
            Tr.error(tc, new StringBuffer().append("Unable to load Properties File ").append(str).toString());
            return -1;
        }
    }

    public boolean isTargetInterceptor(HttpServletRequest httpServletRequest) throws WebTrustAssociationException {
        Tr.debug(tc, ">\t\tisTargetInterceptor()");
        boolean requestHasRequiredHeaders = requestHasRequiredHeaders(httpServletRequest);
        if (requestHasRequiredHeaders) {
            Tr.debug(tc, "RSATrustAssociationInteceptor will handle this request.");
        } else {
            Tr.debug(tc, "RSATrustAssociationInteceptor will not handle this request due to the lack of a ct_remote_user HTTP Headers.");
        }
        Tr.error(tc, new StringBuffer().append("<\t\tisTargetInterceptor(). rc=").append(requestHasRequiredHeaders).toString());
        return requestHasRequiredHeaders;
    }

    public boolean requestHasRequiredHeaders(HttpServletRequest httpServletRequest) {
        Tr.debug(tc, ">\t\trequestHasRequiredHeaders()");
        for (int i = 0; i < this.requiredHeaders.length; i++) {
            if (httpServletRequest.getHeader(this.requiredHeaders[i]) == null) {
                Tr.debug(tc, new StringBuffer().append("Required header: ").append(this.requiredHeaders[i]).append(" does not exist or is null").toString());
                Tr.debug(tc, "<\trequestHasRequiredHeaders(). rc=false");
                return false;
            }
            Tr.debug(tc, new StringBuffer().append("Required header: ").append(this.requiredHeaders[i]).append(" does exist").toString());
        }
        String trim = getCtCookieValue(httpServletRequest).trim();
        if (trim.length() == 0) {
            Tr.debug(tc, new StringBuffer().append("Required COOKIE: ").append(this.sessionCookie).append(" does not exist or is null").toString());
            Tr.debug(tc, "<\trequestHasRequiredHeaders(). rc=false");
            return false;
        }
        Tr.debug(tc, new StringBuffer().append("Required COOKIE: ").append(this.sessionCookie).append(" does exist. Value = ").append(trim).append(".").toString());
        Tr.debug(tc, "<\t\trequestHasRequiredHeaders(). rc=true");
        return true;
    }

    private String rfc2047Decode(String str) {
        if (null != str && 0 < str.length() && '?' == str.charAt(0)) {
            StringTokenizer stringTokenizer = new StringTokenizer(str.substring(1), "?");
            boolean z = false;
            if (3 == stringTokenizer.countTokens()) {
                int i = 0;
                while (3 > i) {
                    String nextToken = stringTokenizer.nextToken();
                    switch (i) {
                        case 0:
                            if (!nextToken.equals("UTF-8") && !nextToken.equals("Shift-JIS") && !nextToken.equals("EUC-J") && !nextToken.equals("ISO-2022 JP")) {
                                i = 3;
                                break;
                            }
                            break;
                        case 2:
                            str = nextToken;
                            if (!z) {
                                break;
                            } else {
                                str = Base64Coder.base64Decode(str);
                                continue;
                            }
                    }
                    z = nextToken.equals("B") || nextToken.equals("b");
                    i++;
                }
            } else {
                if ((2 == stringTokenizer.countTokens()) & str.endsWith("?")) {
                    str = "";
                }
            }
        }
        return str;
    }

    private String trimPercentTwosOff(String str) {
        char[] cArr = new char[str.length()];
        int i = 0;
        int i2 = 0;
        while (i < str.length()) {
            if (str.charAt(i) != '%') {
                cArr[i2] = str.charAt(i);
                i++;
            } else {
                cArr[i2] = getCharFromHex(str.substring(i + 1, i + 3));
                i += 3;
            }
            i2++;
        }
        return new String(cArr).trim();
    }

    public void validateEstablishedTrust(HttpServletRequest httpServletRequest) throws WebTrustAssociationFailedException {
        Tr.debug(tc, ">\t\tvalidateEstablishedTrust()");
        if (this.validateSessions) {
            String rfc2047Decode = rfc2047Decode(getCtCookieValue(httpServletRequest));
            if (!requestHasRequiredHeaders(httpServletRequest)) {
                throw new WebTrustAssociationFailedException("Could not Validate Established Trust, needed RSA ClearTrust HTTP Headers are missing or are empty.");
            }
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("SC_TOKEN", rfc2047Decode);
                hashMap.put("AUTHENTICATION_TYPE", "SC_USER_CHECK");
                if (((String) this.runtimeAPI.authenticate(hashMap).get("RETURN_CODE")).indexOf("INVAL") != -1) {
                    throw new WebTrustAssociationFailedException("Clear Trust authenticate failed");
                }
                Tr.debug(tc, "Trust successfully validated");
            } catch (RuntimeAPIException e) {
                throw new WebTrustAssociationFailedException("Problem with the Clear Trust Runtime");
            } catch (TokenException e2) {
                throw new WebTrustAssociationFailedException("Problem with the Clear Trust Token");
            }
        } else if (requestHasRequiredHeaders(httpServletRequest)) {
            Tr.error(tc, "Trust successful because validateSession=false and headers exist");
        }
        Tr.error(tc, "<\t\tvalidateEstablishedTrust(). rc=true");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$wps$sso$RSATrustAssociationInterceptor == null) {
            cls = class$("com.ibm.wps.sso.RSATrustAssociationInterceptor");
            class$com$ibm$wps$sso$RSATrustAssociationInterceptor = cls;
        } else {
            cls = class$com$ibm$wps$sso$RSATrustAssociationInterceptor;
        }
        tc = Tr.register(cls);
    }
}
