package org.eclipse.scout.rt.server;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import javax.xml.parsers.SAXParserFactory;
import org.eclipse.scout.commons.Base64Utility;
import org.eclipse.scout.commons.EncryptionUtility;
import org.eclipse.scout.commons.SoapHandlingUtility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.commons.security.SimplePrincipal;
import org.eclipse.scout.http.servletfilter.FilterConfigInjection;
import org.eclipse.scout.http.servletfilter.security.SecureHttpServletRequestWrapper;
import org.eclipse.scout.rt.server.internal.Activator;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:org/eclipse/scout/rt/server/SoapWsseJaasFilter.class */
public class SoapWsseJaasFilter implements Filter {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(SoapWsseJaasFilter.class);
    private static final byte[] tripleDesKey;
    private SAXParserFactory m_saxParserFactory;
    private FilterConfigInjection m_injection;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/scout/rt/server/SoapWsseJaasFilter$WSSEUserTokenHandler.class */
    public static class WSSEUserTokenHandler extends DefaultHandler {
        public String user;
        public String tokenEncoding;
        public String tokenRaw;
        private boolean insideEnvelope;
        private boolean insideHeader;
        private boolean insideSecurity;
        private boolean insideUsernameToken;
        private boolean insideUsername;
        private boolean insidePasswort;
        private boolean done;

        private WSSEUserTokenHandler() {
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            if (this.done) {
                return;
            }
            QName qName = new QName(str, str2);
            if (SoapHandlingUtility.SOAPENV_ENVELOPE_ELEMENT.equals(qName)) {
                this.insideEnvelope = true;
                return;
            }
            if (SoapHandlingUtility.SOAPENV_HEADER_ELEMENT.equals(qName)) {
                this.insideHeader = true;
                return;
            }
            if (SoapHandlingUtility.WSSE_SECURITY_ELEMENT.equals(qName)) {
                this.insideSecurity = true;
                return;
            }
            if (SoapHandlingUtility.WSSE_USERNAME_TOKEN_ELEMENT.equals(qName)) {
                this.insideUsernameToken = true;
                return;
            }
            if (SoapHandlingUtility.WSSE_USERNAME_ELEMENT.equals(qName)) {
                this.insideUsername = true;
            } else if (SoapHandlingUtility.WSSE_PASSWORD_ELEMENT.equals(qName)) {
                this.insidePasswort = true;
                this.tokenEncoding = attributes.getValue("", "Type");
            }
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void characters(char[] cArr, int i, int i2) throws SAXException {
            if (!this.done && this.insideEnvelope && this.insideHeader && this.insideSecurity && this.insideUsernameToken) {
                if (this.insideUsername) {
                    this.user = new String(cArr, i, i2);
                }
                if (this.insidePasswort) {
                    this.tokenRaw = new String(cArr, i, i2);
                }
            }
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void endElement(String str, String str2, String str3) throws SAXException {
            if (this.done) {
                return;
            }
            QName qName = new QName(str, str2);
            if (SoapHandlingUtility.SOAPENV_ENVELOPE_ELEMENT.equals(qName)) {
                this.insideEnvelope = false;
                this.done = true;
                return;
            }
            if (SoapHandlingUtility.SOAPENV_HEADER_ELEMENT.equals(qName)) {
                this.insideHeader = false;
                return;
            }
            if (SoapHandlingUtility.WSSE_SECURITY_ELEMENT.equals(qName)) {
                this.insideSecurity = false;
                return;
            }
            if (SoapHandlingUtility.WSSE_USERNAME_TOKEN_ELEMENT.equals(qName)) {
                this.insideUsernameToken = false;
            } else if (SoapHandlingUtility.WSSE_USERNAME_ELEMENT.equals(qName)) {
                this.insideUsername = false;
            } else if (SoapHandlingUtility.WSSE_PASSWORD_ELEMENT.equals(qName)) {
                this.insidePasswort = false;
            }
        }

        /* synthetic */ WSSEUserTokenHandler(WSSEUserTokenHandler wSSEUserTokenHandler) {
            this();
        }
    }

    static {
        String property = Activator.getDefault().getBundle().getBundleContext().getProperty("scout.ajax.token.key");
        if (property == null) {
            tripleDesKey = null;
            return;
        }
        tripleDesKey = new byte[24];
        try {
            byte[] bytes = property.getBytes("UTF-8");
            System.arraycopy(bytes, 0, tripleDesKey, 0, Math.min(bytes.length, tripleDesKey.length));
        } catch (UnsupportedEncodingException e) {
            LOG.error("reading property 'scout.ajax.token.key'", e);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.m_injection = new FilterConfigInjection(filterConfig, getClass());
        try {
            this.m_saxParserFactory = SoapHandlingUtility.createSaxParserFactory();
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    public void destroy() {
        this.m_saxParserFactory = null;
        this.m_injection = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isSubjectSet()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!this.m_injection.getConfig(servletRequest).isActive()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        ServletInputStream inputStream = servletRequest.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            Subject parseSubject = parseSubject(inputStream, byteArrayOutputStream);
            final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            continueChainWithPrincipal(parseSubject, new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: org.eclipse.scout.rt.server.SoapWsseJaasFilter.1
                public ServletInputStream getInputStream() throws IOException {
                    final InputStream inputStream2 = byteArrayInputStream;
                    return new ServletInputStream() { // from class: org.eclipse.scout.rt.server.SoapWsseJaasFilter.1.1
                        public int read() throws IOException {
                            return inputStream2.read();
                        }
                    };
                }
            }, (HttpServletResponse) servletResponse, filterChain);
        } catch (Throwable th) {
            LOG.warn("WS-Security check", th);
            ((HttpServletResponse) servletResponse).sendError(403);
        }
    }

    private void continueChainWithPrincipal(Subject subject, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse, final FilterChain filterChain) throws IOException, ServletException {
        try {
            Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: org.eclipse.scout.rt.server.SoapWsseJaasFilter.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    filterChain.doFilter(new SecureHttpServletRequestWrapper(httpServletRequest, Subject.getSubject(AccessController.getContext()).getPrincipals().iterator().next()), httpServletResponse);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            ServletException cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            if (!(cause instanceof ServletException)) {
                throw new ServletException(cause);
            }
            throw cause;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject parseSubject(final InputStream inputStream, final ByteArrayOutputStream byteArrayOutputStream) throws Exception {
        InputStream inputStream2 = new InputStream() { // from class: org.eclipse.scout.rt.server.SoapWsseJaasFilter.3
            @Override // java.io.InputStream
            public int read() throws IOException {
                int read = inputStream.read();
                if (read < 0) {
                    return read;
                }
                byteArrayOutputStream.write(read);
                return read;
            }

            @Override // java.io.InputStream
            public int read(byte[] bArr) throws IOException {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    return read;
                }
                byteArrayOutputStream.write(bArr, 0, read);
                return read;
            }

            @Override // java.io.InputStream
            public int read(byte[] bArr, int i, int i2) throws IOException {
                int read = inputStream.read(bArr, i, i2);
                if (read <= 0) {
                    return read;
                }
                byteArrayOutputStream.write(bArr, i, read);
                return read;
            }
        };
        WSSEUserTokenHandler wSSEUserTokenHandler = new WSSEUserTokenHandler(null);
        SoapHandlingUtility.createSaxParser(this.m_saxParserFactory).parse(new InputSource(inputStream2), wSSEUserTokenHandler);
        return createSubject(cleanString(wSSEUserTokenHandler.user), cleanString(wSSEUserTokenHandler.tokenRaw), cleanString(wSSEUserTokenHandler.tokenEncoding));
    }

    protected Subject createSubject(String str, String str2, String str3) throws Exception {
        if (str == null || str2 == null) {
            LOG.error("Ajax back-end call contains no ws-security token. Check if the config.ini of the /rap and the /ajax webapp contains the property 'scout.ajax.token.key'.");
            throw new SecurityException("SOAP header contains no ws-security token");
        }
        String[] split = new String(EncryptionUtility.decrypt(Base64Utility.decode(str2), tripleDesKey), "UTF-8").split(":", 2);
        long parseLong = Long.parseLong(split[0]);
        String str4 = split[1];
        if (parseLong < 0 || str4 == null || !str4.equals(str)) {
            throw new SecurityException("SOAP header contains no ws-security token");
        }
        Subject subject = new Subject();
        subject.getPrincipals().add(new SimplePrincipal(str));
        subject.setReadOnly();
        return subject;
    }

    private boolean isSubjectSet() {
        String name;
        Subject subject = Subject.getSubject(AccessController.getContext());
        return (subject == null || subject.getPrincipals().size() == 0 || (name = subject.getPrincipals().iterator().next().getName()) == null || name.trim().length() == 0) ? false : true;
    }

    private String cleanString(String str) {
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        if (trim.length() == 0 || trim.equalsIgnoreCase("null")) {
            return null;
        }
        return trim;
    }
}
