package org.eclipse.scout.jaxws.security.provider;

import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.eclipse.scout.commons.Base64Utility;
import org.eclipse.scout.commons.BooleanUtility;
import org.eclipse.scout.commons.TypeCastUtility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.jaxws.annotation.ScoutTransaction;
import org.eclipse.scout.jaxws.internal.ContextHelper;
import org.eclipse.scout.jaxws.internal.SessionHelper;
import org.eclipse.scout.jaxws.security.Authenticator;
import org.eclipse.scout.jaxws.session.IServerSessionFactory;
import org.eclipse.scout.rt.server.IServerSession;
import org.eclipse.scout.service.ServiceUtility;

@ScoutTransaction
/* loaded from: input_file:org/eclipse/scout/jaxws/security/provider/BasicAuthenticationHandler.class */
public class BasicAuthenticationHandler implements IAuthenticationHandler {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(BasicAuthenticationHandler.class);
    private ICredentialValidationStrategy m_credentialValidationStrategy;

    public BasicAuthenticationHandler() {
        ServiceUtility.injectConfigProperties(this);
    }

    public final boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        if (((Boolean) TypeCastUtility.castValue(sOAPMessageContext.get("javax.xml.ws.handler.message.outbound"), Boolean.TYPE)).booleanValue() || Authenticator.isSubjectAuthenticated()) {
            return true;
        }
        String[] authorizationHeader = getAuthorizationHeader(sOAPMessageContext);
        if (authorizationHeader.length == 0) {
            installAuthHeader(sOAPMessageContext);
            return breakHandlerChain(sOAPMessageContext);
        }
        for (String str : authorizationHeader) {
            if (str.startsWith("Basic ")) {
                try {
                    if (!authenticateRequest(str)) {
                        return breakHandlerChain(sOAPMessageContext);
                    }
                    IServerSessionFactory portTypeSessionFactory = ContextHelper.getPortTypeSessionFactory(sOAPMessageContext);
                    IServerSession createNewServerSession = SessionHelper.createNewServerSession(portTypeSessionFactory);
                    if (createNewServerSession == null) {
                        return true;
                    }
                    ContextHelper.setContextSession(sOAPMessageContext, portTypeSessionFactory, createNewServerSession);
                    return true;
                } catch (Exception e) {
                    return breakHandlerChainWithException(sOAPMessageContext, e);
                }
            }
        }
        return breakHandlerChain(sOAPMessageContext);
    }

    @Override // org.eclipse.scout.jaxws.security.provider.IAuthenticationHandler
    public void injectCredentialValidationStrategy(ICredentialValidationStrategy iCredentialValidationStrategy) {
        this.m_credentialValidationStrategy = iCredentialValidationStrategy;
    }

    public final Set<QName> getHeaders() {
        return new HashSet();
    }

    public final void close(MessageContext messageContext) {
    }

    public final boolean handleFault(SOAPMessageContext sOAPMessageContext) {
        return false;
    }

    protected boolean authenticateRequest(String str) throws Exception {
        String[] split = new String(Base64Utility.decode(str.substring("Basic ".length())), "ISO-8859-1").split(":", 2);
        return Authenticator.authenticateRequest(this.m_credentialValidationStrategy, split[0], split[1]);
    }

    protected void installAuthHeader(SOAPMessageContext sOAPMessageContext) {
        Map<String, List<String>> httpResponseHeaders = getHttpResponseHeaders(sOAPMessageContext);
        if (httpResponseHeaders == null) {
            httpResponseHeaders = new HashMap();
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add("Basic realm=\"" + getRealm() + "\"");
        httpResponseHeaders.put("WWW-Authenticate", linkedList);
        sOAPMessageContext.put("javax.xml.ws.http.response.code", 401);
        sOAPMessageContext.put("javax.xml.ws.http.response.headers", httpResponseHeaders);
    }

    protected Map<String, List<String>> getHttpRequestHeaders(SOAPMessageContext sOAPMessageContext) {
        return (Map) sOAPMessageContext.get("javax.xml.ws.http.request.headers");
    }

    protected Map<String, List<String>> getHttpResponseHeaders(SOAPMessageContext sOAPMessageContext) {
        return (Map) sOAPMessageContext.get("javax.xml.ws.http.response.headers");
    }

    protected boolean breakHandlerChain(SOAPMessageContext sOAPMessageContext) {
        sOAPMessageContext.put("javax.xml.ws.http.response.code", 401);
        if (BooleanUtility.nvl((Boolean) sOAPMessageContext.get("com.sun.xml.internal.ws.server.OneWayOperation"), false)) {
            throw new WebServiceException("Unauthorized");
        }
        return false;
    }

    protected boolean breakHandlerChainWithException(SOAPMessageContext sOAPMessageContext, Exception exc) {
        sOAPMessageContext.put("javax.xml.ws.http.response.code", 500);
        LOG.error("Internal server error  (Basic Access Authentication)", exc);
        if (exc instanceof WebServiceException) {
            throw ((WebServiceException) exc);
        }
        throw new WebServiceException("Internal server error");
    }

    protected String getRealm() {
        return "Secure Area";
    }

    protected String[] getAuthorizationHeader(SOAPMessageContext sOAPMessageContext) {
        Map<String, List<String>> httpRequestHeaders = getHttpRequestHeaders(sOAPMessageContext);
        if (httpRequestHeaders == null || httpRequestHeaders.size() == 0) {
            return new String[0];
        }
        for (String str : httpRequestHeaders.keySet()) {
            if ("authorization".equalsIgnoreCase(str)) {
                List<String> list = httpRequestHeaders.get(str);
                return list != null ? (String[]) list.toArray(new String[list.size()]) : new String[0];
            }
        }
        return new String[0];
    }

    @Override // org.eclipse.scout.jaxws.security.provider.IAuthenticationHandler
    public String getName() {
        return "BASIC";
    }
}
