package org.openxdm.xcap.server.slee;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.slee.ActivityContextInterface;
import javax.slee.CreateException;
import javax.slee.RolledBackContext;
import javax.slee.Sbb;
import javax.slee.SbbContext;
import javax.slee.facilities.Tracer;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.mobicents.slee.ChildRelationExt;
import org.mobicents.slee.enabler.userprofile.UserProfile;
import org.mobicents.slee.enabler.userprofile.UserProfileControlSbbLocalObject;
import org.mobicents.slee.xdm.server.ServerConfiguration;
import org.openxdm.xcap.common.error.InternalServerErrorException;
import org.openxdm.xcap.server.slee.auth.RFC2617AuthQopDigest;
import org.openxdm.xcap.server.slee.auth.RFC2617ChallengeParamGenerator;

/* loaded from: input_file:jars/xdms-core-xcap-control-sbb-1.0.0.CR1.jar:org/openxdm/xcap/server/slee/AuthenticationProxySbb.class */
public abstract class AuthenticationProxySbb implements Sbb, AuthenticationProxy {
    private static Tracer logger;
    private static final RFC2617ChallengeParamGenerator challengeParamGenerator = new RFC2617ChallengeParamGenerator();
    private static final ServerConfiguration CONFIGURATION = ServerConfiguration.getInstance();
    public static final String HEADER_X_3GPP_Asserted_Identity = "X-3GPP-Asserted-Identity";
    public static final String HEADER_X_XCAP_Asserted_Identity = "X-XCAP-Asserted-Identity";
    private SbbContext sbbContext;

    @Override // org.openxdm.xcap.server.slee.AuthenticationProxy
    public String authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalServerErrorException {
        if (logger.isFineEnabled()) {
            logger.fine("Authenticating request");
        }
        try {
            String str = null;
            if (CONFIGURATION.getLocalXcapAuthentication() || !httpServletRequest.getRemoteAddr().equals(httpServletRequest.getLocalAddr())) {
                if (CONFIGURATION.getAllowAssertedUserIDs()) {
                    str = httpServletRequest.getHeader(HEADER_X_3GPP_Asserted_Identity);
                    if (str == null) {
                        str = httpServletRequest.getHeader(HEADER_X_XCAP_Asserted_Identity);
                    }
                    if (logger.isInfoEnabled()) {
                        logger.info("Asserted user: " + str);
                    }
                }
                if (str == null) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Remote request without asserted user, using http digest authentication");
                    }
                    if (httpServletRequest.getHeader("Authorization") == null) {
                        challengeRequest(httpServletRequest, httpServletResponse);
                    } else {
                        str = checkAuthenticatedCredentials(httpServletRequest, httpServletResponse);
                        if (str == null) {
                            if (logger.isFineEnabled()) {
                                logger.fine("Authentication failed");
                            }
                            httpServletResponse.setStatus(HttpStatus.SC_FORBIDDEN);
                            httpServletResponse.getWriter().close();
                        } else if (logger.isFineEnabled()) {
                            logger.fine("Authentication suceed");
                        }
                    }
                }
            } else {
                if (logger.isInfoEnabled()) {
                    logger.info("Skipping authentication for local request.");
                }
                if (CONFIGURATION.getAllowAssertedUserIDs()) {
                    str = httpServletRequest.getHeader(HEADER_X_3GPP_Asserted_Identity);
                    if (str == null) {
                        str = httpServletRequest.getHeader(HEADER_X_XCAP_Asserted_Identity);
                    }
                    if (logger.isInfoEnabled()) {
                        logger.info("Asserted user: " + str);
                    }
                }
            }
            return str;
        } catch (Throwable th) {
            throw new InternalServerErrorException(th.getMessage(), th);
        }
    }

    private void challengeRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, NoSuchAlgorithmException, InternalServerErrorException {
        if (logger.isFineEnabled()) {
            logger.fine("Authorization header is missing...challenging the request");
        }
        httpServletResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
        String generateOpaque = challengeParamGenerator.generateOpaque();
        String str = "Digest nonce=\"" + challengeParamGenerator.getNonce(generateOpaque) + "\", realm=\"" + getRealm() + "\", opaque=\"" + generateOpaque + "\", qop=\"auth\"";
        httpServletResponse.setHeader("WWW-Authenticate", str);
        if (logger.isFineEnabled()) {
            logger.fine("Sending response with header WWW-Authenticate challenge params: " + str);
        }
        httpServletResponse.getWriter().close();
    }

    private String checkAuthenticatedCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalServerErrorException {
        String header = httpServletRequest.getHeader("Authorization");
        if (logger.isFineEnabled()) {
            logger.fine("Authorization header included with value: " + header);
        }
        if (header.length() > 6) {
            header = header.substring(6);
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        for (String str10 : header.split(",")) {
            int indexOf = str10.indexOf(61);
            if (indexOf > 0 && indexOf < str10.length() - 1) {
                String trim = str10.substring(0, indexOf).trim();
                String trim2 = str10.substring(indexOf + 1).trim();
                if (trim.equals("username")) {
                    if (trim2.length() > 2) {
                        str = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Username param with value " + str);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("nonce")) {
                    if (trim2.length() > 2) {
                        str3 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Nonce param with value " + str3);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("cnonce")) {
                    if (trim2.length() > 2) {
                        str5 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("CNonce param with value " + str5);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("realm")) {
                    if (trim2.length() > 2) {
                        str2 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Realm param with value " + str2);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("nc")) {
                    str6 = trim2;
                    if (logger.isFineEnabled()) {
                        logger.fine("Nonce-count param with value " + str6);
                    }
                } else if (trim.equals("response")) {
                    if (trim2.length() > 2) {
                        str8 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Response param with value " + str8);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("uri")) {
                    if (trim2.length() > 2) {
                        str4 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Digest uri param with value " + str4);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("opaque")) {
                    if (trim2.length() > 2) {
                        str9 = trim2.substring(1, trim2.length() - 1);
                        if (logger.isFineEnabled()) {
                            logger.fine("Opaque param with value " + str9);
                        }
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                } else if (trim.equals("qop")) {
                    if (trim2.charAt(0) != '\"') {
                        str7 = trim2;
                    } else if (trim2.length() > 2) {
                        str7 = trim2.substring(1, trim2.length() - 1);
                    } else if (logger.isFineEnabled()) {
                        logger.fine("Ignoring invalid param " + trim + " value " + trim2);
                    }
                    if (logger.isFineEnabled()) {
                        logger.fine("Qop param with value " + str7);
                    }
                }
            } else if (logger.isFineEnabled()) {
                logger.fine("Ignoring invalid param " + str10);
            }
        }
        if (str == null || str2 == null || str3 == null || str5 == null || str6 == null || str4 == null || str8 == null || str9 == null) {
            logger.severe("A required parameter is missing in the challenge response");
            return null;
        }
        if (!challengeParamGenerator.getNonce(str9).equals(str3)) {
            if (!logger.isFineEnabled()) {
                return null;
            }
            logger.fine("Authentication failed, nonce provided doesn't match the one generated using opaque as seed");
            return null;
        }
        if (logger.isFineEnabled()) {
            logger.fine("Nonce provided matches the one generated using opaque as seed");
        }
        if (!str7.equals("auth")) {
            if (!logger.isFineEnabled()) {
                return null;
            }
            logger.fine("Authentication failed, qop value " + str7 + " unsupported");
            return null;
        }
        UserProfile find = getUserProfileControlSbb().find(str);
        if (find == null) {
            if (!logger.isFineEnabled()) {
                return null;
            }
            logger.fine("Authentication failed, profile not found for user " + str);
            return null;
        }
        String digest = new RFC2617AuthQopDigest(str, str2, find.getPassword(), str3, str6, str5, httpServletRequest.getMethod().toUpperCase(), str4).digest();
        if (digest == null || !digest.equals(str8)) {
            if (!logger.isFineEnabled()) {
                return null;
            }
            logger.fine("authentication response digest received (" + str8 + ") didn't match the one calculated (" + digest + ")");
            return null;
        }
        if (logger.isFineEnabled()) {
            logger.fine("authentication response is matching");
        }
        httpServletResponse.addHeader("Authentication-Info", "cnonce=\"" + str5 + "\", nc=" + str6 + ", qop=" + str7 + ", rspauth=\"" + digest + "\"");
        return str;
    }

    public String getScheme() {
        return AuthPolicy.DIGEST;
    }

    public String getRealm() {
        return CONFIGURATION.getAuthenticationRealm();
    }

    public abstract ChildRelationExt getUserProfileControlChildRelation();

    protected UserProfileControlSbbLocalObject getUserProfileControlSbb() {
        try {
            return (UserProfileControlSbbLocalObject) getUserProfileControlChildRelation().create("0");
        } catch (Exception e) {
            logger.severe("Failed to create child sbb", e);
            return null;
        }
    }

    public void setSbbContext(SbbContext sbbContext) {
        this.sbbContext = sbbContext;
        if (logger == null) {
            logger = this.sbbContext.getTracer(getClass().getSimpleName());
        }
    }

    public void unsetSbbContext() {
    }

    public void sbbCreate() throws CreateException {
    }

    public void sbbPostCreate() throws CreateException {
    }

    public void sbbActivate() {
    }

    public void sbbPassivate() {
    }

    public void sbbRemove() {
    }

    public void sbbLoad() {
    }

    public void sbbStore() {
    }

    public void sbbExceptionThrown(Exception exc, Object obj, ActivityContextInterface activityContextInterface) {
    }

    public void sbbRolledBack(RolledBackContext rolledBackContext) {
    }

    protected SbbContext getSbbContext() {
        return this.sbbContext;
    }
}
