package org.mobicents.servlet.sip.security;

import java.lang.reflect.Method;
import java.security.Principal;
import javax.sip.address.Address;
import org.apache.catalina.Realm;
import org.apache.catalina.deploy.SecurityCollection;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;
import org.apache.log4j.Logger;
import org.mobicents.servlet.sip.SipFactories;
import org.mobicents.servlet.sip.message.SipServletRequestImpl;
import org.mobicents.servlet.sip.message.SipServletResponseImpl;
import org.mobicents.servlet.sip.security.authentication.DigestAuthenticator;
import org.mobicents.servlet.sip.startup.SipContext;
import org.mobicents.servlet.sip.startup.loading.SipLoginConfig;
import org.mobicents.servlet.sip.startup.loading.SipSecurityCollection;
import org.mobicents.servlet.sip.startup.loading.SipSecurityConstraint;

/* loaded from: input_file:org/mobicents/servlet/sip/security/SipSecurityUtils.class */
public class SipSecurityUtils {
    private static transient Logger log = Logger.getLogger(SipSecurityUtils.class);

    public static boolean authenticate(SipContext sipContext, SipServletRequestImpl sipServletRequestImpl, SipSecurityConstraint sipSecurityConstraint) {
        boolean z = false;
        SipLoginConfig sipLoginConfig = sipContext.getSipLoginConfig();
        try {
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (sipLoginConfig == null) {
            log.debug("No login configuration found in sip.xml. We won't authenticate.");
            return true;
        }
        String authMethod = sipLoginConfig.getAuthMethod();
        if (authMethod != null) {
            String idetitySchemeSettings = sipLoginConfig.getIdetitySchemeSettings(SipLoginConfig.IDENTITY_SCHEME_P_ASSERTED);
            if (idetitySchemeSettings != null && sipServletRequestImpl.getHeader(SipLoginConfig.IDENTITY_SCHEME_P_ASSERTED) != null) {
                String header = sipServletRequestImpl.getHeader(SipLoginConfig.IDENTITY_SCHEME_P_ASSERTED);
                if (header == null && SipLoginConfig.IDENTITY_SCHEME_REQUIRED.equals(idetitySchemeSettings)) {
                    sipServletRequestImpl.createResponse(428, "P-Asserted-Idetity header is required!").send();
                    return false;
                }
                Address createAddress = SipFactories.addressFactory.createAddress(header);
                String user = createAddress.getURI().isSipURI() ? createAddress.getURI().getUser() : createAddress.getURI().getPhoneNumber();
                Principal impersonatePrincipal = impersonatePrincipal(user, sipContext.getRealm());
                if (impersonatePrincipal != null) {
                    z = true;
                    sipServletRequestImpl.setUserPrincipal(impersonatePrincipal);
                    sipServletRequestImpl.getSipSession().setUserPrincipal(impersonatePrincipal);
                    log.debug("P-Asserted-Identity authetication successful for user: " + user);
                }
            }
            if (!z && authMethod.equalsIgnoreCase("DIGEST")) {
                DigestAuthenticator digestAuthenticator = new DigestAuthenticator();
                digestAuthenticator.setContext(sipContext);
                z = digestAuthenticator.authenticate(sipServletRequestImpl, createErrorResponse(sipServletRequestImpl, sipSecurityConstraint), sipLoginConfig);
                sipServletRequestImpl.setUserPrincipal(digestAuthenticator.getPrincipal());
            } else if (authMethod.equalsIgnoreCase("BASIC")) {
                throw new IllegalStateException("Basic authentication not supported in JSR 289");
            }
        }
        return z;
    }

    private static SipServletResponseImpl createErrorResponse(SipServletRequestImpl sipServletRequestImpl, SipSecurityConstraint sipSecurityConstraint) {
        return sipSecurityConstraint.isProxyAuthentication() ? (SipServletResponseImpl) sipServletRequestImpl.createResponse(407) : (SipServletResponseImpl) sipServletRequestImpl.createResponse(401);
    }

    public static boolean authorize(SipContext sipContext, SipServletRequestImpl sipServletRequestImpl) {
        boolean z = true;
        SecurityConstraint[] findConstraints = sipContext.findConstraints();
        if (findConstraints.length == 0) {
            return true;
        }
        for (SecurityConstraint securityConstraint : findConstraints) {
            if (securityConstraint instanceof SipSecurityConstraint) {
                SipSecurityConstraint sipSecurityConstraint = (SipSecurityConstraint) securityConstraint;
                for (SecurityCollection securityCollection : sipSecurityConstraint.findCollections()) {
                    SipSecurityCollection sipSecurityCollection = (SipSecurityCollection) securityCollection;
                    String handler = sipServletRequestImpl.getSipSession().getHandler();
                    if (sipSecurityCollection.findMethod(sipServletRequestImpl.getMethod()) && sipSecurityCollection.findServletName(handler)) {
                        boolean z2 = false;
                        if (authenticate(sipContext, sipServletRequestImpl, sipSecurityConstraint)) {
                            GenericPrincipal userPrincipal = sipServletRequestImpl.getUserPrincipal();
                            if (userPrincipal == null) {
                                return false;
                            }
                            String[] findAuthRoles = securityConstraint.findAuthRoles();
                            int length = findAuthRoles.length;
                            int i = 0;
                            while (true) {
                                if (i >= length) {
                                    break;
                                }
                                if (userPrincipal.hasRole(findAuthRoles[i])) {
                                    z2 = true;
                                    break;
                                }
                                i++;
                            }
                        }
                        if (!z2) {
                            z = false;
                            log.error("Constraint \"" + securityConstraint.getDisplayName() + "\" not satifsied");
                        }
                    }
                }
            }
        }
        return z;
    }

    public static Principal impersonatePrincipal(String str, Realm realm) {
        Method method = null;
        Class<?> cls = realm.getClass();
        try {
            try {
                if (!(realm instanceof RealmBase)) {
                    throw new RuntimeException("Only Realms extending RealmBase are supported. Report this error. Current realm class is " + realm.getClass().getCanonicalName());
                }
                while (method == null) {
                    try {
                        method = cls.getDeclaredMethod("getPrincipal", String.class);
                    } catch (NoSuchMethodException e) {
                    }
                    cls = cls.getSuperclass();
                    if (cls == null) {
                        break;
                    }
                }
                method.setAccessible(true);
                Principal principal = (Principal) method.invoke(realm, str);
                if (method != null) {
                    method.setAccessible(false);
                }
                return principal;
            } catch (Throwable th) {
                log.error("Could not impersonate user " + str, th);
                if (0 == 0) {
                    return null;
                }
                method.setAccessible(false);
                return null;
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                method.setAccessible(false);
            }
            throw th2;
        }
    }
}
