package com.ibm.ws.management.connector.soap;

import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminContext;
import com.ibm.websphere.management.exception.AdminException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.http.HttpException;
import com.ibm.ws.management.component.JMXConnectors;
import com.ibm.ws.management.connector.AdminServiceDelegator;
import com.ibm.ws.management.connector.interop.JMXVersionValidation;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.config.SecurityConfigResource;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.soa.sca.admin.cdf.config.ScaConstants;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Enumeration;
import java.util.Stack;
import java.util.Vector;
import javax.security.auth.Subject;
import org.apache.soap.Constants;
import org.apache.soap.Fault;
import org.apache.soap.Header;
import org.apache.soap.SOAPException;
import org.apache.soap.encoding.SOAPMappingRegistry;
import org.apache.soap.encoding.soapenc.Base64;
import org.apache.soap.rpc.Call;
import org.apache.soap.rpc.Parameter;
import org.apache.soap.rpc.RPCConstants;
import org.apache.soap.rpc.Response;
import org.apache.soap.rpc.SOAPContext;
import org.apache.soap.util.Bean;
import org.apache.soap.util.MethodUtils;
import org.apache.soap.util.xml.QName;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.core.jar:com/ibm/ws/management/connector/soap/SOAPConnector.class */
public class SOAPConnector {
    private static final String bundleName = "com.ibm.ws.management.resources.connector";
    private static TraceComponent tc = Tr.register(SOAPConnector.class, "Admin", bundleName);
    private static final TraceNLS nls = TraceNLS.getTraceNLS(bundleName);
    private static AdminServiceDelegator targetObject = new AdminServiceDelegator();
    private static SOAPMappingRegistry smr = AdminServiceSMR.getInstance();
    private boolean securityEnabled;
    private String profileKey;

    public SOAPConnector() {
        this.securityEnabled = false;
        this.profileKey = null;
        this.securityEnabled = SecurityHelper.getHelper().isSecurityEnabled();
    }

    public SOAPConnector(String str) {
        this.securityEnabled = false;
        this.profileKey = null;
        this.securityEnabled = SecurityHelper.getHelper().isSecurityEnabled();
        this.profileKey = str;
    }

    public void service(SOAPConnection sOAPConnection) throws HttpException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, ScaConstants.SCA_SDO_SERVICE);
        }
        Stack stack = null;
        boolean z = false;
        try {
            stack = AdminContext.exportStack();
            r12 = this.profileKey != AdminContext.peek() ? AdminContext.push(this.profileKey) : false;
            z = SecurityObjectLocator.getThreadLocal().pushResource(new SecurityConfigResource("SOAPConnector", "admin"));
            SOAPRequest sOAPRequest = sOAPConnection.getSOAPRequest();
            SOAPResponse sOAPResponse = sOAPConnection.getSOAPResponse();
            SOAPContext sOAPContext = new SOAPContext();
            SOAPContext sOAPContext2 = new SOAPContext();
            int i = SOAPResponse.SC_OK;
            Call call = null;
            Response response = null;
            boolean z2 = false;
            Throwable th = null;
            Subject subject = null;
            String str = JMXVersionValidation.oldJmxVersion;
            try {
                call = SOAPUtils.extractSoapCall(sOAPRequest.getInputStream(), sOAPRequest.getContentLength(), sOAPRequest.getContentType(), sOAPContext, smr);
                Header header = call.getHeader();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Header: " + header);
                }
                if (header != null) {
                    JMXVersionValidation.setClientVersion(header.getAttribute(new QName("admin", "WASRemoteRuntimeVersion")));
                } else {
                    JMXVersionValidation.setClientVersion("5");
                }
                if (this.securityEnabled) {
                    SecurityHelper helper = SecurityHelper.getHelper();
                    if (helper.isSecurityServiceStarted() && helper.isSecurityServiceStopped()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, ScaConstants.SCA_SDO_SERVICE, "SOAPConnector service is not given, because Security Server was running and then stopped.");
                        }
                        if (z) {
                            SecurityObjectLocator.getThreadLocal().popResource();
                        }
                        if (r12) {
                            AdminContext.pop();
                        }
                        if (stack != null) {
                            Stack exportStack = AdminContext.exportStack();
                            if (stack.equals(exportStack)) {
                                return;
                            }
                            AdminContext.importStack(stack);
                            Tr.error(tc, "AdminContext Stack incorrectly used in SOAPconnector", new Object[]{stack, exportStack});
                            FFDCFilter.processException(new Exception("AdminContext Stack incorrectly used in SOAPconnector"), "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "437", this);
                            return;
                        }
                        return;
                    }
                    String attribute = header != null ? header.getAttribute(SOAPUtils.securityEnabled) : null;
                    if (attribute != null) {
                        String str2 = null;
                        String str3 = null;
                        String str4 = null;
                        String str5 = null;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Security Enabled: " + new Boolean(attribute));
                        }
                        Enumeration elements = header.getHeaderEntries().elements();
                        while (elements.hasMoreElements()) {
                            Element element = (Element) elements.nextElement();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "nodeName", element.getNodeName());
                            }
                            NodeList childNodes = element.getChildNodes();
                            int length = childNodes.getLength();
                            String str6 = null;
                            for (int i2 = 0; i2 < length; i2++) {
                                if (element.getNodeName().equals("password")) {
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "node value", "*******");
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "node value", childNodes.item(i2).getNodeValue());
                                }
                                str6 = childNodes.item(i2).getNodeValue();
                            }
                            if (element.getNodeName().equals(AdminClient.USERNAME)) {
                                str2 = str6;
                            } else if (element.getNodeName().equals("password")) {
                                str3 = str6;
                            } else if (element.getNodeName().equals(SecurityHelper.loginMethod)) {
                                str4 = str6;
                            } else if (element.getNodeName().equals(SecurityHelper.tokeElement)) {
                                str5 = str6;
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "username: " + str2);
                        }
                        if (str4.equals(SecurityHelper.basicAuth)) {
                            if (str2 != null && str3 != null && str2.length() > 0 && str3.length() > 0) {
                                subject = basicAuth(str2, str3);
                            }
                        } else if (str4.equals(SecurityHelper.tokenBasedAuth) && str5 != null && str5.length() > 0) {
                            subject = tokenBasedAuth(str5);
                        }
                    }
                }
                checkURI(call);
                str = JMXVersionValidation.getRemoteVersion(call);
                sOAPContext2.setProperty("JMXRemoteVersion", str);
                if (this.securityEnabled) {
                    SecurityHelper.resetContext();
                    if (subject != null) {
                        SecurityHelper.setReceivedSubject(subject);
                        SecurityHelper.pushInvocationSubject(subject);
                    }
                    response = invoke(call, sOAPContext2);
                } else {
                    response = invoke(call, sOAPContext2);
                }
                response.setHeader(JMXVersionValidation.getJmxVersionHeader(response.getHeader(), str));
            } catch (Throwable th2) {
                FFDCFilter.processException(th2, "com.ibm.ws.management.connector.soap.SOAPConnector.service", "212", this);
                z2 = true;
                th = th2;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught exception", th2);
                }
            }
            if (z2) {
                Fault fault = new Fault(new SOAPException(Constants.FAULT_CODE_SERVER, th.getMessage()));
                try {
                    fault.setFaultString(SOAPUtils.convertObjectToString(th, str));
                    String uri = sOAPRequest.getURI();
                    fault.setFaultActorURI((uri == null || (uri.indexOf("<SCRIPT>") == -1 && uri.indexOf("<script>") == -1)) ? SOAPUtils.encodeDataString(sOAPRequest.getURI()) : "some_script");
                    i = SOAPResponse.SC_INTERNAL_SERVER_ERROR;
                    String encodingStyleURI = call != null ? call.getEncodingStyleURI() : null;
                    if (encodingStyleURI == null) {
                        encodingStyleURI = "http://schemas.xmlsoap.org/soap/encoding/";
                    }
                    sOAPContext2 = new SOAPContext();
                    response = new Response((String) null, (String) null, fault, (Vector) null, (Header) null, encodingStyleURI, sOAPContext2);
                    response.setHeader(JMXVersionValidation.getJmxVersionHeader(response.getHeader(), str));
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.management.connector.soap.SOAPConnector.service", "228", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "error occurs when serializing the exception", e);
                    }
                    throw new HttpException(SOAPResponse.SC_INTERNAL_SERVER_ERROR);
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the response object = " + response);
            }
            sOAPResponse.writeSOAPResponse(response, sOAPContext2, smr, i);
            if (z) {
                SecurityObjectLocator.getThreadLocal().popResource();
            }
            if (r12) {
                AdminContext.pop();
            }
            if (stack != null) {
                Stack exportStack2 = AdminContext.exportStack();
                if (!stack.equals(exportStack2)) {
                    AdminContext.importStack(stack);
                    Tr.error(tc, "AdminContext Stack incorrectly used in SOAPconnector", new Object[]{stack, exportStack2});
                    FFDCFilter.processException(new Exception("AdminContext Stack incorrectly used in SOAPconnector"), "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "437", this);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, ScaConstants.SCA_SDO_SERVICE);
            }
        } catch (Throwable th3) {
            if (z) {
                SecurityObjectLocator.getThreadLocal().popResource();
            }
            if (r12) {
                AdminContext.pop();
            }
            if (stack != null) {
                Stack exportStack3 = AdminContext.exportStack();
                if (!stack.equals(exportStack3)) {
                    AdminContext.importStack(stack);
                    Tr.error(tc, "AdminContext Stack incorrectly used in SOAPconnector", new Object[]{stack, exportStack3});
                    FFDCFilter.processException(new Exception("AdminContext Stack incorrectly used in SOAPconnector"), "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "437", this);
                }
            }
            throw th3;
        }
    }

    private void checkURI(Call call) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkURI", call);
        }
        String targetObjectURI = call.getTargetObjectURI();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Soap Call URI: " + targetObjectURI);
        }
        if (targetObjectURI == null || !targetObjectURI.equalsIgnoreCase(SOAPUtils.adminServiceURI)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkURI", call);
            }
            throw new AdminException(nls.getString("ADMC0005E", "SOAP URI Violation"));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkURI", call);
        }
    }

    private Response invoke(Call call, SOAPContext sOAPContext) throws AdminException, Throwable {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invoke", call);
        }
        String encodingStyleURI = call.getEncodingStyleURI();
        Vector params = call.getParams();
        Object[] objArr = null;
        Class[] clsArr = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Method Name: " + call.getMethodName());
        }
        if (params != null) {
            int size = params.size();
            objArr = new Object[size];
            clsArr = new Class[size];
            for (int i = 0; i < size; i++) {
                Parameter parameter = (Parameter) params.elementAt(i);
                objArr[i] = parameter.getValue();
                clsArr[i] = parameter.getType();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Parameter: " + objArr[i] + "(type: " + clsArr[i] + ")");
                }
                if (encodingStyleURI == null) {
                    encodingStyleURI = parameter.getEncodingStyleURI();
                }
            }
        }
        if (encodingStyleURI == null) {
            encodingStyleURI = "http://schemas.xmlsoap.org/soap/encoding/";
        }
        try {
            targetObject = new AdminServiceDelegator();
            Method method = MethodUtils.getMethod(targetObject, call.getMethodName(), clsArr);
            Bean bean = new Bean(method.getReturnType(), method.invoke(targetObject, objArr));
            Parameter parameter2 = null;
            if (bean.type != Void.TYPE) {
                if (bean.value != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "return object type = " + bean.value.getClass() + "; value = " + bean.value);
                    }
                    parameter2 = new Parameter(RPCConstants.ELEM_RETURN, bean.value.getClass(), bean.value, null);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "return object type = " + bean.type + "; value = " + bean.value);
                    }
                    parameter2 = new Parameter(RPCConstants.ELEM_RETURN, bean.type, bean.value, null);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke");
            }
            return new Response(call.getTargetObjectURI(), call.getMethodName(), parameter2, (Vector) null, (Header) null, encodingStyleURI, sOAPContext);
        } catch (IllegalAccessException e) {
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "365", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke");
            }
            throw new AdminException(e, nls.getString("ADMC0007E"));
        } catch (NoSuchMethodException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "358", this);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke");
            }
            throw new AdminException(e2, nls.getString("ADMC0007E"));
        } catch (InvocationTargetException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "351", this);
            Throwable targetException = e3.getTargetException();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "invoke");
            }
            throw targetException;
        }
    }

    private Subject basicAuth(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "basicAuth");
        }
        Subject subject = null;
        try {
            if (str.startsWith(ContextManagerFactory.getInstance().getDefaultRealm())) {
                str = RealmSecurityName.getSecurityName(str);
            }
            subject = SecurityHelper.authenticate(str, str2);
        } catch (Exception e) {
            if (JMXConnectors.loginQuickFail) {
                throw new RuntimeException(e);
            }
            FFDCFilter.processException(e, "com.ibm.ws.management.connector.soap.SOAPConnector.invoke", "406", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to authenticate incoming request", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "basicAuth");
        }
        return subject;
    }

    private Subject tokenBasedAuth(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "tokenBasedAuth");
        }
        byte[] decode = Base64.decode(str);
        WSSecurityContext wSSecurityContext = SecurityHelper.getHelper().getWSSecurityContext();
        Subject subject = null;
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Attemping to extract subject from a V6+ token.");
            }
            subject = wSSecurityContext.acceptSecContext(decode).getSubject();
        } catch (Exception e) {
            if (SecurityHelper.isCertPathValidatorException(e)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "got CertPathValidatorException", e);
                }
                throw e;
            }
            Exception gSSException = SecurityHelper.getGSSException(e);
            if (gSSException != null) {
                throw gSSException;
            }
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to extract subject from V6+ token, attempting to extract using the pre-V6 format.");
                }
                subject = SecurityHelper.validate(decode);
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Failed to extract subject using the pre-V6 format.");
                }
                FFDCFilter.processException(e, "com.ibm.ws.management.connector.soap.SOAPConnector.tokenBasedAuth", "415", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "unable to authenticate incoming request", e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "tokenBasedAuth");
        }
        return subject;
    }
}
