package com.buildforge.services.client.jfs.tomcat;

import com.buildforge.services.client.api.APIClientConnection;
import com.buildforge.services.client.dbo.AccessGroup;
import com.buildforge.services.client.dbo.User;
import com.buildforge.services.common.ServiceException;
import com.buildforge.services.common.api.APIConstants;
import com.buildforge.services.common.config.BFClientConf;
import com.buildforge.services.common.dbo.UserDBO;
import com.buildforge.services.common.security.PasswordDecryptException;
import com.buildforge.services.common.security.PasswordManager;
import com.buildforge.services.common.util.Base64;
import java.io.IOException;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;

/* loaded from: input_file:lib/com.ibm.rational.buildforge.services.client.java_7.1.3.4110010.jar:com/buildforge/services/client/jfs/tomcat/JazzAutomationValve.class */
public class JazzAutomationValve extends ValveBase {
    private static final String session_cookie_name = "bf_session";
    private static final String authorization_header = "Authorization";
    private static final String basic_auth_header = "Basic ";
    private static final String default_realm = "<default>";
    private static final String jas_uri = "/jazz/jas/";
    private static String bf_admin_user;
    private static String bf_admin_pass;
    private static String bf_domain;
    private static final Logger log = Logger.getLogger(JazzAutomationValve.class.getName());
    private static String admin_user_token = null;

    public void invoke(Request request, Response response) throws IOException, ServletException {
        HttpServletRequest request2 = request.getRequest();
        HttpServletResponse response2 = response.getResponse();
        log.fine("Http Request URI: " + request2.getRequestURI());
        log.fine(debugGetAllHttpHdrs(request2));
        if (request2.getRequestURI() != null && request2.getRequestURI().startsWith(jas_uri)) {
            log.fine("Not processing request.  Belongs to Build Forge authentication.");
            if (getNext() != null) {
                getNext().invoke(request, response);
                return;
            }
            return;
        }
        String header = request2.getHeader(session_cookie_name);
        if (header != null) {
            try {
                String loginWithToken = loginWithToken(header);
                request.setUserPrincipal(new JazzAutomationSSOPrincipal(request.getContext().getRealm(), loginWithToken, getRoles(loginWithToken, header)));
            } catch (ServiceException e) {
                log.log(Level.WARNING, "Exception authenticating bf_session header user.", (Throwable) e);
            }
        }
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            try {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals(session_cookie_name)) {
                        String value = cookie.getValue();
                        log.fine("Found bf_session cookie: " + value);
                        String loginWithToken2 = loginWithToken(value);
                        request.setUserPrincipal(new JazzAutomationSSOPrincipal(request.getContext().getRealm(), loginWithToken2, getRoles(loginWithToken2, value)));
                    }
                }
            } catch (ServiceException e2) {
                clearSessionCookie(response2);
                log.log(Level.WARNING, "Exception authenticating bf_session cookie user.", (Throwable) e2);
            }
        }
        String header2 = request2.getHeader(authorization_header);
        if (header2 != null && header2.startsWith(basic_auth_header)) {
            try {
                String str = new String(Base64.decode(header2.substring(6)));
                int indexOf = str.indexOf(58);
                String substring = str.substring(0, indexOf);
                String substring2 = str.substring(indexOf + 1);
                log.fine("Authenticating basic user: " + substring);
                String authUser = new APIClientConnection().authUser(substring, substring2, default_realm);
                request.setUserPrincipal(new JazzAutomationSSOPrincipal(request.getContext().getRealm(), substring, getRoles(substring, authUser)));
                if (authUser != null) {
                    setSessionCookie(authUser, response2);
                }
            } catch (Exception e3) {
                log.log(Level.WARNING, "Exception authenticating basic auth user.", (Throwable) e3);
            }
        }
        if (getNext() != null) {
            getNext().invoke(request, response);
        }
    }

    private String debugGetAllHttpHdrs(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(APIConstants.COMMAND_USER_AUDIT_LOG);
        try {
            stringBuffer.append("Method: " + httpServletRequest.getMethod() + "\n");
            stringBuffer.append("Headers: \n\n");
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                if (str.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getHeader(str)).append("]\n");
                }
            }
            stringBuffer.append("Attributes: \n\n");
            Enumeration attributeNames = httpServletRequest.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str2 = (String) attributeNames.nextElement();
                if (str2.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str2).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getAttribute(str2)).append("]\n");
                }
            }
            stringBuffer.append("Parameters: \n\n");
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str3 = (String) parameterNames.nextElement();
                if (str3.toLowerCase().indexOf("password") == -1) {
                    stringBuffer.append(str3).append("=");
                    stringBuffer.append("[").append(httpServletRequest.getParameter(str3)).append("]\n");
                }
            }
        } catch (Throwable th) {
            log.fine("Error getting debug info: " + th);
        }
        return stringBuffer.toString();
    }

    private void setSessionCookie(String str, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(session_cookie_name, str);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    private void clearSessionCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(session_cookie_name, UserDBO.UID_SYSTEM);
        cookie.setMaxAge(0);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    private String loginWithToken(String str) throws ServiceException, IOException {
        User findByUuid;
        APIClientConnection aPIClientConnection = null;
        try {
            try {
                aPIClientConnection = new APIClientConnection().authToken(str);
                String userUuid = aPIClientConnection.getUserUuid();
                try {
                    findByUuid = User.findByUuid(aPIClientConnection, userUuid);
                } catch (Exception e) {
                    APIClientConnection loginAdminConn = loginAdminConn();
                    findByUuid = User.findByUuid(loginAdminConn, userUuid);
                    if (loginAdminConn != aPIClientConnection) {
                        logoutAdminConn(loginAdminConn);
                    }
                }
                if (findByUuid.getLogin().equals(bf_admin_user)) {
                    admin_user_token = str;
                }
                log.fine("Returning authenticated token user: " + findByUuid.getLogin());
                String login = findByUuid.getLogin();
                if (aPIClientConnection != null) {
                    try {
                        aPIClientConnection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                    }
                }
                return login;
            } catch (Throwable th) {
                if (aPIClientConnection != null) {
                    try {
                        aPIClientConnection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        throw th;
                    }
                }
                throw th;
            }
        } catch (ServiceException e4) {
            log.log(Level.WARNING, "Exception authenticating user with token.", (Throwable) e4);
            throw e4;
        } catch (IOException e5) {
            log.log(Level.WARNING, "Exception connecting to server.", (Throwable) e5);
            throw e5;
        }
    }

    private List<String> getRoles(String str, String str2) throws ServiceException, IOException {
        ArrayList arrayList = new ArrayList();
        APIClientConnection loginAdminConn = loginAdminConn();
        BitSet accessGroups = User.findByLogin(loginAdminConn, str).getAccessGroups(false);
        int nextSetBit = accessGroups.nextSetBit(0);
        while (true) {
            int i = nextSetBit;
            if (i < 1) {
                log.fine("Returning groups: " + arrayList);
                logoutAdminConn(loginAdminConn);
                return arrayList;
            }
            AccessGroup findById = AccessGroup.findById(loginAdminConn, i);
            if (findById != null) {
                log.fine("Adding group: " + findById.getName());
                arrayList.add(findById.getName());
            }
            nextSetBit = accessGroups.nextSetBit(i + 1);
        }
    }

    public static APIClientConnection loginAdminConn() throws ServiceException, IOException {
        if (admin_user_token != null) {
            try {
                return new APIClientConnection().authToken(admin_user_token);
            } catch (ServiceException e) {
                log.log(Level.FINE, "Exception authenticating admin user token.", (Throwable) e);
                admin_user_token = null;
            } catch (IOException e2) {
                log.log(Level.FINE, "Exception connecting to server for admin user token authentication.", (Throwable) e2);
                admin_user_token = null;
            }
        }
        try {
            APIClientConnection aPIClientConnection = new APIClientConnection();
            admin_user_token = aPIClientConnection.authUser(bf_admin_user, bf_admin_pass, bf_domain);
            return aPIClientConnection;
        } catch (ServiceException e3) {
            log.log(Level.WARNING, "Exception authenticating admin user.", (Throwable) e3);
            throw e3;
        } catch (IOException e4) {
            log.log(Level.WARNING, "Exception connecting to server for admin user authentication.", (Throwable) e4);
            throw e4;
        }
    }

    public static void logoutAdminConn(APIClientConnection aPIClientConnection) {
        if (aPIClientConnection != null) {
            try {
                aPIClientConnection.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    static {
        bf_admin_user = "root";
        bf_admin_pass = "root";
        bf_domain = default_realm;
        bf_domain = BFClientConf.get().getLoginRealm();
        bf_admin_user = BFClientConf.get().getLoginUser();
        try {
            bf_admin_pass = PasswordManager.getInstance().decrypt(BFClientConf.get().getLoginPass());
        } catch (PasswordDecryptException e) {
            e.printStackTrace();
        }
    }
}
