package com.tivoli.xtela.core.security;

import com.tivoli.xtela.availability.trace.CSConst;
import com.tivoli.xtela.core.framework.event.EventDispatcher;
import com.tivoli.xtela.core.framework.event.EventDispatcherService;
import com.tivoli.xtela.core.framework.wmi.Invocation;
import com.tivoli.xtela.core.framework.wmi.MalformedInvocationException;
import com.tivoli.xtela.core.framework.wmi.WmiException;
import com.tivoli.xtela.core.mc.EventMessageResource;
import com.tivoli.xtela.core.objectmodel.kernel.DBNoSuchElementException;
import com.tivoli.xtela.core.objectmodel.kernel.DBSyncException;
import com.tivoli.xtela.core.objectmodel.resources.MgmtServer;
import com.tivoli.xtela.core.objectmodel.security.CERTIFICATE;
import com.tivoli.xtela.core.util.Assert;
import com.tivoli.xtela.core.util.BASE64Decoder;
import com.tivoli.xtela.core.util.TraceService;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:142513449e75f67c81acb6a2b8b6afc5/ijar/default:8fbe29be2bba3fa5b1f10bffa181f3ee:com/tivoli/xtela/core/security/Authorization.class */
public class Authorization {
    private HttpServletRequest req;
    private String principal;
    private String password;
    private Credentials credentials;
    private boolean foreignUnauth;
    private EventDispatcher eventDispatcher;
    private static TraceService traceService;

    private void eventDispatcherNotify(String str, int i, String str2) {
        String str3 = null;
        try {
            this.eventDispatcher.notify(str, i, str2);
        } catch (WmiException e) {
            str3 = new StringBuffer(String.valueOf(e.toString())).append(" ").append(e.getMessage()).toString();
        } catch (IOException e2) {
            str3 = new StringBuffer(String.valueOf(e2.toString())).append(" ").append(e2.getMessage()).toString();
        }
        if (str3 != null) {
            traceService.log(13, 3, new StringBuffer("Event notification failed: ").append(str3).toString());
        }
    }

    private String remoteInfo(HttpServletRequest httpServletRequest) {
        return httpServletRequest == null ? CSConst.DEFAULTHOSTNAME : new StringBuffer(String.valueOf(httpServletRequest.getRemoteHost())).append("(").append(httpServletRequest.getRemoteAddr()).append(")").toString();
    }

    public Authorization(HttpServletRequest httpServletRequest) throws IOException {
        this.principal = PrincipalBase.unauth;
        this.foreignUnauth = false;
        traceService.log(1, 1, "Entering Authorization ctor");
        this.req = httpServletRequest;
        this.eventDispatcher = new EventDispatcherService();
        Assert.m529assert(this.eventDispatcher != null, "null EventDispatcherService for Authorization ctor");
        if (httpServletRequest == null) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Null HTTP request from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(13, 2, new StringBuffer("Null HTTP request from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(3, 2, "Created an instance of Authorization");
            traceService.log(1, 1, "Exiting Authorization ctor");
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.length() == 0) {
            traceService.log(13, 2, new StringBuffer("Null or empty Authorization request property from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(3, 2, "Created an instance of Authorization");
            traceService.log(1, 1, "Exiting Authorization ctor");
            return;
        }
        int indexOf = header.indexOf(" ");
        if (indexOf == -1) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 30, new StringBuffer("Malformed Authorization header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(13, 2, new StringBuffer("Malformed Authorization header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(3, 2, "Created an instance of Authorization");
            traceService.log(1, 1, "Exiting Authorization ctor");
            return;
        }
        String substring = header.substring(0, indexOf);
        String substring2 = header.substring(indexOf + 1);
        if (!substring.toLowerCase().equals("basic")) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 30, new StringBuffer("Only basic authentication supported; invalid request header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(13, 2, new StringBuffer("Only basic authentication supported; invalid request header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(3, 2, "Created an instance of Authorization");
            traceService.log(1, 1, "Exiting Authorization ctor");
            return;
        }
        String str = new String(new BASE64Decoder().decodeBuffer(substring2));
        int indexOf2 = str.indexOf(":");
        if (indexOf2 == -1) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 30, new StringBuffer("Malformed Authorization header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(13, 2, new StringBuffer("Malformed Authorization header from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(3, 2, "Created an instance of Authorization");
            traceService.log(1, 1, "Exiting Authorization ctor");
            return;
        }
        String substring3 = str.substring(0, indexOf2);
        if (substring3 != null && substring3.length() != 0) {
            setAuthorization(substring3, str.substring(indexOf2 + 1), httpServletRequest);
            return;
        }
        traceService.log(13, 2, new StringBuffer("Zero-length Principal string Authorization request property from ").append(remoteInfo(httpServletRequest)).toString());
        traceService.log(3, 2, "Created an instance of Authorization");
        traceService.log(1, 1, "Exiting Authorization ctor");
    }

    public Authorization(String str, String str2, HttpServletRequest httpServletRequest) throws IOException {
        this.principal = PrincipalBase.unauth;
        this.foreignUnauth = false;
        traceService.log(1, 1, "Entering Authorization ctor");
        this.req = httpServletRequest;
        this.eventDispatcher = new EventDispatcherService();
        Assert.m529assert(this.eventDispatcher != null, "null EventDispatcherService for Authorization ctor");
        setAuthorization(str, str2, httpServletRequest);
    }

    public Authorization(Credentials credentials, HttpServletRequest httpServletRequest) throws IOException {
        this.principal = PrincipalBase.unauth;
        this.foreignUnauth = false;
        traceService.log(1, 1, "Entering Authorization-WMIaudit ctor");
        this.req = httpServletRequest;
        this.eventDispatcher = new EventDispatcherService();
        Assert.m529assert(this.eventDispatcher != null, "null EventDispatcherService for Authorization ctor");
        this.principal = ((PrincipalBase) credentials.getPrincipal()).getIdentity();
        this.credentials = credentials;
    }

    protected void setAuthorization(String str, String str2, HttpServletRequest httpServletRequest) throws IOException {
        String oneWayHash = new Crypto().oneWayHash(str2);
        Principal loadPrincipal = PrincipalFactory.loadPrincipal(str);
        String localDomain = LocalDomain.instance().toString();
        try {
            PrincipalBase principalBase = (PrincipalBase) loadPrincipal;
            if (oneWayHash.equals(principalBase.getPassword())) {
                this.principal = str;
            } else {
                PrincipalNative principalNative = new PrincipalNative(str, null);
                if (principalNative.getIdentity().equals(LocalDomain.instance().getId()) && str2.equals(principalBase.getPassword())) {
                    this.principal = str;
                    traceService.log(13, 1, "Internal mgmt server invocation");
                } else if (principalNative.getDomain().equals(localDomain)) {
                    eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Invalid password attempted for principal ").append(str).append(" from ").append(remoteInfo(httpServletRequest)).toString());
                    traceService.log(13, 3, new StringBuffer("Invalid password from ").append(remoteInfo(httpServletRequest)).toString());
                } else {
                    this.foreignUnauth = true;
                    this.principal = str;
                    this.password = str2;
                    traceService.log(13, 1, new StringBuffer("Principal from other domain; basic auth says ").append(str).toString());
                }
            }
        } catch (PrincipalException unused) {
            if (new PrincipalNative(str, null).getDomain().equals(localDomain)) {
                eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Cannot check password for principal ").append(str).append(" from ").append(remoteInfo(httpServletRequest)).toString());
                traceService.log(13, 3, new StringBuffer("Cannot check password from ").append(remoteInfo(httpServletRequest)).toString());
            } else {
                this.foreignUnauth = true;
                this.principal = str;
                this.password = str2;
                traceService.log(13, 1, new StringBuffer("Principal from other domain; basic auth says ").append(str).toString());
            }
        } catch (ClassCastException unused2) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Invalid principal ").append(str).append(" attempted from ").append(remoteInfo(httpServletRequest)).toString());
            traceService.log(13, 3, new StringBuffer("Invalid principal from ").append(remoteInfo(httpServletRequest)).toString());
        }
        if (!this.foreignUnauth) {
            traceService.log(13, 1, new StringBuffer("Principal is ").append(this.principal).toString());
        }
        traceService.log(3, 2, "Created an instance of Authorization");
        traceService.log(1, 1, "Exiting Authorization ctor");
    }

    public String getPrincipal() {
        traceService.log(1, 1, "Entering getPrincipal");
        traceService.log(1, 1, "Exiting getPrincipal");
        return this.principal;
    }

    public Credentials getCredentials() {
        traceService.log(1, 1, "Entering getCredentials");
        traceService.log(1, 1, "Exiting getCredentials");
        return this.credentials;
    }

    public boolean isAuth(Invocation invocation, String str) {
        String stringBuffer;
        boolean isAuth;
        traceService.log(1, 2, "Entering isAuth");
        if (invocation == null) {
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Null invocation; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 2, new StringBuffer("Null invocation on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        }
        if (str == null || str.length() == 0) {
            traceService.log(13, 2, "Null or empty string ACL name; assuming no authorization required");
            traceService.log(1, 2, "Exiting isAuth");
            return true;
        }
        try {
            String method = invocation.getMethod();
            if (method == null || method.length() == 0) {
                eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Null or empty method on request from ").append(remoteInfo(this.req)).toString());
                traceService.log(13, 2, new StringBuffer("Null or empty method on request from ").append(remoteInfo(this.req)).toString());
                traceService.log(1, 2, "Exiting isAuth");
                return false;
            }
            AclImpl aclImpl = new AclImpl(str);
            String credentials = invocation.getCredentials();
            traceService.log(13, 1, new StringBuffer("Credentials to isAuth are ").append(credentials).toString());
            if (credentials == null || credentials.length() == 0) {
                traceService.log(13, 2, "Null or empty credentials--unauthenticated call");
                isAuth = aclImpl.isAuth(PrincipalBase.unauth, method);
                if (!isAuth) {
                    traceService.log(13, 3, new StringBuffer("Unauthenticated check against ACL ").append(str).append(" failed for accessing ").append(method).append(" on request from ").append(remoteInfo(this.req)).toString());
                }
            } else {
                if (this.foreignUnauth) {
                    getForeignCredentials();
                } else {
                    this.credentials = new Credentials(credentials, (String) null);
                    this.principal = this.credentials.getPrincipal().toString();
                }
                isAuth = aclImpl.isAuth(this.credentials, method);
                if (!isAuth && str.equals("Auth") && method.equals("setPassword")) {
                    String str2 = null;
                    try {
                        str2 = PrincipalFactory.loadPrincipal(invocation.getParameter("identity")).toString();
                    } catch (Exception unused) {
                    }
                    if (str2 == null || !str2.equals(this.principal)) {
                        traceService.log(13, 2, new StringBuffer("Not allowing ").append(this.principal).append(" to set password for ").append(str2).toString());
                    } else {
                        traceService.log(13, 2, new StringBuffer("Allowing ").append(this.principal).append(" to set own password").toString());
                        isAuth = true;
                    }
                }
                if (!isAuth) {
                    eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 30, new StringBuffer("Credential check against ACL ").append(str).append(" failed for principal ").append(this.principal).append(" accessing ").append(method).append(" on request from ").append(remoteInfo(this.req)).toString());
                    traceService.log(13, 2, new StringBuffer("Credential check against ACL ").append(str).append(" failed for principal ").append(this.principal).append(" accessing ").append(method).append(" on request from ").append(remoteInfo(this.req)).toString());
                }
            }
            traceService.log(1, 2, "Exiting isAuth");
            return isAuth;
        } catch (MalformedInvocationException e) {
            stringBuffer = new StringBuffer(String.valueOf(e.toString())).append(" ").append(e.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 2, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        } catch (DBNoSuchElementException e2) {
            new StringBuffer(String.valueOf(e2.toString())).append(" ").append(e2.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Acl ").append(str).append(" not found; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 3, new StringBuffer("Acl ").append(str).append(" not found; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        } catch (DBSyncException e3) {
            stringBuffer = new StringBuffer(String.valueOf(e3.toString())).append(" ").append(e3.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 2, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        } catch (CredentialsException e4) {
            stringBuffer = new StringBuffer(String.valueOf(e4.toString())).append(" ").append(e4.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 2, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        }
    }

    public boolean isAuth(String str, String str2) {
        traceService.log(1, 2, "Entering isAuth");
        if (str == null || str.length() == 0) {
            traceService.log(13, 2, "Null or empty string ACL name; assuming no authorization required");
            traceService.log(1, 2, "Exiting isAuth");
            return true;
        }
        try {
            AclImpl aclImpl = new AclImpl(str);
            if (this.principal.equals(PrincipalBase.unauth)) {
                boolean isAuth = aclImpl.isAuth(this.credentials, str2);
                traceService.log(1, 2, "Exiting isAuth");
                return isAuth;
            }
            Principal loadPrincipal = PrincipalFactory.loadPrincipal(this.principal);
            if (this.credentials == null) {
                if (this.foreignUnauth) {
                    getForeignCredentials();
                } else {
                    this.credentials = new Credentials(loadPrincipal);
                }
            }
            boolean isAuth2 = aclImpl.isAuth(this.credentials, str2);
            if (!isAuth2) {
                if (!this.principal.equals(PrincipalBase.unauth)) {
                    eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 50, new StringBuffer("Check against ACL ").append(str).append(" failed for principal ").append(this.principal).append(" accessing ").append(str2).append(" on request from ").append(remoteInfo(this.req)).toString());
                }
                traceService.log(13, 3, new StringBuffer("Check against ACL ").append(str).append(" failed for principal ").append(this.principal).append(" accessing ").append(str2).append(" on request from ").append(remoteInfo(this.req)).toString());
            }
            traceService.log(1, 2, "Exiting isAuth");
            return isAuth2;
        } catch (DBNoSuchElementException e) {
            new StringBuffer(String.valueOf(e.toString())).append(" ").append(e.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Acl ").append(str).append(" not found; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 3, new StringBuffer("Acl ").append(str).append(" not found; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        } catch (DBSyncException e2) {
            String stringBuffer = new StringBuffer(String.valueOf(e2.toString())).append(" ").append(e2.getMessage()).toString();
            eventDispatcherNotify(EventMessageResource.AUTHORIZATIONFAILURE, 40, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(13, 3, new StringBuffer("Caught exception ").append(stringBuffer).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuth");
            return false;
        }
    }

    public boolean isAuthCheckQuietly(String str, String str2) {
        traceService.log(1, 2, "Entering isAuthCheckQuietly");
        if (str == null || str.length() == 0) {
            traceService.log(13, 2, "Null or empty string ACL name; assuming no authorization required");
            traceService.log(1, 2, "Exiting isAuthCheckQuietly");
            return true;
        }
        try {
            AclImpl aclImpl = new AclImpl(str);
            if (this.principal.equals(PrincipalBase.unauth)) {
                boolean isAuth = aclImpl.isAuth(this.credentials, str2);
                traceService.log(1, 2, "Exiting isAuthCheckQuietly");
                return isAuth;
            }
            Principal loadPrincipal = PrincipalFactory.loadPrincipal(this.principal);
            if (this.credentials == null) {
                if (this.foreignUnauth) {
                    getForeignCredentials();
                } else {
                    this.credentials = new Credentials(loadPrincipal);
                }
            }
            boolean isAuth2 = aclImpl.isAuth(this.credentials, str2);
            if (!isAuth2 && !this.principal.equals(PrincipalBase.unauth)) {
                traceService.log(13, 3, new StringBuffer("Check against ACL ").append(str).append(" failed for principal ").append(this.principal).append(" accessing ").append(str2).append(" on request from ").append(remoteInfo(this.req)).toString());
            }
            traceService.log(1, 2, "Exiting isAuthCheckQuietly");
            return isAuth2;
        } catch (DBNoSuchElementException e) {
            new StringBuffer(String.valueOf(e.toString())).append(" ").append(e.getMessage()).toString();
            traceService.log(13, 3, new StringBuffer("Acl ").append(str).append(" not found; authorization failure on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuthCheckQuietly");
            return false;
        } catch (DBSyncException e2) {
            traceService.log(13, 3, new StringBuffer("Caught exception ").append(new StringBuffer(String.valueOf(e2.toString())).append(" ").append(e2.getMessage()).toString()).append(" on request from ").append(remoteInfo(this.req)).toString());
            traceService.log(1, 2, "Exiting isAuthCheckQuietly");
            return false;
        }
    }

    public void getForeignCredentials() {
        traceService.log(1, 2, "Entering getForeignCredentials");
        String str = null;
        traceService.log(13, 2, new StringBuffer("Getting foreign credentials for ").append(this.principal).toString());
        try {
            try {
                ClientCredentials.instance().setBasicAuthOverride(this.principal, this.password);
                String domain = ((PrincipalBase) PrincipalFactory.loadPrincipal(this.principal)).getDomain();
                MgmtServer mgmtServer = MgmtServer.getMgmtServer(domain);
                int certificateID = mgmtServer.getCertificateID();
                String str2 = null;
                if (certificateID != 0) {
                    CERTIFICATE certificate = new CERTIFICATE(certificateID);
                    certificate.sync();
                    str2 = certificate.getContents();
                }
                try {
                    str = new AuthProxy(new StringBuffer(String.valueOf(mgmtServer.getDefault_protocol())).append("://").append(mgmtServer.getMgmtsrv_url()).append("/com.tivoli.xtela.core.security.AuthServlet").toString()).getForeignCredentials(LocalDomain.instance().toString(), str2);
                } catch (PKVerifyException unused) {
                    traceService.log(13, 1, new StringBuffer("Public-Key verification failed for domain: ").append(domain).toString());
                }
                traceService.log(13, 2, new StringBuffer("Received foreign credentials ").append(str).toString());
                if (str != null) {
                    this.credentials = new Credentials(str, domain);
                    this.principal = this.credentials.getPrincipal().toString();
                }
            } catch (Throwable th) {
                traceService.log(13, 2, new StringBuffer("getForeignCredentials caught ").append(th).append(" ").append(th.getMessage()).toString());
            }
            traceService.log(1, 2, "Exiting getForeignCredentials");
        } finally {
            ClientCredentials.instance().clearOverride();
        }
    }

    public RoleSet getPrincipalRoles() {
        traceService.log(1, 2, "Entering getPrincipalRoles");
        RoleSet roleSet = null;
        try {
            roleSet = ((PrincipalBase) PrincipalFactory.loadPrincipal(this.principal)).getRoleSet();
        } catch (Exception e) {
            traceService.log(13, 2, new StringBuffer("Caught exception ").append(e.toString()).append(" in getPrincipalRoles").toString());
        }
        traceService.log(1, 2, "Exiting getPrincipalRoles");
        return roleSet;
    }

    static {
        traceService = null;
        traceService = SecurityTraceService.getTraceService("Authorization");
    }
}
