package org.apache.juddi.api.impl;

import java.util.Date;
import javax.annotation.Resource;
import javax.persistence.EntityManager;
import javax.servlet.http.HttpServletRequest;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Property;
import org.apache.juddi.model.AuthToken;
import org.apache.juddi.model.UddiEntityPublisher;
import org.apache.juddi.v3.auth.AuthenticatorFactory;
import org.apache.juddi.v3.error.AuthTokenExpiredException;
import org.apache.juddi.v3.error.AuthTokenRequiredException;
import org.apache.juddi.v3.error.ErrorMessage;
import org.uddi.v3_service.DispositionReportFaultMessage;

/* loaded from: input_file:WEB-INF/lib/juddi-core-openjpa-3.3.9.jar:org/apache/juddi/api/impl/AuthenticatedService.class */
public abstract class AuthenticatedService {
    public static final String UTF8 = "UTF-8";
    public static final int AUTHTOKEN_ACTIVE = 1;
    public static final int AUTHTOKEN_RETIRED = 0;
    static final Log logger = LogFactory.getLog((Class<?>) AuthenticatedService.class);
    private String node;
    protected String baseUrlSSL;
    protected String baseUrl = "UNDEFINED";
    protected DatatypeFactory df = null;

    @Resource
    protected WebServiceContext ctx;

    public String getNode() {
        return this.node;
    }

    public AuthenticatedService() {
        this.node = "UNDEFINED_NODE_NAME";
        this.baseUrlSSL = "UNDEFINED";
        try {
            this.node = AppConfig.getConfiguration().getString(Property.JUDDI_NODE_ID, "UNDEFINED_NODE_NAME");
            this.node = this.node.trim();
            this.baseUrlSSL = AppConfig.getConfiguration().getString(Property.JUDDI_BASE_URL_SECURE, Property.DEFAULT_BASE_URL_SECURE);
            this.baseUrlSSL = this.baseUrlSSL.trim();
        } catch (ConfigurationException e) {
            logger.fatal(null, e);
        }
        init();
    }

    public void setContext(WebServiceContext webServiceContext) {
        this.ctx = webServiceContext;
    }

    private synchronized void init() {
        try {
            this.df = DatatypeFactory.newInstance();
        } catch (DatatypeConfigurationException e) {
            logger.fatal(null, e);
        }
    }

    public UddiEntityPublisher getEntityPublisher(EntityManager entityManager, String str) throws DispositionReportFaultMessage {
        boolean z = true;
        try {
            z = AppConfig.getConfiguration().getBoolean(Property.JUDDI_AUTHENTICATOR_USE_TOKEN, true);
        } catch (ConfigurationException e) {
        }
        if (!z) {
            UddiEntityPublisher identify = AuthenticatorFactory.getAuthenticator().identify(null, null, this.ctx);
            if (identify == null) {
                logger.warn("AUDIT FAILURE - Auth token invalid, publisher does not exist " + getRequestorsIPAddress());
                throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
            }
            if (identify.getAuthorizedName() != null) {
                return identify;
            }
            logger.warn("AUDIT FAILURE - Auth token invalid, username does exist" + getRequestorsIPAddress());
            throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
        }
        if (str == null || str.length() == 0) {
            throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthRequired"));
        }
        AuthToken authToken = (AuthToken) entityManager.find(AuthToken.class, str);
        if (authToken == null) {
            throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
        }
        int i = 0;
        try {
            i = AppConfig.getConfiguration().getInt(Property.JUDDI_AUTH_TOKEN_TIMEOUT, 0);
        } catch (ConfigurationException e2) {
            logger.error("Error reading property juddi.auth.token.Expiration from the application's configuration. No automatic timeout token invalidation will occur. " + e2.getMessage(), e2);
        }
        int i2 = 0;
        try {
            i2 = AppConfig.getConfiguration().getInt(Property.JUDDI_AUTH_TOKEN_EXPIRATION, 0);
        } catch (ConfigurationException e3) {
            logger.error("Error reading property juddi.auth.token.Expiration from the application's configuration. No automatic timeout token invalidation will occur. " + e3.getMessage(), e3);
        }
        Date date = new Date();
        if (i > 0 && date.getTime() > authToken.getLastUsed().getTime() + (i * 60000)) {
            logger.info("AUDIT: FAILTURE Token " + authToken.getAuthToken() + " expired due to inactivity " + getRequestorsIPAddress());
            authToken.setTokenState(0);
        }
        if (i2 > 0 && date.getTime() > authToken.getCreated().getTime() + (i2 * 60000)) {
            logger.info("AUDIT: FAILURE - Token " + authToken.getAuthorizedName() + " expired due to old age " + getRequestorsIPAddress());
            authToken.setTokenState(0);
        }
        if (authToken.getTokenState() == 0) {
            throw new AuthTokenExpiredException(new ErrorMessage("errors.auth.AuthTokenExpired"));
        }
        if (this.ctx != null) {
            boolean z2 = true;
            try {
                try {
                    z2 = AppConfig.getConfiguration().getBoolean(Property.JUDDI_AUTH_TOKEN_ENFORCE_SAME_IP, true);
                } catch (ConfigurationException e4) {
                    logger.warn("Error loading config property juddi.auth.token.enforceSameIPRule Enforcing Same IP for Auth Tokens will be enabled by default", e4);
                }
                if (z2) {
                    MessageContext messageContext = this.ctx.getMessageContext();
                    HttpServletRequest httpServletRequest = null;
                    if (messageContext != null) {
                        httpServletRequest = (HttpServletRequest) messageContext.get("javax.xml.ws.servlet.request");
                    }
                    if (httpServletRequest != null && httpServletRequest.getRemoteAddr() != null && authToken.getIPAddress() != null && !authToken.getIPAddress().equalsIgnoreCase(httpServletRequest.getRemoteAddr())) {
                        authToken.setTokenState(0);
                        logger.error("AUDIT FAILURE - Security Alert - Attempt to use issued auth token from a different IP address, user " + authToken.getAuthorizedName() + ", issued IP " + authToken.getIPAddress() + ", attempted use from " + httpServletRequest.getRemoteAddr() + ", forcing reauthentication.");
                        throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
                    }
                }
            } catch (Exception e5) {
                if (e5 instanceof AuthTokenRequiredException) {
                    throw ((AuthTokenRequiredException) e5);
                }
                logger.error("unexpected error caught looking up requestor's ip address", e5);
            }
        }
        UddiEntityPublisher identify2 = AuthenticatorFactory.getAuthenticator().identify(str, authToken.getAuthorizedName(), this.ctx);
        if (identify2 == null) {
            logger.warn("AUDIT FAILURE - Auth token invalid, publisher does not exist " + getRequestorsIPAddress());
            throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
        }
        if (identify2.getAuthorizedName() == null) {
            logger.warn("AUDIT FAILURE - Auth token invalid, username does exist" + getRequestorsIPAddress());
            throw new AuthTokenRequiredException(new ErrorMessage("errors.auth.AuthInvalid"));
        }
        authToken.setLastUsed(new Date());
        authToken.setNumberOfUses(authToken.getNumberOfUses() + 1);
        return identify2;
    }

    public String getRequestorsIPAddress() {
        try {
            MessageContext messageContext = this.ctx.getMessageContext();
            HttpServletRequest httpServletRequest = null;
            if (messageContext != null) {
                httpServletRequest = (HttpServletRequest) messageContext.get("javax.xml.ws.servlet.request");
            }
            if (httpServletRequest != null) {
                return httpServletRequest.getRemoteAddr();
            }
            return null;
        } catch (Exception e) {
            logger.debug("Error caught looking up the requestor's ip address", e);
            return null;
        }
    }
}
