package org.mobicents.servlet.sip.catalina.security;

import java.lang.reflect.Method;
import java.security.Principal;
import javax.sip.address.Address;
import org.apache.catalina.Realm;
import org.apache.catalina.realm.RealmBase;
import org.apache.log4j.Logger;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.mobicents.servlet.sip.catalina.CatalinaSipContext;
import org.mobicents.servlet.sip.catalina.SipLoginConfig;
import org.mobicents.servlet.sip.catalina.SipSecurityCollection;
import org.mobicents.servlet.sip.catalina.SipSecurityConstraint;
import org.mobicents.servlet.sip.catalina.security.authentication.DigestAuthenticator;
import org.mobicents.servlet.sip.core.SipContext;
import org.mobicents.servlet.sip.core.message.MobicentsSipServletRequest;
import org.mobicents.servlet.sip.core.message.MobicentsSipServletResponse;
import org.mobicents.servlet.sip.core.security.SipPrincipal;

/* loaded from: input_file:org/mobicents/servlet/sip/catalina/security/SipSecurityUtils.class */
public class SipSecurityUtils {
    private static final Logger log = Logger.getLogger(SipSecurityUtils.class);
    private SipContext sipStandardContext;

    public SipSecurityUtils(SipContext sipContext) {
        this.sipStandardContext = sipContext;
    }

    public boolean authenticate(MobicentsSipServletRequest mobicentsSipServletRequest, SipSecurityConstraint sipSecurityConstraint) {
        boolean z = false;
        SipLoginConfig sipLoginConfig = (SipLoginConfig) this.sipStandardContext.getSipLoginConfig();
        try {
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (sipLoginConfig == null) {
            log.debug("No login configuration found in sip.xml. We won't authenticate.");
            return true;
        }
        String authMethod = sipLoginConfig.getAuthMethod();
        if (authMethod != null) {
            String identitySchemeSettings = sipLoginConfig.getIdentitySchemeSettings("P-Asserted-Identity");
            if (identitySchemeSettings != null && mobicentsSipServletRequest.getHeader("P-Asserted-Identity") != null) {
                String header = mobicentsSipServletRequest.getHeader("P-Asserted-Identity");
                if (header == null && "REQUIRED".equals(identitySchemeSettings)) {
                    mobicentsSipServletRequest.createResponse(428, "P-Asserted-Idetity header is required!").send();
                    return false;
                }
                Address createAddress = this.sipStandardContext.getSipApplicationDispatcher().getSipFactory().getAddressFactory().createAddress(header);
                String user = createAddress.getURI().isSipURI() ? createAddress.getURI().getUser() : createAddress.getURI().getPhoneNumber();
                SipPrincipal impersonatePrincipal = impersonatePrincipal(user, ((CatalinaSipContext) this.sipStandardContext).getRealm());
                if (impersonatePrincipal != null) {
                    z = true;
                    mobicentsSipServletRequest.setUserPrincipal(impersonatePrincipal);
                    mobicentsSipServletRequest.getSipSession().setUserPrincipal(impersonatePrincipal);
                    log.debug("P-Asserted-Identity authetication successful for user: " + user);
                }
            }
            if (!z && authMethod.equalsIgnoreCase("DIGEST")) {
                DigestAuthenticator digestAuthenticator = new DigestAuthenticator(this.sipStandardContext.getSipApplicationDispatcher().getSipFactory().getHeaderFactory());
                digestAuthenticator.setContext((CatalinaSipContext) this.sipStandardContext);
                z = digestAuthenticator.authenticate(mobicentsSipServletRequest, createErrorResponse(mobicentsSipServletRequest, sipSecurityConstraint), sipLoginConfig);
                mobicentsSipServletRequest.setUserPrincipal(digestAuthenticator.getPrincipal());
            } else if (authMethod.equalsIgnoreCase("BASIC")) {
                throw new IllegalStateException("Basic authentication not supported in JSR 289");
            }
        }
        return z;
    }

    private static MobicentsSipServletResponse createErrorResponse(MobicentsSipServletRequest mobicentsSipServletRequest, SipSecurityConstraint sipSecurityConstraint) {
        return sipSecurityConstraint.isProxyAuthentication() ? (MobicentsSipServletResponse) mobicentsSipServletRequest.createResponse(407) : mobicentsSipServletRequest.createResponse(401);
    }

    public boolean authorize(MobicentsSipServletRequest mobicentsSipServletRequest) {
        boolean z = true;
        SecurityConstraint[] findConstraints = ((CatalinaSipContext) this.sipStandardContext).findConstraints();
        if (findConstraints.length == 0) {
            return true;
        }
        for (SecurityConstraint securityConstraint : findConstraints) {
            if (securityConstraint instanceof SipSecurityConstraint) {
                SipSecurityConstraint sipSecurityConstraint = (SipSecurityConstraint) securityConstraint;
                for (SecurityCollection securityCollection : sipSecurityConstraint.findCollections()) {
                    SipSecurityCollection sipSecurityCollection = (SipSecurityCollection) securityCollection;
                    String handler = mobicentsSipServletRequest.getSipSession().getHandler();
                    if (sipSecurityCollection.findMethod(mobicentsSipServletRequest.getMethod()) && sipSecurityCollection.findServletName(handler)) {
                        boolean z2 = false;
                        if (authenticate(mobicentsSipServletRequest, sipSecurityConstraint)) {
                            CatalinaSipPrincipal catalinaSipPrincipal = (CatalinaSipPrincipal) mobicentsSipServletRequest.getUserPrincipal();
                            if (catalinaSipPrincipal == null) {
                                return false;
                            }
                            String[] findAuthRoles = securityConstraint.findAuthRoles();
                            int length = findAuthRoles.length;
                            int i = 0;
                            while (true) {
                                if (i >= length) {
                                    break;
                                }
                                if (catalinaSipPrincipal.isUserInRole(findAuthRoles[i])) {
                                    z2 = true;
                                    break;
                                }
                                i++;
                            }
                        }
                        if (!z2) {
                            z = false;
                            log.error("Constraint \"" + securityConstraint.getDisplayName() + "\" not satifsied");
                        }
                    }
                }
            }
        }
        return z;
    }

    public static SipPrincipal impersonatePrincipal(String str, Realm realm) {
        Method method = null;
        Class<?> cls = realm.getClass();
        try {
            try {
                if (!(realm instanceof RealmBase)) {
                    throw new RuntimeException("Only Realms extending RealmBase are supported. Report this error. Current realm class is " + realm.getClass().getCanonicalName());
                }
                while (method == null) {
                    try {
                        method = cls.getDeclaredMethod("getPrincipal", String.class);
                    } catch (NoSuchMethodException e) {
                        log.warn("unexpected exception while impersonatePrincipal", e);
                    }
                    cls = cls.getSuperclass();
                    if (cls == null) {
                        break;
                    }
                }
                method.setAccessible(true);
                CatalinaSipPrincipal catalinaSipPrincipal = new CatalinaSipPrincipal((Principal) method.invoke(realm, str));
                if (method != null) {
                    method.setAccessible(false);
                }
                return catalinaSipPrincipal;
            } catch (Throwable th) {
                log.error("Could not impersonate user " + str, th);
                if (0 == 0) {
                    return null;
                }
                method.setAccessible(false);
                return null;
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                method.setAccessible(false);
            }
            throw th2;
        }
    }
}
