package org.cipango.server.security;

import java.io.IOException;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import org.cipango.server.SipHandler;
import org.cipango.server.SipMessage;
import org.cipango.server.SipRequest;
import org.cipango.server.handler.SipHandlerWrapper;
import org.cipango.server.security.SipAuthenticator;
import org.cipango.server.servlet.SipServletHolder;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

@ManagedObject("SIP security handler")
/* loaded from: input_file:org/cipango/server/security/SipSecurityHandler.class */
public abstract class SipSecurityHandler<T> extends SipHandlerWrapper implements SipHandler, SipAuthenticator.AuthConfiguration {
    private static final Logger LOG = Log.getLogger(SipSecurityHandler.class);
    private String _realmName;
    private String _authMethod;
    private LoginService _loginService;
    private boolean _discoveredLoginService;
    private SipAuthenticator _authenticator;
    private IdentityService _identityService;
    private IdentityAssertionScheme _identityAssertionScheme;
    private boolean _identityAssertionRequired;
    private SipAuthenticator.Factory _authenticatorFactory = new DefaultAuthenticatorFactory();
    private final Map<String, String> _initParameters = new HashMap();

    /* loaded from: input_file:org/cipango/server/security/SipSecurityHandler$IdentityAssertionScheme.class */
    public enum IdentityAssertionScheme {
        P_ASSERTED_IDENTITY("P-Asserted-Identity"),
        IDENTITY("Identity");

        private String _name;

        IdentityAssertionScheme(String str) {
            this._name = str;
        }

        public String getName() {
            return this._name;
        }

        public static IdentityAssertionScheme getByName(String str) {
            for (IdentityAssertionScheme identityAssertionScheme : values()) {
                if (identityAssertionScheme.getName().equalsIgnoreCase(str)) {
                    return identityAssertionScheme;
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doStart() throws Exception {
        ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
        if (currentContext != null) {
            Enumeration initParameterNames = currentContext.getInitParameterNames();
            while (initParameterNames != null && initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                if (str.startsWith("org.eclipse.jetty.security.") && getInitParameter(str) == null) {
                    setInitParameter(str, currentContext.getInitParameter(str));
                }
            }
        }
        if (this._loginService == null) {
            this._loginService = findLoginService();
            this._discoveredLoginService = true;
        }
        if (this._identityService == null) {
            if (this._loginService != null) {
                this._identityService = this._loginService.getIdentityService();
            }
            if (this._identityService == null) {
                this._identityService = findIdentityService();
            }
            if (this._identityService == null && this._realmName != null) {
                this._identityService = new DefaultIdentityService();
            }
        }
        if (this._loginService != null) {
            if (this._loginService.getIdentityService() == null) {
                this._loginService.setIdentityService(this._identityService);
            } else if (this._loginService.getIdentityService() != this._identityService) {
                throw new IllegalStateException("LoginService has different IdentityService to " + this);
            }
        }
        if (this._authenticator == null && this._authenticatorFactory != null && this._identityService != null) {
            this._authenticator = this._authenticatorFactory.getAuthenticator(getServer(), ContextHandler.getCurrentContext(), this, this._identityService, this._loginService);
            if (this._authenticator != null) {
                this._authMethod = this._authenticator.getAuthMethod();
            }
        }
        if (this._authenticator != null) {
            this._authenticator.setAuthConfiguration(this);
            if (this._authenticator instanceof LifeCycle) {
                this._authenticator.start();
            }
        } else if (this._realmName != null) {
            LOG.warn("No ServerAuthentication for " + this, new Object[0]);
            throw new IllegalStateException("No ServerAuthentication");
        }
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doStop() throws Exception {
        if (this._discoveredLoginService) {
            removeBean(this._loginService);
            this._loginService = null;
        }
        super.doStop();
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    @ManagedAttribute(name = "Login service", readonly = true)
    public LoginService getLoginService() {
        return this._loginService;
    }

    public void setLoginService(LoginService loginService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this._loginService, loginService);
        this._loginService = loginService;
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    @ManagedAttribute(name = "Realm name", readonly = true)
    public String getRealmName() {
        return this._realmName;
    }

    public void setRealmName(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._realmName = str;
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    @ManagedAttribute(name = "Authentication method", readonly = true)
    public String getAuthMethod() {
        return this._authMethod;
    }

    public void setAuthMethod(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._authMethod = str;
    }

    protected LoginService findLoginService() {
        Collection<LoginService> beans = getServer().getBeans(LoginService.class);
        for (LoginService loginService : beans) {
            if (loginService.getName() != null && loginService.getName().equals(getRealmName())) {
                return loginService;
            }
        }
        if (beans.size() == 1) {
            return (LoginService) beans.iterator().next();
        }
        return null;
    }

    protected IdentityService findIdentityService() {
        return (IdentityService) getServer().getBean(IdentityService.class);
    }

    protected abstract T prepareConstraintInfo(SipServletHolder sipServletHolder, SipRequest sipRequest);

    protected abstract boolean checkUserDataPermissions(SipServletHolder sipServletHolder, SipRequest sipRequest, T t) throws IOException;

    protected abstract boolean isAuthMandatory(SipRequest sipRequest, T t);

    protected abstract boolean isProxyMode(SipRequest sipRequest, T t);

    protected abstract boolean checkSipResourcePermissions(SipServletHolder sipServletHolder, SipRequest sipRequest, T t, UserIdentity userIdentity) throws IOException;

    @Override // org.cipango.server.handler.SipHandlerWrapper, org.cipango.server.SipHandler
    public void handle(SipMessage sipMessage) throws IOException, ServletException {
        if ((sipMessage instanceof SipRequest) && this._authenticator != null && !((SipRequest) sipMessage).isAck() && !((SipRequest) sipMessage).isCancel()) {
            SipRequest sipRequest = (SipRequest) sipMessage;
            SipServletHolder handler = sipRequest.getHandler();
            if (handler == null) {
                LOG.debug("No holder for session " + sipRequest.session(), new Object[0]);
            } else {
                T prepareConstraintInfo = prepareConstraintInfo(handler, sipRequest);
                LOG.debug("Got constraint: {} for holder {}", new Object[]{prepareConstraintInfo, handler.getName()});
                if (!checkUserDataPermissions(handler, sipRequest, prepareConstraintInfo)) {
                    if (sipRequest.isHandled()) {
                        return;
                    }
                    sipRequest.createResponse(403).send();
                    return;
                }
                boolean isAuthMandatory = isAuthMandatory(sipRequest, prepareConstraintInfo);
                if (isAuthMandatory) {
                    UserIdentity authenticate = this._authenticator.authenticate(sipRequest, isProxyMode(sipRequest, prepareConstraintInfo), isAuthMandatory);
                    sipRequest.setUserIdentity(authenticate);
                    if (authenticate == null) {
                        return;
                    }
                    if (!checkSipResourcePermissions(handler, sipRequest, prepareConstraintInfo, authenticate)) {
                        sipRequest.createResponse(403, "!role").send();
                        return;
                    }
                }
            }
        }
        getHandler().handle(sipMessage);
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    public String getInitParameter(String str) {
        return this._initParameters.get(str);
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    public Set<String> getInitParameterNames() {
        return this._initParameters.keySet();
    }

    public String setInitParameter(String str, String str2) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        return this._initParameters.put(str, str2);
    }

    @Override // org.cipango.server.security.SipAuthenticator.AuthConfiguration
    public IdentityService getIdentityService() {
        return this._identityService;
    }

    public void setIdentityService(IdentityService identityService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        this._identityService = identityService;
    }

    @ManagedAttribute(value = "SIP Authenticator", readonly = true)
    public SipAuthenticator getAuthenticator() {
        return this._authenticator;
    }

    public void setAuthenticator(SipAuthenticator sipAuthenticator) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        this._authenticator = sipAuthenticator;
    }

    public SipAuthenticator.Factory getAuthenticatorFactory() {
        return this._authenticatorFactory;
    }

    public void setAuthenticatorFactory(SipAuthenticator.Factory factory) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._authenticatorFactory = factory;
    }

    public IdentityAssertionScheme getIdentityAssertionScheme() {
        return this._identityAssertionScheme;
    }

    public void setIdentityAssertionScheme(IdentityAssertionScheme identityAssertionScheme) {
        this._identityAssertionScheme = identityAssertionScheme;
    }

    public boolean isIdentityAssertionRequired() {
        return this._identityAssertionRequired;
    }

    public void setIdentityAssertionRequired(boolean z) {
        this._identityAssertionRequired = z;
    }
}
