package com.tibco.bw.palette.netsuite.runtime.eventsource;

import com.tibco.bw.palette.netsuite.model.common.NSStringUtils;
import com.tibco.bw.palette.netsuite.runtime.resources.NetSuiteMessageBundle;
import com.tibco.bw.palette.netsuite.runtime.utils.LogUtils;
import com.tibco.security.AXSecurityException;
import com.tibco.security.ObfuscationEngine;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Base64;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpStatus;

/* loaded from: input_file:payload/TIB_bwpluginnetsuite_6.3.6_common.zip:assemblies/assembly_tibco_com_tibco_bw_palette_netsuite_runtime_feature_6.3.600.001.zip:source/plugins/com.tibco.bw.palette.netsuite.runtime_6.3.600.001.jar:com/tibco/bw/palette/netsuite/runtime/eventsource/NetSuiteServlet.class */
public class NetSuiteServlet extends HttpServlet {
    public static final String HTTP_METHOD_POST = "Post";
    public static final String HTTP_METHOD_GET = "Get";
    public static final String DEFAULT_CHARSET_NAME = "utf-8";
    static String HOST_MATCH = "com.tibco.bw.palette.netsuite.match.hostname";
    private static final long serialVersionUID = 6367983721327184035L;
    private NewEventCallBack<?> m_callBack;
    private LogUtils logger;

    public NetSuiteServlet() {
    }

    public NetSuiteServlet(NewEventCallBack<?> newEventCallBack) {
        this.m_callBack = newEventCallBack;
        this.logger = newEventCallBack.getLogger();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse, "Get");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse, "Post");
    }

    private boolean filtrateAddress(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        InetAddress byName;
        String property = System.getProperty(HOST_MATCH);
        if (property == null || property.trim().length() == 0) {
            this.logger.info("Will do not execute the  security check for host address");
            return true;
        }
        String[] split = property.split(";");
        String remoteAddr = httpServletRequest.getRemoteAddr();
        for (String str : split) {
            if (str.equals("") || str.equals("0.0.0.0")) {
                this.logger.info("Will do not execute the  security check for host address");
                return true;
            }
            try {
                byName = InetAddress.getByName(str);
            } catch (UnknownHostException unused) {
                this.logger.warn("The trusted host " + str + " is a incorrect host so that not expected from remote address " + remoteAddr);
            } catch (Throwable th) {
                this.logger.warn("The trusted host " + str + " that not expected from remote address " + remoteAddr + " : " + th.getMessage());
            }
            if (byName.getHostAddress().equalsIgnoreCase(remoteAddr)) {
                this.logger.info("The trusted host " + byName + " that expected from remote address " + remoteAddr);
                return true;
            }
            this.logger.info("The trusted host " + byName + " that not expected from remote address " + remoteAddr);
        }
        return false;
    }

    private void sendAck(HttpServletResponse httpServletResponse, String str, int i) throws IllegalAccessException, NoSuchMethodException, IOException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setStatus(i);
        httpServletResponse.getWriter().write(str);
        httpServletResponse.flushBuffer();
    }

    private <N> void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (!filtrateAddress(httpServletRequest, httpServletResponse)) {
            try {
                sendAck(httpServletResponse, "The trusted hostname list that not expected from address : " + httpServletRequest.getRemoteAddr(), HttpStatus.SC_FORBIDDEN);
                return;
            } catch (Exception e) {
                this.logger.error(e.getMessage());
                throw new IOException(e.getMessage());
            }
        }
        this.logger.debug(NetSuiteMessageBundle.MESSAGE_EVENT_SOURCE_SERVLET_REQUEST, new Object[]{str});
        if ("Get".equalsIgnoreCase(str)) {
            sendAck(httpServletResponse, HttpStatus.SC_METHOD_NOT_ALLOWED, "Only Accept POST");
            return;
        }
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null || "".equals(characterEncoding.trim())) {
            characterEncoding = "utf-8";
        }
        UserIdentity userIdentity = this.m_callBack.getUserIdentity();
        String header = httpServletRequest.getHeader("Authorization");
        if (userIdentity.isValid() && httpServletRequest.getHeader("Authorization") == null) {
            httpServletResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
            httpServletResponse.setHeader("WWW-authenticate", "Basic realm=\"" + this.m_callBack.getHostName() + "\"");
            httpServletResponse.flushBuffer();
        } else {
            if (!isPassBasicAuthentication(header, userIdentity, characterEncoding)) {
                sendAck(httpServletResponse, HttpStatus.SC_UNAUTHORIZED, "Please check whether username or password is correct or not.");
                return;
            }
            String readPostDataFromRequest = readPostDataFromRequest(httpServletRequest, characterEncoding);
            if (readPostDataFromRequest != null && (readPostDataFromRequest == null || readPostDataFromRequest.trim().length() != 0)) {
                sendAck(httpServletResponse, HttpStatus.SC_OK, new EntityEventProcessor(this.m_callBack).processEvent(readPostDataFromRequest));
            } else {
                this.logger.error(NetSuiteMessageBundle.MESSAGE_EVENT_SOURCE_SERVLET_REQUEST_EMPTY);
                sendAck(httpServletResponse, HttpStatus.SC_EXPECTATION_FAILED, NetSuiteMessageBundle.MESSAGE_EVENT_SOURCE_SERVLET_REQUEST_EMPTY.toString());
            }
        }
    }

    public synchronized boolean isPassBasicAuthentication(String str, UserIdentity userIdentity, String str2) throws IOException {
        if (!userIdentity.isValid()) {
            return true;
        }
        String userName = userIdentity.getUserName();
        String password = userIdentity.getPassword();
        if (str == null || str.trim().length() == 0) {
            return false;
        }
        String str3 = password == null ? "" : password;
        String str4 = "";
        String str5 = "";
        String trim = str.trim();
        if (trim.length() < 6 || !"BASIC ".equalsIgnoreCase(trim.substring(0, 6))) {
            return false;
        }
        try {
            String str6 = new String(Base64.getMimeDecoder().decode(trim.substring(6)), str2);
            if (str6 != null && str6.indexOf(":") > 0) {
                int indexOf = str6.indexOf(":");
                str4 = str6.substring(0, indexOf);
                if (indexOf + 1 < str6.length()) {
                    str5 = str6.substring(indexOf + 1);
                    if (str5 != null && str5.indexOf("#!") != -1) {
                        this.logger.debug("Decoding the obfuscationed password");
                        try {
                            str5 = String.valueOf(ObfuscationEngine.decrypt(str5));
                        } catch (AXSecurityException e) {
                            this.logger.error("Decoding the obfuscationed password failed : " + e.getMessage());
                        }
                    }
                }
            }
            return userName.equalsIgnoreCase(str4) && str3.equals(str5);
        } catch (Exception e2) {
            this.logger.error(NetSuiteMessageBundle.ERROR_EVENT_SOURCE_SERVLET_BASIC_AUTH_EXCEPTION, new String[]{e2.toString()});
            return false;
        }
    }

    protected synchronized String readPostDataFromRequest(HttpServletRequest httpServletRequest, String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) httpServletRequest.getInputStream(), str));
        StringBuilder sb = new StringBuilder();
        char[] cArr = new char[2048];
        while (true) {
            int read = bufferedReader.read(cArr);
            if (read == -1) {
                String replaceSpecialUnicodeAsEmpty = NSStringUtils.replaceSpecialUnicodeAsEmpty(sb.toString());
                this.logger.debug("The Data sent from Netsuite server was as below: \n" + replaceSpecialUnicodeAsEmpty);
                return replaceSpecialUnicodeAsEmpty;
            }
            char[] cArr2 = new char[read];
            System.arraycopy(cArr, 0, cArr2, 0, read);
            sb.append(cArr2);
        }
    }

    private void sendAck(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        this.logger.debug(NetSuiteMessageBundle.MESSAGE_EVENT_SOURCE_SERVLET_RESPONSE, new Object[]{Integer.valueOf(i), str});
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setStatus(i);
        httpServletResponse.getWriter().write(str);
        httpServletResponse.flushBuffer();
    }
}
