package com.tibco.palette.bw6.sharepointrest.rs;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.tibco.palette.bw6.sharepointrest.constants.MessageConstants;
import com.tibco.palette.bw6.sharepointrest.exception.SPRestAuthenticationException;
import com.tibco.palette.bw6.sharepointrest.exception.SPRestBaseException;
import com.tibco.palette.bw6.sharepointrest.exception.SPRestOnlineAuthenticationException;
import com.tibco.palette.bw6.sharepointrest.log.LogUtil;
import com.tibco.palette.bw6.sharepointrest.rs.auth.online.LoginManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.axis2.util.CommandLineOptionConstants;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:payload/common/assembly_tibco_com_tibco_bw_sharedresource_sharepointrest_model_feature_6.2.100.007.zip:source/plugins/com.tibco.bw.sharedresource.sharepointrest.model_6.2.100.007.jar:com/tibco/palette/bw6/sharepointrest/rs/SPRestServiceBase.class */
public class SPRestServiceBase {
    protected String userName;
    protected String password;
    protected URL restServiceURL;
    protected SPRestAuthTypeEnum authType;
    protected SPRestDeploymentType deploymentType;
    private long timeoutMilliSeconds;
    private String kerberosKrb5ConfigFile;
    private String KerberosLoginConfigFile;
    protected CloseableHttpClient httpclient;
    protected PoolingHttpClientConnectionManager cm;
    private RequestConfig requestConfig;
    private SecurityToken securityToken;

    public SPRestServiceBase(String str, String str2, URL url, SPRestAuthTypeEnum sPRestAuthTypeEnum, SPRestDeploymentType sPRestDeploymentType, String str3, String str4) throws GeneralSecurityException, IOException, URISyntaxException {
        this.userName = str;
        this.password = str2;
        this.restServiceURL = url;
        this.authType = sPRestAuthTypeEnum;
        this.deploymentType = sPRestDeploymentType;
        this.kerberosKrb5ConfigFile = str3;
        this.KerberosLoginConfigFile = str4;
    }

    public SPRestServiceBase(URL url, RestServiceConfig restServiceConfig) throws GeneralSecurityException, IOException, URISyntaxException {
        if (restServiceConfig == null) {
            throw new RuntimeException("parameter [config] is null");
        }
        this.userName = restServiceConfig.getUserName();
        this.password = restServiceConfig.getPassword();
        this.restServiceURL = url;
        this.authType = restServiceConfig.getAuthType();
        this.kerberosKrb5ConfigFile = restServiceConfig.getKerberosKrb5ConfigFile();
        this.KerberosLoginConfigFile = restServiceConfig.getKerberosLoginConfigFile();
        this.timeoutMilliSeconds = restServiceConfig.getTimeoutInMilliSeconds();
        this.deploymentType = restServiceConfig.getDeploymentType();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void prepareWebService() throws GeneralSecurityException, IOException, URISyntaxException {
        this.cm = new PoolingHttpClientConnectionManager();
        this.cm.setDefaultMaxPerRoute(500);
        this.cm.setMaxTotal(500);
        this.requestConfig = RequestConfig.custom().setSocketTimeout(900000).setConnectTimeout(900000).setConnectionRequestTimeout(900000).build();
        this.httpclient = getAuthClient();
    }

    private CloseableHttpClient getAuthClient() throws IOException, URISyntaxException, LoginException {
        CloseableHttpClient closeableHttpClient = null;
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        if (this.deploymentType == SPRestDeploymentType.ONPREMISES) {
            if (this.authType == SPRestAuthTypeEnum.BASIC) {
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(this.userName, this.password));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setConnectionManager(this.cm).setDefaultRequestConfig(this.requestConfig).build();
            } else if (this.authType == SPRestAuthTypeEnum.NTLM) {
                String[] domainAndName = getDomainAndName(this.userName);
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new NTCredentials(domainAndName[1], this.password, getComputerName(), domainAndName[0]));
                closeableHttpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setConnectionManager(this.cm).setDefaultRequestConfig(this.requestConfig).build();
                resetSystemPropertiesForNTLM();
            } else if (this.authType == SPRestAuthTypeEnum.KERBEROS) {
                setSystemPropertiesForKerberos();
                closeableHttpClient = getKerberosAuthClient();
            }
        } else if (this.deploymentType == SPRestDeploymentType.ONLINE) {
            if (this.securityToken == null) {
                this.securityToken = new SecurityToken();
            }
            generateSecurityToken();
            closeableHttpClient = HttpClients.custom().setConnectionManager(this.cm).setDefaultRequestConfig(this.requestConfig).build();
        }
        return closeableHttpClient;
    }

    protected void setSystemPropertiesForKerberos() {
        if (System.getProperty("java.security.auth.login.config") == null || !System.getProperty("java.security.auth.login.config").equals(this.KerberosLoginConfigFile)) {
            System.setProperty("java.security.auth.login.config", this.KerberosLoginConfigFile);
        }
        if (System.getProperty("java.security.krb5.conf") == null || !System.getProperty("java.security.krb5.conf").equals(this.kerberosKrb5ConfigFile)) {
            System.setProperty("java.security.krb5.conf", this.kerberosKrb5ConfigFile);
        }
        if (System.getProperty("javax.security.auth.useSubjectCredsOnly") == null || !System.getProperty("javax.security.auth.useSubjectCredsOnly").equals("false")) {
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        }
    }

    protected void resetSystemPropertiesForNTLM() {
        if (System.getProperties() != null) {
            if (System.getProperty("java.security.auth.login.config") != null) {
                System.clearProperty("java.security.auth.login.config");
            }
            if (System.getProperty("java.security.krb5.conf") != null) {
                System.clearProperty("java.security.krb5.conf");
            }
            if (System.getProperty("javax.security.auth.useSubjectCredsOnly") != null) {
                System.clearProperty("javax.security.auth.useSubjectCredsOnly");
            }
        }
    }

    private CloseableHttpClient getKerberosAuthClient() throws LoginException {
        Credentials credentials = new Credentials() { // from class: com.tibco.palette.bw6.sharepointrest.rs.SPRestServiceBase.1
            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }
        };
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope((String) null, -1, (String) null), credentials);
        return HttpClients.custom().setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true)).build()).setDefaultCredentialsProvider(basicCredentialsProvider).setConnectionManager(this.cm).setDefaultRequestConfig(this.requestConfig).build();
    }

    public void reloginIfRequired(URL url) throws SPRestOnlineAuthenticationException, GeneralSecurityException, IOException {
        if (!isAuthCookiesExpired() && isAuthCookiesValid(url)) {
            LogUtil.getLogger().debug("Existing Auth cookies token is still valid");
            LogUtil.getLogger().debug("The still valid Auth cookies token for online login is " + this.securityToken.getAuthCookiesToken());
        } else if (isBinaryTokenExpired()) {
            generateSecurityToken();
        } else {
            generateAuthCookies();
        }
    }

    private boolean isAuthCookiesValid(URL url) throws ClientProtocolException, IOException {
        HttpGet httpGet = new HttpGet(url.toString());
        httpGet.addHeader("Accept", "application/json; odata=verbose");
        httpGet.addHeader("Cookie", this.securityToken.getAuthCookiesToken());
        this.httpclient = HttpClients.createDefault();
        String obj = this.httpclient.execute((HttpUriRequest) httpGet).getStatusLine().toString();
        if (!obj.contains("HTTP/1.1 403 Forbidden") && obj.contains("HTTP/1.1 200 OK")) {
            return true;
        }
        LogUtil.getLogger().debug("Auth cookies token invalid. The invalidated Auth cookies token is " + this.securityToken.getAuthCookiesToken());
        return false;
    }

    private boolean isBinaryTokenExpired() {
        if (this.securityToken == null) {
            return true;
        }
        if (TimeUnit.MILLISECONDS.toDays(new Date().getTime() - this.securityToken.getCreationDateBinarySecurityToken().getTime()) < 1) {
            return false;
        }
        LogUtil.getLogger().debug("Binary security token expired. The expired Binary security token is " + this.securityToken.getBinarySecurityToken());
        return true;
    }

    private boolean isAuthCookiesExpired() {
        if (this.securityToken == null) {
            return true;
        }
        if (TimeUnit.MILLISECONDS.toDays(new Date().getTime() - this.securityToken.getLastUsedDateAuthCookies().getTime()) < 5) {
            return false;
        }
        LogUtil.getLogger().debug("Auth cookies token expired. The expired Auth cookies token is " + this.securityToken.getAuthCookiesToken());
        return true;
    }

    private void generateAuthCookies() {
        LoginManager loginManager = new LoginManager(this.userName, this.password, this.restServiceURL.getHost());
        loginManager.login(this.securityToken.getBinarySecurityToken());
        this.securityToken.setAuthCookiesToken(loginManager.getAuthCookiesToken());
        this.securityToken.setLastUsedDateAuthCookies(new Date());
        LogUtil.getLogger().debug("The Auth cookies token for online login created using existing Binary security token" + this.securityToken.getBinarySecurityToken() + "is " + this.securityToken.getAuthCookiesToken());
    }

    private void generateSecurityToken() {
        LoginManager loginManager = new LoginManager(this.userName, this.password, this.restServiceURL.getHost());
        loginManager.login();
        this.securityToken.setBinarySecurityToken(loginManager.getBinarySecurityToken());
        this.securityToken.setCreationDateBinarySecurityToken(new Date());
        this.securityToken.setAuthCookiesToken(loginManager.getAuthCookiesToken());
        this.securityToken.setLastUsedDateAuthCookies(new Date());
        LogUtil.getLogger().debug("The Binary security token for online login is  " + this.securityToken.getBinarySecurityToken());
        LogUtil.getLogger().debug("The Auth cookies token for online login is " + this.securityToken.getAuthCookiesToken());
    }

    private String getComputerName() {
        try {
            return InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    private String[] getDomainAndName(String str) {
        String[] strArr = {"", ""};
        if (str != null && str.length() > 0) {
            String replace = str.replace('/', '\\').replace("\\\\", "\\");
            int indexOf = replace.indexOf("\\");
            if (indexOf > 0) {
                strArr[0] = replace.substring(0, indexOf);
                strArr[1] = replace.substring(indexOf + 1);
            } else {
                strArr[1] = str;
            }
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse executeGet(HttpGet httpGet) throws LoginException, ClientProtocolException, IOException {
        if (this.authType == SPRestAuthTypeEnum.KERBEROS) {
            setSystemPropertiesForKerberos();
            return executeKerberos(httpGet);
        }
        if (this.authType == SPRestAuthTypeEnum.NTLM || this.authType == SPRestAuthTypeEnum.BASIC) {
            resetSystemPropertiesForNTLM();
        }
        return this.httpclient.execute((HttpUriRequest) httpGet);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse executePost(HttpPost httpPost) throws LoginException, ClientProtocolException, IOException {
        if (this.authType == SPRestAuthTypeEnum.KERBEROS) {
            setSystemPropertiesForKerberos();
            return executeKerberos(httpPost);
        }
        if (this.authType == SPRestAuthTypeEnum.NTLM) {
            resetSystemPropertiesForNTLM();
        }
        return this.httpclient.execute((HttpUriRequest) httpPost);
    }

    protected HttpResponse executeKerberos(final HttpUriRequest httpUriRequest) throws LoginException {
        LoginContext loginContext = new LoginContext("com.sun.security.jgss.login", new KerberosCallBackHandler(getDomainAndName(this.userName)[1], this.password));
        loginContext.login();
        return (HttpResponse) Subject.doAs(loginContext.getSubject(), new PrivilegedAction() { // from class: com.tibco.palette.bw6.sharepointrest.rs.SPRestServiceBase.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return SPRestServiceBase.this.httpclient.execute(httpUriRequest);
                } catch (IOException e) {
                    e.printStackTrace();
                    return null;
                }
            }
        });
    }

    public String getRequestDigest() throws LoginException, ClientProtocolException, IOException, URISyntaxException {
        String url = this.restServiceURL.toString();
        if (url.endsWith("/Lists")) {
            url = url.replaceAll("/Lists$", "/contextinfo");
        } else if (url.endsWith("/Web")) {
            url = url.replaceAll("/Web$", "/contextinfo");
        }
        HttpPost httpPost = new HttpPost(url);
        httpPost.addHeader("Accept", "application/json; odata=verbose");
        if (this.deploymentType == SPRestDeploymentType.ONLINE) {
            httpPost.addHeader("Cookie", getSecurityToken().getAuthCookiesToken());
        }
        HttpResponse executePost = executePost(httpPost);
        String obj = executePost.getStatusLine().toString();
        String entityUtils = EntityUtils.toString(executePost.getEntity());
        if (obj.contains("HTTP/1.1 401 Unauthorized")) {
            throw new SPRestAuthenticationException("Failed to authenticate,please confirm your username,password and permission!");
        }
        if (obj.contains("HTTP/1.1 404 ") && entityUtils.contains("404 NOT FOUND")) {
            throw new SPRestAuthenticationException(MessageConstants.SCA_POP_FAILED_TO_AUTH_SP2010);
        }
        if (obj.contains("HTTP/1.1 200 OK")) {
            return new ObjectMapper().readTree(entityUtils).path(CommandLineOptionConstants.WSDL2JavaConstants.DATA_BINDING_TYPE_OPTION).path("GetContextWebInformation").path("FormDigestValue").textValue();
        }
        throw new SPRestBaseException(obj);
    }

    public SecurityToken getSecurityToken() {
        return this.securityToken;
    }

    public void setSecurityToken(SecurityToken securityToken) {
        this.securityToken = securityToken;
    }
}
