package org.eclipse.riena.internal.security.server;

import java.security.Principal;
import java.util.Arrays;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import org.eclipse.equinox.log.Logger;
import org.eclipse.riena.communication.core.hooks.IServiceHook;
import org.eclipse.riena.communication.core.hooks.ServiceContext;
import org.eclipse.riena.core.cache.IGenericObjectCache;
import org.eclipse.riena.security.common.ISubjectHolderService;
import org.eclipse.riena.security.common.NotAuthorizedFailure;
import org.eclipse.riena.security.common.session.ISessionHolderService;
import org.eclipse.riena.security.common.session.Session;
import org.eclipse.riena.security.server.session.ISessionService;

/* loaded from: input_file:org/eclipse/riena/internal/security/server/SecurityServiceHook.class */
public class SecurityServiceHook implements IServiceHook {
    public static final String SESSIONID = "ssoid";
    public static final String SSOID = "x-compeople-ssoid";
    public static final String PRINCIPAL = "principal";
    public static final String SET_SESSION = "set-ssoid";
    private IGenericObjectCache<String, Principal[]> principalCache;
    private ISessionService sessionService;
    private ISubjectHolderService subjectHolderService;
    private ISessionHolderService sessionHolderService;
    private boolean requiresSSOIDbyDefault = false;
    private static final Logger LOGGER = Activator.getDefault().getLogger(SecurityServiceHook.class);

    public SecurityServiceHook() {
        String str;
        str = "???appname??????";
        str = str == null ? "<unknown>" : "???appname??????";
        if (this.requiresSSOIDbyDefault) {
            return;
        }
        LOGGER.log(3, String.valueOf(str) + ": defining ALL WEBSERVICES in this Webapp as unsecure (SSOID is not required).");
    }

    public void bind(IGenericObjectCache<String, Principal[]> iGenericObjectCache) {
        this.principalCache = iGenericObjectCache;
    }

    public void unbind(IGenericObjectCache<String, Principal[]> iGenericObjectCache) {
        if (this.principalCache == iGenericObjectCache) {
            this.principalCache = null;
        }
    }

    public void bind(ISessionService iSessionService) {
        this.sessionService = iSessionService;
    }

    public void unbind(ISessionService iSessionService) {
        if (this.sessionService == iSessionService) {
            this.sessionService = null;
        }
    }

    public void bind(ISubjectHolderService iSubjectHolderService) {
        this.subjectHolderService = iSubjectHolderService;
    }

    public void unbind(ISubjectHolderService iSubjectHolderService) {
        if (this.subjectHolderService == iSubjectHolderService) {
            this.subjectHolderService = null;
        }
    }

    public void bind(ISessionHolderService iSessionHolderService) {
        this.sessionHolderService = iSessionHolderService;
    }

    public void unbind(ISessionHolderService iSessionHolderService) {
        if (this.sessionHolderService == iSessionHolderService) {
            this.sessionHolderService = null;
        }
    }

    public void beforeService(ServiceContext serviceContext) {
        boolean z = this.requiresSSOIDbyDefault;
        Cookie[] cookies = serviceContext.getCookies();
        String str = null;
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals(SSOID)) {
                    str = cookies[i].getValue();
                }
            }
        }
        if (str != null && str.length() == 0) {
            str = null;
        }
        LOGGER.log(4, "before Service ssoid = " + str);
        if (str == null && z) {
            LOGGER.log(1, "error in call to webservice {" + serviceContext.getInterfaceName() + "} since it is not in the list of webservices that do not require a session but SSOID=null !!!");
            if (System.getProperty("spirit.secure.webservices") == null || Boolean.getBoolean("spirit.secure.webservices")) {
                throw new NotAuthorizedFailure("call to webservice " + serviceContext.getInterfaceName() + " failed, no valid session was given but is required.");
            }
        }
        if (str != null) {
            Principal[] principalArr = (Principal[]) this.principalCache.get(str);
            if (principalArr == null) {
                principalArr = this.sessionService.findPrincipals(new Session(str));
                LOGGER.log(4, "sessionService found principal = " + Arrays.toString(principalArr));
                if (principalArr == null && z) {
                    LOGGER.log(1, "ssoid {" + str + "} found in request but SessionService could not find a Principal.");
                    throw new NotAuthorizedFailure("call to webservice with invalid ssoid");
                }
                if (principalArr != null) {
                    this.principalCache.put(str, principalArr);
                }
            } else {
                LOGGER.log(4, "found principal in cache = " + Arrays.toString(principalArr));
            }
            if (principalArr != null) {
                Subject subject = new Subject();
                for (Principal principal : principalArr) {
                    subject.getPrincipals().add(principal);
                }
                this.subjectHolderService.fetchSubjectHolder().setSubject(subject);
                serviceContext.setProperty("riena.subject", subject);
            }
        }
        if (str != null) {
            Session session = new Session(str);
            this.sessionHolderService.fetchSessionHolder().setSession(session);
            serviceContext.setProperty("de.compeople.ssoid", session);
        }
    }

    public void afterService(ServiceContext serviceContext) {
        Session session = this.sessionHolderService.fetchSessionHolder().getSession();
        Session session2 = (Session) serviceContext.getProperty("de.compeople.ssoid");
        String str = null;
        if (session != null) {
            str = session.getSessionId();
        }
        if (session2 != null) {
            LOGGER.log(4, "afterService after_ssoid=" + str + " before_ssoid=" + session2.getSessionId());
        }
        LOGGER.log(4, "afterService compare session instance before=" + session2 + " after=" + session);
        if (session2 == session && (session2 == null || session == null || session2.getSessionId().equals(str))) {
            LOGGER.log(4, "doing nothing in afterService");
        } else if (str == null || str.equals("0")) {
            Cookie cookie = new Cookie(SSOID, "");
            cookie.setPath("/");
            serviceContext.addCookie(cookie);
            LOGGER.log(4, "setting cookie to '0'");
        } else {
            Cookie cookie2 = new Cookie(SSOID, str);
            cookie2.setPath("/");
            serviceContext.addCookie(cookie2);
            if (session2 == null || session2.getSessionId().equals("0")) {
                LOGGER.log(4, "setting cookie to '" + str + "'");
            } else {
                LOGGER.log(2, "CHANGING cookie setting from '" + session2.getSessionId() + "' to '" + str + "'");
            }
        }
        this.sessionHolderService.fetchSessionHolder().setSession((Session) null);
        this.subjectHolderService.fetchSubjectHolder().setSubject((Subject) null);
    }
}
