package com.oracle.bpel.security.validator.bpmid;

import com.collaxa.cube.rm.suitcase.ConfigurationsDescriptor;
import com.collaxa.cube.util.CXPasswordUtils;
import com.oracle.bpel.client.BPELProcessId;
import com.oracle.bpel.client.Locator;
import com.oracle.bpel.client.NormalizedMessage;
import com.oracle.bpel.client.ServerException;
import com.oracle.bpel.client.auth.DomainAuth;
import com.oracle.bpel.client.auth.DomainAuthFactory;
import com.oracle.bpel.security.ACLManager;
import com.oracle.bpel.security.BPELPrincipal;
import com.oracle.bpel.security.BPELSecurityLogger;
import com.oracle.bpel.security.SecurityResources;
import javax.resource.ResourceException;
import oracle.tip.adapter.fw.security.EncryptionUtil;
import oracle.tip.pc.services.common.ServiceFactory;
import oracle.tip.pc.services.common.ServiceStatus;
import oracle.tip.pc.services.identity.BPMAuthenticationException;
import oracle.tip.pc.services.identity.BPMIdentityNotFoundException;
import oracle.tip.pc.services.identity.BPMIdentityService;
import oracle.tip.pc.services.identity.BPMUser;

/* loaded from: input_file:com/oracle/bpel/security/validator/bpmid/BPMIdentityValidator.class */
public class BPMIdentityValidator extends ACLManager {
    private static final String ROLE_LOOKUP = "LookupRole";
    private static final String ROLE_EXECUTION = "ExecutionRole";
    private BPMIdentityService mIdService;
    private BPMUser mUser = null;
    private Locator mLocator = null;

    public BPMIdentityValidator() throws ServerException {
        this.mIdService = null;
        BPELSecurityLogger.info("Initializing IDMBridge for BPEL");
        try {
            this.mIdService = ServiceFactory.getIdentityServiceInstance();
            if (this.mIdService == null) {
                throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_service_not_init"));
            }
            ServiceStatus status = this.mIdService.getStatus();
            if (status == null) {
                throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_service_not_init"));
            }
            if (!status.isRunning()) {
                throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_service_not_avai"));
            }
        } catch (Exception e) {
            BPELSecurityLogger.fatal(new StringBuffer("Error initialzing IDM-service, ").append(e).toString());
            throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_init_config"));
        }
    }

    public boolean isAllowedToExecuteProcess(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage) throws ServerException {
        if (isCallback(bPELProcessId, normalizedMessage)) {
            return true;
        }
        BPELSecurityLogger.debug("not a callback - starting real sec");
        boolean checkXtendedSecurity = checkXtendedSecurity(extractCredentials(normalizedMessage), bPELProcessId.getProcessId());
        if (checkXtendedSecurity || this.mUser == null) {
            return checkXtendedSecurity;
        }
        BPELSecurityLogger.debug(new StringBuffer("3) isInRole: ").append(bPELProcessId.getProcessId()).append(ROLE_EXECUTION).toString());
        return this.mUser.isInRole(new StringBuffer(String.valueOf(bPELProcessId.getProcessId())).append(ROLE_EXECUTION).toString());
    }

    public boolean isAllowedToLookupActivity(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage, String str) throws ServerException {
        throw new UnsupportedOperationException();
    }

    public boolean isAllowedToExecuteActivity(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage, String str) throws ServerException {
        throw new UnsupportedOperationException();
    }

    public boolean isAllowedToLookupProcess(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage) throws ServerException {
        boolean checkXtendedSecurity = checkXtendedSecurity(extractCredentials(normalizedMessage), bPELProcessId.getProcessId());
        if (checkXtendedSecurity || this.mUser == null) {
            return checkXtendedSecurity;
        }
        BPELSecurityLogger.debug(new StringBuffer("3) isInRole: ").append(bPELProcessId.getProcessId()).append(ROLE_EXECUTION).toString());
        return this.mUser.isInRole(new StringBuffer(String.valueOf(bPELProcessId.getProcessId())).append(ROLE_EXECUTION).toString());
    }

    public boolean validateUser(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage) throws ServerException {
        try {
            BPELSecurityLogger.debug(new StringBuffer("Fetching locator to find process later on, domain [").append(bPELProcessId.getDomainId()).append("]").toString());
            this.mLocator = new Locator(getDomainAuth(bPELProcessId.getDomainId()));
            return true;
        } catch (Exception e) {
            throw new ServerException(e.getMessage());
        }
    }

    private final DomainAuth getDomainAuth(String str) throws Exception {
        BPELSecurityLogger.debug(new StringBuffer("Getting authentication for domain [").append(str).append("]").toString());
        DomainAuth authenticate = DomainAuthFactory.authenticate(str, CXPasswordUtils.decrypt("CRYPT{pl3HzAqgzGMqnYt1uPZFjw==}"), (String) null);
        if (authenticate == null) {
            throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_domain_not_found", new Object[]{str}));
        }
        BPELSecurityLogger.debug(new StringBuffer("DomainAuth [").append(authenticate.getDomainId()).append("]").toString());
        return authenticate;
    }

    private final boolean checkXtendedSecurity(BPELPrincipal bPELPrincipal, String str) throws ServerException {
        BPELSecurityLogger.debug("Checking security by defined order");
        ConfigurationsDescriptor configurations = this.mLocator.lookupProcess(str).getDescriptor().getConfigurations();
        if (configurations == null) {
            BPELSecurityLogger.debug("No <configurations> found, returning to jazn check");
            return false;
        }
        String propertyValue = configurations.getPropertyValue("user");
        String propertyValue2 = configurations.getPropertyValue("pw");
        BPELSecurityLogger.debug(new StringBuffer("1) DeploymentDescriptor: User [").append(propertyValue).append("] Pw [").append(propertyValue2).append("]").toString());
        String propertyAttribute = configurations.getPropertyAttribute("pw", "encryption");
        BPELSecurityLogger.debug(new StringBuffer("encrypted: ").append(propertyAttribute).toString());
        if (propertyValue2 != null && "encrypted".equals(propertyAttribute)) {
            BPELSecurityLogger.debug("found password! (bpel encrypted)");
        } else if (propertyValue2 != null && propertyValue2.length() > 1 && propertyValue2.startsWith("!")) {
            BPELSecurityLogger.debug("found a plaintext password!");
            propertyValue2 = propertyValue2.substring(1, propertyValue2.length());
        } else if (propertyValue2 != null) {
            BPELSecurityLogger.debug("found an encrypted password! (by hand)");
            try {
                propertyValue2 = EncryptionUtil.staticDecryptPassword(propertyValue2);
            } catch (ResourceException e) {
                BPELSecurityLogger.fatal(e.getMessage());
                throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_pw_decrypt_failed"));
            }
        }
        if (propertyValue != null && propertyValue2 != null) {
            return propertyValue.equals(bPELPrincipal.getName()) && propertyValue2.equals(bPELPrincipal.getCredential());
        }
        if (propertyValue != null && propertyValue2 == null) {
            return propertyValue.equals(bPELPrincipal.getName());
        }
        BPELSecurityLogger.debug("2) Fetching user from idm.bridge");
        try {
            this.mUser = this.mIdService.lookupUser(bPELPrincipal.getName());
            this.mIdService.authenticateUser(bPELPrincipal.getName(), bPELPrincipal.getCredential());
            BPELSecurityLogger.info(new StringBuffer("2) User found and authenticated [").append(this.mUser).append("]").toString());
            String propertyValue3 = configurations.getPropertyValue("role");
            BPELSecurityLogger.debug(new StringBuffer("2) DeploymentDescriptor: Role [").append(propertyValue3).append("]").toString());
            if (propertyValue3 != null) {
                return this.mUser.isInRole(propertyValue3);
            }
            return false;
        } catch (BPMAuthenticationException e2) {
            BPELSecurityLogger.fatal("BPMAuthenticationException");
            throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_user_cred_invalid", new Object[]{bPELPrincipal.getName()}));
        } catch (BPMIdentityNotFoundException e3) {
            BPELSecurityLogger.fatal("BPMIdentityNotFoundException");
            throw new ServerException(SecurityResources.getString("BPEL_SEC_bpmid_user_not_found", new Object[]{bPELPrincipal.getName()}));
        }
    }

    private BPELPrincipal extractCredentials(NormalizedMessage normalizedMessage) throws ServerException {
        String str = (String) normalizedMessage.getProperty("secured");
        if (str == null) {
            throw new ServerException("No username provided, security expects user");
        }
        return new BPELPrincipal(str, (String) normalizedMessage.getProperty(str));
    }

    public boolean isCallback(BPELProcessId bPELProcessId, NormalizedMessage normalizedMessage) {
        String str = (String) normalizedMessage.getProperty("conversationId");
        if (str == null) {
            BPELSecurityLogger.debug("no Conversation ID!");
            return false;
        }
        BPELSecurityLogger.debug(new StringBuffer("Found Conversation ID: ").append(str).toString());
        String processId = bPELProcessId.getProcessId();
        String revisionTag = bPELProcessId.getRevisionTag();
        String domainId = bPELProcessId.getDomainId();
        int indexOf = str.indexOf(processId);
        int indexOf2 = str.indexOf(revisionTag);
        int indexOf3 = str.indexOf(domainId);
        BPELSecurityLogger.debug(new StringBuffer(String.valueOf(indexOf3)).append("; ").append(indexOf).append("; ").append(indexOf2).toString());
        return indexOf > -1 && indexOf2 > -1 && indexOf3 > -1 && indexOf3 < indexOf && indexOf < indexOf2;
    }

    public final String getValidatorDescription() {
        return "Validator that uses Oracle IDM Bridge to get user / role information  \n for authentication and authorization of processes (Default Validator)";
    }

    public final String getValidatorName() {
        return getClass().getName();
    }

    public void releaseResources() throws ServerException {
    }
}
