package com.seeyon.ctp.common.ws.security;

import com.seeyon.ctp.services.security.ServiceManager;
import com.seeyon.ctp.util.Strings;
import com.seeyon.oainterface.common.OAInterfaceException;
import javax.servlet.http.HttpServletRequest;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.engine.Handler;
import org.apache.axis2.handlers.AbstractHandler;
import org.apache.axis2.transport.http.HTTPConstants;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/seeyon/ctp/common/ws/security/CtpSecurityHandler.class */
public class CtpSecurityHandler extends AbstractHandler {
    private static final String TOKEN_NAME = "token";
    private static final String OCIP_TOKEN_NAME = "v5token";
    private static final String CTP_WEBSERVICE_TOKEN = "CTP_WEBSERVICE_TOKEN";
    private static final String CTP_AUTHORITY_SERVICE_NAME = "authorityService";
    private static final int TOKEN_ERROR_CODE = 12005;

    public Handler.InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
        if (!messageContext.isServerSide()) {
            return Handler.InvocationResponse.CONTINUE;
        }
        AxisService axisService = messageContext.getAxisService();
        if (axisService != null && CTP_AUTHORITY_SERVICE_NAME.equals(axisService.getName())) {
            return Handler.InvocationResponse.CONTINUE;
        }
        OMElement firstElement = messageContext.getEnvelope().getBody().getFirstElement();
        if (firstElement.getChildElements().hasNext()) {
            OMElement firstElement2 = firstElement.getFirstElement();
            if (isToken(firstElement2.getLocalName()) && checkToken(firstElement2.getText())) {
                return Handler.InvocationResponse.CONTINUE;
            }
            if (firstElement2.getChildElements().hasNext()) {
                OMElement firstElement3 = firstElement2.getFirstElement();
                if (isToken(firstElement3.getLocalName()) && checkToken(firstElement3.getText())) {
                    return Handler.InvocationResponse.CONTINUE;
                }
            }
        }
        Object property = messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if ((property instanceof HttpServletRequest) && checkTokenByHttpBasicAuth((HttpServletRequest) property)) {
            return Handler.InvocationResponse.CONTINUE;
        }
        OAInterfaceException oAInterfaceException = new OAInterfaceException(TOKEN_ERROR_CODE, "Invalid token,please authenticate again.");
        throw new AxisFault(oAInterfaceException.getMessage(), oAInterfaceException);
    }

    private boolean checkTokenByHttpBasicAuth(HttpServletRequest httpServletRequest) {
        try {
            if (checkToken((String) httpServletRequest.getSession().getAttribute(CTP_WEBSERVICE_TOKEN))) {
                return true;
            }
            String header = httpServletRequest.getHeader(OCIP_TOKEN_NAME);
            if (!Strings.isNotBlank(header) || !checkToken(header)) {
                return false;
            }
            httpServletRequest.getSession().setAttribute(CTP_WEBSERVICE_TOKEN, header);
            return true;
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).error(e.getMessage(), e);
            return false;
        }
    }

    private boolean checkToken(String str) {
        boolean z = false;
        if (Strings.isNotBlank(str)) {
            try {
                ServiceManager.getInstance().activeToken(str);
                z = true;
            } catch (Exception e) {
                LoggerFactory.getLogger(getClass()).error(e.getMessage(), e);
            }
        }
        return z;
    }

    private boolean isToken(String str) {
        return TOKEN_NAME.equals(str) || "arg0".equals(str);
    }
}
