package flex.rds.server;

import flex.messaging.MessageBroker;
import flex.messaging.security.LoginManager;
import flex.rds.server.util.Encryptor;
import flex.rds.server.util.RB;
import java.io.IOException;
import java.security.Principal;
import java.util.List;
import java.util.Vector;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WEB-INF/lib/flex-rds-server.jar:flex/rds/server/RdsServlet.class */
public abstract class RdsServlet extends HttpServlet {
    private List<String> rdsRoles;
    private MessageBroker messageBroker;
    private boolean useSecurityModel;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.messageBroker = MessageBroker.getMessageBroker(servletConfig.getInitParameter("messageBrokerId"));
        if (this.messageBroker == null) {
            throw new ServletException(RB.getString(this, "RdsServlet.MissingMessageBroker"));
        }
        super.init(servletConfig);
        this.useSecurityModel = true;
        if ("false".equalsIgnoreCase(servletConfig.getInitParameter("useAppserverSecurity"))) {
            this.useSecurityModel = false;
        }
        this.rdsRoles = new Vector();
        this.rdsRoles.add("rds");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MessageBroker getMessageBroker() {
        return this.messageBroker;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 8 */
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        RdsRequestImpl rdsRequestImpl = new RdsRequestImpl();
        RdsResponseImpl rdsResponseImpl = new RdsResponseImpl();
        rdsRequestImpl.init(httpServletRequest);
        rdsResponseImpl.init(httpServletResponse);
        try {
            if (!isSecure() || checkAuthorization(rdsRequestImpl.getUserName(), rdsRequestImpl.getPassword())) {
                processCmd(rdsRequestImpl, rdsResponseImpl);
            } else {
                String string = RB.getString(this, "RdsServlet.AccessDenied");
                log(string);
                rdsResponseImpl.setError(-100, string, null);
                rdsResponseImpl.addMetaData(CustomBooleanEditor.VALUE_0);
            }
        } catch (Throwable th) {
            log(th.getMessage(), th);
            rdsResponseImpl.setError(th);
        }
        doPostProcessCmd(rdsRequestImpl, rdsResponseImpl);
    }

    protected abstract void processCmd(RdsRequest rdsRequest, RdsResponse rdsResponse) throws ServletException, IOException;

    private void doPostProcessCmd(RdsRequestImpl rdsRequestImpl, RdsResponseImpl rdsResponseImpl) throws IOException, ServletException {
        rdsResponseImpl.finish();
        rdsRequestImpl.reset();
        rdsResponseImpl.reset();
    }

    public boolean checkAuthorization(String str, String str2) {
        return checkUsernamePassword(str, str2);
    }

    protected boolean checkMessageBrokerAuthentication(String str, String str2) {
        Principal doAuthentication;
        if (!this.useSecurityModel) {
            return true;
        }
        try {
            LoginManager loginManager = getMessageBroker().getLoginManager();
            if (loginManager.getLoginCommand() == null || (doAuthentication = loginManager.getLoginCommand().doAuthentication(str, str2)) == null) {
                return false;
            }
            return loginManager.checkRoles(doAuthentication, this.rdsRoles);
        } catch (Throwable th) {
            return false;
        }
    }

    protected boolean checkUsernamePassword(String str, String str2) {
        return checkMessageBrokerAuthentication(str, Encryptor.decrypt(str2));
    }

    public boolean isSecure() {
        return true;
    }
}
