package com.iplanet.im.server;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.im.net.UserSearchReply;
import com.iplanet.im.net.iIMGroup;
import com.iplanet.im.net.iIMPrincipal;
import com.iplanet.im.net.iIMUser;
import com.iplanet.im.util.StringUtility;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.Policy;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.policy.ProtectedResource;
import com.sun.identity.policy.SubjectTypeManager;
import com.sun.identity.policy.interfaces.Subject;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceSchemaManager;
import com.sun.im.identity.util.Auth;
import com.sun.im.service.PresenceHelper;
import defpackage.re;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:116645-05/SUNWiim/reloc/SUNWiim/classes/imserv.jar:com/iplanet/im/server/IdentityRealm.class */
public class IdentityRealm extends LDAPRealm {
    public static final String USER_SERVICE = "iPlanetAMUserService";
    public static final String IM_SERVICE = "SunIM";
    public static final String PRESENCE_SERVICE = "SunPresence";
    public static final String SERVICE_VERSION = "1.0";
    public static final String IM_51_SERVICE = "SunIMService";
    public static final String TOPICS_ATTR = "sunIMAllowNewsManage";
    public static final String ROOMS_ATTR = "sunIMAllowForumManage";
    public static final String SENDALERTS_ATTR = "sunIMAllowAlertsSend";
    public static final String WATCH_ATTR = "sunPresenceAllowAccess";
    public static final String SAVEUSERSETTINGS_ATTR = "sunIMAllowUserSettings";
    public static final String DEFAULT_POLICY = "Default instant messaging and presence access";
    public static final String ADMIN_POLICY = "Ability to administer Instant Messaging and Presence Service";
    public static final String TOPICS_POLICY = "Ability to manage instant messaging news channels";
    public static final String ROOMS_POLICY = "Ability to manage instant messaging conference rooms";
    public static final String SENDALERTS_POLICY = "Ability to send instant messaging alerts";
    public static final String WATCH_POLICY = "Ability to watch changes on other instant messaging users";
    public static final String SAVEUSERSETTINGS_POLICY = "Ability to change own instant messaging user settings";
    public static final String IM_DEFAULT_RULE = "IMDefaultRule";
    public static final String PRESENCE_DEFAULT_RULE = "PresenceDefaultRule";
    public static final String ADMIN_ROLE = "IM Administrator";
    public static final String TOPICS_ROLE = "IM News Administrator";
    public static final String ROOMS_ROLE = "IM Conference Rooms Administrator";
    public static final String SENDALERTS_ROLE = "IM Allow Send Alerts Role";
    public static final String WATCH_ROLE = "IM Allow Watch Changes Role";
    public static final String SAVEUSERSETTINGS_ROLE = "IM Allow User Settings Role";
    public static Set _userAttributeNames = null;
    public static Set _imPolicyAttributeNames = null;
    public static Set _presencePolicyAttributeNames = null;
    public static Set _oldIMServiceAttributeNames = null;
    public static Set _dynamicAttributeNames = null;
    public static String _IMAdminRoleDN = null;
    public static String _IMTopicsRoleDN = null;
    public static String _IMRoomsRoleDN = null;
    public static String _IMSendAlertsRoleDN = null;
    public static String _IMWatchRoleDN = null;
    public static String _IMSaveUserSettingsRoleDN = null;
    public static Set _IMAdminUsers = null;
    private static String _topicsDefault = null;
    private static String _roomsDefault = null;
    private static String _sendAlertsDefault = null;
    private static String _watchDefault = null;
    private static String _saveUserSettingsDefault = null;
    private static String userDomainAttrDef = "sunPreferredDomain";
    private static String aliasDomainAttrDef = "associatedDomain";
    private static String userDomainAttrName = userDomainAttrDef;
    private static String aliasDomainAttrName = aliasDomainAttrDef;
    private static String userDomainAttr;
    private static String aliasDomainAttr;
    private HashMap _orgToDomainMap = new HashMap();
    private AMStoreConnection _adminConnection = null;
    private SSOToken _adminToken = null;

    public IdentityRealm() throws RealmException, FileNotFoundException, IOException, SSOException, SMSException, AMException {
        _userAttributeNames = new HashSet();
        _imPolicyAttributeNames = new HashSet();
        _presencePolicyAttributeNames = new HashSet();
        _dynamicAttributeNames = new HashSet();
        try {
            ServerConfig serverConfig = ServerConfig.getServerConfig();
            userDomainAttr = serverConfig.getSetting(userDomainAttrName, userDomainAttrDef);
            aliasDomainAttr = serverConfig.getSetting(aliasDomainAttrName, aliasDomainAttrDef);
            getAdminConnection();
            if (NMS.getAclStore() == 1) {
                Log.out.debug("[Identity] open called, getting user attributes names.");
                ServiceSchemaManager serviceSchemaManager = new ServiceSchemaManager(this._adminToken, "SunIM", SERVICE_VERSION);
                _userAttributeNames = serviceSchemaManager.getSchema(SchemaType.USER).getAttributeSchemaNames();
                Log.out.debug(new StringBuffer().append("[Identity] sunIM user service attributes: ").append(_userAttributeNames).toString());
                _dynamicAttributeNames = serviceSchemaManager.getSchema(SchemaType.DYNAMIC).getAttributeSchemaNames();
                Log.out.debug(new StringBuffer().append("[Identity] sunIM dynamic service attributes: ").append(_dynamicAttributeNames).toString());
                _imPolicyAttributeNames = serviceSchemaManager.getServiceAttributeNames(SchemaType.POLICY);
                Log.out.debug(new StringBuffer().append("[Identity] sunIM policy attributes: ").append(_imPolicyAttributeNames).toString());
                ServiceSchemaManager serviceSchemaManager2 = new ServiceSchemaManager(this._adminToken, "SunPresence", SERVICE_VERSION);
                Set attributeSchemaNames = serviceSchemaManager2.getSchema(SchemaType.USER).getAttributeSchemaNames();
                Log.out.debug(new StringBuffer().append("[Identity] sunPresence user service attributes: ").append(attributeSchemaNames).toString());
                _userAttributeNames.addAll(attributeSchemaNames);
                Set attributeSchemaNames2 = serviceSchemaManager2.getSchema(SchemaType.DYNAMIC).getAttributeSchemaNames();
                Log.out.debug(new StringBuffer().append("[Identity] sunPresence dynamic service attributes: ").append(attributeSchemaNames2).toString());
                _dynamicAttributeNames.addAll(attributeSchemaNames2);
                Log.out.debug(new StringBuffer().append("[Identity] sunPresence policy attributes: ").append(serviceSchemaManager2.getServiceAttributeNames(SchemaType.POLICY)).toString());
                try {
                    Log.out.debug(new StringBuffer().append("[Identity] old sunIMService dynamic attributes: ").append(new ServiceSchemaManager(this._adminToken, IM_51_SERVICE, SERVICE_VERSION).getServiceAttributeNames(SchemaType.DYNAMIC)).toString());
                } catch (Exception e) {
                    Log.out.info(new StringBuffer().append("[Identity] no old sunIMService attributes: ").append(e.getMessage()).toString());
                }
                AMOrganization organization = this._adminConnection.getOrganization(LDAPRealm.removeSpaces(serverConfig.getSetting("iim_ldap.searchbase", PresenceHelper.PIDF_XMLNS)));
                Set searchRoles = organization.searchRoles(ADMIN_ROLE, 1);
                if (searchRoles != null && searchRoles.size() > 0) {
                    _IMAdminRoleDN = (String) searchRoles.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] admin role DNs: ").append(searchRoles).toString());
                Log.out.debug(new StringBuffer().append("[Identity] admin role DN:  ").append(_IMAdminRoleDN).toString());
                if (_IMAdminRoleDN != null) {
                    _IMAdminUsers = this._adminConnection.getRole(_IMAdminRoleDN).getUserDNs();
                    Log.out.debug(new StringBuffer().append("[Identity] admin user DNs: ").append(_IMAdminUsers).toString());
                }
                Set searchRoles2 = organization.searchRoles(TOPICS_ROLE, 1);
                if (searchRoles2 != null && searchRoles2.size() > 0) {
                    _IMTopicsRoleDN = (String) searchRoles2.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] topics role DN:  ").append(_IMTopicsRoleDN).toString());
                Set searchRoles3 = organization.searchRoles(ROOMS_ROLE, 1);
                if (searchRoles3 != null && searchRoles3.size() > 0) {
                    _IMRoomsRoleDN = (String) searchRoles3.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] rooms role DN:  ").append(_IMRoomsRoleDN).toString());
                Set searchRoles4 = organization.searchRoles(SENDALERTS_ROLE, 1);
                if (searchRoles4 != null && searchRoles4.size() > 0) {
                    _IMSendAlertsRoleDN = (String) searchRoles4.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] send alerts role DN:  ").append(_IMSendAlertsRoleDN).toString());
                Set searchRoles5 = organization.searchRoles(WATCH_ROLE, 1);
                if (searchRoles5 != null && searchRoles5.size() > 0) {
                    _IMWatchRoleDN = (String) searchRoles5.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] watch role DN:  ").append(_IMWatchRoleDN).toString());
                Set searchRoles6 = organization.searchRoles(SAVEUSERSETTINGS_ROLE, 1);
                if (searchRoles6 != null && searchRoles6.size() > 0) {
                    _IMSaveUserSettingsRoleDN = (String) searchRoles6.iterator().next();
                }
                Log.out.debug(new StringBuffer().append("[Identity] save user settings role DN:  ").append(_IMSaveUserSettingsRoleDN).toString());
                Policy policy = new PolicyManager(this._adminToken).getPolicy(DEFAULT_POLICY);
                Map actionValues = policy.getRule(IM_DEFAULT_RULE).getActionValues();
                if (actionValues != null) {
                    _topicsDefault = StringUtility.getFirstAttr(actionValues.get(TOPICS_ATTR));
                    _roomsDefault = StringUtility.getFirstAttr(actionValues.get(ROOMS_ATTR));
                    _sendAlertsDefault = StringUtility.getFirstAttr(actionValues.get(SENDALERTS_ATTR));
                    _saveUserSettingsDefault = StringUtility.getFirstAttr(actionValues.get(SAVEUSERSETTINGS_ATTR));
                }
                Map actionValues2 = policy.getRule(PRESENCE_DEFAULT_RULE).getActionValues();
                if (actionValues2 != null) {
                    _watchDefault = StringUtility.getFirstAttr(actionValues2.get(WATCH_ATTR));
                }
                Log.out.debug(new StringBuffer().append("[Identity] _topicsDefault: ").append(_topicsDefault).toString());
                Log.out.debug(new StringBuffer().append("[Identity] _roomsDefault: ").append(_roomsDefault).toString());
                Log.out.debug(new StringBuffer().append("[Identity] _sendAlertsDefault: ").append(_sendAlertsDefault).toString());
                Log.out.debug(new StringBuffer().append("[Identity] _saveUserSettingsDefault: ").append(_saveUserSettingsDefault).toString());
                Log.out.debug(new StringBuffer().append("[Identity] _watchDefault: ").append(_watchDefault).toString());
            }
        } catch (PolicyException e2) {
            Log.out.info(new StringBuffer().append("[Identity] PolicyException: ").append(e2.getMessage()).toString());
        } catch (AMException e3) {
            Log.out.info(new StringBuffer().append("[Identity] AMException: ").append(e3.getMessage()).toString());
        } catch (SMSException e4) {
            Log.out.info(new StringBuffer().append("[Identity] SMSException: ").append(e4.getMessage()).toString());
        } catch (SSOException e5) {
            Log.out.info(new StringBuffer().append("[Identity] SSOException: ").append(e5.getMessage()).toString());
        }
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public void stop() {
    }

    private AMStoreConnection getAdminConnection() throws AMException, SSOException {
        if (this._adminConnection == null) {
            synchronized (this) {
                this._adminToken = Auth.getAdminSSOToken(this.ldapUserName, this.ldapPassword);
                this._adminConnection = new AMStoreConnection(this._adminToken);
            }
        }
        return this._adminConnection;
    }

    public Map getPolicyUsers(String str) {
        HashMap hashMap = new HashMap();
        try {
            getAdminConnection();
            PolicyManager policyManager = new PolicyManager(this._adminToken);
            SubjectTypeManager subjectTypeManager = policyManager.getSubjectTypeManager();
            Policy policy = policyManager.getPolicy(str);
            for (String str2 : policy.getSubjectNames()) {
                Subject subject = policy.getSubject(str2);
                String subjectTypeName = subjectTypeManager.getSubjectTypeName(subject);
                Log.out.debug(new StringBuffer().append("getPolicyUsers - TypeName: ").append(subjectTypeName).toString());
                Set values = subject.getValues();
                Log.out.debug(new StringBuffer().append("getPolicyUsers: ").append(values).toString());
                hashMap.put(new StringBuffer().append(subjectTypeName).append(":").append(str2).toString(), values);
            }
        } catch (Exception e) {
            Log.out.warning(new StringBuffer().append("[Identity] getPolicyUsers exception: ").append(e.getMessage()).toString());
        } catch (SSOException e2) {
            this._adminConnection = null;
            Log.out.warning(new StringBuffer().append("[Identity] admin connection reset: ").append(e2.getMessage()).toString());
        }
        return hashMap;
    }

    public Set getRoleUsers(String str) {
        Set set = null;
        if (str != null) {
            try {
                set = getAdminConnection().getRole(str).getUserDNs();
                Log.out.debug(new StringBuffer().append("[Identity] ").append(str).append(" user DNs: ").append(set).toString());
            } catch (Exception e) {
                Log.out.warning(new StringBuffer().append("[Identity] getRoleUsers exception: ").append(e.getMessage()).toString());
            } catch (SSOException e2) {
                this._adminConnection = null;
                Log.out.warning(new StringBuffer().append("[Identity] admin connection reset: ").append(e2.getMessage()).toString());
            }
        }
        return set;
    }

    public String getIMAdminUserRoleDN() {
        return _IMAdminRoleDN;
    }

    public Set getIMAdminUsers() {
        return getRoleUsers(_IMAdminRoleDN);
    }

    public String getIMTopicsUserRoleDN() {
        return _IMTopicsRoleDN;
    }

    public Set getIMTopicsUsers() {
        return getRoleUsers(_IMTopicsRoleDN);
    }

    public String getIMRoomsUserRoleDN() {
        return _IMRoomsRoleDN;
    }

    public Set getIMRoomsUsers() {
        return getRoleUsers(_IMRoomsRoleDN);
    }

    public String getIMSendAlertsUserRoleDN() {
        return _IMSendAlertsRoleDN;
    }

    public Set getIMSendAlertsUsers() {
        return getRoleUsers(_IMSendAlertsRoleDN);
    }

    public String getIMWatchUserRoleDN() {
        return _IMWatchRoleDN;
    }

    public Set getIMWatchUsers() {
        return getRoleUsers(_IMWatchRoleDN);
    }

    public String getIMSaveUserSettingsUserRoleDN() {
        return _IMSaveUserSettingsRoleDN;
    }

    public Set getIMSaveUserSettingsUsers() {
        return getRoleUsers(_IMSaveUserSettingsRoleDN);
    }

    public String getTopicsDefault() {
        return _topicsDefault;
    }

    public String getRoomsDefault() {
        return _roomsDefault;
    }

    public String getSendAlertsDefault() {
        return _sendAlertsDefault;
    }

    public String getWatchDefault() {
        return _watchDefault;
    }

    public String getSaveUserSettingsDefault() {
        return _saveUserSettingsDefault;
    }

    public String getUid(String str) {
        try {
            return getAdminConnection().getUser(str).getStringAttribute(re.nd);
        } catch (SSOException e) {
            this._adminConnection = null;
            Log.out.info(new StringBuffer().append("[Identity] admin connection reset: ").append(e.getMessage()).toString());
            return null;
        } catch (Exception e2) {
            Log.out.warning(new StringBuffer().append("[Identity] getUid exception: ").append(e2.getMessage()).toString());
            return null;
        }
    }

    public Set getUserRoles(iIMUser iimuser) {
        try {
            return getAdminConnection().getUser(iimuser.getSingleStringValue("dn")).getRoleDNs();
        } catch (SSOException e) {
            this._adminConnection = null;
            Log.out.info(new StringBuffer().append("[Identity] admin connection reset: ").append(e.getMessage()).toString());
            return null;
        } catch (Exception e2) {
            Log.out.warning(new StringBuffer().append("[Identity] getUserRoles exception: ").append(e2.getMessage()).toString());
            return null;
        }
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public NMSGroup _getNMSGroup(iIMPrincipal iimprincipal, iIMGroup iimgroup) throws RealmException {
        return super._getNMSGroup(iimprincipal, iimgroup);
    }

    private iIMUser createUser(Map map, String str) {
        iIMUser iimuser = new iIMUser(StringUtility.quoteSpecialCharacters(StringUtility.getFirstAttr(map.get(this.userUIDAttr))), str, StringUtility.getFirstAttr(map.get(this.userDisplayAttr)), StringUtility.getFirstAttr(map.get(this.userMailAttr)));
        iimuser.setDistinguishedName(StringUtility.getFirstAttr(map.get("dn")));
        iimuser.setAllAttributes(map);
        return iimuser;
    }

    private Map getBasicAttributes(AMUser aMUser, Set set) throws AMException, SSOException {
        Map attributes = aMUser.getAttributes(set);
        attributes.put("dn", aMUser.getDN());
        return attributes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadUserAttributes(SSOToken sSOToken, AMUser aMUser, Map map, Set set) throws SSOException, AMException {
        try {
            Map basicAttributes = getBasicAttributes(aMUser, set);
            Log.out.debug(new StringBuffer().append("[Identity] getBasicAttributes for ").append(aMUser.getDN()).toString());
            map.putAll(basicAttributes);
        } catch (Exception e) {
            Log.out.info(new StringBuffer().append("[Identity] Failed to get basic user attributes for ").append(aMUser.getDN()).append(" : ").append(e.toString()).toString());
        }
        if (NMS.getAclStore() == 1) {
            loadUserAttrsFromIMPresenceService(sSOToken, aMUser, map, set);
        }
        map.put("roleDNs", aMUser.getRoleDNs());
        for (Object obj : _userAttributeNames.toArray()) {
            _userAttributeNames.add(((String) obj).toLowerCase());
        }
        map.put("changableAttrs", _userAttributeNames);
    }

    private void loadUserAttrsFromIMPresenceService(SSOToken sSOToken, AMUser aMUser, Map map, Set set) throws SSOException, AMException {
        Map map2 = null;
        try {
            map2 = aMUser.getAttributes(_userAttributeNames);
        } catch (Exception e) {
            Log.out.info(new StringBuffer().append("[Identity] Failed to get user attributes for ").append(aMUser.getDN()).append(": ").append(e.toString()).toString());
        }
        Map map3 = null;
        try {
            map3 = aMUser.getAttributes(_dynamicAttributeNames);
        } catch (Exception e2) {
            Log.out.info(new StringBuffer().append("[Identity] Failed to get sunIM and sunPresence synamic attributes for ").append(aMUser.getDN()).append(" = ").append(e2.toString()).toString());
        }
        if (map2 != null && !map2.isEmpty()) {
            Log.out.debug(new StringBuffer().append("[Identity] ").append(map2.size()).append(" user attributes").toString());
            for (String str : map2.keySet()) {
                Set set2 = (Set) map2.get(str);
                Log.out.debug(new StringBuffer().append("[Identity] user: ").append(str).append(" = ").append(set2).toString());
                map.put(str, set2);
            }
        }
        if (map3 != null && !map3.isEmpty()) {
            Log.out.debug(new StringBuffer().append("[Identity] ").append(map3.size()).append(" dynamic attributes").toString());
            for (String str2 : map3.keySet()) {
                Set set3 = (Set) map3.get(str2);
                Log.out.debug(new StringBuffer().append("[Identity] dynamic: ").append(str2).append(" = ").append(set3).toString());
                map.put(str2, set3);
            }
        }
        Map map4 = null;
        if (_oldIMServiceAttributeNames != null) {
            try {
                map4 = aMUser.getAttributes(_oldIMServiceAttributeNames);
            } catch (Exception e3) {
                Log.out.info(new StringBuffer().append("[Identity] No OLD sunIMService dynamic attributes for ").append(aMUser.getDN()).append(" = ").append(e3.toString()).toString());
            }
        }
        try {
            PolicyEvaluator policyEvaluator = new PolicyEvaluator("SunIM");
            HashMap hashMap = new HashMap();
            Set protectedResourcesIgnoreConditions = policyEvaluator.getProtectedResourcesIgnoreConditions(sSOToken, "---ALL_RESOURCES---");
            if (protectedResourcesIgnoreConditions != null && protectedResourcesIgnoreConditions.size() >= 1) {
                Iterator it = protectedResourcesIgnoreConditions.iterator();
                while (it.hasNext()) {
                    String resourceName = ((ProtectedResource) it.next()).getResourceName();
                    Log.out.debug(new StringBuffer().append("[Identity] resourceName: ").append(resourceName).toString());
                    Map actionDecisions = policyEvaluator.getPolicyDecision(sSOToken, resourceName, _imPolicyAttributeNames, hashMap).getActionDecisions();
                    if (actionDecisions != null && !actionDecisions.isEmpty()) {
                        Iterator it2 = actionDecisions.keySet().iterator();
                        while (it2.hasNext()) {
                            ActionDecision actionDecision = (ActionDecision) actionDecisions.get(it2.next());
                            Log.out.debug(new StringBuffer().append("[Identity] ").append(actionDecision.getActionName()).append(" = ").append(actionDecision.getValues()).toString());
                            map.put(actionDecision.getActionName(), StringUtility.getFirstAttr(actionDecision.getValues()));
                        }
                    }
                }
            }
        } catch (Exception e4) {
            Log.out.info(new StringBuffer().append("[Identity] Failed to get SunIM policy result for ").append(aMUser.getDN()).append(" = ").append(e4.toString()).toString());
        }
        try {
            PolicyEvaluator policyEvaluator2 = new PolicyEvaluator("SunPresence");
            HashMap hashMap2 = new HashMap();
            Set protectedResourcesIgnoreConditions2 = policyEvaluator2.getProtectedResourcesIgnoreConditions(sSOToken, "---ALL_RESOURCES---");
            if (protectedResourcesIgnoreConditions2 != null && protectedResourcesIgnoreConditions2.size() >= 1) {
                Iterator it3 = protectedResourcesIgnoreConditions2.iterator();
                while (it3.hasNext()) {
                    String resourceName2 = ((ProtectedResource) it3.next()).getResourceName();
                    Log.out.debug(new StringBuffer().append("[Identity] resourceName: ").append(resourceName2).toString());
                    Map actionDecisions2 = policyEvaluator2.getPolicyDecision(sSOToken, resourceName2, _presencePolicyAttributeNames, hashMap2).getActionDecisions();
                    if (actionDecisions2 != null && !actionDecisions2.isEmpty()) {
                        Iterator it4 = actionDecisions2.keySet().iterator();
                        while (it4.hasNext()) {
                            ActionDecision actionDecision2 = (ActionDecision) actionDecisions2.get(it4.next());
                            Log.out.debug(new StringBuffer().append("[Identity] ").append(actionDecision2.getActionName()).append(" = ").append(actionDecision2.getValues()).toString());
                            map.put(actionDecision2.getActionName(), StringUtility.getFirstAttr(actionDecision2.getValues()));
                        }
                    }
                }
            }
        } catch (Exception e5) {
            Log.out.info(new StringBuffer().append("[Identity] Failed to get SunPresence policy result for ").append(aMUser.getDN()).append(" = ").append(e5.toString()).toString());
        }
        if (map4 == null || map4.isEmpty()) {
            return;
        }
        for (String str3 : map4.keySet()) {
            String firstAttr = StringUtility.getFirstAttr(map4.get(str3));
            if (str3.equalsIgnoreCase("sunimallowfiletransfer")) {
                if (StringUtility.getBoolean(firstAttr)) {
                    map.put("sunIMAllowFileTransfer", "allow");
                } else {
                    map.put("sunIMAllowFileTransfer", "deny");
                }
            } else if (str3.equalsIgnoreCase("sunimenablemoderator")) {
                if (StringUtility.getBoolean(firstAttr)) {
                    map.put("sunIMAllowForumModerate", "allow");
                } else {
                    map.put("sunIMAllowForumModerate", "deny");
                }
            }
            map.put(str3, firstAttr);
        }
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public iIMGroup _getiIMGroup(iIMPrincipal iimprincipal, String str) throws RealmException {
        return super._getiIMGroup(getSearchBase(iimprincipal), str);
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public iIMUser _getiIMUser(iIMPrincipal iimprincipal, String str) throws RealmException {
        return super._getiIMUser(getSearchBase(iimprincipal), str);
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public UserSearchReply _search(iIMPrincipal iimprincipal, String str, boolean z, String str2) throws RealmException {
        return super._search(getSearchBase(iimprincipal), str, z, str2);
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public iIMUser _auth(String str, String str2) throws RealmException {
        if (str2 == null || str2.equals(PresenceHelper.PIDF_XMLNS)) {
            return null;
        }
        Log.out.debug(new StringBuffer().append("[Identity] Authenticating user ").append(str).toString());
        iIMUser iimuser = null;
        try {
            iimuser = trySSO(str, str2);
        } catch (Exception e) {
        }
        if (iimuser != null || SSO.getMode() == -1) {
            return iimuser;
        }
        try {
            String domainFromAddress = StringUtility.getDomainFromAddress(str, NMS.getName());
            String searchBase = getSearchBase(domainFromAddress);
            this._orgToDomainMap.put(searchBase, domainFromAddress);
            Log.out.debug(new StringBuffer().append("[Identity] domain=").append(domainFromAddress).append(" OrgDN=").append(searchBase).toString());
            String localPartFromAddress = StringUtility.getLocalPartFromAddress(str);
            SSOToken sSOToken = Auth.getSSOToken(searchBase, localPartFromAddress, str2);
            if (sSOToken == null) {
                Log.out.info(new StringBuffer().append("[Identity] Failed to create SSO token for ").append(localPartFromAddress).toString());
                return null;
            }
            try {
                AMUser user = getAdminConnection().getUser(sSOToken.getPrincipal().getName());
                HashMap hashMap = new HashMap();
                loadUserAttributes(sSOToken, user, hashMap, this.userAttributeSet);
                return createUser(hashMap, domainFromAddress);
            } catch (SSOException e2) {
                this._adminConnection = null;
                Log.out.warning(new StringBuffer().append("[Identity] admin connection reset: ").append(e2.getMessage()).toString());
                return null;
            }
        } catch (Exception e3) {
            Log.out.printStackTrace(e3);
            return null;
        }
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public String getSearchBase(iIMPrincipal iimprincipal) throws RealmException {
        return getSearchBase(iimprincipal.getServer());
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public String getSearchBase(String str) throws RealmException {
        String str2;
        try {
            str2 = getAdminConnection().getOrganizationDN(str, (String) null);
        } catch (SSOException e) {
            this._adminConnection = null;
            Log.out.printStackTrace(e);
            throw new RealmException(e.toString());
        } catch (AMException e2) {
            Log.out.printStackTrace(e2);
            if (!str.equalsIgnoreCase(NMS.getName())) {
                String stringBuffer = new StringBuffer().append("The domain ").append(str).append(" is not associated with any organization or is assigned to more than one organization. Please make sure this domain matches one and only one organization's preferred domain.").toString();
                Log.out.warning(new StringBuffer().append("[Identity] ").append(stringBuffer).toString());
                System.out.println(new StringBuffer().append("\nWARNING *** ").append(stringBuffer).toString());
                throw new RealmException(e2.toString());
            }
            String stringBuffer2 = new StringBuffer().append("The domain ").append(str).append(" is not associated with any organization or is assigned to more than one organization. This will cause security issues in multi-domain deployments.  Please make sure that the value of iim_server.domainname in the IM Server configuration file this domain matches one and only one organization's preferred domain.").toString();
            Log.out.warning(new StringBuffer().append("[Identity] ").append(stringBuffer2).toString());
            System.out.println(new StringBuffer().append("\nWARNING *** ").append(stringBuffer2).toString());
            str2 = this.root;
        }
        Log.out.debug(new StringBuffer().append("[Identity] getSearchBase(").append(str).append(")=").append(str2).toString());
        return str2;
    }

    @Override // com.iplanet.im.server.LDAPRealm, com.iplanet.im.server.Realm
    public String getDomainName(String str) throws RealmException {
        String str2 = (String) this._orgToDomainMap.get(str);
        if (str2 != null) {
            Log.out.debug(new StringBuffer().append("[Identity] _orgToDomainMap(").append(str).append(")=").append(str2).toString());
            return str2;
        }
        try {
            String lowerCase = getAdminConnection().getOrganization(str).getStringAttribute(userDomainAttr).toLowerCase();
            if (lowerCase == null || lowerCase.equals(PresenceHelper.PIDF_XMLNS)) {
                lowerCase = NMS.getName();
                String stringBuffer = new StringBuffer().append("The organization ").append(str).append(" is not associated with any domain name. This will cause security issues in multi-domain deployments. Please set a domain name for this organization, using the Identity Server Administration Console.").toString();
                System.out.println(new StringBuffer().append("\nWARNING *** ").append(stringBuffer).toString());
                Log.out.warning(new StringBuffer().append("[Identity] ").append(stringBuffer).toString());
            } else {
                this._orgToDomainMap.put(str, lowerCase);
            }
            Log.out.debug(new StringBuffer().append("[Identity] getDomainName(").append(str).append(")=").append(lowerCase).toString());
            return lowerCase;
        } catch (SSOException e) {
            this._adminConnection = null;
            Log.out.printStackTrace(e);
            throw new RealmException(e.toString());
        } catch (AMException e2) {
            Log.out.printStackTrace(e2);
            throw new RealmException(e2.toString());
        }
    }
}
