package com.sun.portal.netlet.eproxy;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.portal.cli.cert.JSSUtil;
import com.sun.portal.netlet.econnection.KeyConstants;
import com.sun.portal.netlet.econnection.ProxyCipherMsg;
import com.sun.portal.netlet.econnection.SessionKey;
import com.sun.portal.perf.rproxy.PerfContextObject;
import com.sun.portal.perf.rproxy.SocketCount;
import com.sun.portal.rproxy.configservlet.client.GatewayProfile;
import com.sun.portal.rproxy.configservlet.client.GetResponseException;
import com.sun.portal.rproxy.configservlet.client.NetletProfile;
import com.sun.portal.rproxy.configservlet.client.SendRequestException;
import com.sun.portal.rproxy.connectionhandler.Session;
import com.sun.portal.util.GWDebug;
import com.sun.portal.util.GWLocale;
import com.sun.portal.util.GWLogManager;
import com.sun.portal.util.ServiceIdentifier;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.util.Hashtable;
import java.util.List;
import java.util.StringTokenizer;
import org.mozilla.jss.ssl.SSLSocket;

/* JADX WARN: Classes with same name are omitted:
  input_file:116856-25/SUNWpsgw/reloc/SUNWps/lib/gateway.jar:com/sun/portal/netlet/eproxy/ESession.class
  input_file:116856-25/SUNWpsrwp/reloc/SUNWps/lib/gateway.jar:com/sun/portal/netlet/eproxy/ESession.class
 */
/* loaded from: input_file:116856-25/SUNWpsnlp/reloc/SUNWps/lib/netletproxy.jar:com/sun/portal/netlet/eproxy/ESession.class */
public class ESession implements KeyConstants, Runnable {
    protected SessionKey sKey;
    protected NetletProfile userProfile;
    protected ProxyCipherMsg pMsg;
    protected Socket fromSock;
    protected DataInputStream fromClient;
    protected Integer logId;
    protected SessionAuthenticator sessionAuth;
    protected static boolean useNetletProxy;
    public static final String NETLET_PROXY = "__sra_netlet_proxy__";
    protected SessionRequest sessReq = null;
    protected RWGroupCrypt rwg = null;
    protected RWGroupForward rwgf = null;
    protected RWGroupFtp rwgcf = null;
    protected String netletProxyHost = null;
    protected int netletProxyPort = 10555;
    protected Hashtable cipherList = new Hashtable();
    private boolean validatePDC = false;
    private String digest = null;

    public ESession(Socket socket, Integer num) {
        try {
            this.fromClient = new DataInputStream(socket.getInputStream());
            this.logId = num;
            this.fromSock = socket;
            this.sessionAuth = new SessionAuthenticator();
        } catch (IOException e) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error("ESession: Unable to create DataInputStream -> ", e);
            }
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        String pFString;
        SSOToken sSOToken = null;
        if (!readClientCertificate()) {
            cleanUp();
            if (GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message("Unable to read Client Certificate: Closing Netlet Connections");
                return;
            }
            return;
        }
        if (readSessionId() != 0) {
            cleanUp();
            return;
        }
        if (this.sessionAuth.authenticate(this.sessReq) != 0) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error("ESession: invalid session id");
            }
            cleanUp();
            return;
        }
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            sSOToken = sSOTokenManager.createSSOToken(this.sessReq.getSessionID());
            sSOTokenManager.refreshSession(sSOToken);
        } catch (SendRequestException e) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error(new StringBuffer().append("ESession: Unable to create CipherGroup -> ").append(e).toString());
            }
        } catch (SSOException e2) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error(new StringBuffer().append("ESession: Unable to create CipherGroup -> ").append(e2).toString());
            }
        } catch (GetResponseException e3) {
            if (GWDebug.debug.errorEnabled()) {
                GWDebug.debug.error(new StringBuffer().append("ESession: Unable to create CipherGroup -> ").append(e3).toString());
            }
        }
        if (this.validatePDC && !verifyClientCertificate(sSOToken)) {
            cleanUp();
            if (GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message("Unable to verify Client Certificate: Closing Netlet Connections");
                return;
            }
            return;
        }
        this.userProfile = new NetletProfile(sSOToken.getTokenID().toString());
        List stringList = NetletProfile.getStringList("Ciphers");
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < stringList.size(); i++) {
            stringBuffer.append((String) stringList.get(i)).append("|");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(stringBuffer.toString(), "|");
        while (stringTokenizer.hasMoreElements()) {
            this.cipherList.put(stringTokenizer.nextToken(), stringTokenizer.nextToken());
        }
        if (useNetletProxy) {
            String sessionID = this.sessReq.getSessionID();
            try {
                this.netletProxyHost = getAssociatedNetletProxy(sSOToken);
                URL url = null;
                try {
                    url = new URL(this.netletProxyHost);
                } catch (MalformedURLException e4) {
                    e4.printStackTrace();
                }
                this.netletProxyHost = url.getHost();
                int port = url.getPort();
                if (port != -1) {
                    this.netletProxyPort = port;
                }
                if (GWDebug.debug.messageEnabled()) {
                    GWDebug.debug.message(new StringBuffer().append("ESession: Netlet proxy host -> ").append(this.netletProxyHost).append(" port -> ").append(this.netletProxyPort).toString());
                }
                this.rwgf = new RWGroupForward(this.fromSock, this.netletProxyHost, this.netletProxyPort, sessionID);
                try {
                    NetletGroupManager.getNetletGroupManager();
                    NetletGroupManager.registerReaderWriter(this.rwgf, sessionID);
                } catch (SSOException e5) {
                    try {
                        NetletGroupManager.getNetletGroupManager();
                        NetletGroupManager.unregister(sessionID);
                    } catch (Exception e6) {
                        if (GWDebug.debug.errorEnabled()) {
                            GWDebug.debug.error("ESession: Unable to register/unregister with NetletGroupManager");
                        }
                    }
                }
                String pFString2 = GWLocale.getPFString("es1", new Object[]{this.logId, new String(GWLogManager.getUserId(sessionID)), this.netletProxyHost, new Integer(this.netletProxyPort)});
                if (GWLogManager.loggingEnabled) {
                    GWLogManager.write("netlet", pFString2);
                    return;
                }
                return;
            } catch (SSOException e7) {
                e7.printStackTrace();
                if (GWDebug.debug.errorEnabled()) {
                    GWDebug.debug.error(new StringBuffer().append("Invalid SSOToken while looking op NLP -> ").append(e7).toString());
                    return;
                }
                return;
            }
        }
        NetletAccessController netletAccessController = new NetletAccessController(this.userProfile);
        try {
            this.pMsg = new ProxyCipherMsg();
        } catch (Throwable th) {
            th.printStackTrace();
        }
        if (this.pMsg.readMsg(this.fromClient) == 0) {
            if (GWDebug.debug.messageEnabled()) {
                GWDebug.debug.message(new StringBuffer().append("ESession: srcPort -> ").append(this.pMsg.getSrcPort()).toString());
            }
            Redirect redirect = new Redirect(this.pMsg.getSrcPort(), this.sessReq);
            if (redirect.doRedirect()) {
                if (GWDebug.debug.messageEnabled()) {
                    GWDebug.debug.message(new StringBuffer().append("ESession: redirect to -> ").append(redirect.getDstPortList()).append(" ").append(redirect.getDstHost()).toString());
                }
                pFString = GWLocale.getPFString("es2", new Object[]{this.logId, new String(GWLogManager.getUserId(this.sessReq.getSessionID())), redirect.getDstHost(), redirect.getDstPortList()});
                if (!netletAccessController.isAccessAllowed(redirect.getDstHost())) {
                    cleanUp();
                    return;
                }
                this.rwg = new RWGroupCrypt(this.fromSock, this.pMsg.getSrcPort(), redirect.getDstPortList(), redirect.getDstHost(), this.sessionAuth, this.sessReq);
                try {
                    NetletGroupManager.getNetletGroupManager();
                    NetletGroupManager.registerReaderWriter(this.rwg, this.sessReq.getSessionID());
                } catch (SSOException e8) {
                    try {
                        NetletGroupManager.getNetletGroupManager();
                        NetletGroupManager.unregister(this.sessReq.getSessionID());
                    } catch (Exception e9) {
                        if (GWDebug.debug.errorEnabled()) {
                            GWDebug.debug.error("ESession: Unable to register/unregister with NetletGroupManager");
                        }
                    }
                }
            } else if (this.pMsg.getDstPort().equals("-1")) {
                if (GWDebug.debug.messageEnabled()) {
                    GWDebug.debug.message(new StringBuffer().append("ESession: FTP data connection to -> ").append(redirect.getDstHost()).toString());
                }
                pFString = GWLocale.getPFString("es4", new Object[]{this.logId, redirect.getDstHost()});
                this.rwgcf = new RWGroupFtp(this.fromSock, this.sessionAuth, this.sessReq);
                try {
                    NetletGroupManager.getNetletGroupManager();
                    NetletGroupManager.registerReaderWriter(this.rwgcf, this.sessReq.getSessionID());
                } catch (SSOException e10) {
                    try {
                        NetletGroupManager.getNetletGroupManager();
                        NetletGroupManager.unregister(this.sessReq.getSessionID());
                    } catch (Exception e11) {
                        if (GWDebug.debug.errorEnabled()) {
                            GWDebug.debug.error("ESession: Unable to register/unregister with NetletGroupManager");
                        }
                    }
                }
            } else {
                pFString = GWLocale.getPFString("es3", new Object[]{this.logId, new String(GWLogManager.getUserId(this.sessReq.getSessionID())), this.pMsg.getHostName(), this.pMsg.getDstPort()});
                if (!netletAccessController.isAccessAllowed(this.pMsg.getHostName())) {
                    cleanUp();
                    return;
                }
                this.rwg = new RWGroupCrypt(this.fromSock, this.pMsg.getSrcPort(), this.pMsg.getDstPort(), this.pMsg.getHostName(), this.sessionAuth, this.sessReq);
                try {
                    NetletGroupManager.getNetletGroupManager();
                    NetletGroupManager.registerReaderWriter(this.rwg, this.sessReq.getSessionID());
                } catch (SSOException e12) {
                    try {
                        NetletGroupManager.getNetletGroupManager();
                        NetletGroupManager.unregister(this.sessReq.getSessionID());
                    } catch (Exception e13) {
                        if (GWDebug.debug.errorEnabled()) {
                            GWDebug.debug.error("ESession: Unable to register/unregister with NetletGroupManager");
                        }
                    }
                }
            }
            if (GWLogManager.loggingEnabled) {
                GWLogManager.write("netlet", pFString);
            }
        } else if (GWDebug.debug.errorEnabled()) {
            GWDebug.debug.error("ESession: unable to get proxy config!");
        }
        this.pMsg = null;
    }

    public void stop() {
        cleanUp();
    }

    private void cleanUp() {
        if (this.fromSock != null) {
            try {
                this.fromSock.close();
                if (PerfContextObject.ENABLE_PERF) {
                    SocketCount.decrementPlainSockets();
                }
            } catch (IOException e) {
            } finally {
                this.fromSock = null;
            }
        }
    }

    public String getSessionID() {
        return this.sessReq.getSessionID();
    }

    public byte[] getSessionKey() {
        byte[] bArr = new byte[32];
        System.arraycopy(this.sKey.getSessionKey(), 0, bArr, 0, 32);
        return bArr;
    }

    public boolean isDone() {
        return this.rwg != null ? this.rwg.isDone() : this.rwgf != null ? this.rwgf.isDone() : this.rwgcf != null ? this.rwgcf.isDone() : this.fromSock == null;
    }

    private int readSessionId() {
        if (this.sessReq == null) {
            this.sessReq = new SessionRequest();
        }
        if (this.sessReq.readMsg(this.fromClient) == 0) {
            if (!GWDebug.debug.messageEnabled()) {
                return 0;
            }
            GWDebug.debug.message(new StringBuffer().append("ESession: sessId = ").append(this.sessReq.getSessionID()).toString());
            return 0;
        }
        if (!GWDebug.debug.messageEnabled()) {
            return -1;
        }
        GWDebug.debug.message("ESession: negotiateSessionId IOException");
        return -1;
    }

    private String getAssociatedNetletProxy(SSOToken sSOToken) throws SSOException {
        String property = sSOToken.getProperty(NETLET_PROXY);
        if (property == null) {
            String netletProxyAlive = NetletProxyRouter.getNetletProxyAlive();
            if (netletProxyAlive == null) {
                return NetletProxyRouter.getServer();
            }
            sSOToken.setProperty(NETLET_PROXY, netletProxyAlive);
            return netletProxyAlive;
        }
        if (NetletProxyRouter.isNetletProxyAlive(property)) {
            return property;
        }
        String netletProxyAlive2 = NetletProxyRouter.getNetletProxyAlive();
        if (netletProxyAlive2 == null) {
            return NetletProxyRouter.getServer();
        }
        sSOToken.setProperty(NETLET_PROXY, netletProxyAlive2);
        return netletProxyAlive2;
    }

    private boolean readClientCertificate() {
        if (!(this.fromSock instanceof SSLSocket) || !Session.doingPDC) {
            return true;
        }
        try {
            this.digest = JSSUtil.getDefaultDecoder().digest(JSSUtil.getDefaultDecoder().getEncodedStr(this.fromSock.getStatus().getPeerCertificate().getEncoded()));
            return false;
        } catch (Exception e) {
            GWDebug.debug.error("Netlet : Unable to get client cert");
            return false;
        }
    }

    private boolean verifyClientCertificate(SSOToken sSOToken) {
        if (this.digest == null || this.digest.trim().length() == 0) {
            return false;
        }
        try {
            String property = sSOToken.getProperty(Session.PDC_CERT_INFO);
            return (property == null || property.trim().length() == 0 || !this.digest.equals(property)) ? false : true;
        } catch (SSOException e) {
            GWDebug.debug.error("Netlet : Unable to get certificate digest", e);
            return false;
        }
    }

    static {
        useNetletProxy = false;
        useNetletProxy = GatewayProfile.getBoolean("UseNetletProxy", false) && ServiceIdentifier.isGateway();
    }
}
