package com.sun.uwc.common.auth;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.comclient.calendar.DateTime;
import com.sun.uwc.common.SessionConstants;
import com.sun.uwc.common.util.UWCConstants;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.Map;
import java.util.TimeZone;
import java.util.prefs.Preferences;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:117287-06/SUNWuwc/reloc/WEB-INF/lib/uwc.jar:com/sun/uwc/common/auth/IdentitySSOAuthFilter.class */
public class IdentitySSOAuthFilter extends AuthFilter {
    public static final String CONFIG_FILENAME = "uwcauth.properties";
    public static final String CONFIG_IDENTITY_URL = "uwcauth.identity.login.url";
    public static final String CONFIG_IDENTITY_COOKIE = "uwcauth.identity.cookiename";
    static int _uwcPort = 80;
    static int _uwcSSLPort = 443;
    public String DEFAULT_DOMAIN = "defaultdomain";
    private final transient String GOTO_URI_PARAM = "goto=";
    private final transient String GOTO_URI_ON_FAIL_PARAM = "gotoOnFail=";
    private final transient String IS_AUTH_ERR_INDICATOR = "err";
    private final transient String USER_PARAM = "IDToken1=";
    private final transient String PASSWD_PARAM = "IDToken2=";
    private final transient String ORG_PARAM = "org=";
    private final transient String WABP = UWCConstants.WABP;
    private final transient String WABP_LOGIN_PATH = "wabp/login.wabp";
    public String AUTH_ERROR = "autherror";
    private String _defaultDomain = null;
    private String _identityCookieName = null;
    private String _cookieDomain = null;
    private String _config_filename = null;
    private String _identityURL = null;
    private boolean _enabled = true;
    private boolean _sslEnabled = false;
    private IdentitySSO _identitySSO = null;

    @Override // com.sun.uwc.common.auth.AuthFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        this._config_filename = "uwcauth.properties";
        super.init(filterConfig);
        Preferences preferences = super.getPreferences();
        this._defaultDomain = preferences.get("defaultdomain", "iplanet.com");
        this._sslEnabled = preferences.getBoolean("uwcauth.ssl.enabled", false);
        _uwcSSLPort = preferences.getInt("uwcauth.https.port", 443);
        _uwcPort = preferences.getInt("uwcauth.http.port", 80);
        this._identityURL = preferences.get("uwcauth.identity.login.url", null);
        this._identityCookieName = preferences.get(CONFIG_IDENTITY_COOKIE, "iPlanetDirectoryPro");
        this._cookieDomain = preferences.get("uwcauth.cookiedomain", "iplanet.com");
        this._identitySSO = new IdentitySSO(preferences);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        String str;
        String str2;
        authLogger.entering("IdentitySSOAuthFilter:", " doFilter");
        if (!this._identityEnabled) {
            authLogger.entering("IdentitySSOAuthFilter:", " identity not enabled");
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        authLogger.info("IdentitySSOAuthFilter: identity is enabled");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        authLogger.fine("IdentitySSOAuthFilter:check for presence of session");
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            authLogger.fine("session is present.. return");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        authLogger.fine("Session is null");
        String userFromRequest = getUserFromRequest(httpServletRequest);
        String passwordFromRequest = getPasswordFromRequest(httpServletRequest);
        String parameter = httpServletRequest.getParameter("fromlogin");
        authLogger.fine(new StringBuffer().append("username is... ").append(userFromRequest).toString());
        if (userFromRequest != null && userFromRequest.length() > 0 && passwordFromRequest != null && passwordFromRequest.length() > 0) {
            authLogger.fine("get uid and domain");
            int lastIndexOf = userFromRequest.lastIndexOf("@");
            if (lastIndexOf != -1) {
                str = userFromRequest.substring(0, lastIndexOf);
                str2 = userFromRequest.substring(lastIndexOf + 1);
            } else {
                str = userFromRequest;
                str2 = this._defaultDomain;
            }
            authLogger.fine(new StringBuffer().append("uid... ").append(str).append("domain...").append(str2).toString());
            StringBuffer stringBuffer = new StringBuffer(UWCConstants.BLANK);
            if (this._identityURL == null) {
                servletRequest.setAttribute(this.AUTH_ERROR, "true");
                authLogger.fine(new StringBuffer().append("set defaultDomain attr in request...").append(this._defaultDomain).toString());
                authLogger.fine("Null IS URL! - Misconfiguration");
                servletRequest.setAttribute(this.DEFAULT_DOMAIN, this._defaultDomain);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            stringBuffer.append(this._identityURL);
            stringBuffer.append("?");
            stringBuffer.append("goto=");
            String serverName = httpServletRequest.getServerName();
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath == null || (contextPath != null && contextPath.equals(UWCConstants.dateDelimitertDefaultValue))) {
                contextPath = UWCConstants.BLANK;
            }
            StringBuffer stringBuffer2 = new StringBuffer(UWCConstants.BLANK);
            if (this._sslEnabled) {
                stringBuffer2.append("https://");
                stringBuffer2.append(serverName);
                stringBuffer2.append(":");
                stringBuffer2.append(_uwcSSLPort);
                stringBuffer2.append(contextPath);
                stringBuffer2.append(UWCConstants.dateDelimitertDefaultValue);
            } else {
                stringBuffer2.append("http://");
                stringBuffer2.append(serverName);
                stringBuffer2.append(":");
                stringBuffer2.append(_uwcPort);
                stringBuffer2.append(contextPath);
                stringBuffer2.append(UWCConstants.dateDelimitertDefaultValue);
            }
            if (((HttpServletRequest) servletRequest).getRequestURI().indexOf(UWCConstants.WABP) > -1) {
                stringBuffer2.append("wabp/login.wabp");
            }
            stringBuffer.append(stringBuffer2);
            stringBuffer.append("&");
            stringBuffer.append("gotoOnFail=");
            stringBuffer.append(stringBuffer2);
            stringBuffer.append("?");
            stringBuffer.append("err");
            stringBuffer.append("=1");
            stringBuffer.append("&");
            stringBuffer.append("IDToken1=");
            stringBuffer.append(URLEncoder.encode(str, "UTF-8"));
            stringBuffer.append("&");
            stringBuffer.append("IDToken2=");
            stringBuffer.append(URLEncoder.encode(passwordFromRequest, "UTF-8"));
            stringBuffer.append("&");
            stringBuffer.append("org=");
            stringBuffer.append(str2);
            ((HttpServletResponse) servletResponse).sendRedirect(stringBuffer.toString());
            return;
        }
        authLogger.fine("username or password is null");
        Map parameterMap = httpServletRequest.getParameterMap();
        if (parameterMap != null && parameterMap.containsKey("err")) {
            authLogger.warning("IS Auth Error!");
            servletRequest.setAttribute(this.AUTH_ERROR, "true");
            authLogger.fine(new StringBuffer().append("set defaultDomain attr in request...").append(this._defaultDomain).toString());
            servletRequest.setAttribute(this.DEFAULT_DOMAIN, this._defaultDomain);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (parameter != null && parameter.equals("true")) {
            servletRequest.setAttribute(this.AUTH_ERROR, "true");
            authLogger.fine(new StringBuffer().append("set defaultDomain attr in request...").append(this._defaultDomain).toString());
            servletRequest.setAttribute(this.DEFAULT_DOMAIN, this._defaultDomain);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            authLogger.fine("session is not present.. ");
            authLogger.fine("get token manager.. ");
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            authLogger.fine("create token .. ");
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            authLogger.info(" check for the token validity ");
            if (!sSOTokenManager.isValidToken(createSSOToken)) {
                authLogger.fine("Invalid Response");
                authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            authLogger.info(" valid IdentitySSO Token ");
            authLogger.info(" get Store  conenction ");
            AMStoreConnection aMStoreConnection = new AMStoreConnection(createSSOToken);
            authLogger.info(" get the amuser ");
            AMUser user = aMStoreConnection.getUser(createSSOToken.getPrincipal().getName());
            authLogger.info(" get the sessionAddr ");
            InetAddress iPAddress = createSSOToken.getIPAddress();
            authLogger.info(new StringBuffer().append(" sessionAddr is ").append(iPAddress).toString());
            authLogger.info(" get the paramAddr ");
            InetAddress byName = InetAddress.getByName(httpServletRequest.getRemoteAddr());
            authLogger.info(new StringBuffer().append(" paramAddr is ").append(byName).toString());
            if (!iPAddress.equals(byName)) {
                authLogger.info(" invalid IdentitySSO Token...  IP does not match");
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            authLogger.fine("Valid Response");
            authLogger.fine("create session");
            HttpSession session2 = httpServletRequest.getSession(true);
            session2.setAttribute(SessionConstants.IDENTITY_TOKENID, createSSOToken.getTokenID().toString());
            String iso8601 = new DateTime(TimeZone.getTimeZone(UWCConstants.GMT_TIME_ZONE)).toISO8601();
            createSSOToken.setProperty(SessionConstants.UWC_STATUS, UWCConstants.ACTIVE);
            session2.setAttribute(SessionConstants.IDENTITY_LASTACCESS_GMTTIME, iso8601);
            ((HttpServletResponse) servletResponse).addCookie(this._identitySSO.getSSOCookie(session2));
            authLogger.fine(" added the UWC cookie...");
            String stringAttribute = user.getStringAttribute("uid");
            authLogger.fine(new StringBuffer().append(" uid is ").append(stringAttribute).toString());
            String organizationDN = user.getOrganizationDN();
            authLogger.fine(new StringBuffer().append(" orgDN is ").append(organizationDN).toString());
            String dn = user.getDN();
            authLogger.fine(new StringBuffer().append(" userDN is ").append(dn).toString());
            String stringAttribute2 = user.getStringAttribute("inetUserStatus");
            if (stringAttribute2 != null && stringAttribute2.length() == 0) {
                stringAttribute2 = null;
            }
            authLogger.fine(new StringBuffer().append(" inetUserStatus is ").append(stringAttribute2).toString());
            String stringAttribute3 = user.getStringAttribute("mailUserStatus");
            if (stringAttribute3 != null && stringAttribute3.length() == 0) {
                stringAttribute3 = null;
            }
            authLogger.fine(new StringBuffer().append(" mailUserStatus is ").append(stringAttribute3).toString());
            String stringAttribute4 = user.getStringAttribute("icsStatus");
            authLogger.fine(new StringBuffer().append(" icsStatus is ").append(stringAttribute4).toString());
            if (stringAttribute4 != null && stringAttribute4.length() == 0) {
                stringAttribute4 = null;
            }
            String stringAttribute5 = user.getStringAttribute("preferredLanguage");
            authLogger.fine(new StringBuffer().append(" preferredLanguage is ").append(stringAttribute5).toString());
            String stringAttribute6 = user.getStringAttribute(new StringBuffer().append("cn;lang-").append(stringAttribute5).toString());
            if (stringAttribute6 == null || (stringAttribute6 != null && stringAttribute6.length() == 0)) {
                stringAttribute6 = user.getStringAttribute("cn");
            }
            authLogger.fine(new StringBuffer().append(" commonName is ").append(stringAttribute6).toString());
            Principal adminPrincipal = this._identitySSO.getAdminPrincipal();
            String adminCredentials = this._identitySSO.getAdminCredentials();
            authLogger.info(" create the token ");
            AMOrganization organization = new AMStoreConnection(sSOTokenManager.createSSOToken(adminPrincipal, adminCredentials)).getOrganization(organizationDN);
            String stringAttribute7 = organization.getStringAttribute("sunPreferredDomain");
            authLogger.info(new StringBuffer().append(" domainName is ").append(stringAttribute7).toString());
            String stringAttribute8 = organization.getStringAttribute("inetDomainStatus");
            if (stringAttribute8 != null && stringAttribute8.length() == 0) {
                stringAttribute8 = null;
            }
            authLogger.info(new StringBuffer().append(" inetDomainStatus is ").append(stringAttribute8).toString());
            String stringAttribute9 = organization.getStringAttribute("mailDomainStatus");
            if (stringAttribute9 != null && stringAttribute9.length() == 0) {
                stringAttribute9 = null;
            }
            authLogger.info(new StringBuffer().append(" mailDomainStatus is ").append(stringAttribute9).toString());
            String stringAttribute10 = organization.getStringAttribute("icsStatus");
            if (stringAttribute10 != null && stringAttribute10.length() == 0) {
                stringAttribute10 = null;
            }
            authLogger.info(new StringBuffer().append(" icsDomainStatus is ").append(stringAttribute10).toString());
            if (stringAttribute8 == null || stringAttribute8.equalsIgnoreCase(UWCConstants.ACTIVE)) {
                if (stringAttribute9 != null && (stringAttribute9 == null || !stringAttribute9.equalsIgnoreCase(UWCConstants.ACTIVE))) {
                    session2.setAttribute("mail.service.enabled", "false");
                } else if (stringAttribute3 == null || (stringAttribute3 != null && stringAttribute3.equalsIgnoreCase(UWCConstants.ACTIVE))) {
                    session2.setAttribute("mail.service.enabled", "true");
                    authLogger.info(" settting mail as true");
                } else {
                    session2.setAttribute("mail.service.enabled", "false");
                    authLogger.info(" settting mail as false");
                }
                if (stringAttribute10 != null && (stringAttribute10 == null || !stringAttribute10.equalsIgnoreCase(UWCConstants.ACTIVE))) {
                    session2.setAttribute("calendar.service.enabled", "false");
                    authLogger.info(" settting cal as false");
                } else if (stringAttribute4 == null || (stringAttribute4 != null && stringAttribute4.equalsIgnoreCase(UWCConstants.ACTIVE))) {
                    session2.setAttribute("calendar.service.enabled", "true");
                    authLogger.info(" settting cal as true");
                } else {
                    session2.setAttribute("calendar.service.enabled", "false");
                    authLogger.info(" settting cal as false");
                }
            } else {
                authLogger.info(" settting mail and cal as false");
                session2.setAttribute("mail.service.enabled", "false");
                session2.setAttribute("calendar.service.enabled", "false");
            }
            session2.setAttribute("uid", stringAttribute);
            session2.setAttribute("userdn", dn);
            session2.setAttribute(SessionConstants.USER_AUTH_DN, dn);
            session2.setAttribute("domaindn", organizationDN);
            session2.setAttribute("domainname", stringAttribute7);
            session2.setAttribute("userlang", stringAttribute5);
            session2.setAttribute(SessionConstants.NEW_SESSION, "true");
            String header = httpServletRequest.getHeader("user-agent");
            if (header != null) {
                session2.setAttribute("useragent", header);
            }
            String header2 = httpServletRequest.getHeader("accept-language");
            if (header2 != null) {
                session2.setAttribute(SessionConstants.ACCEPT_LANG, header2);
            }
            String header3 = httpServletRequest.getHeader("accept-charset");
            if (header3 != null) {
                session2.setAttribute(SessionConstants.CHAR_SET_ENCODING, header3);
            }
            session2.setAttribute("username", stringAttribute6);
            authLogger.fine("Valid Response");
            createSSOToken.addSSOTokenListener(new UWCIdentitySSOTokenListener());
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (SSOException e) {
            authLogger.warning(new StringBuffer().append("SSOException..").append(e.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Exception e2) {
            authLogger.warning(new StringBuffer().append("Exception..").append(e2.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AMException e3) {
            authLogger.warning(new StringBuffer().append("AMException..").append(e3.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private void removeIdentityCookie(ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Cookie[] cookies = ((HttpServletRequest) servletRequest).getCookies();
        String str = null;
        String str2 = null;
        if (cookies == null || cookies.length <= 0) {
            return;
        }
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            if (cookies[i].getName().equalsIgnoreCase(this._identityCookieName)) {
                z = true;
                str = cookies[i].getPath();
                str2 = cookies[i].getDomain();
                authLogger.fine(new StringBuffer().append("cDomain: ").append(str2).toString());
                break;
            }
            i++;
        }
        if (z) {
            Cookie cookie = new Cookie(this._identityCookieName, (String) null);
            if (str != null) {
                cookie.setPath(str);
            } else {
                cookie.setPath(UWCConstants.dateDelimitertDefaultValue);
            }
            if (str2 != null) {
                cookie.setDomain(str2);
            } else if (this._cookieDomain != null) {
                cookie.setDomain(this._cookieDomain);
            }
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
        }
    }
}
