package com.sun.identity.policy.util;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.config.AMAuthConfigUtils;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.common.ISLocaleContext;
import com.sun.identity.common.L10NMessageImpl;
import com.sun.identity.common.RequestUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.policy.ActionDecision;
import com.sun.identity.policy.PolicyEvaluator;
import com.sun.identity.sm.ServiceConfigManager;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:117586-16/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/policy/util/Gateway.class */
public class Gateway extends HttpServlet {
    ServletConfig config = null;
    private static final String GOTO_URL = "goto";
    private static final String LOGIN_URL = "/UI/Login";
    private static final String DEFAULT_MODULE = "module=LDAP";
    private static final String AUTH_LEVEL_ADVICE = "AuthLevelConditionAdvice";
    private static final String AUTH_SCHEME_ADVICE = "AuthSchemeConditionAdvice";
    private static final String ORG_NAME = "org";
    private static final String AUTH_SCHEME = "module";
    private static final String AUTH_LEVEL = "authlevel";
    private static final String GET = "GET";
    private static final String POST = "POST";
    private static final String ALLOW = "allow";
    private static final String CERT_PROTOCOL = "https://";
    private static final String CERT_SCHEME = "Cert";
    private static final String WEB_AGENT_SERVICE_NAME = "iPlanetAMWebAgentService";
    private static final String CERT_SERVICE_NAME = "iPlanetAMAuthCertService";
    private static AuthD authD;
    private static SSOTokenManager defTokenMgr;
    private static SSOToken defToken;
    private static PolicyEvaluator pe;
    private static HashMap gwServletUtilsMap;
    private static Debug debug = Debug.getInstance("amGateway");
    private static HashSet authenticators = new HashSet();
    private static Set actionNames = new HashSet();

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        this.config = servletConfig;
        try {
            gwServletUtilsMap = new HashMap();
            authD = AuthD.getAuth();
            defToken = authD.getSSOAuthSession();
            defTokenMgr = SSOTokenManager.getInstance();
            Iterator authenticators2 = authD.getAuthenticators();
            while (authenticators2.hasNext()) {
                authenticators.add((String) authenticators2.next());
            }
            initGWServletUtilsMap(SystemProperties.get("com.iplanet.am.defaultOrg"));
            actionNames.add(GET);
            actionNames.add(POST);
            pe = new PolicyEvaluator("iPlanetAMWebAgentService");
        } catch (Exception e) {
            debug.error("GatewayServlet: Unable to create PolicyEvaluator", e);
            throw new ServletException(e.getMessage());
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = null;
        String str2 = null;
        String str3 = null;
        ActionDecision actionDecision = null;
        Map map = null;
        String str4 = null;
        try {
            RequestUtils.checkContentLength(httpServletRequest);
            StringBuffer stringBuffer = new StringBuffer(200);
            stringBuffer.append("/UI/Login");
            String queryString = httpServletRequest.getQueryString();
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (queryString != null && parameterNames.hasMoreElements()) {
                String str5 = (String) parameterNames.nextElement();
                if (str5.equalsIgnoreCase("goto")) {
                    str3 = httpServletRequest.getParameter(str5);
                } else if (str5.equalsIgnoreCase("module")) {
                    str = httpServletRequest.getParameter(str5);
                } else if (str5.equalsIgnoreCase("authlevel")) {
                    str2 = httpServletRequest.getParameter(str5);
                }
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("GatewayServlet: queryString : ").append(queryString).toString());
                debug.message(new StringBuffer().append("GatewayServlet: gotoUrl : ").append(str3).toString());
            }
            if (str3 != null) {
                actionDecision = getActionDecision(str3, getSSOToken(httpServletRequest));
                if (actionDecision != null) {
                    map = actionDecision.getAdvices();
                    str4 = getOrgNameFromAdvice(map);
                }
            }
            AuthServiceConfigInfo authServiceConfigInfo = null;
            if (str3 != null && str == null && str2 == null) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("GatewayServlet: gotoUrl : ").append(str3).toString());
                }
                stringBuffer.append('?').append(queryString);
                String policyAdvice = getPolicyAdvice(actionDecision);
                authServiceConfigInfo = getGWServletUtilsFromMap(map);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("GatewayServlet: advice from getPolicyAdvice() : ").append(policyAdvice).toString());
                }
                if (policyAdvice != null && policyAdvice.length() > 0) {
                    stringBuffer.append('&').append(policyAdvice);
                }
            } else if (str != null || str2 != null) {
                stringBuffer.append('?').append(queryString);
                if (str != null) {
                    authServiceConfigInfo = getGWServletUtilsByScheme(str4, str);
                } else if (str2 != null) {
                    authServiceConfigInfo = getGWServletUtilsByLevel(str4, str2);
                }
            }
            String stringBuffer2 = stringBuffer.toString();
            if (debug.messageEnabled()) {
                debug.message("GatewayServlet >>> Need to change URL !");
                debug.message(new StringBuffer().append("OLD URL : ").append(stringBuffer2).toString());
            }
            if (authServiceConfigInfo == null || authServiceConfigInfo.getPortNumber() == null) {
                if (str4 != null && stringBuffer2.indexOf("org=") == -1) {
                    stringBuffer2 = new StringBuffer().append(stringBuffer2).append(SessionEncodeURL.AMPERSAND).append("org").append("=").append(DNtoName(str4)).toString();
                }
                this.config.getServletContext().getRequestDispatcher(stringBuffer2).forward(httpServletRequest, httpServletResponse);
            } else {
                stringBuffer2 = new StringBuffer().append("https://").append(httpServletRequest.getServerName()).append(":").append(authServiceConfigInfo.getPortNumber()).append(SystemProperties.get("com.iplanet.am.services.deploymentDescriptor")).append(stringBuffer2).toString();
                if (str4 != null && stringBuffer2.indexOf("org=") == -1) {
                    stringBuffer2 = new StringBuffer().append(stringBuffer2).append(SessionEncodeURL.AMPERSAND).append("org").append("=").append(DNtoName(str4)).toString();
                }
                httpServletResponse.sendRedirect(stringBuffer2);
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("New URL : ").append(stringBuffer2).toString());
            }
        } catch (L10NMessageImpl e) {
            ISLocaleContext iSLocaleContext = new ISLocaleContext();
            iSLocaleContext.setLocale(httpServletRequest);
            Locale locale = iSLocaleContext.getLocale();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("GatewayServlet: ").append(e.getL10NMessage(locale)).toString());
            }
            throw new ServletException(e.getL10NMessage(locale));
        }
    }

    String getPolicyAdvice(ActionDecision actionDecision) {
        StringBuffer stringBuffer = new StringBuffer(30);
        processActionDecision(actionDecision, stringBuffer);
        return stringBuffer.toString().trim();
    }

    boolean processActionDecision(ActionDecision actionDecision, StringBuffer stringBuffer) {
        if (actionDecision == null) {
            return false;
        }
        if (actionDecision.getValues().contains(ALLOW)) {
            stringBuffer.append(DEFAULT_MODULE);
            return true;
        }
        Map advices = actionDecision.getAdvices();
        if (advices == null) {
            return false;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("GatewayServlet: processActionDecision : ").append(advices.values().toString()).toString());
        }
        return appendAdvice("module", (Set) advices.get("AuthSchemeConditionAdvice"), stringBuffer) || appendAdvice("authlevel", (Set) advices.get("AuthLevelConditionAdvice"), stringBuffer);
    }

    boolean appendAdvice(String str, Set set, StringBuffer stringBuffer) {
        if (set == null) {
            return false;
        }
        Iterator it = set.iterator();
        if (!it.hasNext()) {
            return false;
        }
        String str2 = (String) it.next();
        if (stringBuffer.length() != 0) {
            stringBuffer.append('&');
        }
        stringBuffer.append(str).append('=').append(str2);
        return true;
    }

    private GatewayServletUtils initGWServletUtilsMap(String str) {
        int lastIndexOf;
        GatewayServletUtils gatewayServletUtils = null;
        try {
            for (String str2 : authD.getOrgProfile(str).getRegisteredServiceNames()) {
                if (str2.trim().indexOf("iPlanetAMAuth") == 0 && (lastIndexOf = str2.lastIndexOf(IFSConstants.AC_SERVICE)) > "iPlanetAMAuth".length()) {
                    String substring = str2.substring("iPlanetAMAuth".length(), lastIndexOf);
                    if (authenticators.contains(substring)) {
                        gatewayServletUtils = addGWServletUtilsToMap(str, substring);
                    }
                }
            }
        } catch (Exception e) {
            debug.error("Error in GatewayServlet:initGWServletUtilsMap()");
            debug.error("", e);
        }
        return gatewayServletUtils;
    }

    private GatewayServletUtils addGWServletUtilsToMap(String str, String str2) {
        GatewayServletUtils gatewayServletUtils = null;
        String moduleServiceName = AMAuthConfigUtils.getModuleServiceName(str2);
        try {
            ServiceConfigManager serviceConfigManager = new ServiceConfigManager(moduleServiceName, defToken);
            gatewayServletUtils = new GatewayServletUtils(serviceConfigManager, str2);
            gatewayServletUtils.organizationConfigChanged(str);
            if (gatewayServletUtils.getAuthConfigInfo(str).getPortNumber() != null) {
                serviceConfigManager.addListener(gatewayServletUtils);
                gwServletUtilsMap.put(moduleServiceName, gatewayServletUtils);
            } else {
                gatewayServletUtils = null;
                gwServletUtilsMap.put(moduleServiceName, null);
            }
        } catch (Exception e) {
            debug.error(new StringBuffer().append("GatewayServlet: Unable to add Auth Service Info : ").append(moduleServiceName).toString(), e);
        }
        return gatewayServletUtils;
    }

    private AuthServiceConfigInfo getGWServletUtilsFromMap(Map map) {
        AuthServiceConfigInfo authServiceConfigInfo = null;
        String orgNameFromAdvice = getOrgNameFromAdvice(map);
        String authSchemeFromAdvice = getAuthSchemeFromAdvice(map);
        if (authSchemeFromAdvice != null) {
            authServiceConfigInfo = getGWServletUtilsByScheme(orgNameFromAdvice, authSchemeFromAdvice);
        } else {
            String authLevelFromAdvice = getAuthLevelFromAdvice(map);
            if (authLevelFromAdvice != null) {
                authServiceConfigInfo = getGWServletUtilsByLevel(orgNameFromAdvice, authLevelFromAdvice);
            }
        }
        return authServiceConfigInfo;
    }

    private SSOToken getSSOToken(HttpServletRequest httpServletRequest) {
        SSOToken sSOToken;
        try {
            sSOToken = defTokenMgr.createSSOToken(httpServletRequest);
        } catch (SSOException e) {
            if (debug.messageEnabled()) {
                debug.message("Unauthenticated User, use default token for dsameuser.");
            }
            sSOToken = null;
        }
        return sSOToken;
    }

    private ActionDecision getActionDecision(String str, SSOToken sSOToken) {
        ActionDecision actionDecision = null;
        if (pe != null) {
            try {
                Map actionDecisions = pe.getPolicyDecision(sSOToken, str, actionNames, new HashMap()).getActionDecisions();
                if (actionDecisions != null) {
                    ActionDecision actionDecision2 = (ActionDecision) actionDecisions.get(GET);
                    actionDecision = actionDecision2;
                    if (actionDecision2 == null) {
                        actionDecision = (ActionDecision) actionDecisions.get(POST);
                    }
                }
            } catch (Exception e) {
                debug.error("GatewayServlet: Error in getting policy decision.", e);
                return null;
            }
        }
        return actionDecision;
    }

    private Map getAdvices(String str, SSOToken sSOToken) {
        return getActionDecision(str, sSOToken).getAdvices();
    }

    private String getOrgNameFromAdvice(Map map) {
        String str = null;
        Set set = (Set) map.get(PolicyEvaluator.ADVICING_ORGANIZATION);
        if (set != null) {
            Iterator it = set.iterator();
            if (it.hasNext()) {
                str = (String) it.next();
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("GatewayServlet:getOrgName() : ").append(str).toString());
        }
        return str;
    }

    private String getAuthSchemeFromAdvice(Map map) {
        String str = null;
        Set set = (Set) map.get("AuthSchemeConditionAdvice");
        if (set != null) {
            Iterator it = set.iterator();
            if (it.hasNext()) {
                str = (String) it.next();
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("GatewayServlet:getAuthScheme() : ").append(str).toString());
        }
        return str;
    }

    private String getAuthLevelFromAdvice(Map map) {
        String str = null;
        Set set = (Set) map.get("AuthLevelConditionAdvice");
        if (set != null) {
            Iterator it = set.iterator();
            if (it.hasNext()) {
                str = (String) it.next();
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("GatewayServlet:getAuthLevel() : ").append(str).toString());
        }
        return str;
    }

    private AuthServiceConfigInfo getGWServletUtilsByScheme(String str, String str2) {
        AuthServiceConfigInfo authServiceConfigInfo = null;
        String moduleServiceName = AMAuthConfigUtils.getModuleServiceName(str2);
        if (debug.messageEnabled()) {
            debug.message("GatewayServlet:getGWServletUtilsByScheme()");
            debug.message(new StringBuffer().append("OrgName : ").append(str).toString());
            debug.message(new StringBuffer().append("Auth Scheme : ").append(str2).toString());
        }
        GatewayServletUtils gatewayServletUtils = (GatewayServletUtils) gwServletUtilsMap.get(moduleServiceName);
        if (gatewayServletUtils != null) {
            authServiceConfigInfo = gatewayServletUtils.getAuthConfigInfo(str);
        }
        return authServiceConfigInfo;
    }

    private AuthServiceConfigInfo getGWServletUtilsByLevel(String str, String str2) {
        AuthServiceConfigInfo authServiceConfigInfo = null;
        Iterator it = gwServletUtilsMap.keySet().iterator();
        if (debug.messageEnabled()) {
            debug.message("GatewayServlet:getGWServletUtilsByLevel()");
            debug.message(new StringBuffer().append("OrgName : ").append(str).toString());
            debug.message(new StringBuffer().append("Auth Level : ").append(str2).toString());
            debug.message(new StringBuffer().append("No of entries in  GWServletUtilsMap : ").append(gwServletUtilsMap.size()).toString());
        }
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            GatewayServletUtils gatewayServletUtils = (GatewayServletUtils) gwServletUtilsMap.get((String) it.next());
            if (gatewayServletUtils != null && gatewayServletUtils.getAuthLevel(str) != null && gatewayServletUtils.getAuthLevel(str).equals(str2)) {
                authServiceConfigInfo = gatewayServletUtils.getAuthConfigInfo(str);
                break;
            }
        }
        return authServiceConfigInfo;
    }

    String DNtoName(String str) {
        int indexOf = str.indexOf("=");
        int indexOf2 = str.indexOf(",");
        return indexOf2 == -1 ? str.substring(indexOf + 1).trim() : str.substring(indexOf + 1, indexOf2).trim();
    }
}
