package com.sun.identity.authentication.service;

import com.iplanet.am.util.AMResourceBundleCache;
import com.iplanet.am.util.Locale;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.config.AMAuthConfigUtils;
import com.sun.identity.authentication.config.AMAuthLevelManager;
import com.sun.identity.authentication.server.AuthContextLocal;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.spi.MessageLoginException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:117586-16/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_services.jar:com/sun/identity/authentication/service/AMLoginContext.class */
public class AMLoginContext extends Thread {
    DSAMECallbackHandler dsameCallbackHandler;
    String configName;
    LoginContext lc;
    LoginStatus st;
    LoginState loginState;
    Callback[] setSubmittedInfo;
    Callback[] getRequiredInfo;
    Callback[] recdCallback;
    AuthContextLocal authContext;
    Subject subject;
    private HashMap loginParamsMap;
    AuthContext.IndexType indexType;
    String indexName;
    Principal principal;
    char[] password;
    String clientType;
    String authLevel;
    String role;
    static final String LIST_DELIMITER = "|";
    private static final String bundleName = "amAuth";
    ResourceBundle bundle;
    private static AuthD ad = AuthD.getAuth();
    public static AuthThreadManager authThread = new AuthThreadManager();
    static Hashtable loginHash = new Hashtable();
    String orgDN = null;
    String roleDN = null;
    boolean pCookieMode = false;
    String lockoutMsg = null;
    Set moduleSet = new HashSet();
    String sid = null;
    boolean accountLocked = false;
    boolean isFailed = false;
    boolean internalAuthError = false;
    boolean processDone = false;

    public AMLoginContext(AuthContextLocal authContextLocal) {
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("AMLoginContext:initialThread name is... :").append(Thread.currentThread().getName()).toString());
        }
        this.authContext = authContextLocal;
        this.st = new LoginStatus();
        this.st.setStatus(2);
        this.bundle = ad.bundle;
    }

    public void executeLogin(HashMap hashMap) throws AuthLoginException {
        boolean z = false;
        this.internalAuthError = false;
        this.processDone = false;
        this.isFailed = false;
        setLoginHash();
        if (this.loginState != null) {
            this.bundle = AMResourceBundleCache.getInstance().getResBundle("amAuth", Locale.getLocale(this.loginState.getLocale()));
        }
        if (hashMap == null) {
            AuthD.debug.error("Error: loginParams is null");
            this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
            setErrorMsgAndTemplate();
            this.st.setStatus(4);
            this.internalAuthError = true;
            loginHash.remove(this.sid);
            throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
        }
        parseLoginParams(hashMap);
        this.loginState = (LoginState) loginHash.get(this.sid);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("LoginState : ").append(this.loginState).toString());
        }
        if (this.loginState == null) {
            AuthD.debug.error("Error: loginState is null");
            this.st.setStatus(4);
            this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
            setErrorMsgAndTemplate();
            this.internalAuthError = true;
            loginHash.remove(this.sid);
            throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
        }
        this.orgDN = this.loginState.getOrgDN();
        this.clientType = this.loginState.getClientType();
        this.loginState.setIndexType(this.indexType);
        this.loginState.setIndexName(this.indexName);
        try {
            if (processIndexType(this.indexType, this.indexName)) {
                return;
            }
            this.configName = getConfigName(this.indexType, this.indexName, this.orgDN, this.clientType);
            if (this.configName == null) {
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND);
                AuthD.debug.message("Config not found");
                setErrorMsgAndTemplate();
                this.internalAuthError = true;
                this.st.setStatus(4);
                this.loginState.logFailed(this.bundle.getString("noConfig"));
                loginHash.remove(this.sid);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
            }
            this.dsameCallbackHandler = new DSAMECallbackHandler(this);
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("Creating login context object\n\n orgDN : ").append(this.orgDN).append("\n configName : ").append(this.configName).toString());
            }
            try {
                if (this.subject != null) {
                    this.lc = new LoginContext(this.configName, this.subject, this.dsameCallbackHandler);
                } else {
                    this.lc = new LoginContext(this.configName, this.dsameCallbackHandler);
                }
                try {
                    start();
                } catch (IllegalThreadStateException e) {
                    z = true;
                } catch (Exception e2) {
                    z = true;
                }
                if (!z) {
                    AuthD.debug.message("AMLoginContext:Thread started... returning.");
                    return;
                }
                this.st.setStatus(7);
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
                setErrorMsgAndTemplate();
                this.internalAuthError = true;
                loginHash.remove(this.sid);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
            } catch (SecurityException e3) {
                AuthD.debug.message("Error creating LoginContext. ");
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message("Exception ", e3);
                }
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
                setErrorMsgAndTemplate();
                this.loginState.logFailed(this.bundle.getString("loginContextCreateFailed"));
                this.internalAuthError = true;
                this.st.setStatus(4);
                loginHash.remove(this.sid);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
            } catch (LoginException e4) {
                AuthD.debug.message("error creating LoginContext. ");
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message("Exception ", e4);
                }
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
                this.loginState.logFailed(this.bundle.getString("loginContextCreateFailed"));
                setErrorMsgAndTemplate();
                this.st.setStatus(4);
                this.internalAuthError = true;
                loginHash.remove(this.sid);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null, e4);
            }
        } catch (AuthLoginException e5) {
            AuthD.debug.message("Error  : ", e5);
            loginHash.remove(this.sid);
            throw new AuthLoginException(e5);
        } catch (Exception e6) {
            AuthD.debug.message("Error : ", e6);
            loginHash.remove(this.sid);
            throw new AuthLoginException(e6);
        }
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        Thread currentThread = Thread.currentThread();
        AuthD.debug.message(new StringBuffer().append("AMLoginContext:starting loginprocess..").append(currentThread).toString());
        String string = this.bundle.getString("loginFailed");
        boolean z = false;
        try {
            this.lc.login();
            AuthD.debug.message("user authenication successful");
            this.subject = this.lc.getSubject();
            this.loginState = (LoginState) loginHash.get(this.sid);
            this.loginState.setSubject(this.subject);
            AuthD.debug.message("searchUserProfile for Subject :");
            z = true;
            if (this.loginState.searchUserProfile(this.subject, this.indexType, this.indexName)) {
                AMAccountLockout aMAccountLockout = new AMAccountLockout(this.loginState);
                if (aMAccountLockout.isLockedOut()) {
                    AuthD.debug.message("User locked out!!");
                    string = this.bundle.getString("lockOut");
                    this.loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED);
                    this.isFailed = true;
                } else {
                    boolean z2 = false;
                    if (!this.loginState.ignoreProfile()) {
                        z2 = aMAccountLockout.isAccountExpired();
                    }
                    if (z2) {
                        AuthD.debug.message("Account expired!!");
                        string = this.bundle.getString("accountExpired");
                        this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED);
                        this.isFailed = true;
                    } else {
                        this.loginState = (LoginState) loginHash.get(this.sid);
                        if (AuthD.debug.messageEnabled()) {
                            AuthD.debug.message(new StringBuffer().append("authContext is : ").append(this.authContext).toString());
                            AuthD.debug.message(new StringBuffer().append("loginSTate is : ").append(this.loginState).toString());
                        }
                        updateLoginState(this.loginState, this.indexType, this.indexName, this.configName);
                        if (!this.loginState.activateSession(this.subject)) {
                            throw new AuthException(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, null);
                        }
                        this.loginState.logSuccess();
                        aMAccountLockout.resetPasswdLockout(this.loginState.getUserToken());
                        this.st.setStatus(3);
                        this.loginState.updateSessionForFailover();
                        AuthD.debug.message("login success");
                    }
                }
            } else {
                AuthD.debug.error("Profile not found ");
                string = this.bundle.getString("noUserProfile");
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_PROFILE_ERROR);
                this.isFailed = true;
            }
        } catch (AuthException e) {
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("Exception ").append(e.getMessage()).toString());
            }
            this.isFailed = true;
            this.loginState.setErrorCode(e.getErrorCode());
            this.loginState.logFailed(this.bundle.getString("loginFailed"));
            this.authContext.setLoginException(new AuthLoginException("amAuth", "loginFailed", null, e));
        } catch (InvalidPasswordException e2) {
            AuthD.debug.message("Invalid Password : ");
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Exception ", e2);
            }
            String tokenId = e2.getTokenId();
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("Invalid Password Exception ").append(tokenId).toString());
            }
            if (tokenId != null) {
                AMAccountLockout aMAccountLockout2 = new AMAccountLockout(this.loginState);
                this.accountLocked = aMAccountLockout2.isLockedOut(tokenId);
                if (!this.accountLocked) {
                    this.accountLocked = aMAccountLockout2.isAccountLocked(tokenId);
                    if (!this.accountLocked) {
                        aMAccountLockout2.invalidPasswd(tokenId);
                        checkWarningCount(aMAccountLockout2);
                        this.accountLocked = aMAccountLockout2.isAccountLocked(tokenId);
                    }
                }
            }
            string = this.bundle.getString("invalidPasswd");
            if (this.accountLocked) {
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_INACTIVE);
            } else {
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_INVALID_PASSWORD);
            }
            this.isFailed = true;
            this.authContext.setLoginException(e2);
        } catch (MessageLoginException e3) {
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("LOGINFAILED MessageAuthLoginException....");
                AuthD.debug.message("Exception ", e3);
            }
            this.loginState.setModuleErrorMessage(e3.getL10NMessage(Locale.getLocale(this.loginState.getLocale())));
            this.isFailed = true;
            this.authContext.setLoginException(e3);
        } catch (AuthLoginException e4) {
            if (AMAuthErrorCode.AUTH_TIMEOUT.equals(e4.getMessage())) {
                AuthD.debug.message("LOGINFAILED Error Timed Out....");
            } else {
                AuthD.debug.message("LOGINFAILED Error....");
            }
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Exception ", e4);
            }
            this.isFailed = true;
            if (this.loginState.isTimedOut()) {
                string = this.bundle.getString("loginTimeout");
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_TIMEOUT);
            } else {
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
            }
            this.authContext.setLoginException(e4);
        } catch (Exception e5) {
            AuthD.debug.message("Error during login.. ");
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Exception ", e5);
            }
            this.isFailed = true;
            this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
            this.loginState.logFailed(this.bundle.getString("loginFailed"));
            this.authContext.setLoginException(new AuthLoginException("amAuth", "loginFailed", null, e5));
        }
        AuthD.debug.message("Came to before if Failed loop");
        if (this.isFailed) {
            if (z) {
                this.loginState.setFailureModuleList(getSuccessModuleString());
            } else {
                this.loginState.setFailureModuleList(getFailureModuleList());
            }
            this.loginState.logFailed(string);
            setErrorMsgAndTemplate();
            this.st.setStatus(4);
            loginHash.remove(this.sid);
            if (this.indexType == AuthContext.IndexType.USER) {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message(new StringBuffer().append("Set failureId in user based auth ").append(this.indexName).toString());
                }
                this.loginState.setFailureId(this.indexName);
            }
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("finished...login notify all threads\nAMLoginContext:LoginStatus: ").append(this.st.getStatus()).toString());
        }
        authThread.removeFromHash(currentThread, "timeoutHash");
        this.loginState.setReceivedCallback(null, this);
        this.isFailed = false;
    }

    public void logout() throws AuthLoginException {
        AuthD.debug.message("in logout:");
        try {
            if (this.lc != null) {
                this.lc.logout();
            }
            this.loginState.logLogout();
            this.loginState.onLogoutProcess(this.indexType, this.indexName);
            destroySession();
            this.st.setStatus(5);
        } catch (AuthLoginException e) {
            AuthD.debug.message("Error during logout : ");
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Exception ", e);
            }
            throw new AuthLoginException("amAuth", "failedLogout", null, e);
        } catch (Exception e2) {
            AuthD.debug.message("Error during logout : ");
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Exception ", e2);
            }
        }
        loginHash.remove(this.sid);
    }

    void destroySession() {
        this.loginState = (LoginState) loginHash.get(this.sid);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("AMLoginContext:destroySession: ").append(this.loginState).toString());
        }
        this.loginState.destroySession();
        AuthUtils.removeLoginStateFromHash(this.authContext);
    }

    public Callback[] getRequiredInfo() {
        if (this.st.getStatus() != 2) {
            return null;
        }
        if (this.indexType == AuthContext.IndexType.LEVEL) {
            AuthD.debug.message("Index type level, send choice callback");
            this.indexType = null;
        } else {
            this.recdCallback = getRequiredInfoCallback();
        }
        if (this.recdCallback != null) {
            for (int i = 0; i < this.recdCallback.length; i++) {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message(new StringBuffer().append("Recd Callback in amlc.getRequiredInfo : ").append(this.recdCallback[i]).toString());
                }
            }
        } else {
            AuthD.debug.message("Recd Callback in amlc.getRequiredInfo is NULL");
        }
        return this.recdCallback;
    }

    public synchronized Callback[] getRequiredInfoCallback() {
        this.loginState = (LoginState) loginHash.get(this.sid);
        if (this.loginState == null) {
            AuthD.debug.message("LoginState is null, returning");
            return null;
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("getRequiredInfo.. ").append(this.st.getStatus()).toString());
        }
        if (this.isFailed || this.st.getStatus() != 2) {
            AuthD.debug.message("no more requirements returning null");
            return null;
        }
        Thread currentThread = Thread.currentThread();
        long lastCallbackSent = this.loginState.getLastCallbackSent();
        long pageTimeOut = this.loginState.getPageTimeOut();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("getRequiredInfo. ThreadName is.. :").append(currentThread).toString());
            AuthD.debug.message(new StringBuffer().append("lastCallbackSent : ").append(lastCallbackSent).toString());
            AuthD.debug.message(new StringBuffer().append("pageTimeOut : ").append(pageTimeOut).toString());
        }
        authThread.setHash(currentThread, pageTimeOut, lastCallbackSent);
        while (!this.isFailed && this.loginState.getReceivedInfo() == null && this.st.getStatus() == 2) {
            try {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message(new StringBuffer().append(Thread.currentThread()).append("Waiting..").append(this.st.getStatus()).toString());
                }
                if (this.st.getStatus() != 2) {
                    return null;
                }
                if (!this.isFailed && this.st.getStatus() == 2 && this.loginState.getReceivedInfo() == null) {
                    wait();
                }
            } catch (InterruptedException e) {
                AuthD.debug.message("getRecdinfo INTERRUPTED");
            }
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Thread woke up... ").append(this.loginState.getReceivedInfo()).toString());
        }
        this.getRequiredInfo = this.loginState.getReceivedInfo();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Returning getRequiredInfo... :").append(this.getRequiredInfo).toString());
        }
        authThread.removeFromHash(currentThread, "timeoutHash");
        return this.getRequiredInfo;
    }

    public void submitRequiredInfo(Callback[] callbackArr) {
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("submit required info... :").append(callbackArr[0]).toString());
        }
        this.loginState.setSubmittedCallback(callbackArr, this);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message("Retunring from submitRequiredInfo");
        }
    }

    public synchronized Callback[] submitCallbackInfo() {
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("submitRequiredInfo. ThreadName is.. :").append(Thread.currentThread().getName()).toString());
        }
        this.loginState = (LoginState) loginHash.get(this.sid);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("loginState is ... : ").append(this.loginState).toString());
        }
        if (this.st.getStatus() != 2 || this.isFailed) {
            AuthD.debug.message("submitReq no more requirements returning null");
            return null;
        }
        Thread currentThread = Thread.currentThread();
        long lastCallbackSent = this.loginState.getLastCallbackSent();
        long pageTimeOut = this.loginState.getPageTimeOut();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("submitRequiredInfo. ThreadName is.. :").append(currentThread).toString());
            AuthD.debug.message(new StringBuffer().append("lastCallbackSent : ").append(lastCallbackSent).toString());
            AuthD.debug.message(new StringBuffer().append("pageTimeOut : ").append(pageTimeOut).toString());
        }
        authThread.setHash(currentThread, pageTimeOut, lastCallbackSent);
        while (this.loginState.getSubmittedInfo() == null && this.st.getStatus() == 2) {
            try {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message(new StringBuffer().append(Thread.currentThread()).append(" Waiting....").append(this.st.getStatus()).toString());
                }
                if (this.st.getStatus() != 2) {
                    return null;
                }
                if (this.loginState.getSubmittedInfo() == null) {
                    wait();
                }
            } catch (InterruptedException e) {
                AuthD.debug.message("submitRequired info INTERRUPTED");
            }
        }
        AuthD.debug.message("Threadwaking up go submit info...");
        authThread.removeFromHash(currentThread, "timeoutHash");
        this.setSubmittedInfo = this.loginState.getSubmittedInfo();
        AuthD.debug.message("Returning submitted info: ");
        return this.setSubmittedInfo;
    }

    public int getStatus() {
        int status = this.st.getStatus();
        if (this.isFailed || status == 4) {
            postProcessOnFail();
        } else if (status == 3) {
            postProcessOnSuccess();
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("getStatus : status is... : ").append(status).toString());
        }
        return status;
    }

    public LoginState getLoginState() {
        return AuthUtils.getLoginState(this.authContext);
    }

    public void abort() throws AuthLoginException {
        AuthD.debug.message("in abort");
        try {
            logout();
        } catch (Exception e) {
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Error logging out.. :");
                AuthD.debug.message("Exception ", e);
            }
            try {
                destroySession();
                this.st.setStatus(5);
            } catch (Exception e2) {
                AuthD.debug.message("Error aborting");
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message("Exception ", e2);
                }
                throw new AuthLoginException("amAuth", "abortFailed", null);
            }
        }
    }

    public Set getModuleInstanceNames() {
        try {
            LoginState loginState = AuthUtils.getLoginState(this.authContext);
            if (loginState != null) {
                this.moduleSet = loginState.getModuleInstances();
            }
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("moduleSet is : ").append(this.moduleSet).toString());
            }
        } catch (Exception e) {
            AuthD.debug.message("Error : ", e);
        }
        return this.moduleSet;
    }

    public String getOrganizationName() {
        return this.loginState.getQueryOrg();
    }

    public SSOToken getSSOToken() {
        try {
            return this.loginState.getSSOToken();
        } catch (SSOException e) {
            if (!AuthD.debug.messageEnabled()) {
                return null;
            }
            AuthD.debug.message("error getting ssoToken : ");
            AuthD.debug.message("Exception ", e);
            return null;
        }
    }

    public Subject getSubject() {
        try {
            return this.loginState.getSubject();
        } catch (Exception e) {
            if (!AuthD.debug.messageEnabled()) {
                return null;
            }
            AuthD.debug.message("error getting Subject :");
            AuthD.debug.message("Exception ", e);
            return null;
        }
    }

    private void parseLoginParams(HashMap hashMap) {
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("loginParamsMap is.. :").append(hashMap).toString());
        }
        try {
            this.indexType = (AuthContext.IndexType) hashMap.get("indexType");
            this.indexName = (String) hashMap.get(AuthContextLocal.INDEX_NAME);
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("indexType = ").append(this.indexType).append("\nindexName = ").append(this.indexName).toString());
            }
            this.principal = (Principal) hashMap.get(AuthContextLocal.PRINCIPAL);
            this.password = (char[]) hashMap.get(AuthContextLocal.PASSWORD);
            this.subject = (Subject) hashMap.get("subject");
            Boolean bool = (Boolean) hashMap.get(AuthContextLocal.PCOOKIE);
            if (bool != null) {
                this.pCookieMode = bool.booleanValue();
            }
        } catch (Exception e) {
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Error parsing login Params");
                AuthD.debug.message("Exception ", e);
            }
        }
    }

    String getConfigName(AuthContext.IndexType indexType, String str, String str2, String str3) {
        String str4;
        String str5 = null;
        if (indexType == null) {
            str5 = AMAuthConfigUtils.getAuthConfigName(str2, "html");
        } else {
            if (indexType == AuthContext.IndexType.USER) {
                str4 = this.loginState.getUserDN(str);
            } else if (indexType == AuthContext.IndexType.ROLE) {
                str4 = this.loginState.getRoleDN(str, str2);
                this.roleDN = str4;
            } else {
                str4 = str;
            }
            try {
                str5 = AMAuthConfigUtils.getAuthConfigName(indexType, str4, str2, str3);
            } catch (Exception e) {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message("Error retrieving configName ");
                    AuthD.debug.message("Exception : ", e);
                }
            }
        }
        return str5;
    }

    boolean processLevel(AuthContext.IndexType indexType, String str, String str2, String str3) throws AuthException {
        AuthContext.IndexType indexType2 = AuthContext.IndexType.LEVEL;
        this.authLevel = str;
        AuthLevel authLevel = new AuthLevel(indexType2, str, str2, str3, Locale.getLocale(this.loginState.getLocale()));
        int numberOfAuthModules = authLevel.getNumberOfAuthModules();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("number of Modules : ").append(numberOfAuthModules).toString());
        }
        if (numberOfAuthModules <= 0) {
            this.loginState.logFailed(this.bundle.getString("noConfig"));
            throw new AuthException(AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
        }
        if (numberOfAuthModules == 1) {
            this.indexType = AuthContext.IndexType.MODULE_INSTANCE;
            this.loginState.setIndexType(this.indexType);
            this.indexName = authLevel.getModuleName();
            return false;
        }
        try {
            this.recdCallback = authLevel.createChoiceCallback();
            this.loginState.setPrevCallback(this.recdCallback);
            return true;
        } catch (AuthException e) {
            if (!AuthD.debug.messageEnabled()) {
                return false;
            }
            AuthD.debug.message("Error creating choiceCallback");
            AuthD.debug.message("Exception ", e);
            return false;
        }
    }

    void updateLoginState(LoginState loginState, AuthContext.IndexType indexType, String str, String str2) {
        if (indexType == AuthContext.IndexType.LEVEL) {
            this.authLevel = str;
        } else {
            this.authLevel = getAuthLevel();
        }
        loginState.setAuthLevel(this.authLevel);
        String successModuleString = indexType == AuthContext.IndexType.MODULE_INSTANCE ? str : getSuccessModuleString();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("moduleName : ").append(successModuleString).toString());
        }
        loginState.setAuthModuleName(successModuleString);
        if (indexType == AuthContext.IndexType.ROLE) {
            loginState.setAuthRoleName(str);
        }
        if (indexType == AuthContext.IndexType.USER) {
            loginState.setUserName(str);
        }
    }

    boolean validateUser(String str) {
        try {
            boolean userProfile = this.loginState.getUserProfile(str, true);
            this.indexName = this.loginState.getUserDN();
            if (userProfile) {
                return this.loginState.isUserEnabled();
            }
            return false;
        } catch (Exception e) {
            if (!AuthD.debug.messageEnabled()) {
                return false;
            }
            AuthD.debug.message(new StringBuffer().append("Error retrieving profile for : ").append(str).toString());
            return false;
        }
    }

    void checkWarningCount(AMAccountLockout aMAccountLockout) {
        try {
            int warnUserCount = aMAccountLockout.getWarnUserCount();
            if (warnUserCount == 0) {
                this.lockoutMsg = "";
            } else if (warnUserCount < 0) {
                this.accountLocked = true;
            } else {
                this.lockoutMsg = MessageFormat.format(this.bundle.getString("lockOutWarning"), new Integer(warnUserCount));
                this.loginState.setLockoutMsg(this.lockoutMsg);
                this.accountLocked = false;
            }
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("WARNING COUNT : ").append(warnUserCount).toString());
                AuthD.debug.message(new StringBuffer().append("WARNING COUNT MESSAGE: ").append(this.lockoutMsg).toString());
            }
        } catch (Exception e) {
            AuthD.debug.message("Error : ", e);
        }
    }

    void setErrorMsgAndTemplate() {
        String errorCode;
        if (this.loginState == null || (errorCode = this.loginState.getErrorCode()) == null) {
            return;
        }
        String string = this.bundle.getString(errorCode);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("resProperty is.. :").append(string).toString());
        }
        String errorVal = ad.getErrorVal(errorCode, AuthUtils.ERROR_MESSAGE);
        String errorVal2 = ad.getErrorVal(errorCode, AuthUtils.ERROR_TEMPLATE);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Error Message : ").append(errorVal).toString());
            AuthD.debug.message(new StringBuffer().append("Error Template: ").append(errorVal2).toString());
        }
        this.loginState.setErrorMessage(errorVal);
        this.loginState.setErrorTemplate(errorVal2);
    }

    String getTimedOutTemplate() {
        this.loginState.setErrorCode(AMAuthErrorCode.AUTH_TIMEOUT);
        this.loginState.logFailed(this.bundle.getString("loginTimeout"));
        this.loginState.setErrorMessage(ad.getErrorVal(AMAuthErrorCode.AUTH_TIMEOUT, AuthUtils.ERROR_MESSAGE));
        return ad.getErrorVal(AMAuthErrorCode.AUTH_TIMEOUT, AuthUtils.ERROR_TEMPLATE);
    }

    String getModuleErrorTemplate() {
        String moduleErrorTemplate = this.loginState.getModuleErrorTemplate();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Error Template is : ").append(moduleErrorTemplate).toString());
        }
        return moduleErrorTemplate;
    }

    public String getErrorTemplate() {
        String moduleErrorTemplate;
        if (this.loginState == null) {
            return AuthD.getAuth().getErrorVal(AMAuthErrorCode.AUTH_ERROR, AuthUtils.ERROR_TEMPLATE);
        }
        if (this.loginState.isTimedOut()) {
            moduleErrorTemplate = getTimedOutTemplate();
        } else {
            moduleErrorTemplate = this.loginState.getModuleErrorTemplate();
            if (moduleErrorTemplate == null || moduleErrorTemplate.equals("")) {
                moduleErrorTemplate = this.loginState.getErrorTemplate();
            }
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Error Template is : ").append(moduleErrorTemplate).toString());
        }
        this.loginState.setErrorTemplate(moduleErrorTemplate);
        return moduleErrorTemplate;
    }

    public String getErrorMessage() {
        if (this.loginState == null) {
            return AuthD.getAuth().getErrorVal(AMAuthErrorCode.AUTH_ERROR, AuthUtils.ERROR_MESSAGE);
        }
        String moduleErrorMessage = this.loginState.getModuleErrorMessage();
        if (moduleErrorMessage == null) {
            moduleErrorMessage = this.loginState.getErrorMessage();
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Error message is : ").append(moduleErrorMessage).toString());
        }
        return moduleErrorMessage;
    }

    public String getErrorCode() {
        if (this.loginState == null) {
            return AMAuthErrorCode.AUTH_ERROR;
        }
        String errorCode = this.loginState.getErrorCode();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Error Code is.. : ").append(errorCode).toString());
        }
        return errorCode;
    }

    public String getLockoutMsg() {
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("lockout Msg returned  : ").append(this.lockoutMsg).toString());
        }
        return this.lockoutMsg;
    }

    public boolean isLockedOut() {
        return this.accountLocked;
    }

    String getAuthLevel() {
        AMAuthLevelManager aMAuthLevelManager = AMAuthLevelManager.getInstance();
        int i = Integer.MIN_VALUE;
        if (this.moduleSet.isEmpty()) {
            this.moduleSet = getSuccessModuleSet();
        }
        Iterator it = this.moduleSet.iterator();
        while (it.hasNext()) {
            int levelForModule = aMAuthLevelManager.getLevelForModule((String) it.next(), this.loginState.getOrgDN());
            if (levelForModule > i) {
                i = levelForModule;
            }
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("AuthLevel is : ").append(levelForModule).toString());
                AuthD.debug.message(new StringBuffer().append("New AuthLevel is : ").append(i).toString());
            }
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Returning AuthLevel is : ").append(i).toString());
        }
        return new Integer(i).toString();
    }

    Set getSuccessModuleSet() {
        try {
            this.moduleSet = getModuleFromAuthConfiguration(this.loginState.getSuccessModuleSet());
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("ModuleSet is : ").append(this.moduleSet).toString());
            }
        } catch (Exception e) {
            AuthD.debug.message("Exception : getSuccessModuleList ", e);
        }
        return this.moduleSet;
    }

    String getModuleString(Set set) {
        String str = "";
        if (set != null && !set.isEmpty()) {
            Iterator it = set.iterator();
            StringBuffer stringBuffer = new StringBuffer();
            while (it.hasNext()) {
                stringBuffer.append((String) it.next()).append("|");
            }
            String stringBuffer2 = stringBuffer.toString();
            int lastIndexOf = stringBuffer2.lastIndexOf("|");
            str = lastIndexOf != -1 ? stringBuffer2.substring(0, lastIndexOf) : stringBuffer2;
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("ModuleList is : ").append(str).toString());
        }
        return str;
    }

    static String getModuleNameFromAuthenticator(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf != -1 ? str.substring(lastIndexOf + 1, str.length()) : str;
    }

    boolean processIndexType(AuthContext.IndexType indexType, String str) throws AuthLoginException {
        boolean z = false;
        this.loginState = (LoginState) loginHash.get(this.sid);
        if (indexType == AuthContext.IndexType.LEVEL) {
            AuthD.debug.message("IndexType is level");
            String orgDN = this.loginState.getOrgDN();
            HttpServletRequest httpServletRequest = this.loginState.getHttpServletRequest();
            boolean z2 = false;
            if (httpServletRequest != null) {
                try {
                    SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                    if (sSOTokenManager.isValidToken(sSOTokenManager.createSSOToken(httpServletRequest))) {
                        AuthD.debug.message("Existing Valid session");
                        z2 = true;
                    }
                } catch (Exception e) {
                    AuthD.debug.message(new StringBuffer().append("ERROR processIndexType/SSOToken validation - ").append(e.toString()).toString());
                }
                if (!z2) {
                    AuthD.debug.message("No existing valid session");
                    String organizationDN = ad.getOrganizationDN(AuthUtils.getQueryOrgName(httpServletRequest, ad.getOrgParam(this.loginState.getRequestParamHash())), true, httpServletRequest);
                    if (AuthD.debug.messageEnabled()) {
                        AuthD.debug.message(new StringBuffer().append("orgDN from existing auth context: ").append(orgDN).append(", orgDN from query string: ").append(organizationDN).toString());
                    }
                    if (orgDN != null && !orgDN.equals(organizationDN)) {
                        this.st.setStatus(7);
                        this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
                        setErrorMsgAndTemplate();
                        this.internalAuthError = true;
                        throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
                    }
                }
            }
            try {
                if (!processLevel(indexType, str, orgDN, this.clientType)) {
                    return false;
                }
                AuthD.debug.message("multiple modules found");
                return true;
            } catch (AuthException e2) {
                this.loginState.setErrorCode(e2.getErrorCode());
                this.loginState.logFailed(e2.getMessage());
                setErrorMsgAndTemplate();
                this.st.setStatus(4);
                throw new AuthLoginException(e2);
            }
        }
        if (indexType == AuthContext.IndexType.USER) {
            AuthD.debug.message("IndexType is user");
            boolean z3 = false;
            if (this.loginState.ignoreProfile()) {
                z = true;
            } else {
                z3 = validateUser(str);
            }
            if (this.pCookieMode) {
                try {
                    processPCookieMode(z3);
                    return true;
                } catch (AuthLoginException e3) {
                    throw new AuthLoginException(e3);
                }
            }
            if (z3 || z) {
                if (!z) {
                    return false;
                }
                setAuthError(AMAuthErrorCode.AUTH_PROFILE_ERROR, "loginDenied");
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_PROFILE_ERROR, null);
            }
            AuthD.debug.message("User is not active");
            this.loginState.logFailed(this.bundle.getString("userInactive"));
            this.loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_INACTIVE);
            setErrorMsgAndTemplate();
            this.st.setStatus(4);
            throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_USER_INACTIVE, null);
        }
        if (indexType != AuthContext.IndexType.MODULE_INSTANCE) {
            if (indexType != AuthContext.IndexType.ROLE) {
                return false;
            }
            AuthD.debug.message("indexType is Role");
            if (!this.loginState.ignoreProfile()) {
                return false;
            }
            setAuthError(AMAuthErrorCode.AUTH_TYPE_DENIED, "loginDenied");
            throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_TYPE_DENIED, null);
        }
        AuthD.debug.message("indexType is module");
        Set domainAuthenticators = this.loginState.getDomainAuthenticators();
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("domainAuthenticators : ").append(domainAuthenticators).toString());
        }
        if (str.equals("Application") || domainAuthenticators.isEmpty() || domainAuthenticators.contains(str)) {
            return false;
        }
        AuthD.debug.message("Module denied!!");
        this.loginState.setErrorCode(AMAuthErrorCode.AUTH_MODULE_DENIED);
        this.loginState.logFailed(this.bundle.getString("moduleDenied"));
        setErrorMsgAndTemplate();
        this.st.setStatus(4);
        throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_MODULE_DENIED, null);
    }

    void processPCookieMode(boolean z) throws AuthLoginException {
        if (!this.loginState.ignoreProfile()) {
            if (!z) {
                if (AuthD.debug.messageEnabled()) {
                    AuthD.debug.message("user is not valid");
                }
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_INVALID_PCOOKIE);
                setErrorMsgAndTemplate();
                this.st.setStatus(4);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_INVALID_PCOOKIE, null);
            }
            if (new AMAccountLockout(this.loginState).isAccountExpired()) {
                this.loginState.logFailed(this.bundle.getString("accountExpired"));
                this.loginState.setErrorCode(AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED);
                setErrorMsgAndTemplate();
                this.st.setStatus(4);
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED, null);
            }
        }
        if (this.loginState.ignoreProfile()) {
            try {
                this.loginState.populateDefaultUserAttributes();
            } catch (Exception e) {
                AuthD.debug.message("Error get default attributes ", e);
                setAuthError(AMAuthErrorCode.AUTH_ERROR, "loginFailed");
                throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
            }
        }
        if (this.loginState.isSessionUpgrade()) {
            this.loginState.setPCookieUserName(this.indexName);
            return;
        }
        updateLoginState(this.loginState, this.indexType, this.indexName, this.configName);
        Subject subject = new Subject();
        subject.getPrincipals().add(new UserPrincipal(this.indexName));
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("Subject is.. :").append(subject).toString());
        }
        try {
            this.loginState.activateSession(subject);
            this.loginState.updateSessionForFailover();
            this.loginState.logSuccess();
            this.st.setStatus(3);
            AuthD.debug.message("login success");
        } catch (Exception e2) {
            AuthD.debug.message("Error activating session ");
            setAuthError(AMAuthErrorCode.AUTH_ERROR, "loginFailed");
            throw new AuthLoginException("amAuth", AMAuthErrorCode.AUTH_ERROR, null);
        }
    }

    void setLoginHash() {
        try {
            this.sid = AuthUtils.getSidString(this.authContext);
            this.loginState = AuthUtils.getLoginState(this.authContext);
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("sid .. ").append(this.sid).toString());
                AuthD.debug.message(new StringBuffer().append("login state is .. : ").append(this.loginState).toString());
            }
        } catch (Exception e) {
            AuthD.debug.message("executLogin exception : ", e);
        }
        try {
            loginHash.put(this.sid, this.loginState);
        } catch (Exception e2) {
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message("Error : ", e2);
            }
        }
    }

    void setAuthError(String str, String str2) {
        this.loginState.setErrorCode(str);
        setErrorMsgAndTemplate();
        this.loginState.logFailed(this.bundle.getString(str2));
        this.st.setStatus(4);
        loginHash.remove(this.sid);
    }

    public void postProcessOnFail() {
        if (this.internalAuthError || this.processDone) {
            return;
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message("postProcessOnFail ");
        }
        this.loginState.onFailureProcess(this.indexType, this.indexName);
        this.loginState.setFailureLoginURL(this.indexType, this.indexName);
        this.processDone = true;
    }

    public void postProcessOnSuccess() {
        if (this.processDone) {
            return;
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message("postProcessOnSuccess ");
        }
        this.loginState.onSuccessProcess(this.indexType, this.indexName);
        this.loginState.setSuccessLoginURL(this.indexType, this.indexName);
        this.processDone = true;
    }

    private Set getModuleFromAuthConfiguration(Set set) {
        Configuration configuration = Configuration.getConfiguration();
        if (this.configName == null) {
            this.configName = getConfigName(this.indexType, this.indexName, this.loginState.getOrgDN(), this.loginState.getClientType());
        }
        AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry(this.configName);
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("configName is : ").append(this.configName).toString());
        }
        if (appConfigurationEntry != null && appConfigurationEntry.length != 0) {
            if (appConfigurationEntry.length == 1) {
                set.add(getModuleNameFromAuthenticator(appConfigurationEntry[0].getLoginModuleName()));
            } else {
                for (int i = 0; i < appConfigurationEntry.length; i++) {
                    AppConfigurationEntry.LoginModuleControlFlag controlFlag = appConfigurationEntry[i].getControlFlag();
                    String moduleNameFromAuthenticator = getModuleNameFromAuthenticator(appConfigurationEntry[i].getLoginModuleName());
                    if (isControlFlagMatchFound(controlFlag)) {
                        set.add(moduleNameFromAuthenticator);
                    }
                }
            }
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("ModuleSet is : ").append(set).toString());
        }
        return set;
    }

    String getFailureModuleList() {
        String str = "";
        try {
            Set moduleFromAuthConfiguration = getModuleFromAuthConfiguration(this.loginState.getFailureModuleSet());
            if (AuthD.debug.messageEnabled()) {
                AuthD.debug.message(new StringBuffer().append("ModuleSet is : ").append(moduleFromAuthConfiguration).toString());
            }
            str = getModuleString(moduleFromAuthConfiguration);
        } catch (Exception e) {
            AuthD.debug.message("Exception : getFailureModuleList ", e);
        }
        if (AuthD.debug.messageEnabled()) {
            AuthD.debug.message(new StringBuffer().append("moduleList is :").append(str).toString());
        }
        return str;
    }

    boolean isControlFlagMatchFound(AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag) {
        boolean z = false;
        if (loginModuleControlFlag != null) {
            z = loginModuleControlFlag == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED || loginModuleControlFlag == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
        }
        return z;
    }

    String getSuccessModuleString() {
        if (this.moduleSet.isEmpty()) {
            this.moduleSet = getSuccessModuleSet();
        }
        return getModuleString(this.moduleSet);
    }

    static {
        authThread.start();
    }
}
