package com.sun.uwc.common.auth;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.jato.util.NonSyncStringBuffer;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenID;
import com.iplanet.sso.SSOTokenManager;
import com.sun.comclient.calendar.DateTime;
import com.sun.uwc.UWCServletBase;
import com.sun.uwc.common.ISUserHelper;
import com.sun.uwc.common.SessionConstants;
import com.sun.uwc.common.UWCApplicationHelper;
import com.sun.uwc.common.util.UWCConstants;
import com.sun.uwc.common.util.UWCUtils;
import java.io.IOException;
import java.util.Hashtable;
import java.util.Map;
import java.util.TimeZone;
import java.util.prefs.Preferences;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:118540-21/SUNWuwc/reloc/WEB-INF/lib/uwc.jar:com/sun/uwc/common/auth/IdentitySSOAuthFilter.class */
public class IdentitySSOAuthFilter extends AuthFilter {
    public static final String CONFIG_FILENAME = "uwcauth.properties";
    public static final String CONFIG_IDENTITY_URL = "uwcauth.identity.login.url";
    public static final String CONFIG_IDENTITY_COOKIE = "uwcauth.identity.cookiename";
    private static final String AUTH_ONLY_PARAM = "authOnly";
    private Hashtable _orgToDomainMap;
    private static String _identityCookieName = null;
    private static String _cookieDomain = null;
    static int _uwcPort = 80;
    static int _uwcSSLPort = 443;
    private final transient String IS_AUTH_ERR_INDICATOR = "err";
    public String AUTH_ERROR = "autherror";
    private String _defaultDomain = null;
    private String _config_filename = null;
    private String _identityURL = null;
    private boolean _enabled = true;
    private boolean _sslEnabled = false;
    private IdentitySSO _identitySSO = null;

    @Override // com.sun.uwc.common.auth.AuthFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        this._config_filename = "uwcauth.properties";
        super.init(filterConfig);
        Preferences preferences = super.getPreferences();
        this._defaultDomain = preferences.get("defaultdomain", "iplanet.com");
        this._sslEnabled = preferences.getBoolean("uwcauth.ssl.enabled", false);
        _uwcSSLPort = preferences.getInt("uwcauth.https.port", 443);
        _uwcPort = preferences.getInt("uwcauth.http.port", 80);
        this._identityURL = preferences.get("uwcauth.identity.login.url", null);
        _identityCookieName = preferences.get(CONFIG_IDENTITY_COOKIE, "iPlanetDirectoryPro");
        _cookieDomain = preferences.get("uwcauth.cookiedomain", "iplanet.com");
        this._identitySSO = new IdentitySSO(preferences);
        this._orgToDomainMap = new Hashtable(3);
    }

    public static int getdcount(String str) {
        int i = 0;
        while (str.indexOf(".") != -1) {
            i++;
            str = str.substring(str.indexOf(".") + 1);
        }
        return i;
    }

    private String extractISHostFromURL() {
        int indexOf = this._identityURL.indexOf("//");
        return this._identityURL.substring(indexOf + 2, this._identityURL.indexOf("/", indexOf + 3));
    }

    private String isPortFromURL() {
        String extractISHostFromURL = extractISHostFromURL();
        int indexOf = extractISHostFromURL.indexOf(":");
        return indexOf != -1 ? extractISHostFromURL.substring(indexOf) : "";
    }

    private String constructIsHost(HttpServletRequest httpServletRequest) {
        String extractISHostFromURL = extractISHostFromURL();
        String hostHeaderFromURL = UWCUtils.getHostHeaderFromURL(httpServletRequest);
        return new StringBuffer().append(extractISHostFromURL.substring(0, extractISHostFromURL.indexOf(".") + 1)).append(hostHeaderFromURL.substring(hostHeaderFromURL.indexOf(".") + 1)).toString();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        SSOToken createSSOToken;
        AMUser user;
        String str;
        String str2;
        authLogger.entering("IdentitySSOAuthFilter:", " doFilter");
        if (!this._identityEnabled) {
            authLogger.entering("IdentitySSOAuthFilter:", " identity not enabled");
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str3 = null;
        boolean z = false;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str4 = this._identityURL;
        Object domainFromURL = UWCUtils.domainFromURL(httpServletRequest, UWCServletBase.getApplicationConfigMgr().getDomainManager());
        if (domainFromURL != null) {
            String str5 = super.getPreferences().get(new StringBuffer().append(UWCUtils.getHostHeaderFromURL(httpServletRequest)).append(".isvirtualhostname").toString(), null);
            if (str5 == null) {
                str5 = constructIsHost(httpServletRequest);
            }
            String stringBuffer = new StringBuffer().append(str5).append(isPortFromURL()).toString();
            if (stringBuffer != null) {
                try {
                    int indexOf = this._identityURL.indexOf("//");
                    str4 = new StringBuffer().append(this._identityURL.substring(0, indexOf + 2)).append(stringBuffer).append(this._identityURL.substring(this._identityURL.indexOf("/", indexOf + 3))).toString();
                } catch (Exception e) {
                    dump_stack(e);
                }
            }
        }
        if (domainFromURL == null) {
            domainFromURL = this._defaultDomain;
        }
        httpServletRequest.setAttribute(UWCConstants.IDENTITY_URL, str4);
        String serverName = httpServletRequest.getServerName();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null || (contextPath != null && contextPath.equals("/"))) {
            contextPath = "";
        }
        NonSyncStringBuffer nonSyncStringBuffer = new NonSyncStringBuffer();
        if (this._sslEnabled) {
            nonSyncStringBuffer.append("https://");
            nonSyncStringBuffer.append(serverName);
            nonSyncStringBuffer.append(":");
            nonSyncStringBuffer.append(_uwcSSLPort);
            nonSyncStringBuffer.append(contextPath);
            nonSyncStringBuffer.append("/");
        } else {
            nonSyncStringBuffer.append("http://");
            nonSyncStringBuffer.append(serverName);
            nonSyncStringBuffer.append(":");
            nonSyncStringBuffer.append(_uwcPort);
            nonSyncStringBuffer.append(contextPath);
            nonSyncStringBuffer.append("/");
        }
        httpServletRequest.setAttribute(UWCConstants.GOTO_IS_URI_PARAM, new StringBuffer().append(UWCConstants.GOTO_IS_URI_PARAM).append(nonSyncStringBuffer.toString()).toString());
        NonSyncStringBuffer nonSyncStringBuffer2 = new NonSyncStringBuffer(UWCConstants.GOTO_IS_URI_FAIL_PARAM);
        nonSyncStringBuffer2.append(nonSyncStringBuffer.toString());
        nonSyncStringBuffer2.append("?");
        nonSyncStringBuffer2.append("err");
        nonSyncStringBuffer2.append("=1");
        httpServletRequest.setAttribute(UWCConstants.GOTO_IS_URI_FAIL_PARAM, nonSyncStringBuffer2.toString());
        httpServletRequest.setAttribute("defaultdomain", this._defaultDomain);
        httpServletRequest.setAttribute(UWCConstants.DOMAIN_NAME, domainFromURL);
        String proxyUserFromRequest = getProxyUserFromRequest(httpServletRequest);
        String userFromRequest = getUserFromRequest(httpServletRequest);
        String passwordFromRequest = getPasswordFromRequest(httpServletRequest);
        String parameter = httpServletRequest.getParameter("fromlogin");
        boolean isProxyRequest = isProxyRequest(httpServletRequest);
        if (userFromRequest == null || userFromRequest.length() <= 0 || passwordFromRequest == null || passwordFromRequest.length() <= 0) {
            Map parameterMap = httpServletRequest.getParameterMap();
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("IdentitySSOAuthFilter: Resolved domain? ").append(domainFromURL).toString());
            }
            if (parameterMap != null && parameterMap.containsKey("err")) {
                authLogger.warning("IS Auth Error!");
                servletRequest.setAttribute(this.AUTH_ERROR, "true");
                servletRequest.setAttribute(UWCConstants.DOMAIN_NAME, domainFromURL);
                servletRequest.setAttribute("defaultdomain", this._defaultDomain);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (parameter != null && parameter.equals("true")) {
                servletRequest.setAttribute(this.AUTH_ERROR, "true");
                servletRequest.setAttribute("defaultdomain", this._defaultDomain);
                servletRequest.setAttribute(UWCConstants.DOMAIN_NAME, domainFromURL);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        } else {
            int lastIndexOf = userFromRequest.lastIndexOf("@");
            if (lastIndexOf != -1) {
                str3 = userFromRequest.substring(0, lastIndexOf);
                domainFromURL = userFromRequest.substring(lastIndexOf + 1);
            } else {
                str3 = userFromRequest;
                if (domainFromURL == null) {
                    domainFromURL = this._defaultDomain;
                }
            }
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("uid... ").append(str3).append("domain...").append(domainFromURL).toString());
            }
            authLogger.fine(new StringBuffer().append("username... ").append(userFromRequest).toString());
            String parameter2 = httpServletRequest.getParameter(AUTH_ONLY_PARAM);
            if (parameter2 == null || !parameter2.equalsIgnoreCase("true")) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            z = true;
        }
        try {
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine("1. session is not present.. get token manager.. ");
            }
            String str6 = null;
            AMStoreConnection adminStoreConnection = this._identitySSO.getAdminStoreConnection();
            if (z) {
                str6 = getSearchBase(domainFromURL, adminStoreConnection);
                this._orgToDomainMap.put(domainFromURL, str6);
                IdentitySSO identitySSO = this._identitySSO;
                createSSOToken = IdentitySSO.getSSOToken(str6, str3, passwordFromRequest);
                if (createSSOToken == null) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            } else {
                SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
                if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                    authLogger.fine("2. check for the token validity ");
                }
                if (!sSOTokenManager.isValidToken(createSSOToken)) {
                    authLogger.fine("3. Invalid Response");
                    authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
            AMStoreConnection aMStoreConnection = new AMStoreConnection(createSSOToken);
            if (isProxyRequest) {
                authLogger.fine("ProxyAuth Request ....");
                int lastIndexOf2 = proxyUserFromRequest.lastIndexOf("@");
                if (lastIndexOf2 != -1) {
                    str = proxyUserFromRequest.substring(0, lastIndexOf2);
                    str2 = proxyUserFromRequest.substring(lastIndexOf2 + 1);
                } else {
                    str = proxyUserFromRequest;
                    str2 = domainFromURL;
                }
                authLogger.fine(new StringBuffer().append("Proxy user id =").append(str).toString());
                authLogger.fine(new StringBuffer().append("Proxy Domain ").append(str2).toString());
                if (!isUserProxyAdmin(str3, domainFromURL)) {
                    authLogger.fine("Invalid Proxy Admin");
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
                authLogger.fine("Admin is Valid ....");
                AMStoreConnection adminStoreConnection2 = this._identitySSO.getAdminStoreConnection();
                if (!str2.equals(domainFromURL)) {
                    str6 = getSearchBase(str2, adminStoreConnection2);
                    this._orgToDomainMap.put(domainFromURL, str6);
                    if (str6 == null) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                }
                AMOrganization organization = adminStoreConnection2.getOrganization(str6);
                if (null != organization) {
                    authLogger.fine("Org Object is not NULL");
                }
                user = organization.getUser(str, (String) null);
                if (null == user) {
                    authLogger.fine("amuser is NULL!!");
                }
            } else {
                user = aMStoreConnection.getUser(createSSOToken.getPrincipal().getName());
            }
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine("3. Valid Response create session");
            }
            HttpSession session2 = httpServletRequest.getSession(true);
            SSOTokenID tokenID = createSSOToken.getTokenID();
            session2.setAttribute(SessionConstants.IDENTITY_TOKENID, tokenID.toString());
            String iso8601 = new DateTime(TimeZone.getTimeZone(UWCConstants.GMT_TIME_ZONE)).toISO8601();
            createSSOToken.setProperty(SessionConstants.UWC_STATUS, UWCConstants.ACTIVE);
            session2.setAttribute(SessionConstants.IDENTITY_LASTACCESS_GMTTIME, iso8601);
            String stringAttribute = user.getStringAttribute("uid");
            String organizationDN = user.getOrganizationDN();
            String dn = user.getDN();
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("6. userDN is ").append(dn).toString());
            }
            String stringAttribute2 = user.getStringAttribute("mail");
            String stringAttribute3 = user.getStringAttribute("cn");
            String stringAttribute4 = user.getStringAttribute("inetUserStatus");
            if (stringAttribute4 == null || stringAttribute4.length() == 0) {
            }
            String stringAttribute5 = user.getStringAttribute("preferredLanguage");
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("9. preferredLanguage is ").append(stringAttribute5).toString());
            }
            String stringAttribute6 = user.getStringAttribute(new StringBuffer().append("cn;lang-").append(stringAttribute5).toString());
            if (stringAttribute6 == null || (stringAttribute6 != null && stringAttribute6.length() == 0)) {
                stringAttribute6 = user.getStringAttribute("cn");
            }
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("10. commonName is ").append(stringAttribute6).toString());
            }
            AMOrganization organization2 = adminStoreConnection.getOrganization(organizationDN);
            String stringAttribute7 = organization2.getStringAttribute("sunPreferredDomain");
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("11. domainName is ").append(stringAttribute7).toString());
            }
            String stringAttribute8 = organization2.getStringAttribute("inetDomainStatus");
            if (stringAttribute8 != null && stringAttribute8.length() == 0) {
                stringAttribute8 = null;
            }
            if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                authLogger.fine(new StringBuffer().append("12. inetDomainStatus is ").append(stringAttribute8).toString());
            }
            if (stringAttribute8 == null || !stringAttribute8.equalsIgnoreCase(UWCConstants.INACTIVE)) {
                boolean mailServiceStatus = ISUserHelper.getMailServiceStatus(user, organization2);
                session2.setAttribute("mail.service.enabled", String.valueOf(mailServiceStatus));
                if (UWCApplicationHelper.IS_FINE_LVL_LOGGABLE) {
                    authLogger.fine(new StringBuffer().append("13. MailService:  ").append(mailServiceStatus).toString());
                }
                session2.setAttribute("calendar.service.enabled", String.valueOf(ISUserHelper.getCalendarServiceStatus(user, organization2)));
            } else {
                session2.setAttribute("mail.service.enabled", "false");
                session2.setAttribute("calendar.service.enabled", "false");
            }
            session2.setAttribute("uid", stringAttribute);
            session2.setAttribute("userdn", dn);
            session2.setAttribute(SessionConstants.USER_AUTH_DN, dn);
            session2.setAttribute("domaindn", organizationDN);
            session2.setAttribute("domainname", stringAttribute7);
            session2.setAttribute("userlang", stringAttribute5);
            if (stringAttribute2 != null) {
                session2.setAttribute("email", stringAttribute2);
            }
            if (stringAttribute3 != null) {
                session2.setAttribute("cn", stringAttribute3);
            }
            session2.setAttribute(SessionConstants.NEW_SESSION, "true");
            String header = httpServletRequest.getHeader("user-agent");
            if (header != null) {
                session2.setAttribute("useragent", header);
            }
            String header2 = httpServletRequest.getHeader("accept-language");
            if (header2 != null) {
                session2.setAttribute(SessionConstants.ACCEPT_LANG, header2);
            }
            String header3 = httpServletRequest.getHeader("accept-charset");
            if (header3 != null) {
                session2.setAttribute(SessionConstants.CHAR_SET_ENCODING, header3);
            }
            session2.setAttribute("username", stringAttribute6);
            authLogger.fine("Valid Response");
            UWCIdentitySSOTokenListener uWCIdentitySSOTokenListener = new UWCIdentitySSOTokenListener(tokenID.toString());
            createSSOToken.addSSOTokenListener(uWCIdentitySSOTokenListener);
            session2.setAttribute(SessionConstants.IDENTITY_TOKEN_LISTENER, uWCIdentitySSOTokenListener);
            authLogger.exiting("IdentitySSOAuthFilter:", " doFilter");
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (SSOException e2) {
            authLogger.warning(new StringBuffer().append("SSOException..").append(e2.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            ISUserHelper.removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Exception e3) {
            e3.printStackTrace();
            authLogger.warning(new StringBuffer().append("Exception..").append(e3.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            ISUserHelper.removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AMException e4) {
            authLogger.warning(new StringBuffer().append("AMException..").append(e4.getMessage()).toString());
            if (session != null) {
                session.invalidate();
            }
            ISUserHelper.removeIdentityCookie(servletRequest, servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void dump_stack(Exception exc) {
        authLogger.finest("*** Start Stack Trace ******");
        for (StackTraceElement stackTraceElement : exc.getStackTrace()) {
            authLogger.finest(new StringBuffer().append(stackTraceElement.getClassName()).append(".").append(stackTraceElement.getMethodName()).append("@").append(stackTraceElement.getLineNumber()).toString());
        }
        authLogger.finest("****** End Stack Trace ******");
    }

    public void destroy() {
    }

    public String getSearchBase(String str, AMStoreConnection aMStoreConnection) throws SSOException {
        String str2 = null;
        if (this._orgToDomainMap.containsKey(str)) {
            return (String) this._orgToDomainMap.get(str);
        }
        if (aMStoreConnection != null) {
            try {
                str2 = aMStoreConnection.getOrganizationDN(str, (String) null);
            } catch (AMException e) {
                throw new SSOException(e.toString());
            }
        }
        return str2;
    }

    public static String getIdentityCookieName() {
        return _identityCookieName;
    }

    public static String getIdentityCookieDomain() {
        return _cookieDomain;
    }
}
