package com.sun.identity.password.ui.model;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.services.cdm.G11NSettings;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.common.Constants;
import com.sun.identity.password.plugins.NotifyPassword;
import com.sun.identity.password.plugins.PasswordGenerator;
import com.sun.identity.security.DecryptAction;
import java.security.AccessController;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:119465-01/SUNWampwd/reloc/SUNWam/password.war:WEB-INF/lib/am_password.jar:com/sun/identity/password/ui/model/PWResetQuestionModelImpl.class */
public class PWResetQuestionModelImpl extends PWResetModelImpl implements PWResetQuestionModel, Constants {
    private static final String TOKEN = "\t";
    private static final String PW_RESET_OPTION = "iplanet-am-password-reset-option";
    private static final String PW_RESET_NOTIFICATION = "iplanet-am-password-reset-notification";
    private static final String PW_RESET_BIND_DN = "iplanet-am-password-reset-bindDN";
    private static final String PW_RESET_BIND_PASSWORD = "iplanet-am-password-reset-bindPasswd";
    private static final String PW_RESET_QUESTION_ANSWER = "iplanet-am-user-password-reset-question-answer";
    private static final String PW_RESET_QUESTION = "iplanet-am-password-reset-question";
    private static final String PW_RESET_PERSONAL_ANSWER = "iplanet-am-password-reset-user-personal-question";
    private static final String USER_PASSWORD_ATTR = "userpassword";
    private static final String PASSWORD_RESET_FORCE_RESET = "iplanet-am-password-reset-force-reset";
    private static final String USER_PASSWORD_RESET_FORCE_RESET = "iplanet-am-user-password-reset-force-reset";
    private static final String PASSWORD_EXPIRATION_TIME_ATTR = "passwordExpirationTime";
    private static final int DEFAULT_QUESTION_ON = 1;
    private static final int PERSONAL_QUESTION_ON = 3;
    private Map secretQuestionsMap = null;
    private static G11NSettings g11nSettings = G11NSettings.getInstance();
    private static final String PASSWORD_EXPIRATION_TIME_VALUE = "19700101000000Z";

    private boolean isUserAnswersCorrect(Map map, AMUser aMUser, String str) throws SSOException, AMException {
        Map secretQuestions = getSecretQuestions(aMUser, str);
        if (secretQuestions == null || secretQuestions.isEmpty() || map == null || map.isEmpty()) {
            return false;
        }
        for (String str2 : map.keySet()) {
            if (!((String) map.get(str2)).equals((String) secretQuestions.get(str2))) {
                return false;
            }
        }
        return true;
    }

    private String getPasswordResetValue(String str, AMUser aMUser) {
        String str2 = null;
        Object pluginObject = getPluginObject(str, PW_RESET_OPTION);
        if (pluginObject != null) {
            try {
                if (pluginObject instanceof PasswordGenerator) {
                    str2 = ((PasswordGenerator) pluginObject).generatePassword(aMUser);
                }
            } catch (PWResetException e) {
                PWResetModelImpl.debug.error("PWResetQuestionModelImpl.getPasswordResetValue: could not generate password", e);
            }
        }
        return str2;
    }

    private Object getPluginObject(String str, String str2) {
        Object obj = null;
        String attributeValue = getAttributeValue(str, str2);
        try {
            obj = Class.forName(attributeValue).newInstance();
        } catch (ClassNotFoundException e) {
            PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.getPluginObject:could not find class: ").append(attributeValue).toString(), e);
        } catch (IllegalAccessException e2) {
            PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.getPluginObject:could not access class: ").append(attributeValue).toString(), e2);
        } catch (InstantiationException e3) {
            PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.getPluginObject:could not create class: ").append(attributeValue).toString(), e3);
        }
        return obj;
    }

    private NotifyPassword getNotifyPassword(String str) {
        NotifyPassword notifyPassword = null;
        Object pluginObject = getPluginObject(str, PW_RESET_NOTIFICATION);
        if (pluginObject != null && (pluginObject instanceof NotifyPassword)) {
            notifyPassword = (NotifyPassword) pluginObject;
        }
        return notifyPassword;
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public void resetPassword(String str, String str2, Map map) throws PWResetException {
        populateLockoutValues(str2);
        PWResetAccountLockout pWResetAccountLockout = new PWResetAccountLockout(this);
        try {
            AMUser user = this.dpStoreConn.getUser(str);
            this.localeContext.setOrgLocale(str2);
            sendAttemptEmail(user);
            if (isUserAnswersCorrect(map, user, str2)) {
                pWResetAccountLockout.removeUserLockoutEntry(str);
                String passwordResetValue = getPasswordResetValue(str2, user);
                if (passwordResetValue == null || passwordResetValue.length() <= 0) {
                    this.errorMsg = getLocalizedString("passResetError.message");
                } else {
                    NotifyPassword notifyPassword = getNotifyPassword(str2);
                    if (notifyPassword != null) {
                        changePassword(user, passwordResetValue, notifyPassword, str, str2);
                        writeLog("pwResetSuccess.message", str);
                    } else {
                        this.errorMsg = getLocalizedString("passResetError.message");
                    }
                }
            } else {
                pWResetAccountLockout.invalidAnswer(user, str);
                if (!isLockoutWarning(pWResetAccountLockout, str)) {
                    this.errorMsg = getLocalizedString("wrongAnswer.message");
                }
            }
        } catch (AMException e) {
            if (PWResetModelImpl.debug.warningEnabled()) {
                PWResetModelImpl.debug.warning(new StringBuffer().append("Could not reset password for ").append(str).append(" in organization ").append(str2).toString(), e);
            }
            this.errorMsg = getErrorString(e);
        } catch (SSOException e2) {
            if (PWResetModelImpl.debug.warningEnabled()) {
                PWResetModelImpl.debug.warning(new StringBuffer().append("Could not reset password for ").append(str).append(" in organization ").append(str2).toString(), e2);
            }
            this.errorMsg = getErrorString(e2);
        }
        if (this.errorMsg != null && this.errorMsg.length() > 0) {
            writeLog("pwResetFail.message", str);
            throw new PWResetException(this.errorMsg);
        }
        if (this.informationMsg == null || this.informationMsg.length() <= 0) {
            return;
        }
        writeLog("pwResetFail.message", str);
        throw new PWResetException(this.informationMsg);
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public Map getSecretQuestions(String str, String str2) {
        if (this.secretQuestionsMap == null) {
            try {
                getSecretQuestions(this.dpStoreConn.getUser(str), str2);
            } catch (AMException e) {
                PWResetModelImpl.debug.error(new StringBuffer().append("Could not get secret question for ").append(str).append(" in organization ").append(str2).toString(), e);
            } catch (SSOException e2) {
                if (PWResetModelImpl.debug.warningEnabled()) {
                    PWResetModelImpl.debug.warning(new StringBuffer().append("Could not get secret question for ").append(str).append(" in organization ").append(str2).toString(), e2);
                }
            }
        }
        return this.secretQuestionsMap;
    }

    private Map getSecretQuestions(AMUser aMUser, String str) throws SSOException, AMException {
        Set attribute;
        if (this.secretQuestionsMap == null) {
            Set defaultQuestions = getDefaultQuestions(str);
            if (aMUser != null && (attribute = aMUser.getAttribute(PW_RESET_QUESTION_ANSWER)) != null && !attribute.isEmpty()) {
                this.secretQuestionsMap = getQuestionsAnswers(attribute, defaultQuestions, str);
            }
        }
        return this.secretQuestionsMap;
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public String getLocalizedStrForQuestion(String str) {
        return getL10NAttributeName("iPlanetAMPasswordResetService", str);
    }

    private void sendAttemptEmail(AMUser aMUser) {
        Set set = Collections.EMPTY_SET;
        Set set2 = null;
        try {
            set = aMUser.getAttribute("mail");
            set2 = aMUser.getAttribute("preferredlocale");
        } catch (AMException e) {
            PWResetModelImpl.debug.error("Could not get attribute mail", e);
        } catch (SSOException e2) {
            PWResetModelImpl.debug.error("Could not get attribute mail", e2);
        }
        Locale locale = null;
        if (set2 != null && !set2.isEmpty()) {
            String obj = set2.iterator().next().toString();
            locale = obj != null ? com.iplanet.am.util.Locale.getLocale(obj) : null;
        }
        if (locale == null) {
            locale = this.localeContext.getLocale();
        }
        ResourceBundle bundle = PWResetResBundleCacher.getBundle(PWResetModel.DEFAULT_RB, locale);
        if (set == null || set.isEmpty()) {
            return;
        }
        sendEmailToUser(bundle.getString("fromAddress.label"), new String[]{(String) set.iterator().next()}, bundle.getString("attemptSubject.message"), bundle.getString("attemptEmail.message"), g11nSettings.getDefaultCharsetForLocale(locale));
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public String getPWQuestionTitleString(String str) {
        return MessageFormat.format(getLocalizedString("pwQuestion.title"), str);
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public String getOKBtnLabel() {
        return getLocalizedString("ok.button");
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public String getPreviousBtnLabel() {
        return getLocalizedString("previous.button");
    }

    protected SSOToken getServiceSSOToken(String str, String str2) {
        SSOToken sSOToken = null;
        try {
            sSOToken = SSOTokenManager.getInstance().createSSOToken(new AuthPrincipal(str), str2);
        } catch (SSOException e) {
            PWResetModelImpl.debug.error(new StringBuffer().append("Could not get sso token for ").append(str).toString(), e);
        }
        return sSOToken;
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public void setNoQuestionsInfoMsg() {
        this.informationMsg = getLocalizedString("noQuestions.message");
    }

    private Map getQuestionsAnswers(Set set, Set set2, String str) {
        if (set == null || set.isEmpty()) {
            return null;
        }
        HashMap hashMap = new HashMap(set.size());
        Iterator it = set.iterator();
        boolean isUserQuestionEnabled = isUserQuestionEnabled(str);
        while (it.hasNext()) {
            StringTokenizer stringTokenizer = new StringTokenizer((String) AccessController.doPrivileged(new DecryptAction((String) it.next())), TOKEN);
            if (stringTokenizer.countTokens() == 3) {
                String nextToken = stringTokenizer.nextToken();
                String nextToken2 = stringTokenizer.nextToken();
                int parseInt = Integer.parseInt(stringTokenizer.nextToken());
                if (isUserQuestionEnabled) {
                    if (parseInt == 3) {
                        hashMap.put(nextToken, nextToken2);
                    } else if (parseInt == 1 && set2.contains(nextToken)) {
                        hashMap.put(nextToken, nextToken2);
                    }
                } else if (parseInt == 1 && set2.contains(nextToken)) {
                    hashMap.put(nextToken, nextToken2);
                }
            }
        }
        return hashMap;
    }

    protected Set getDefaultQuestions(String str) {
        return getAttributeValues(str, PW_RESET_QUESTION);
    }

    public boolean isUserQuestionEnabled(String str) {
        boolean z = false;
        String attributeValue = getAttributeValue(str, PW_RESET_PERSONAL_ANSWER);
        if (attributeValue != null && attributeValue.equals("true")) {
            z = true;
        }
        return z;
    }

    private void changePassword(AMUser aMUser, String str, NotifyPassword notifyPassword, String str2, String str3) throws PWResetException, SSOException, AMException {
        boolean isForceReset = isForceReset(aMUser, str3);
        String attributeValue = getAttributeValue(str3, PW_RESET_BIND_DN);
        String attributeValue2 = getAttributeValue(str3, PW_RESET_BIND_PASSWORD);
        if ((attributeValue != null && attributeValue.length() > 0) || (attributeValue2 != null && attributeValue2.length() > 0)) {
            SSOToken serviceSSOToken = getServiceSSOToken(attributeValue, attributeValue2);
            if (serviceSSOToken == null) {
                this.errorMsg = getLocalizedString("passResetError.message");
                throw new PWResetException(this.errorMsg);
            }
            this.ssoToken = serviceSSOToken;
            this.dpStoreConn = new AMStoreConnection(this.ssoToken);
            aMUser = this.dpStoreConn.getUser(str2);
        }
        changeUserAttribute(aMUser, "userpassword", str);
        if (isForceReset) {
            setUserPasswordChangedEntry(str2, str);
        }
        notifyUser(aMUser, notifyPassword, str, str3);
    }

    private void notifyUser(AMUser aMUser, NotifyPassword notifyPassword, String str, String str2) {
        this.passwordResetMsg = getLocalizedString("emailNotify.message");
        try {
            notifyPassword.notifyPassword(aMUser, str, this.localeContext.getLocale());
        } catch (PWResetException e) {
            if (PWResetModelImpl.debug.warningEnabled()) {
                PWResetModelImpl.debug.warning("PWResetQuestionModelImpl.notifyUser: unable to notify the user about password change", e);
            }
            this.passwordResetMsg = e.getMessage();
        }
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public String getMissingAnswerMessage() {
        this.errorMsg = getLocalizedString("missingAnswer.message");
        return this.errorMsg;
    }

    @Override // com.sun.identity.password.ui.model.PWResetQuestionModel
    public boolean isQuestionAvailable(String str, String str2) {
        Map secretQuestions = getSecretQuestions(str, str2);
        return (secretQuestions == null || secretQuestions.isEmpty()) ? false : true;
    }

    private boolean isLockoutWarning(PWResetAccountLockout pWResetAccountLockout, String str) {
        boolean z = false;
        int warnUserCount = pWResetAccountLockout.getWarnUserCount(str);
        if (warnUserCount < 0) {
            this.informationMsg = getLocalizedString("lockoutMsg.message");
            z = true;
            writeLog("accountLockout.message", str);
        } else if (warnUserCount > 0) {
            this.errorMsg = MessageFormat.format(getLocalizedString("lockoutWarning.message"), String.valueOf(warnUserCount));
            z = true;
        }
        return z;
    }

    @Override // com.sun.identity.password.ui.model.PWResetModelImpl, com.sun.identity.password.ui.model.PWResetModel
    public boolean isUserLockout(String str, String str2) {
        return !isUserStatusActive(str) || super.isUserLockout(str, str2);
    }

    private boolean isUserStatusActive(String str) {
        boolean z = false;
        try {
            if (PWResetModelImpl.getFirstElement(this.dpStoreConn.getUser(str).getAttribute("inetuserstatus")).equalsIgnoreCase(PWResetModel.ACTIVE)) {
                z = true;
            }
        } catch (AMException e) {
            if (PWResetModelImpl.debug.warningEnabled()) {
                PWResetModelImpl.debug.warning(new StringBuffer().append("PWResetQuestionModelImpl.isUserStatusActiveCould not determine the user's account status for  ").append(str).toString(), e);
            }
            this.errorMsg = getErrorString(e);
        } catch (SSOException e2) {
            if (PWResetModelImpl.debug.warningEnabled()) {
                PWResetModelImpl.debug.warning(new StringBuffer().append("PWResetQuestionModelImpl.isUserStatusActiveCould not determine the user's account status for  ").append(str).toString(), e2);
            }
            this.errorMsg = getErrorString(e2);
        }
        return z;
    }

    private void changeUserAttribute(AMUser aMUser, String str, String str2) throws SSOException, AMException {
        HashMap hashMap = new HashMap(1);
        HashSet hashSet = new HashSet(1);
        hashSet.add(str2);
        hashMap.put(str, hashSet);
        aMUser.setAttributes(hashMap);
        aMUser.store();
    }

    private boolean isForceReset(AMUser aMUser, String str) {
        boolean z;
        boolean isAttributeSet = isAttributeSet(str, PASSWORD_RESET_FORCE_RESET);
        if (!isAttributeSet) {
            try {
                String firstElement = PWResetModelImpl.getFirstElement(aMUser.getAttribute(USER_PASSWORD_RESET_FORCE_RESET));
                if (firstElement != null) {
                    if (firstElement.equals("true")) {
                        z = true;
                        isAttributeSet = z;
                    }
                }
                z = false;
                isAttributeSet = z;
            } catch (AMException e) {
                PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.isForceResetCould not determine the force reset value for user ").append(this.userDN).toString(), e);
            } catch (SSOException e2) {
                PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.isForceResetCould not determine the force reset value for user ").append(this.userDN).toString(), e2);
            }
        }
        return isAttributeSet;
    }

    private void setUserPasswordChangedEntry(String str, String str2) {
        try {
            SSOToken sSOToken = getSSOToken();
            if (sSOToken != null) {
                this.ssoToken = sSOToken;
                this.dpStoreConn = new AMStoreConnection(this.ssoToken);
                changeUserAttribute(this.dpStoreConn.getUser(str), PASSWORD_EXPIRATION_TIME_ATTR, PASSWORD_EXPIRATION_TIME_VALUE);
            } else {
                PWResetModelImpl.debug.error("PWResetQuestionModelImpl.setUserPasswordChangedEntry Cannot not get admin sso token");
            }
        } catch (AMException e) {
            PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.setUserPasswordChangedEntryCould not set value for attribute passwordExpirationTime for user ").append(str).toString(), e);
        } catch (SSOException e2) {
            PWResetModelImpl.debug.error(new StringBuffer().append("PWResetQuestionModelImpl.setUserPasswordChangedEntryCould not set value for attribute passwordExpirationTime for user ").append(str).toString(), e2);
        }
    }
}
