package com.sun.identity.authentication.modules.application;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.sun.identity.authentication.modules.ldap.LDAPAuthUtils;
import com.sun.identity.authentication.modules.ldap.LDAPUtilException;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.Constants;
import com.sun.identity.security.DecodeAction;
import java.security.AccessController;
import java.security.Principal;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:119465-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/application/Application.class */
public class Application extends AMLoginModule {
    private static String secret;
    private static final String amAuthApplication = "amAuthApplication";
    private static Debug debug = Debug.getInstance(amAuthApplication);
    private static String rootSuffix;
    private LDAPAuthUtils ldapUtil;
    private Map currentConfig;
    private static boolean ldapSSL;
    private String userTokenId = null;
    private Principal userPrincipal = null;
    private String errorMsg = null;
    private ResourceBundle bundle = null;

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        try {
            debug.message("in initialize...");
            Locale loginLocale = getLoginLocale();
            this.bundle = AMLoginModule.amCache.getResBundle(amAuthApplication, loginLocale);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("ApplicationAuth resbundle locale=").append(loginLocale).toString());
            }
        } catch (Exception e) {
            debug.error(new StringBuffer().append("ApplicationAuthModule Init: ").append(e.getMessage()).toString());
            if (debug.messageEnabled()) {
                debug.message("Stack trace: ", e);
            }
            this.errorMsg = "appInitFalied";
        }
        if (secret == null || secret.equals("")) {
            debug.message("Init : NULL secret in AMConfig.properties");
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (this.errorMsg != null) {
            throw new AuthLoginException(amAuthApplication, this.errorMsg, null);
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        String str = null;
        String str2 = null;
        if (httpServletRequest != null) {
            str = httpServletRequest.getParameter("IDToken0");
            str2 = httpServletRequest.getParameter("IDToken1");
            if (str == null && str2 == null) {
                str = httpServletRequest.getParameter("Login.Token0");
                str2 = httpServletRequest.getParameter("Login.Token1");
            }
        }
        if (str2 == null && str == null) {
            Map sendCallback = sendCallback();
            if (sendCallback == null) {
                throw new AuthLoginException(amAuthApplication, "wrongSecret", null);
            }
            str2 = (String) sendCallback.get("secret");
            str = (String) sendCallback.get("uid");
        }
        if (str2 == null) {
            throw new AuthLoginException(amAuthApplication, "noPassword", null);
        }
        if (secret != null && !secret.equals("") && str2.equals(secret)) {
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("App.validate, secret matched : ").append(str).toString());
            }
            String stringBuffer = (str == null || str.equals("")) ? "amService-gateway" : new StringBuffer().append(ISAuthConstants.APPLICATION_USER_PREFIX).append(str).toString();
            if (dnEntryExist(stringBuffer)) {
                this.userTokenId = stringBuffer;
                return -1;
            }
            debug.error(new StringBuffer().append(stringBuffer).append(" is not a valid ldap entry").toString());
            setFailureID(stringBuffer);
            throw new AuthLoginException(amAuthApplication, "wrongSecret", null);
        }
        if (authenticateToLDAP(str, str2) != 26) {
            debug.error(new StringBuffer().append("App.validate, User not Valid: ").append(str).toString());
            setFailureID(str);
            throw new AuthLoginException(amAuthApplication, "userInvalid", null);
        }
        if (this.userTokenId == null) {
            this.userTokenId = this.ldapUtil.getUserId();
        }
        if (!debug.messageEnabled()) {
            return -1;
        }
        debug.message(new StringBuffer().append("Auth is successful,returning User = ").append(this.userTokenId).toString());
        return -1;
    }

    private boolean dnEntryExist(String str) {
        return isValidUserEntry(new StringBuffer().append("cn=").append(str).append(",ou=DSAME Users,").append(rootSuffix).toString());
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.userTokenId == null) {
            return null;
        }
        this.userPrincipal = new ApplicationPrincipal(this.userTokenId);
        return this.userPrincipal;
    }

    private Map sendCallback() {
        String name;
        try {
            CallbackHandler callbackHandler = getCallbackHandler();
            if (callbackHandler == null) {
                throw new AuthLoginException(amAuthApplication, "NoCallbackHandler", null);
            }
            NameCallback[] nameCallbackArr = {new NameCallback(this.bundle.getString("appname")), new PasswordCallback(this.bundle.getString("secret"), true)};
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Callback is.. :").append(nameCallbackArr).toString());
            }
            callbackHandler.handle(nameCallbackArr);
            HashMap hashMap = new HashMap();
            for (NameCallback nameCallback : nameCallbackArr) {
                if (nameCallback instanceof PasswordCallback) {
                    char[] password = ((PasswordCallback) nameCallback).getPassword();
                    if (password != null) {
                        hashMap.put("secret", new String(password));
                    }
                } else if ((nameCallback instanceof NameCallback) && (name = nameCallback.getName()) != null) {
                    hashMap.put("uid", name);
                }
            }
            return hashMap;
        } catch (Exception e) {
            debug.error(new StringBuffer().append("sendCallback: ").append(e.getMessage()).toString());
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("Stack trace: ", e);
            return null;
        }
    }

    private int authenticateToLDAP(String str, String str2) throws AuthLoginException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append(" In authenticateToLDAP with User : ").append(str).toString());
        }
        try {
            if (isSuperAdmin(str)) {
                this.ldapUtil = new LDAPAuthUtils(AuthD.directoryHostName, AuthD.directoryPort, ldapSSL, this.bundle, debug);
                this.ldapUtil.authenticateSuperAdmin(str, str2);
                if (this.ldapUtil.getState() != 26) {
                    debug.message("Invalid adminID or admin Password");
                    setFailureID(this.ldapUtil.getUserId(str));
                    throw new AuthLoginException(amAuthApplication, "InvalidUP", null);
                }
                this.userTokenId = str;
            } else {
                if (!initLDAPAttributes(ISAuthConstants.LDAP_SERVICE_NAME)) {
                    debug.message("Invalid userID or user Password");
                    setFailureID(str);
                    throw new AuthLoginException(amAuthApplication, "basicLDAPex", null);
                }
                this.ldapUtil.authenticateUser(str, str2);
            }
            return this.ldapUtil.getState();
        } catch (LDAPUtilException e) {
            setFailureID(str);
            switch (e.getLDAPResultCode()) {
                case 32:
                    debug.message("The specified user does not exist.");
                    throw new AuthLoginException(amAuthApplication, "NoUser", null);
                case 49:
                    debug.message("Invalid password.");
                    throw new InvalidPasswordException(amAuthApplication, "InvalidUP", null, this.ldapUtil.getUserId(), e);
                default:
                    throw new AuthLoginException(amAuthApplication, "basicLDAPex", null);
            }
        }
    }

    private boolean initLDAPAttributes(String str) throws AuthLoginException {
        this.currentConfig = getOrgServiceTemplate(getRequestOrg(), str);
        try {
            String serverMapAttr = Misc.getServerMapAttr(this.currentConfig, ISAuthConstants.LDAP_SERVER);
            if (serverMapAttr == null) {
                debug.message("No server for configuring");
                return false;
            }
            String serverMapAttr2 = Misc.getServerMapAttr(this.currentConfig, ISAuthConstants.LDAP_BASEDN);
            if (serverMapAttr2 == null) {
                debug.error("Fatal error: baseDN for search has invalid value");
                throw new AuthLoginException(amAuthApplication, "basednnull", null);
            }
            String mapAttr = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_BINDDN, "");
            String mapAttr2 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_BINDPWD, "");
            String mapAttr3 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_UNA, "uid");
            Set set = (Set) this.currentConfig.get(ISAuthConstants.LDAP_USERSEARCH);
            String mapAttr4 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_SEARCHFILTER, "");
            boolean booleanValue = Boolean.valueOf(Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_SSL, "false")).booleanValue();
            String mapAttr5 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_SEARCHSCOPE, "SUBTREE");
            int i = 2;
            if (mapAttr5.equalsIgnoreCase("OBJECT")) {
                i = 0;
            } else if (mapAttr5.equalsIgnoreCase("ONELEVEL")) {
                i = 1;
            }
            String mapAttr6 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
            int indexOf = serverMapAttr.indexOf(58);
            int i2 = 389;
            if (indexOf != -1) {
                i2 = Integer.parseInt(serverMapAttr.substring(indexOf + 1));
                serverMapAttr = serverMapAttr.substring(0, indexOf);
            }
            this.ldapUtil = new LDAPAuthUtils(serverMapAttr, i2, booleanValue, this.bundle, serverMapAttr2, debug);
            this.ldapUtil.setScope(i);
            this.ldapUtil.setFilter(mapAttr4);
            this.ldapUtil.setUserNamingAttribute(mapAttr3);
            this.ldapUtil.setUserSearchAttribute(set);
            this.ldapUtil.setAuthPassword(mapAttr2);
            this.ldapUtil.setAuthDN(mapAttr);
            this.ldapUtil.setReturnUserDN(mapAttr6);
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("bindDN-> ").append(mapAttr).append("\nbaseDN-> ").append(serverMapAttr2).append("\nuserNamingAttr-> ").append(mapAttr3).append("\nuserSearchAttr(s)-> ").append(set).append("\nsearchFilter-> ").append(mapAttr4).append("\nsearchScope-> ").append(i).append("\nssl-> ").append(booleanValue).append("\nHost: ").append(serverMapAttr).append("\nINDEDX : ").append(indexOf).append("\nPORT : ").append(i2).toString());
            return true;
        } catch (Exception e) {
            debug.error("LDAP Init Exception", e);
            throw new AuthLoginException(amAuthApplication, "basicLDAPex", null, e);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void destroyModuleState() {
        this.userTokenId = null;
        this.userPrincipal = null;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void nullifyUsedVars() {
        this.errorMsg = null;
        this.bundle = null;
        this.ldapUtil = null;
        this.currentConfig = null;
    }

    static {
        secret = null;
        rootSuffix = null;
        ldapSSL = false;
        debug.message("Application module getting secret");
        secret = (String) AccessController.doPrivileged(new DecodeAction(SystemProperties.get(Constants.AM_SERVICES_SECRET).trim()));
        rootSuffix = SystemProperties.get(Constants.AM_ROOT_SUFFIX);
        ldapSSL = Boolean.valueOf(SystemProperties.get(Constants.AM_DIRECTORY_SSL_ENABLED, "false")).booleanValue();
    }
}
