package com.sun.identity.authentication.modules.httpbasic;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.sun.identity.authentication.modules.ldap.LDAPAuthUtils;
import com.sun.identity.authentication.modules.ldap.LDAPUtilException;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.spi.UserNamePasswordValidationException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.Constants;
import com.sun.identity.federation.common.IFSConstants;
import java.io.IOException;
import java.security.Principal;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:119465-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/httpbasic/HTTPBasic.class */
public class HTTPBasic extends AMLoginModule {
    private static final String amAuthHTTPBasic = "amAuthHTTPBasic";
    private static Debug debug;
    private static boolean ldapSSL;
    private static String hostName;
    private static final int SUCCESS = 26;
    private static String SA = ISAuthConstants.LDAP_SERVICE_PREFIX;
    private static String LDAPSERVER = new StringBuffer().append(SA).append("server").toString();
    private static String UNA = new StringBuffer().append(SA).append("user-naming-attribute").toString();
    private static String USERSEARCH = new StringBuffer().append(SA).append("user-search-attributes").toString();
    private static String SEARCHFILTER = new StringBuffer().append(SA).append("search-filter").toString();
    private static String BINDPWD = new StringBuffer().append(SA).append("bind-passwd").toString();
    private static String BASEDN = new StringBuffer().append(SA).append("base-dn").toString();
    private static String BINDDN = new StringBuffer().append(SA).append("bind-dn").toString();
    private static String SSL = new StringBuffer().append(SA).append("ssl-enabled").toString();
    private static String SEARCHSCOPE = new StringBuffer().append(SA).append("search-scope").toString();
    private static String MODCONFIG = "iplanet-am-auth-http-basic-module-configured";
    private static String AUTHLEVEL = "iplanet-am-auth-http-basic-auth-level";
    private static final String INVALID_CHARS = "iplanet-am-auth-ldap-invalid-chars";
    private Principal userPrincipal = null;
    private ResourceBundle bundle = null;
    private String validatedUserID;
    private String regEx;
    private LDAPAuthUtils ldapUtil;
    private String userName;
    private String userPassword;
    private Map currentConfig;
    private Map options;

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        Locale loginLocale = getLoginLocale();
        this.bundle = AMLoginModule.amCache.getResBundle(amAuthHTTPBasic, loginLocale);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("HttpBasicAuth resbundle locale=").append(loginLocale).toString());
        }
        this.options = map2;
    }

    private boolean initHttpBasicAuth() throws AuthLoginException {
        debug.message("HTTPBasic initialize()");
        String mapAttr = Misc.getMapAttr(this.options, MODCONFIG);
        if (mapAttr == null) {
            debug.message("No Service Template created");
            throw new AuthLoginException(amAuthHTTPBasic, "noST", null);
        }
        String mapAttr2 = Misc.getMapAttr(this.options, AUTHLEVEL);
        if (mapAttr2 != null) {
            try {
                setAuthLevel(Integer.parseInt(mapAttr2));
            } catch (Exception e) {
                debug.error(new StringBuffer().append("Unable to set auth level ").append(mapAttr2).toString(), e);
            }
        }
        String moduleServiceName = getModuleServiceName(mapAttr);
        if (moduleServiceName == null) {
            return false;
        }
        if (mapAttr.equals("LDAP")) {
            return initLDAPAttributes(moduleServiceName);
        }
        debug.error(" Init Exception");
        throw new AuthLoginException(amAuthHTTPBasic, "basicauthInitFalied", null);
    }

    private boolean initLDAPAttributes(String str) throws AuthLoginException {
        this.currentConfig = getOrgServiceTemplate(getRequestOrg(), str);
        try {
            String serverMapAttr = Misc.getServerMapAttr(this.currentConfig, LDAPSERVER);
            if (serverMapAttr == null) {
                debug.message("No server for configuring");
                return false;
            }
            String serverMapAttr2 = Misc.getServerMapAttr(this.currentConfig, BASEDN);
            if (serverMapAttr2 == null) {
                debug.error("Fatal error: baseDN for search has invalid value");
                throw new AuthLoginException(amAuthHTTPBasic, "basednnull", null);
            }
            String mapAttr = Misc.getMapAttr(this.currentConfig, BINDDN, "");
            String mapAttr2 = Misc.getMapAttr(this.currentConfig, BINDPWD, "");
            String mapAttr3 = Misc.getMapAttr(this.currentConfig, UNA, "uid");
            Set set = (Set) this.currentConfig.get(USERSEARCH);
            String mapAttr4 = Misc.getMapAttr(this.currentConfig, SEARCHFILTER, "");
            boolean booleanValue = Boolean.valueOf(Misc.getMapAttr(this.currentConfig, SSL, "false")).booleanValue();
            String mapAttr5 = Misc.getMapAttr(this.currentConfig, SEARCHSCOPE, "SUBTREE");
            int i = 2;
            if (mapAttr5.equalsIgnoreCase("OBJECT")) {
                i = 0;
            } else if (mapAttr5.equalsIgnoreCase("ONELEVEL")) {
                i = 1;
            }
            String mapAttr6 = Misc.getMapAttr(this.currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
            this.regEx = Misc.getMapAttr(this.currentConfig, INVALID_CHARS);
            int indexOf = serverMapAttr.indexOf(58);
            int i2 = 389;
            if (indexOf != -1) {
                i2 = Integer.parseInt(serverMapAttr.substring(indexOf + 1));
                serverMapAttr = serverMapAttr.substring(0, indexOf);
            }
            this.ldapUtil = new LDAPAuthUtils(serverMapAttr, i2, booleanValue, this.bundle, serverMapAttr2, debug);
            this.ldapUtil.setScope(i);
            this.ldapUtil.setFilter(mapAttr4);
            this.ldapUtil.setUserNamingAttribute(mapAttr3);
            this.ldapUtil.setUserSearchAttribute(set);
            this.ldapUtil.setAuthPassword(mapAttr2);
            this.ldapUtil.setAuthDN(mapAttr);
            this.ldapUtil.setReturnUserDN(mapAttr6);
            if (!debug.messageEnabled()) {
                return true;
            }
            debug.message(new StringBuffer().append("bindDN-> ").append(mapAttr).append("\nbaseDN-> ").append(serverMapAttr2).append("\nuserNamingAttr-> ").append(mapAttr3).append("\nuserSearchAttr(s)-> ").append(set).append("\nsearchFilter-> ").append(mapAttr4).append("\nsearchScope-> ").append(i).append("\nssl-> ").append(booleanValue).append("\nHost: ").append(serverMapAttr).append("\nINDEDX : ").append(indexOf).append("\nPORT : ").append(i2).toString());
            return true;
        } catch (Exception e) {
            debug.error("LDAP Init Exception", e);
            throw new AuthLoginException(amAuthHTTPBasic, "basicLDAPex", null, e);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        HttpServletResponse httpServletResponse = getHttpServletResponse();
        if (httpServletRequest == null || httpServletResponse == null) {
            debug.message("Servlet Request and Response cannot be null");
            throw new AuthLoginException(amAuthHTTPBasic, "reqRespNull", null);
        }
        try {
            debug.message("Process HTTPBasic Auth started ...");
            String header = httpServletRequest.getHeader("Authorization");
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("AUTH : ").append(header).toString());
            }
            if (authenticate(header)) {
                this.validatedUserID = this.userName;
                return -1;
            }
            setFailureID(this.userName);
            throw new AuthLoginException(amAuthHTTPBasic, "sendError", null);
        } catch (InvalidPasswordException e) {
            setFailureID(this.userName);
            throw new InvalidPasswordException(e);
        } catch (UserNamePasswordValidationException e2) {
            debug.message("Invalid Characters detected");
            throw new AuthLoginException(e2);
        } catch (Exception e3) {
            debug.error("login: unknown exception = ", e3);
            setFailureID(this.userName);
            throw new AuthLoginException(amAuthHTTPBasic, "sendError", null, e3);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.validatedUserID == null) {
            return null;
        }
        this.userPrincipal = new HTTPBasicPrincipal(this.validatedUserID);
        return this.userPrincipal;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void destroyModuleState() {
        this.validatedUserID = null;
        this.userPrincipal = null;
    }

    public void nullifyUserdVars() {
        this.bundle = null;
        this.regEx = null;
        this.ldapUtil = null;
        this.userName = null;
        this.userPassword = null;
        this.currentConfig = null;
        this.options = null;
    }

    private boolean authenticate(String str) throws AuthLoginException, IOException {
        if (str == null || !str.toUpperCase().startsWith("BASIC")) {
            return false;
        }
        String str2 = new String(new BASE64Decoder().decodeBuffer(str.substring(6)));
        int indexOf = str2.indexOf(58);
        if (indexOf != -1) {
            this.userPassword = str2.substring(indexOf + 1);
            this.userName = str2.substring(0, indexOf);
        }
        storeUsernamePasswd(this.userName, this.userPassword);
        return authenticateToLDAP(this.userName, this.userPassword) == 26;
    }

    private int authenticateToLDAP(String str, String str2) throws AuthLoginException {
        try {
            if (isSuperAdmin(str)) {
                this.ldapUtil = new LDAPAuthUtils(AuthD.directoryHostName, AuthD.directoryPort, ldapSSL, this.bundle, debug);
                this.ldapUtil.authenticateSuperAdmin(str, str2);
                return this.ldapUtil.getState();
            }
            if (!initHttpBasicAuth()) {
                setFailureID(str);
                throw new AuthLoginException(amAuthHTTPBasic, "basicLDAPex", null);
            }
            validateUserName(str, this.regEx);
            this.ldapUtil.authenticateUser(str, str2);
            return this.ldapUtil.getState();
        } catch (LDAPUtilException e) {
            setFailureID(str);
            switch (e.getLDAPResultCode()) {
                case 32:
                    debug.message("The specified user does not exist.");
                    throw new AuthLoginException(amAuthHTTPBasic, "NoUser", null);
                case 49:
                    debug.message("Invalid password.");
                    throw new InvalidPasswordException(amAuthHTTPBasic, "InvalidUP", null, this.ldapUtil.getUserId(), e);
                default:
                    throw new AuthLoginException(amAuthHTTPBasic, "basicLDAPex", null);
            }
        }
    }

    public static String getModuleServiceName(String str) {
        return new StringBuffer().append("iPlanetAMAuth").append(str).append(IFSConstants.AC_SERVICE).toString();
    }

    static {
        debug = Debug.getInstance(amAuthHTTPBasic);
        ldapSSL = false;
        if (debug == null) {
            debug = Debug.getInstance(ISAuthConstants.LDAP_DEBUG_NAME);
        }
        ldapSSL = Boolean.valueOf(SystemProperties.get(Constants.AM_DIRECTORY_SSL_ENABLED, "false")).booleanValue();
    }
}
