package com.sun.identity.authentication.config;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Document;

/* loaded from: input_file:120954-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/config/AMAuthenticationManager.class */
public class AMAuthenticationManager {
    private SSOToken token;
    private String realm;
    private ServiceConfig orgServiceConfig;
    private static SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    private static Set authTypes = new HashSet();
    private static Map moduleServiceNames = new HashMap();
    private static String bundleName = "amAuthConfig";
    private static Debug debug = Debug.getInstance(bundleName);
    private static Hashtable moduleInstanceTable = new Hashtable();
    private static Set globalModuleNames = Collections.EMPTY_SET;

    public AMAuthenticationManager(SSOToken sSOToken, String str) throws AMConfigurationException {
        try {
            SMSEntry.validateToken(sSOToken);
            this.token = sSOToken;
            this.realm = AuthUtils.getNormalizedDN(DNMapper.orgNameToDN(str));
            this.orgServiceConfig = getOrgServiceConfig();
            if (this.orgServiceConfig == null) {
                throw new AMConfigurationException(bundleName, "badRealm", new Object[]{this.realm});
            }
            if (moduleInstanceTable.get(this.realm) == null && moduleInstanceTable.get(this.realm) == null) {
                buildModuleInstanceTable(sSOToken, this.realm);
            }
        } catch (SMSException e) {
            throw new AMConfigurationException(e);
        } catch (Exception e2) {
            debug.error("Token is invalid.", e2);
        }
    }

    public static synchronized void reInitializeAuthServices() {
        authTypes.clear();
        if (globalModuleNames != Collections.EMPTY_SET) {
            globalModuleNames.clear();
        }
        initAuthenticationService(adminToken);
    }

    public static Set getAuthenticationTypes() {
        return authTypes;
    }

    public static Set getAuthenticationServiceNames() {
        Collection values = moduleServiceNames.values();
        Set hashSet = values != null ? new HashSet(values) : Collections.EMPTY_SET;
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Authenticator serviceNames: ").append(hashSet).toString());
        }
        return hashSet;
    }

    public static String getAuthenticationServiceName(String str) {
        return (String) moduleServiceNames.get(str);
    }

    private static void initAuthenticationService(SSOToken sSOToken) {
        try {
            for (String str : (Set) new ServiceSchemaManager("iPlanetAMAuthService", sSOToken).getGlobalSchema().getAttributeDefaults().get(ISAuthConstants.AUTHENTICATORS)) {
                int lastIndexOf = str.lastIndexOf(".");
                if (lastIndexOf != -1) {
                    str = str.substring(lastIndexOf + 1);
                }
                if (!str.equals(ISAuthConstants.APPLICATION_MODULE)) {
                    authTypes.add(str);
                }
                if (((String) moduleServiceNames.get(str)) == null) {
                    String moduleServiceName = AuthUtils.getModuleServiceName(str);
                    try {
                        new ServiceSchemaManager(moduleServiceName, sSOToken);
                        synchronized (moduleServiceNames) {
                            HashMap hashMap = new HashMap(moduleServiceNames);
                            hashMap.put(str, moduleServiceName);
                            moduleServiceNames = hashMap;
                        }
                    } catch (Exception e) {
                        if (globalModuleNames == Collections.EMPTY_SET) {
                            globalModuleNames = new HashSet();
                        }
                        globalModuleNames.add(str);
                        authTypes.remove(str);
                    }
                }
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Global module names: ").append(globalModuleNames).toString());
                debug.message(new StringBuffer().append("moduleServiceNames: ").append(moduleServiceNames).toString());
            }
        } catch (Exception e2) {
            debug.error("Failed to get module types", e2);
        }
    }

    private static void buildModuleInstanceTable(SSOToken sSOToken, String str) {
        try {
            Set<String> assignedServices = new OrganizationConfigManager(sSOToken, str).getAssignedServices();
            if (assignedServices == null) {
                return;
            }
            for (String str2 : assignedServices) {
                if (moduleServiceNames.containsValue(str2)) {
                    buildModuleInstanceForService(str, str2);
                }
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("building module instance table error", e);
            }
        }
    }

    public static synchronized void buildModuleInstanceForService(String str, String str2) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("start moduleInstanceTable : ").append(moduleInstanceTable).append(" for realm : ").append(str).append(" and service : ").append(str2).toString());
        }
        try {
            String moduleName = getModuleName(str2);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Module name : ").append(moduleName).toString());
            }
            if (moduleName != null && !moduleName.equals("")) {
                ServiceConfig organizationConfig = new ServiceConfigManager(str2, adminToken).getOrganizationConfig(str, null);
                String orgNameToDN = DNMapper.orgNameToDN(str);
                Map map = (Map) moduleInstanceTable.remove(orgNameToDN);
                if (map != null) {
                    HashMap hashMap = new HashMap(map);
                    hashMap.remove(moduleName);
                    map = hashMap;
                }
                HashSet hashSet = new HashSet();
                Map attributesWithoutDefaults = organizationConfig.getAttributesWithoutDefaults();
                if (attributesWithoutDefaults != null && !attributesWithoutDefaults.isEmpty()) {
                    hashSet.add(moduleName);
                }
                Set subConfigNames = organizationConfig.getSubConfigNames();
                if (subConfigNames != null) {
                    hashSet.addAll(subConfigNames);
                }
                if (!hashSet.isEmpty()) {
                    if (map == null) {
                        map = new HashMap();
                    }
                    map.put(moduleName, hashSet);
                }
                if (map != null && !map.isEmpty()) {
                    moduleInstanceTable.put(orgNameToDN, map);
                }
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("build module instance for service error: ", e);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("return moduleInstanceTable: ").append(moduleInstanceTable).toString());
        }
    }

    private static String getModuleName(String str) {
        for (String str2 : moduleServiceNames.keySet()) {
            if (moduleServiceNames.get(str2).equals(str)) {
                return str2;
            }
        }
        return null;
    }

    public AMAuthenticationSchema getAuthenticationSchema(String str) throws AMConfigurationException {
        return getAuthenticationSchema(str, this.token);
    }

    private static AMAuthenticationSchema getAuthenticationSchema(String str, SSOToken sSOToken) throws AMConfigurationException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("getting auth schema for ").append(str).toString());
        }
        try {
            ServiceSchema organizationSchema = new ServiceSchemaManager(getServiceName(str), sSOToken).getOrganizationSchema();
            ServiceSchema subSchema = organizationSchema.getSubSchema(ISAuthConstants.SERVER_SUBSCHEMA);
            return new AMAuthenticationSchema(subSchema != null ? subSchema : organizationSchema);
        } catch (Exception e) {
            throw new AMConfigurationException(e);
        }
    }

    public AMAuthenticationInstance getAuthenticationInstance(String str) {
        String authInstanceType = getAuthInstanceType(str);
        if (authInstanceType == null) {
            return null;
        }
        return getAuthenticationInstance(str, authInstanceType);
    }

    private AMAuthenticationInstance getAuthenticationInstance(String str, String str2) {
        if (globalModuleNames.contains(str)) {
            return new AMAuthenticationInstance(str, str2, null, null);
        }
        String serviceName = getServiceName(str2);
        try {
            Map map = null;
            ServiceSchema serviceSchema = null;
            try {
                serviceSchema = new ServiceSchemaManager(serviceName, this.token).getSchema(SchemaType.GLOBAL);
                if (serviceSchema != null) {
                    map = serviceSchema.getAttributeDefaults();
                }
            } catch (SMSException e) {
            }
            Map map2 = null;
            ServiceConfig serviceConfig = null;
            try {
                serviceConfig = new ServiceConfigManager(serviceName, this.token).getOrganizationConfig(this.realm, null);
                if (serviceConfig != null) {
                    if (str.equals(str2)) {
                        map2 = serviceConfig.getAttributesWithoutDefaults();
                    } else {
                        serviceConfig = serviceConfig.getSubConfig(str);
                        if (serviceConfig != null) {
                            map2 = serviceConfig.getAttributes();
                        }
                    }
                }
            } catch (SSOException e2) {
                if (debug.warningEnabled()) {
                    debug.warning(new StringBuffer().append("Token doesn't have access to service: ").append(this.token).append(" :: ").append(serviceName).toString());
                }
            } catch (SMSException e3) {
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("global attrs = ").append(map).toString());
                debug.message("org attrs = ");
                if (map2 != null) {
                    for (Map.Entry entry : map2.entrySet()) {
                        if (((String) entry.getKey()).endsWith("passwd") || ((String) entry.getKey()).endsWith("Passwd") || ((String) entry.getKey()).endsWith("secret")) {
                            debug.message(new StringBuffer().append(entry.getKey()).append(": ").append("<BLOCKED>").toString());
                        } else {
                            debug.message(new StringBuffer().append(entry.getKey()).append(": ").append(entry.getValue()).toString());
                        }
                    }
                }
            }
            if ((map == null || map.isEmpty()) && (map2 == null || map2.isEmpty())) {
                return null;
            }
            return new AMAuthenticationInstance(str, str2, serviceConfig, serviceSchema);
        } catch (SSOException e4) {
            debug.error("SSO token is invalid", e4);
            return null;
        } catch (SMSException e5) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message(new StringBuffer().append("Instance type does not exist: ").append(str2).toString());
            return null;
        }
    }

    private String getAuthInstanceType(String str) {
        String str2 = null;
        if (globalModuleNames.contains(str)) {
            str2 = str;
        } else {
            Map map = (Map) moduleInstanceTable.get(this.realm);
            if (map != null) {
                Iterator it = map.keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str3 = (String) it.next();
                    if (((Set) map.get(str3)).contains(str)) {
                        str2 = str3;
                        break;
                    }
                }
            }
        }
        return str2;
    }

    private Set getRegisteredModuleNames() {
        Set set = Collections.EMPTY_SET;
        Map map = (Map) moduleInstanceTable.get(this.realm);
        if (map != null || !globalModuleNames.isEmpty()) {
            set = new HashSet();
            if (map != null) {
                Iterator it = map.keySet().iterator();
                while (it.hasNext()) {
                    set.addAll((Set) map.get((String) it.next()));
                }
            }
            if (!globalModuleNames.isEmpty()) {
                set.addAll(globalModuleNames);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Registered module names: ").append(set).toString());
        }
        return set;
    }

    public Set getAllowedModuleNames() {
        Set set;
        if (AuthUtils.getAuthRevisionNumber() >= 30) {
            set = getRegisteredModuleNames();
        } else {
            Set set2 = (Set) this.orgServiceConfig.getAttributes().get(ISAuthConstants.AUTH_ALLOWED_MODULES);
            Set set3 = Collections.EMPTY_SET;
            if (set2 != null && !globalModuleNames.isEmpty()) {
                set3 = new HashSet();
                set3.addAll(globalModuleNames);
                set3.addAll(set2);
            }
            set = set3;
        }
        if (set != null) {
            set.remove(ISAuthConstants.APPLICATION_MODULE);
        }
        return set;
    }

    private boolean isInheritedAuthInstance(String str) {
        Set set = (Set) this.orgServiceConfig.getAttributes().get(ISAuthConstants.AUTH_ALLOWED_MODULES);
        return set != null && set.contains(str);
    }

    private ServiceConfig getOrgServiceConfig() {
        try {
            return new ServiceConfigManager("iPlanetAMAuthService", this.token).getOrganizationConfig(this.realm, null);
        } catch (Exception e) {
            debug.error(new StringBuffer().append("Service config for ").append(this.realm).append(" is null.").append(e.getMessage()).toString());
            return null;
        }
    }

    public Set getAuthenticationInstances() {
        AMAuthenticationInstance authenticationInstance;
        Set set = Collections.EMPTY_SET;
        Map map = (Map) moduleInstanceTable.get(this.realm);
        if (map != null || !globalModuleNames.isEmpty()) {
            set = new HashSet();
            if (!globalModuleNames.isEmpty()) {
                for (String str : globalModuleNames) {
                    if (!str.equals(ISAuthConstants.APPLICATION_MODULE) && (authenticationInstance = getAuthenticationInstance(str, str)) != null) {
                        set.add(authenticationInstance);
                    }
                }
            }
            if (map != null) {
                for (String str2 : map.keySet()) {
                    Iterator it = ((Set) map.get(str2)).iterator();
                    while (it.hasNext()) {
                        AMAuthenticationInstance authenticationInstance2 = getAuthenticationInstance((String) it.next(), str2);
                        if (authenticationInstance2 != null) {
                            set.add(authenticationInstance2);
                        }
                    }
                }
            }
        }
        return set;
    }

    public AMAuthenticationInstance createAuthenticationInstance(String str, String str2, Map map) throws AMConfigurationException {
        if (str.indexOf(32) != -1) {
            throw new AMConfigurationException(bundleName, "invalidAuthenticationInstanceName", null);
        }
        if (!getAuthenticationTypes().contains(str2)) {
            throw new AMConfigurationException(bundleName, "wrongType", new Object[]{str2});
        }
        AMAuthenticationInstance authenticationInstance = getAuthenticationInstance(str);
        if (authenticationInstance != null) {
            if (authenticationInstance.getServiceConfig() != null) {
                throw new AMConfigurationException(bundleName, "authInstanceExist", new Object[]{str});
            }
            throw new AMConfigurationException(bundleName, "authInstanceIsGlobal", new Object[]{str});
        }
        String serviceName = getServiceName(str2);
        ServiceSchema serviceSchema = null;
        try {
            serviceSchema = new ServiceSchemaManager(serviceName, this.token).getSchema(SchemaType.GLOBAL);
        } catch (SSOException e) {
            if (debug.warningEnabled()) {
                debug.warning(new StringBuffer().append("Token doesn't have access to service: ").append(this.token).append(" -> ").append(serviceName).toString());
            }
        } catch (SMSException e2) {
        }
        try {
            OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(this.token, this.realm);
            if (!organizationConfigManager.getAssignedServices().contains(serviceName)) {
                organizationConfigManager.assignService(serviceName, null);
            }
            ServiceConfig serviceConfig = organizationConfigManager.getServiceConfig(serviceName);
            if (serviceConfig == null) {
                serviceConfig = organizationConfigManager.addServiceConfig(serviceName, null);
            }
            ServiceConfig serviceConfig2 = serviceConfig;
            if (str.equals(str2)) {
                serviceConfig2.setAttributes(map);
            } else {
                serviceConfig.addSubConfig(str, ISAuthConstants.SERVER_SUBSCHEMA, 0, map);
                serviceConfig2 = serviceConfig.getSubConfig(str);
            }
            return new AMAuthenticationInstance(str, str2, serviceConfig2, serviceSchema);
        } catch (Exception e3) {
            throw new AMConfigurationException(e3);
        }
    }

    public void deleteAuthenticationInstance(String str) throws AMConfigurationException {
        AMAuthenticationInstance authenticationInstance = getAuthenticationInstance(str);
        if (authenticationInstance == null) {
            throw new AMConfigurationException(bundleName, "authInstanceNotExist", new Object[]{str});
        }
        if (isModuleInstanceInUse(str)) {
            throw new AMConfigurationException(bundleName, "authInstanceInUse", new Object[]{str});
        }
        String authInstanceType = getAuthInstanceType(str);
        ServiceConfig serviceConfig = authenticationInstance.getServiceConfig();
        if (serviceConfig == null) {
            throw new AMConfigurationException(bundleName, "authInstanceIsGloal", new Object[]{authInstanceType});
        }
        try {
            if (str.equals(authInstanceType)) {
                Map attributesWithoutDefaults = serviceConfig.getAttributesWithoutDefaults();
                if (attributesWithoutDefaults != null) {
                    serviceConfig.removeAttributes(attributesWithoutDefaults.keySet());
                }
            } else {
                new ServiceConfigManager(serviceConfig.getServiceName(), this.token).getOrganizationConfig(this.realm, null).removeSubConfig(str);
            }
            if (isInheritedAuthInstance(str)) {
                HashSet hashSet = new HashSet();
                hashSet.add(str);
                this.orgServiceConfig.removeAttributeValues(ISAuthConstants.AUTH_ALLOWED_MODULES, hashSet);
            }
        } catch (Exception e) {
            throw new AMConfigurationException(e);
        }
    }

    public boolean isEditable(AMAuthenticationInstance aMAuthenticationInstance) {
        return true;
    }

    private static String getServiceName(String str) {
        return (String) moduleServiceNames.get(str);
    }

    private boolean isModuleInstanceInUse(String str) {
        ServiceConfig subConfig;
        Set set = Collections.EMPTY_SET;
        boolean z = false;
        try {
            ServiceConfig organizationConfig = new ServiceConfigManager("iPlanetAMAuthConfiguration", this.token).getOrganizationConfig(this.realm, null);
            if (organizationConfig != null && (subConfig = organizationConfig.getSubConfig("Configurations")) != null) {
                set = subConfig.getSubConfigNames("*");
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("Failed to get named sub configurations.");
            }
        }
        Iterator it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str2 = (String) it.next();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Checking ").append(str2).append(" ...").toString());
            }
            if (serviceContains(str2, str)) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append(str).append(" is used in ").append(str2).toString());
                }
                z = true;
            }
        }
        return z;
    }

    private boolean serviceContains(String str, String str2) {
        Set set;
        Document dOMDocument;
        boolean z = false;
        Map map = null;
        if (str != null) {
            try {
                map = AMAuthConfigUtils.getNamedConfig(str, this.realm, this.token);
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("Failed to get named sub config attrs.");
                }
            }
        }
        if (map != null && (set = (Set) map.get("iplanet-am-auth-configuration")) != null && !set.isEmpty()) {
            String str3 = (String) set.iterator().next();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("service config for ").append(str).append("  = ").append(str3).toString());
            }
            if (str3 != null && str3.length() != 0 && (dOMDocument = XMLUtils.toDOMDocument(str3, debug)) != null) {
                Iterator it = XMLUtils.getAttributeValuePair(dOMDocument.getDocumentElement()).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((String) it.next()).startsWith(str2)) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    static {
        initAuthenticationService(adminToken);
    }
}
