package com.sun.identity.authentication.modules.membership;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.modules.ldap.LDAPAuthUtils;
import com.sun.identity.authentication.modules.ldap.LDAPUtilException;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.spi.UserNamePasswordValidationException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.Constants;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ChoiceCallback;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:120955-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/membership/Membership.class */
public class Membership extends AMLoginModule {
    private static Debug debug;
    private ResourceBundle bundle;
    private Map sharedState;
    private static boolean ldapSSL;
    private static HashSet orgHash = new HashSet();
    static final int USER_NOT_FOUND = 1;
    static final int PASSWORD_EXP = 2;
    static final int PASSWORD_INVALID = 3;
    static final int CONFIG_ERROR = 4;
    static final int CANNOT_CONTACT_SERVER = 5;
    static final int PASSWORD_EXPIRED_STATE = 20;
    static final int PASSWORD_EXPIRING = 21;
    static final int PASSWORD_CHANGED = 22;
    static final int PASSWORD_MISMATCH = 23;
    static final int PASSWORD_USERNAME_SAME = 24;
    static final int PASSWORD_NOT_UPDATE = 25;
    static final int SUCCESS = 26;
    static final int WRONG_PASSWORD_ENTERED = 27;
    static final int PASSWORD_UPDATED_SUCCESSFULLY = 28;
    static final int USER_PASSWORD_SAME = 29;
    static final int PASSWORD_MIN_CHARACTERS = 30;
    static final int SERVER_DOWN = 31;
    static final int PASSWORD_RESET_STATE = 32;
    private static final int PASSWORD_CHANGE = 2;
    private static final int WRONG_PASSWORD_ERROR = 3;
    private static final int NO_USER_PROFILE_ERROR = 4;
    private static final int NO_USER_NAME_ERROR = 5;
    private static final int NO_PASSWORD_ERROR = 6;
    private static final int NO_CONFIRMATION_ERROR = 7;
    private static final int PASSWORD_MISMATCH_ERROR = 8;
    private static final int CONFIGURATION_ERROR = 9;
    private static final int USER_EXISTS_ERROR = 10;
    private static final int PROFILE_ERROR = 11;
    private static final int MISSING_REQ_FIELD_ERROR = 12;
    private static final int USER_PASSWORD_SAME_ERROR = 13;
    private static final int INVALID_PASSWORD = 14;
    private static final int PASSWORD_EXPIRED = 15;
    private static final int REGISTRATION = 16;
    private static final int CHOOSE_USERNAMES = 17;
    private static final int DISCLAIMER = 18;
    private int previousScreen;
    private String validatedUserID;
    private MembershipPrincipal userPrincipal;
    private Map options;
    private LDAPAuthUtils ldapUtil;
    private String serviceStatus;
    private Set defaultRoles;
    private int requiredPasswordLength;
    private PasswordCallback pwdCallback;
    private String createMyOwn;
    private String userID;
    private String userName;
    private Map userAttrs;
    private static final String amAuthMembership = "amAuthMembership";
    private String regEx;
    private static final String INVALID_CHARS = "iplanet-am-auth-membership-invalid-chars";
    private boolean isReset;
    private boolean getCredentialsFromSharedState;
    private Callback[] callbacks;
    private boolean primary = true;
    private boolean isDisclaimerExist = true;

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        Locale loginLocale = getLoginLocale();
        this.bundle = AMLoginModule.amCache.getResBundle(amAuthMembership, loginLocale);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("Membership getting resource bundle for locale: ").append(loginLocale).toString());
        }
        this.options = map2;
        this.sharedState = map;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("in process(), login state is ").append(i).toString());
        }
        this.callbacks = callbackArr;
        switch (i) {
            case 1:
                this.previousScreen = 1;
                int i2 = 0;
                if (callbackArr != null && callbackArr.length != 0) {
                    i2 = ((ConfirmationCallback) callbackArr[2]).getSelectedIndex();
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("LOGIN page button index: ").append(i2).toString());
                    }
                }
                if (i2 == 0) {
                    return loginUser(callbackArr);
                }
                initAuthConfig();
                return 16;
            case 2:
                if (((ConfirmationCallback) callbackArr[3]).getSelectedIndex() == 0) {
                    return changeToNewPassword(callbackArr);
                }
                if (!this.isReset) {
                    return -1;
                }
                this.isReset = false;
                return 1;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
            case 12:
            case 13:
            case 14:
                return this.previousScreen;
            case 15:
            case 16:
            default:
                this.previousScreen = 16;
                int selectedIndex = ((ConfirmationCallback) callbackArr[callbackArr.length - 1]).getSelectedIndex();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("REGISTRATION page button index: ").append(selectedIndex).toString());
                }
                if (selectedIndex != 0) {
                    if (selectedIndex != 1) {
                        return 0;
                    }
                    clearCallbacks(callbackArr);
                    return 1;
                }
                int andCheckRegistrationFields = getAndCheckRegistrationFields(callbackArr);
                if (andCheckRegistrationFields != 16) {
                    return andCheckRegistrationFields;
                }
                if (this.isDisclaimerExist) {
                    return 18;
                }
                return registerNewUser();
            case 17:
                return chooseUserID(callbackArr);
            case 18:
                int selectedIndex2 = ((ConfirmationCallback) callbackArr[0]).getSelectedIndex();
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("DISCLAIMER page button index: ").append(selectedIndex2).toString());
                }
                if (selectedIndex2 == 0) {
                    return registerNewUser();
                }
                if (selectedIndex2 == 1) {
                    return 1;
                }
                throw new AuthLoginException(amAuthMembership, "loginException", null);
        }
    }

    private void clearCallbacks(Callback[] callbackArr) {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName("");
            }
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.validatedUserID == null) {
            return null;
        }
        this.userPrincipal = new MembershipPrincipal(this.validatedUserID);
        return this.userPrincipal;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void destroyModuleState() {
        this.validatedUserID = null;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void nullifyUsedVars() {
        this.bundle = null;
        this.sharedState = null;
        this.options = null;
        this.ldapUtil = null;
        this.serviceStatus = null;
        this.defaultRoles = null;
        this.pwdCallback = null;
        this.createMyOwn = null;
        this.userID = null;
        this.userName = null;
        this.userAttrs = null;
        this.regEx = null;
        this.callbacks = null;
    }

    private void initAuthConfig() throws AuthLoginException {
        String serverMapAttr;
        if (this.options == null || this.options.isEmpty()) {
            debug.error("options is null or empty");
            throw new AuthLoginException(amAuthMembership, "unable-to-initialize-options", null);
        }
        try {
            if (orgHash.contains(getRequestOrg())) {
                serverMapAttr = Misc.getServerMapAttr(this.options, "iplanet-am-auth-membership-server2");
                if (serverMapAttr == null) {
                    debug.message("No secondary server, resetting to primary");
                    removeOrg();
                    throw new AuthLoginException(amAuthMembership, "Nosecserver", null);
                }
                this.primary = false;
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("Using secondary server ").append(serverMapAttr).toString());
                }
            } else {
                serverMapAttr = Misc.getServerMapAttr(this.options, "iplanet-am-auth-membership-server");
                if (serverMapAttr == null) {
                    debug.error("Fatal error: primary ldap attribute misconfigured");
                    throw new AuthLoginException(amAuthMembership, "missing-primary-server", null);
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("Using primary server ").append(serverMapAttr).toString());
                }
            }
            String serverMapAttr2 = Misc.getServerMapAttr(this.options, "iplanet-am-auth-membership-base-dn");
            if (serverMapAttr2 == null) {
                debug.error("Fatal error: baseDN for search has invalid value");
            }
            String mapAttr = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-bind-dn", "");
            String mapAttr2 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-bind-passwd", "");
            String mapAttr3 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-user-naming-attribute", "uid");
            Set set = (Set) this.options.get("iplanet-am-auth-membership-user-search-attributes");
            String mapAttr4 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-search-filter", "");
            boolean booleanValue = Boolean.valueOf(Misc.getMapAttr(this.options, "iplanet-am-auth-membership-ssl-enabled", "false")).booleanValue();
            String mapAttr5 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-auth-level");
            if (mapAttr5 != null) {
                try {
                    setAuthLevel(Integer.parseInt(mapAttr5));
                } catch (NumberFormatException e) {
                    debug.error(new StringBuffer().append("invalid auth level ").append(mapAttr5).toString(), e);
                }
            }
            String mapAttr6 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-search-scope", "SUBTREE");
            int i = 2;
            if (mapAttr6.equalsIgnoreCase("OBJECT")) {
                i = 0;
            } else if (mapAttr6.equalsIgnoreCase("ONELEVEL")) {
                i = 1;
            }
            int indexOf = serverMapAttr.indexOf(58);
            int i2 = 389;
            if (indexOf != -1) {
                i2 = Integer.parseInt(serverMapAttr.substring(indexOf + 1));
                serverMapAttr = serverMapAttr.substring(0, indexOf);
            }
            this.regEx = Misc.getMapAttr(this.options, INVALID_CHARS);
            String mapAttr7 = Misc.getMapAttr(this.options, ISAuthConstants.LDAP_RETURNUSERDN, "true");
            this.ldapUtil = new LDAPAuthUtils(serverMapAttr, i2, booleanValue, this.bundle, serverMapAttr2, debug);
            this.ldapUtil.setScope(i);
            this.ldapUtil.setFilter(mapAttr4);
            this.ldapUtil.setUserNamingAttribute(mapAttr3);
            this.ldapUtil.setUserSearchAttribute(set);
            this.ldapUtil.setAuthPassword(mapAttr2);
            this.ldapUtil.setReturnUserDN(mapAttr7);
            this.ldapUtil.setAuthDN(mapAttr);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("setup LDAPAuthUtils:\nserver host: ").append(serverMapAttr).append("\nserver port: ").append(i2).append("\nbase DN: ").append(serverMapAttr2).append("\nsearch scope ").append(i).append("\nsearch filter: ").append(mapAttr4).append("\nuser naming attribute: ").append(mapAttr3).append("\nuser search attributes: ").append(set).append("\nreturned user DN: ").append(mapAttr7).append("\nbind DN: ").append(mapAttr).toString());
            }
            this.serviceStatus = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-default-user-status", "Active");
            if (getNumberOfStates() >= 18) {
                this.isDisclaimerExist = true;
            } else {
                this.isDisclaimerExist = false;
            }
            this.defaultRoles = (Set) this.options.get("iplanet-am-auth-membership-default-roles");
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("defaultRoles is : ").append(this.defaultRoles).toString());
            }
            String mapAttr8 = Misc.getMapAttr(this.options, "iplanet-am-auth-membership-min-password-length");
            if (mapAttr8 != null) {
                this.requiredPasswordLength = Integer.parseInt(mapAttr8);
            }
            if (this.callbacks != null && this.callbacks.length != 0) {
                this.pwdCallback = (PasswordCallback) getCallback(2)[0];
            }
        } catch (Exception e2) {
            debug.error("unable to initialize in initAuthConfig(): ", e2);
            throw new AuthLoginException(amAuthMembership, "LDAPex", null, e2);
        }
    }

    private static void initSystemProperties() {
        ldapSSL = Boolean.valueOf(SystemProperties.get(Constants.AM_DIRECTORY_SSL_ENABLED, "false")).booleanValue();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("system parameters from AMConfig.properties: \nHost: ").append(AuthD.directoryHostName).append("\nPORT: ").append(AuthD.directoryPort).append("\nSSL: ").append(ldapSSL).toString());
        }
    }

    private int loginUser(Callback[] callbackArr) throws AuthLoginException {
        String password;
        if (callbackArr == null || callbackArr.length != 0) {
            this.userName = ((NameCallback) callbackArr[0]).getName();
            password = getPassword((PasswordCallback) callbackArr[1]);
        } else {
            this.userName = (String) this.sharedState.get(getUserKey());
            password = (String) this.sharedState.get(getPwdKey());
            if (this.userName == null || password == null) {
                return 1;
            }
            this.getCredentialsFromSharedState = true;
        }
        storeUsernamePasswd(this.userName, password);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("trying to login user: ").append(this.userName).toString());
        }
        try {
            if (!isSuperAdmin(this.userName)) {
                initAuthConfig();
                validateUserName(this.userName, this.regEx);
                validatePassword(password);
                this.ldapUtil.authenticateUser(this.userName, password);
                return processMembershipLoginState(this.ldapUtil.getState(), this.userName, password);
            }
            this.ldapUtil = new LDAPAuthUtils(AuthD.directoryHostName, AuthD.directoryPort, ldapSSL, this.bundle, debug);
            this.ldapUtil.authenticateSuperAdmin(this.userName, password);
            if (this.ldapUtil.getState() == 26) {
                this.validatedUserID = this.userName;
                return -1;
            }
            debug.message("Invalid admin ID or admin Password");
            setFailureID(this.ldapUtil.getUserId(this.userName));
            throw new AuthLoginException(amAuthMembership, "InvalidUP", null);
        } catch (LDAPUtilException e) {
            if (this.getCredentialsFromSharedState) {
                this.getCredentialsFromSharedState = false;
                return 1;
            }
            String userId = this.ldapUtil.getUserId();
            setFailureID(userId);
            switch (e.getLDAPResultCode()) {
                case 32:
                    if (!debug.messageEnabled()) {
                        return 16;
                    }
                    debug.message(new StringBuffer().append("The specified user does not exist. userID: ").append(this.userName).toString());
                    return 16;
                case 48:
                    debug.message("Inappropriate authentication.");
                    throw new AuthLoginException(amAuthMembership, "InappAuth", null);
                case 49:
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("Invalid password. userID: ").append(this.userName).toString());
                    }
                    throw new InvalidPasswordException(amAuthMembership, "InvalidUP", null, userId, null);
                case 53:
                    debug.message("Unwilling to perform. Account inactivated");
                    throw new AuthLoginException(amAuthMembership, "AcctInactive", null);
                default:
                    throw new AuthLoginException(amAuthMembership, "LDAPex", null, e);
            }
        } catch (UserNamePasswordValidationException e2) {
            if (this.getCredentialsFromSharedState) {
                this.getCredentialsFromSharedState = false;
                return 1;
            }
            debug.message("Invalid Characters detected");
            throw new AuthLoginException(e2);
        }
    }

    private int processMembershipLoginState(int i, String str, String str2) throws AuthLoginException {
        try {
            switch (i) {
                case 1:
                    if (this.getCredentialsFromSharedState) {
                        this.getCredentialsFromSharedState = false;
                        return 1;
                    }
                    debug.message("The specified user does not exist");
                    throw new AuthLoginException(amAuthMembership, "NoUser", null);
                case 20:
                    return 15;
                case 21:
                    this.validatedUserID = this.ldapUtil.getUserId();
                    replaceHeader(2, com.iplanet.am.util.Locale.formatMessage(this.bundle.getString("PasswordExp"), this.ldapUtil.getExpTime()));
                    return 2;
                case 26:
                    this.validatedUserID = this.ldapUtil.getUserId();
                    return -1;
                case 31:
                    if (!this.primary) {
                        removeOrg();
                        throw new AuthLoginException(amAuthMembership, "LDAPex", null);
                    }
                    addOrg();
                    initAuthConfig();
                    this.ldapUtil.authenticateUser(str, str2);
                    return processMembershipLoginState(this.ldapUtil.getState(), str, str2);
                case 32:
                    this.validatedUserID = this.ldapUtil.getUserId();
                    this.isReset = true;
                    replaceHeader(2, this.bundle.getString("PasswordReset"));
                    return 2;
                default:
                    return 0;
            }
        } catch (LDAPUtilException e) {
            if (this.getCredentialsFromSharedState) {
                this.getCredentialsFromSharedState = false;
                return 1;
            }
            setFailureID(this.ldapUtil.getUserId(str));
            switch (e.getLDAPResultCode()) {
                case 32:
                    debug.message("The specified user does not exist");
                    throw new AuthLoginException(amAuthMembership, "NoUser", null);
                case 49:
                    debug.message("Invalid password");
                    throw new AuthLoginException(amAuthMembership, "InvalidUP", null);
                default:
                    throw new AuthLoginException(amAuthMembership, "LDAPex", null, e);
            }
        }
    }

    private int changeToNewPassword(Callback[] callbackArr) throws AuthLoginException {
        debug.message("trying to change user password");
        String password = getPassword((PasswordCallback) callbackArr[0]);
        String password2 = getPassword((PasswordCallback) callbackArr[1]);
        String password3 = getPassword((PasswordCallback) callbackArr[2]);
        validatePassword(password2);
        try {
            this.ldapUtil.changePassword(password, password2, password3);
            return processMembershipPasswordState(this.ldapUtil.getState());
        } catch (LDAPUtilException e) {
            setFailureID(this.ldapUtil.getUserId(this.userName));
            switch (e.getLDAPResultCode()) {
                case 32:
                    debug.message("The specified user does not exist");
                    return 16;
                case 49:
                    debug.message("Invalid password");
                    throw new AuthLoginException(amAuthMembership, "InvalidUP", null);
                default:
                    throw new AuthLoginException(amAuthMembership, "LDAPex", null, e);
            }
        }
    }

    private int processMembershipPasswordState(int i) throws AuthLoginException {
        switch (i) {
            case 23:
                replaceHeader(2, this.bundle.getString("PasswdMismatch"));
                return 2;
            case 24:
                replaceHeader(2, this.bundle.getString("UPSame"));
                return 2;
            case 25:
                replaceHeader(2, this.bundle.getString("PInvalid"));
                return 2;
            case 26:
            default:
                return 0;
            case 27:
                replaceHeader(2, this.bundle.getString("PasswdSame"));
                return 2;
            case 28:
                this.validatedUserID = this.ldapUtil.getUserId();
                return -1;
            case 29:
                replaceHeader(2, this.bundle.getString("UPsame"));
                return 2;
            case 30:
                replaceHeader(2, this.bundle.getString("PasswdMinChars"));
                return 2;
        }
    }

    private int registerNewUser() throws AuthLoginException {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("trying to register(create) a new user: ").append(this.userID).toString());
        }
        try {
            if (userExists(this.userID)) {
                if (!debug.messageEnabled()) {
                    return 10;
                }
                debug.message(new StringBuffer().append("unable to register, user ").append(this.userID).append(" already exists").toString());
                return 10;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(this.serviceStatus);
            this.userAttrs.put("inetuserstatus", hashSet);
            createIdentity(this.userID, this.userAttrs, this.defaultRoles);
            this.validatedUserID = this.userID;
            if (!debug.messageEnabled()) {
                return -1;
            }
            debug.message(new StringBuffer().append("registration is completed, created user: ").append(this.validatedUserID).toString());
            return -1;
        } catch (SSOException e) {
            debug.error("profile exception occured: ", e);
            return 11;
        } catch (IdRepoException e2) {
            debug.error("profile exception occured: ", e2);
            return 11;
        }
    }

    private int getAndCheckRegistrationFields(Callback[] callbackArr) throws AuthLoginException {
        HashMap hashMap = new HashMap();
        this.userID = getCallbackFieldValue(callbackArr[0]);
        if (this.userID == null || this.userID.equals("")) {
            return 5;
        }
        validateUserName(this.userID, this.regEx);
        String password = getPassword((PasswordCallback) callbackArr[1]);
        String password2 = getPassword((PasswordCallback) callbackArr[2]);
        int checkPassword = checkPassword(password, password2);
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("state returned from checkPassword(): ").append(checkPassword).toString());
        }
        if (checkPassword != -1) {
            return checkPassword;
        }
        validatePassword(password2);
        if (password.equals(this.userID)) {
            return 13;
        }
        for (int i = 0; i < callbackArr.length; i++) {
            String attribute = getAttribute(16, i);
            Set callbackFieldValues = getCallbackFieldValues(callbackArr[i]);
            if (isRequired(16, i) && callbackFieldValues.isEmpty()) {
                if (!debug.messageEnabled()) {
                    return 12;
                }
                debug.message(new StringBuffer().append("Empty value for required field :").append(attribute).toString());
                return 12;
            }
            if (attribute != null && !attribute.equals("")) {
                hashMap.put(attribute, callbackFieldValues);
            }
        }
        this.userAttrs = hashMap;
        try {
            if (!userExists(this.userID)) {
                return 16;
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("user ID ").append(this.userID).append(" already exists").toString());
            }
            Set newUserIDs = getNewUserIDs(hashMap, 0);
            if (newUserIDs == null) {
                return 10;
            }
            ArrayList nonExistingUserIDs = getNonExistingUserIDs(newUserIDs);
            resetCallback(17, 0);
            ChoiceCallback choiceCallback = getCallback(17)[0];
            String prompt = choiceCallback.getPrompt();
            this.createMyOwn = choiceCallback.getChoices()[0];
            nonExistingUserIDs.add(this.createMyOwn);
            ChoiceCallback choiceCallback2 = new ChoiceCallback(prompt, (String[]) nonExistingUserIDs.toArray(new String[0]), 0, false);
            choiceCallback2.setSelectedIndex(0);
            replaceCallback(17, 0, choiceCallback2);
            return 17;
        } catch (SSOException e) {
            debug.error("profile exception occured: ", e);
            return 11;
        } catch (IdRepoException e2) {
            debug.error("profile exception occured: ", e2);
            return 11;
        }
    }

    private int checkPassword(String str, String str2) {
        if (str == null || str.equals("")) {
            debug.message("password was missing from the form");
            return 6;
        }
        if (str.length() < this.requiredPasswordLength) {
            debug.message("password was not long enough");
            return 14;
        }
        if (str2 != null && !str2.equals("")) {
            return !str.equals(str2) ? 8 : -1;
        }
        debug.message("no confirmation password");
        return 7;
    }

    private int chooseUserID(Callback[] callbackArr) throws AuthLoginException {
        String callbackFieldValue = getCallbackFieldValue(callbackArr[0]);
        if (callbackFieldValue.equals(this.createMyOwn)) {
            return 16;
        }
        String attribute = getAttribute(16, 0);
        this.userID = callbackFieldValue;
        HashSet hashSet = new HashSet();
        hashSet.add(this.userID);
        this.userAttrs.put(attribute, hashSet);
        if (this.isDisclaimerExist) {
            return 18;
        }
        return registerNewUser();
    }

    private String getPassword(PasswordCallback passwordCallback) {
        char[] password = passwordCallback.getPassword();
        if (password == null) {
            password = new char[0];
        }
        char[] cArr = new char[password.length];
        System.arraycopy(password, 0, cArr, 0, password.length);
        return new String(cArr);
    }

    private void replacePasswordPrompt(PasswordCallback passwordCallback, int i, int i2, String str) throws AuthLoginException {
        String prompt = passwordCallback.getPrompt();
        boolean isEchoOn = passwordCallback.isEchoOn();
        int indexOf = prompt.indexOf("#REPLACE#");
        replaceCallback(i, i2, new PasswordCallback(new StringBuffer().append(prompt.substring(0, indexOf)).append(str).append(prompt.substring(indexOf + 9)).toString(), isEchoOn));
    }

    private Set getCallbackFieldValues(Callback callback) {
        HashSet hashSet = new HashSet();
        if (callback instanceof NameCallback) {
            String name = ((NameCallback) callback).getName();
            if (name != null && !name.equals("")) {
                hashSet.add(name);
            }
        } else if (callback instanceof PasswordCallback) {
            String password = getPassword((PasswordCallback) callback);
            if (password != null && !password.equals("")) {
                hashSet.add(password);
            }
        } else if (callback instanceof ChoiceCallback) {
            String[] choices = ((ChoiceCallback) callback).getChoices();
            for (int i : ((ChoiceCallback) callback).getSelectedIndexes()) {
                hashSet.add(choices[i]);
            }
        }
        return hashSet;
    }

    private String getCallbackFieldValue(Callback callback) {
        Iterator it = getCallbackFieldValues(callback).iterator();
        if (it.hasNext()) {
            return (String) it.next();
        }
        return null;
    }

    private ArrayList getNonExistingUserIDs(Set set) throws IdRepoException, SSOException {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!userExists(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private synchronized void addOrg() {
        orgHash.add(getRequestOrg());
    }

    private synchronized void removeOrg() {
        orgHash.remove(getRequestOrg());
    }

    private boolean userExists(String str) throws IdRepoException, SSOException {
        IdSearchResults searchIdentities = getAMIdentityRepository(getRequestOrg()).searchIdentities(IdType.USER, str, null, true, 0, 0, null, true);
        Set set = Collections.EMPTY_SET;
        if (searchIdentities != null) {
            set = searchIdentities.getSearchResults();
        }
        return !set.isEmpty();
    }

    static {
        if (debug == null) {
            debug = Debug.getInstance(amAuthMembership);
        }
        initSystemProperties();
    }
}
