package com.sun.management.viperimpl.services.authentication.server;

import com.sun.management.viper.VException;
import com.sun.management.viper.VIdentity;
import com.sun.management.viper.services.AuthenticationException;
import com.sun.management.viper.services.AuthenticationFlavor;
import com.sun.management.viper.services.Log;
import com.sun.management.viper.util.Debug;
import com.sun.management.viperimpl.services.authentication.AuthenticationLoginException;
import com.sun.management.viperimpl.services.authentication.AuthenticationPrincipal;
import com.sun.management.viperimpl.services.authentication.AuthenticationRequest;
import com.sun.management.viperimpl.services.authentication.AuthenticatorSecurityToken;
import com.sun.management.viperimpl.services.authentication.CloseSecurityToken;
import com.sun.management.viperimpl.services.authentication.ConfirmSecurityToken;
import com.sun.management.viperimpl.services.authentication.NoSecureSessionException;
import com.sun.management.viperimpl.services.authentication.RequestSecurityToken;
import com.sun.management.viperimpl.services.authentication.ResponseSecurityToken;
import com.sun.management.viperimpl.services.authentication.RetryLimitExceededException;
import com.sun.management.viperimpl.services.authentication.SecurityContext;
import com.sun.management.viperimpl.services.authentication.SecurityToken;
import com.sun.management.viperimpl.util.Timer;
import com.sun.management.viperimpl.util.TimerTask;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Properties;
import java.util.Vector;

/* loaded from: input_file:121308-02/SUNWmccom/reloc/usr/sadm/lib/smc/lib/server_rt.jar:com/sun/management/viperimpl/services/authentication/server/AuthenticationService.class */
public class AuthenticationService {
    private static final String AUTH_PACKAGE = AuthenticationService.class.getPackage().getName();
    private static final String AUTH_FACTORY_CLASSNAME = "ServerSecurityFactory";
    private static final String AUTH_SERVICE_RESOURCES = "AuthenticationServiceResources";
    private static final long AUTH_FAILURE_DELAY = 2000;
    private static int dfltType;
    private static Hashtable factTable;
    private static Hashtable sessTable;
    private static Log logsvc;
    private static long htbtPeriod;
    private static int maxRetries;
    private static long penalty_ms;
    private static Vector failedAttempts;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:121308-02/SUNWmccom/reloc/usr/sadm/lib/smc/lib/server_rt.jar:com/sun/management/viperimpl/services/authentication/server/AuthenticationService$AttemptRecord.class */
    public static class AttemptRecord {
        static final long LIFE_TIME = 600000;
        String clientVMID;
        int failCounter = 0;
        long lastFailedAt = 0;

        AttemptRecord(String str) {
            this.clientVMID = str;
        }
    }

    public static void init(Properties properties, Log log) throws AuthenticationException {
        String property;
        logsvc = log;
        String[] authFlavors = AuthenticationFlavor.getAuthFlavors();
        if (authFlavors.length < 1) {
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "No authentication flavors configured", (Throwable) null);
            throw new AuthenticationException("NoFlavorConfiged");
        }
        String str = AUTH_PACKAGE + ".";
        factTable = new Hashtable();
        for (int i = 0; i < authFlavors.length; i++) {
            String str2 = str + authFlavors[i] + AUTH_FACTORY_CLASSNAME;
            try {
                ServerSecurityFactory serverSecurityFactory = (ServerSecurityFactory) Class.forName(str2).newInstance();
                serverSecurityFactory.init(properties);
                factTable.put(new Integer(i), serverSecurityFactory);
            } catch (Exception e) {
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Cannot create new instance of security factory " + str2, e);
                throw new AuthenticationException("Cannot create new instance of security factory ", str2, e);
            }
        }
        int i2 = -1;
        if (properties != null && (property = properties.getProperty("auth.flavor.default")) != null) {
            i2 = AuthenticationFlavor.checkAuthFlavor(property);
        }
        if (i2 < 0) {
            i2 = AuthenticationFlavor.getDefaultAuthType();
        }
        if (((ServerSecurityFactory) factTable.get(new Integer(i2))) == null) {
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "No default authentication flavor is configured", (Throwable) null);
            throw new AuthenticationException("No default authentication flavor is configured");
        }
        dfltType = i2;
        String property2 = properties != null ? properties.getProperty("auth.retry.max") : null;
        if (property2 == null) {
            property2 = "5";
        }
        try {
            maxRetries = Integer.parseInt(property2);
        } catch (NumberFormatException e2) {
            maxRetries = 5;
        }
        String property3 = properties != null ? properties.getProperty("auth.retry.delay") : null;
        if (property3 == null) {
            property3 = "30";
        }
        try {
            penalty_ms = Long.parseLong(property3) * 1000;
        } catch (NumberFormatException e3) {
            penalty_ms = 30000L;
        }
        String property4 = properties != null ? properties.getProperty("auth.heartbeat.period") : null;
        if (property4 == null) {
            property4 = "900";
        }
        try {
            htbtPeriod = Long.parseLong(property4) * 1000;
        } catch (NumberFormatException e4) {
            htbtPeriod = 900000L;
        }
        failedAttempts = new Vector();
        sessTable = new Hashtable();
        if (htbtPeriod >= 0) {
            new Timer(true).schedule(new TimerTask() { // from class: com.sun.management.viperimpl.services.authentication.server.AuthenticationService.1
                @Override // com.sun.management.viperimpl.util.TimerTask, java.lang.Runnable
                public void run() {
                    long currentTimeMillis = System.currentTimeMillis();
                    Enumeration elements = AuthenticationService.sessTable.elements();
                    while (elements.hasMoreElements()) {
                        ServerSecurityContext serverSecurityContext = (ServerSecurityContext) elements.nextElement();
                        if (currentTimeMillis - serverSecurityContext.getHeartbeatTime() >= 2 * AuthenticationService.htbtPeriod) {
                            AuthenticationService.sessTable.remove(new Long(serverSecurityContext.getSecurityId()));
                            AuthenticationService.writeLog(serverSecurityContext, 300, "LMS_SessionClosed", "LMD_SessionTimeout", null);
                        }
                    }
                }
            }, htbtPeriod, htbtPeriod / 10);
        }
    }

    public static ServerSecurityContext getSecurityContext() throws AuthenticationException {
        return createSecurityContext(dfltType);
    }

    public static ServerSecurityContext getSecurityContext(AuthenticationFlavor authenticationFlavor) throws AuthenticationException {
        return createSecurityContext(authenticationFlavor.getAuthType());
    }

    public static ServerSecurityContext lookupSecurityContext(SecurityToken securityToken) throws AuthenticationException {
        return findSecurityContext(securityToken.getSecurityId());
    }

    public static SecurityToken authRequest(String str, SecurityToken securityToken) throws AuthenticationException {
        SecurityToken close;
        if (str == null) {
            throw new AuthenticationException("Invalid remote request type");
        }
        if (str.equals(AuthenticationRequest.AUTH_NEGOTIATE)) {
            close = negotiate(securityToken);
        } else if (str.equals(AuthenticationRequest.AUTH_AUTHENTICATE)) {
            close = authenticate(securityToken);
        } else if (str.equals(AuthenticationRequest.AUTH_HEARTBEAT)) {
            close = heartbeat(securityToken);
        } else {
            if (!str.equals(AuthenticationRequest.AUTH_CLOSE)) {
                throw new AuthenticationException("Invalid remote request type");
            }
            close = close(securityToken);
        }
        return close;
    }

    private static ResponseSecurityToken negotiate(SecurityToken securityToken) throws AuthenticationException {
        boolean z;
        try {
            RequestSecurityToken requestSecurityToken = (RequestSecurityToken) securityToken;
            String str = "";
            AuthenticationPrincipal authPrincipal = requestSecurityToken.getAuthPrincipal();
            if (authPrincipal != null) {
                str = authPrincipal.getUserName();
                if (authPrincipal.getRoleName() != null) {
                    str = str + " (in role " + authPrincipal.getRoleName() + ")";
                }
            }
            String clientHost = requestSecurityToken.getClientHost();
            int versionNumber = requestSecurityToken.getVersionNumber();
            if (versionNumber != 1) {
                String num = new Integer(versionNumber).toString();
                String num2 = new Integer(1).toString();
                writeLog(400, "LMS_SvcError", "LMD_VersionMismatch", new String[]{str, clientHost, num, num2});
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Incompatible token version numbers: " + num + " " + num2, (Throwable) null);
                throw new AuthenticationException("Incompatible token version numbers", num, num2);
            }
            ServerSecurityContext serverSecurityContext = null;
            AuthenticationFlavor authFlavor = requestSecurityToken.getAuthFlavor();
            try {
                serverSecurityContext = getSecurityContext(authFlavor);
                z = serverSecurityContext.verifyAuthFlavor(authFlavor);
            } catch (Exception e) {
                e.printStackTrace();
                z = false;
            }
            if (!z) {
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Incompatible authentication flavors", (Throwable) null);
                throw new AuthenticationException("Incompatible flavors");
            }
            try {
                long genSecurityId = genSecurityId();
                serverSecurityContext.setSecurityId(genSecurityId);
                serverSecurityContext.setClientVersion(versionNumber);
                serverSecurityContext.setClientVMID(requestSecurityToken.getClientVMID());
                try {
                    ResponseSecurityToken verifyRequestToken = serverSecurityContext.verifyRequestToken(requestSecurityToken);
                    addSecurityContext(genSecurityId, serverSecurityContext);
                    return verifyRequestToken;
                } catch (VException e2) {
                    Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Session connect: Exception verifying request: " + e2.getMessage(), e2);
                    throw new AuthenticationException("Unexpected error verifying response", e2);
                } catch (AuthenticationException e3) {
                    checkRetriesOnFail(serverSecurityContext);
                    throw e3;
                }
            } catch (VException e4) {
                writeLog(serverSecurityContext, 400, "LMS_SvcError", "LMD_NoSessionId", null);
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Session connect: Unable to generate sesion identifier", e4);
                throw new AuthenticationException("Cannot generate session identifier");
            }
        } catch (Exception e5) {
            throw new AuthenticationException("Invalid input security token type");
        }
    }

    private static ConfirmSecurityToken authenticate(SecurityToken securityToken) throws AuthenticationException {
        try {
            AuthenticatorSecurityToken authenticatorSecurityToken = (AuthenticatorSecurityToken) securityToken;
            long securityId = authenticatorSecurityToken.getSecurityId();
            ServerSecurityContext findSecurityContext = findSecurityContext(securityId);
            if (findSecurityContext == ((ServerSecurityContext) null)) {
                writeLog(400, "LMS_SessionOpened", "LMD_BadSecondStep", new String[]{new Long(securityId).toString()});
                throw new NoSecureSessionException();
            }
            try {
                ConfirmSecurityToken verifyAuthenticatorToken = findSecurityContext.verifyAuthenticatorToken(authenticatorSecurityToken);
                findSecurityContext.setHeartbeatTime();
                String userName = findSecurityContext.getAuthPrincipal().getUserName();
                if (findSecurityContext.getAuthPrincipal().getRoleName() != null) {
                    String str = userName + " (in role " + findSecurityContext.getAuthPrincipal().getRoleName() + ")";
                }
                writeLog(findSecurityContext, 100, "LMS_SessionOpened", "LMD_LoginSuccessful", null);
                return verifyAuthenticatorToken;
            } catch (AuthenticationLoginException e) {
                checkRetriesOnFail(findSecurityContext);
                throw e;
            } catch (AuthenticationException e2) {
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Unexpected error verifying authenticator: " + e2.getMessage(), e2);
                checkRetriesOnFail(findSecurityContext);
                throw new AuthenticationException("Error authenticating user", e2);
            }
        } catch (Exception e3) {
            throw new AuthenticationException("Invalid input security token type");
        }
    }

    private static void checkRetriesOnFail(ServerSecurityContext serverSecurityContext) throws RetryLimitExceededException {
        long j = 2000;
        boolean z = false;
        long currentTimeMillis = System.currentTimeMillis();
        AttemptRecord attemptRecord = null;
        for (int size = failedAttempts.size() - 1; size >= 0; size--) {
            AttemptRecord attemptRecord2 = (AttemptRecord) failedAttempts.elementAt(size);
            if (currentTimeMillis - attemptRecord2.lastFailedAt > 600000) {
                failedAttempts.remove(size);
            } else if (attemptRecord2.clientVMID.equals(serverSecurityContext.getClientVMID())) {
                attemptRecord = attemptRecord2;
            }
        }
        if (attemptRecord == null) {
            attemptRecord = new AttemptRecord(serverSecurityContext.getClientVMID());
            failedAttempts.add(attemptRecord);
        }
        attemptRecord.lastFailedAt = currentTimeMillis;
        attemptRecord.failCounter++;
        if (attemptRecord.failCounter == maxRetries) {
            serverSecurityContext.auditRetryLimitExceeded(serverSecurityContext.getClientHost(), new VIdentity(serverSecurityContext.getClientVMID()), null);
            z = true;
        } else if (attemptRecord.failCounter > maxRetries) {
            z = true;
            j = AUTH_FAILURE_DELAY + penalty_ms;
        }
        removeSecurityContext(serverSecurityContext.getSecurityId());
        try {
            Thread.currentThread();
            Thread.sleep(j);
        } catch (InterruptedException e) {
        }
        if (z) {
            throw new RetryLimitExceededException();
        }
    }

    private static SecurityToken heartbeat(SecurityToken securityToken) throws AuthenticationException {
        ServerSecurityContext findSecurityContext;
        if (securityToken == null || (findSecurityContext = findSecurityContext(securityToken.getSecurityId())) == null) {
            return null;
        }
        findSecurityContext.setHeartbeatTime();
        return null;
    }

    private static SecurityToken close(SecurityToken securityToken) throws AuthenticationException {
        long j;
        int defaultAuthType;
        ServerSecurityContext serverSecurityContext = null;
        if (securityToken != null) {
            j = securityToken.getSecurityId();
            defaultAuthType = securityToken.getAuthType();
            serverSecurityContext = findSecurityContext(j);
        } else {
            j = 0;
            defaultAuthType = AuthenticationFlavor.getDefaultAuthType();
        }
        if (serverSecurityContext != null) {
            writeLog(serverSecurityContext, 100, "LMS_SessionClosed", "LMD_LogoutSuccessful", null);
            removeSecurityContext(j);
        }
        return new CloseSecurityToken(defaultAuthType, j);
    }

    private static synchronized ServerSecurityContext createSecurityContext(int i) throws AuthenticationException {
        ServerSecurityFactory serverSecurityFactory = (ServerSecurityFactory) factTable.get(new Integer(i));
        if (serverSecurityFactory == null) {
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Request to create security context for non-existent flavor" + i, (Throwable) null);
            throw new AuthenticationException("Request to create security context for non-existent authentication type ", new Integer(i));
        }
        ServerSecurityContext serverSecurityContext = serverSecurityFactory.getServerSecurityContext();
        if (serverSecurityContext != null) {
            serverSecurityContext.setLogService(logsvc);
        }
        return serverSecurityContext;
    }

    private static synchronized long genSecurityId() throws AuthenticationException {
        long currentTimeMillis = System.currentTimeMillis();
        if (!sessTable.isEmpty()) {
            int i = 0;
            while (i < 5 && sessTable.contains(new Long(currentTimeMillis))) {
                currentTimeMillis++;
                i++;
            }
            if (i == 5) {
                throw new AuthenticationException("EXM_NID");
            }
        }
        return currentTimeMillis;
    }

    private static synchronized ServerSecurityContext findSecurityContext(long j) {
        ServerSecurityContext serverSecurityContext = null;
        if (j != 0) {
            serverSecurityContext = (ServerSecurityContext) sessTable.get(new Long(j));
        }
        return serverSecurityContext;
    }

    private static synchronized void addSecurityContext(long j, ServerSecurityContext serverSecurityContext) {
        if (j != 0) {
            sessTable.put(new Long(j), serverSecurityContext);
        }
    }

    private static synchronized void removeSecurityContext(long j) {
        if (j != 0) {
            sessTable.remove(new Long(j));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void writeLog(ServerSecurityContext serverSecurityContext, int i, String str, String str2, String str3) {
        String[] strArr;
        if (serverSecurityContext == null) {
            return;
        }
        String str4 = null;
        AuthenticationPrincipal authPrincipal = serverSecurityContext.getAuthPrincipal();
        if (authPrincipal != null) {
            str4 = authPrincipal.getUserName();
            if (authPrincipal.getRoleName() != null) {
                str4 = str4 + " (in role " + authPrincipal.getRoleName() + ")";
            }
        }
        String clientHost = serverSecurityContext.getClientHost();
        long securityId = serverSecurityContext.getSecurityId();
        if (str3 == null) {
            strArr = new String[3];
        } else {
            strArr = new String[4];
            strArr[3] = str3;
        }
        strArr[0] = str4;
        strArr[1] = clientHost;
        strArr[2] = Long.toString(securityId);
        writeLog(i, str, str2, strArr);
    }

    private static void writeLog(int i, String str, String str2, String[] strArr) {
        if (logsvc != null) {
            try {
                logsvc.writeLog(SecurityContext.AUTH_LOG_SERVICE_NAME, "security", i, str, str2, strArr, AUTH_PACKAGE + "." + AUTH_SERVICE_RESOURCES, (String) null);
            } catch (Exception e) {
            }
        }
    }
}
