package com.sun.portal.search.rdmserver;

import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.am.util.AdminUtils;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.security.AdminDNAction;
import com.sun.identity.security.DecryptAction;
import com.sun.portal.search.db.RDMSecurityManager;
import com.sun.portal.search.db.SToken;
import com.sun.portal.search.rdm.RDMRequest;
import com.sun.portal.search.soif.SOIF;
import com.sun.portal.search.util.SearchConfig;
import com.sun.portal.search.util.SearchLogger;
import com.sun.portal.util.SSOUtil;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:121914-03/SUNWportal-search/reloc/SUNWportal/export/rdm.war:WEB-INF/lib/searchserver.jar:com/sun/portal/search/rdmserver/DSameSecurityManager.class */
public class DSameSecurityManager extends RDMSecurityManager {
    static final String ADMIN_CN = "cn=Top-level Admin Role";
    static boolean group_support = false;
    static String role_admin = null;

    public DSameSecurityManager() {
        String substring;
        String value = SearchConfig.getValue(SearchConfig.SECSUPERADMIN);
        if (value != null) {
            role_admin = value;
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0027", role_admin);
        } else {
            String str = SystemProperties.get("com.iplanet.am.rootsuffix");
            if (str != null) {
                substring = new StringBuffer().append(",").append(str).toString();
            } else {
                String adminDN = AdminUtils.getAdminDN();
                SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0028", adminDN);
                int lastIndexOf = adminDN != null ? adminDN.lastIndexOf(",") : 0;
                substring = lastIndexOf > 0 ? adminDN.substring(lastIndexOf) : ",o=isp";
            }
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0029", substring);
            role_admin = new StringBuffer().append("cn=Top-level Admin Role").append(substring).toString();
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0030", role_admin);
        }
        String value2 = SearchConfig.getValue(SearchConfig.SECDSAME);
        if (value2 != null && value2.compareToIgnoreCase("ON") == 0) {
            group_support = true;
        }
        if (SearchLogger.getLogger().isLoggable(Level.FINEST)) {
            Enumeration<?> propertyNames = SystemProperties.getAll().propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str2 = (String) propertyNames.nextElement();
                SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0031", new Object[]{str2, SystemProperties.get(str2)});
            }
        }
    }

    private boolean check_list(SOIF soif, Set set) {
        boolean z = true;
        int i = 0;
        while (true) {
            String value = soif.getValue("readacl", i);
            if (value == null) {
                break;
            }
            z = false;
            if (set.contains(value)) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private String set_dn_string(Set set) {
        if (set == null) {
            return "";
        }
        String str = "";
        Iterator it = set.iterator();
        while (it.hasNext()) {
            str = new StringBuffer().append(str).append(",").append(it.next().toString()).toString();
        }
        return str;
    }

    private String add_list(Set set) {
        if (set == null) {
            return "";
        }
        String str = "";
        Iterator it = set.iterator();
        while (it.hasNext()) {
            str = new StringBuffer().append(str).append(" or (ReadACL = \"").append(it.next().toString()).append("\")").toString();
        }
        return str;
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public String toString() {
        return "DSame -SecMgr";
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean initRDMSToken(Object obj, RDMRequest rDMRequest) throws Exception {
        return init_RDMSToken((HttpServletRequest) obj, rDMRequest);
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean initRDMSToken(RDMRequest rDMRequest) throws Exception {
        SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
        SSOToken sSOToken = null;
        String user = rDMRequest.getHeader().getUser();
        String password = rDMRequest.getHeader().getPassword();
        String accessToken = rDMRequest.getHeader().getAccessToken();
        if (user != null) {
            if (password == null) {
                password = "";
            }
            try {
                sSOToken = SSOUtil.createSSOToken(user, password);
            } catch (SSOException e) {
            }
        } else if (accessToken != null) {
            try {
                sSOToken = sSOTokenManager.createSSOToken(accessToken);
            } catch (SSOException e2) {
            }
        }
        if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
            return false;
        }
        rDMRequest.setSToken(new SToken(sSOToken, true, true));
        return super.initRDMSToken(rDMRequest);
    }

    private boolean init_RDMSToken(HttpServletRequest httpServletRequest, RDMRequest rDMRequest) throws Exception {
        if (rDMRequest.getSToken() == null) {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken sSOToken = null;
            try {
                sSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            } catch (SSOException e) {
            }
            if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
                String user = rDMRequest.getHeader().getUser();
                String password = rDMRequest.getHeader().getPassword();
                String accessToken = rDMRequest.getHeader().getAccessToken();
                if (user != null) {
                    try {
                        sSOToken = SSOUtil.createSSOToken(user, password == null ? "" : new String(AccessController.doPrivileged((PrivilegedAction) new DecryptAction(password)).toString()));
                    } catch (SSOException e2) {
                    }
                } else if (accessToken != null) {
                    try {
                        sSOToken = sSOTokenManager.createSSOToken(accessToken);
                    } catch (SSOException e3) {
                        try {
                            sSOToken = SSOUtil.createSSOToken((String) AccessController.doPrivileged((PrivilegedAction) new AdminDNAction()), new String(AccessController.doPrivileged((PrivilegedAction) new DecryptAction(accessToken)).toString()));
                        } catch (SSOException e4) {
                        }
                    }
                }
            }
            if (sSOToken != null && sSOTokenManager.isValidToken(sSOToken)) {
                SToken sToken = new SToken(sSOToken, true, true);
                String parameter = httpServletRequest.getParameter("proxyDN");
                if (parameter != null) {
                    sToken.setProxyDN(parameter);
                }
                rDMRequest.setSToken(sToken);
            }
        }
        return super.initRDMSToken(rDMRequest);
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public SOIF filter(SToken sToken, SOIF soif) throws Exception {
        SOIF filter = super.filter(sToken, soif);
        if (filter == null) {
            return null;
        }
        if (sToken == null || sToken.getNativeToken() == null) {
            if (filter.contains("readacl")) {
                return null;
            }
            return filter;
        }
        if (!sToken.getCheckDB()) {
            return filter;
        }
        SSOToken sSOToken = (SSOToken) sToken.getNativeToken();
        String name = sSOToken.getPrincipal().getName();
        if (name.equals(AdminUtils.getAdminDN())) {
            if (!sToken.isProxy()) {
                return filter;
            }
            name = sToken.getProxyDN();
        }
        AMUser user = new AMStoreConnection(sSOToken).getUser(name);
        boolean z = true;
        Set roleDNs = user.getRoleDNs();
        if ("true".equals(SearchConfig.getValue(SearchConfig.SECDSAME_USE_FILTERED_ROLES))) {
            roleDNs.addAll(user.getFilteredRoleDNs());
        }
        if (roleDNs.contains(role_admin)) {
            return filter;
        }
        Set set = null;
        Set set2 = null;
        if (group_support) {
            set = user.getStaticGroupDNs();
            set2 = user.getAssignableDynamicGroupDNs();
        }
        int i = 0;
        while (true) {
            if (filter == null) {
                z = false;
                break;
            }
            String value = filter.getValue("readacl", i);
            if (value == null) {
                break;
            }
            z = false;
            if (name.compareTo(value) == 0 || ((roleDNs != null && roleDNs.contains(value)) || (group_support && ((set != null && set.contains(value)) || (set2 != null && set2.contains(value)))))) {
                break;
            }
            i++;
        }
        z = true;
        if (z) {
            return filter;
        }
        return null;
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean checkSecurity() {
        return true;
    }

    private void checkRoleAdmin(AMStoreConnection aMStoreConnection, String str) throws Exception {
        String substring;
        if (role_admin == null) {
            Set topLevelContainers = aMStoreConnection.getTopLevelContainers();
            if (topLevelContainers.size() > 0) {
                substring = set_dn_string(topLevelContainers);
            } else {
                int lastIndexOf = str.lastIndexOf(",");
                substring = lastIndexOf > 0 ? str.substring(lastIndexOf) : ",o=isp";
            }
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0032", new Object[]{substring, new Integer(topLevelContainers.size())});
            role_admin = new StringBuffer().append("cn=Top-level Admin Role").append(substring).toString();
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0033", role_admin);
        }
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public String qualify_Nova_Query(SToken sToken, String str) throws Exception {
        String stringBuffer;
        AMUser user;
        Set roleDNs;
        String qualify_Nova_Query = super.qualify_Nova_Query(sToken, str);
        if (sToken == null || sToken.getNativeToken() == null) {
            return new StringBuffer().append("(").append(qualify_Nova_Query).append(") <AND> (ReadACL=\"\")").toString();
        }
        sToken.setCheckDB(false);
        SSOToken sSOToken = (SSOToken) sToken.getNativeToken();
        String name = sSOToken.getPrincipal().getName();
        if (name.equals(AdminUtils.getAdminDN())) {
            if (!sToken.isProxy()) {
                return qualify_Nova_Query;
            }
            name = sToken.getProxyDN();
        }
        try {
            user = new AMStoreConnection(sSOToken).getUser(name);
            roleDNs = user.getRoleDNs();
            if ("true".equals(SearchConfig.getValue(SearchConfig.SECDSAME_USE_FILTERED_ROLES))) {
                roleDNs.addAll(user.getFilteredRoleDNs());
            }
        } catch (SSOException e) {
            SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0035");
            stringBuffer = new StringBuffer().append("(").append(qualify_Nova_Query).append(") <AND> (ReadACL=\"\")").toString();
        }
        if (roleDNs.contains(role_admin) && !sToken.isProxy()) {
            return qualify_Nova_Query;
        }
        String stringBuffer2 = new StringBuffer().append("").append(add_list(roleDNs)).toString();
        if (group_support) {
            stringBuffer2 = new StringBuffer().append(new StringBuffer().append(stringBuffer2).append(add_list(user.getStaticGroupDNs())).toString()).append(add_list(user.getAssignableDynamicGroupDNs())).toString();
        }
        stringBuffer = stringBuffer2.length() > 3 ? new StringBuffer().append("(").append(qualify_Nova_Query).append(") <AND> ( (ReadACL = \"\") or (ReadACL = \"").append(name).append("\")").append(stringBuffer2).append(")").toString() : new StringBuffer().append("(").append(qualify_Nova_Query).append(") <AND> ( (ReadACL = \"\") or (ReadACL = \"").append(name).append("\") )").toString();
        SearchLogger.getLogger().log(Level.FINEST, "PSSH_CSPSRDMS0034", stringBuffer);
        return stringBuffer;
    }
}
