package com.metamatrix.platform.security.membership.service;

import com.metamatrix.api.exception.security.InvalidUserException;
import com.metamatrix.api.exception.security.LogonException;
import com.metamatrix.api.exception.security.MembershipServiceException;
import com.metamatrix.api.exception.security.UnsupportedCredentialException;
import com.metamatrix.common.config.CurrentConfiguration;
import com.metamatrix.common.config.api.AuthenticationProvider;
import com.metamatrix.common.config.model.ComponentCryptoUtil;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.util.crypto.CryptoException;
import com.metamatrix.common.util.crypto.CryptoUtil;
import com.metamatrix.core.util.StringUtil;
import com.metamatrix.platform.PlatformPlugin;
import com.metamatrix.platform.security.api.Credentials;
import com.metamatrix.platform.security.api.MetaMatrixPrincipal;
import com.metamatrix.platform.security.api.MetaMatrixSessionInfo;
import com.metamatrix.platform.security.api.service.MembershipServiceInterface;
import com.metamatrix.platform.security.membership.BasicMetaMatrixPrincipal;
import com.metamatrix.platform.security.membership.spi.MembershipDomain;
import com.metamatrix.platform.security.membership.spi.MembershipSourceException;
import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.platform.service.api.exception.ServiceStateException;
import com.metamatrix.platform.service.controller.AbstractService;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.SocketAddress;
import java.net.URL;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:com/metamatrix/platform/security/membership/service/MembershipServiceImpl.class */
public class MembershipServiceImpl extends AbstractService implements MembershipServiceInterface {
    private String adminCredentials;
    private Pattern allowedAddresses;
    private List domains = new ArrayList();
    private String adminUsername = MembershipServiceInterface.DEFAULT_ADMIN_USERNAME;
    private boolean isSecurityEnabled = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/metamatrix/platform/security/membership/service/MembershipServiceImpl$MembershipDomainHolder.class */
    public static class MembershipDomainHolder {
        private MembershipDomain membershipDomain;
        private String domainName;

        public MembershipDomainHolder(MembershipDomain membershipDomain, String str) {
            this.membershipDomain = membershipDomain;
            this.domainName = str;
        }

        public String getDomainName() {
            return this.domainName;
        }

        public MembershipDomain getMembershipDomain() {
            return this.membershipDomain;
        }
    }

    protected void initService(Properties properties) throws ServiceException {
        AuthenticationProvider authenticationProvider;
        this.adminUsername = properties.getProperty(MembershipServiceInterface.ADMIN_USERNAME, MembershipServiceInterface.DEFAULT_ADMIN_USERNAME);
        this.adminCredentials = properties.getProperty(MembershipServiceInterface.ADMIN_PASSWORD);
        if (this.adminCredentials == null || this.adminCredentials.length() == 0) {
            throw new ServiceException(PlatformPlugin.Util.getString("MembershipServiceImpl.Root_password_required"));
        }
        String property = properties.getProperty(MembershipServiceInterface.ADMIN_HOSTS);
        if (property != null && property.length() > 0) {
            this.allowedAddresses = Pattern.compile(property);
        }
        this.isSecurityEnabled = Boolean.valueOf(properties.getProperty(MembershipServiceInterface.SECURITY_ENABLED)).booleanValue();
        LogManager.logDetail("MEMBERSHIP", "Security Enabled: " + this.isSecurityEnabled);
        try {
            this.adminCredentials = new String(CryptoUtil.stringDecrypt(this.adminCredentials.toCharArray()));
            String property2 = properties.getProperty(MembershipServiceInterface.DOMAIN_ORDER);
            if (property2 == null || property2.trim().length() == 0) {
                return;
            }
            Iterator it = StringUtil.split(property2, ",").iterator();
            while (it.hasNext()) {
                String trim = ((String) it.next()).trim();
                MembershipDomain membershipDomain = null;
                try {
                    authenticationProvider = CurrentConfiguration.getConfiguration().getAuthenticationProvider(trim);
                } catch (Throwable th) {
                    String string = PlatformPlugin.Util.getString("ERR.014.407.0021", trim);
                    LogManager.logCritical("MEMBERSHIP", th, string);
                    setInitException(new ServiceException(th, string));
                }
                if (authenticationProvider != null) {
                    Properties decryptedProperties = ComponentCryptoUtil.getDecryptedProperties(authenticationProvider);
                    if (Boolean.valueOf(decryptedProperties.getProperty(MembershipServiceInterface.DOMAIN_ACTIVE)).booleanValue()) {
                        membershipDomain = createDomain(trim, decryptedProperties);
                    } else {
                        LogManager.logDetail("MEMBERSHIP", "Skipping initilization of inactive domain " + trim);
                    }
                }
                LogManager.logInfo("MEMBERSHIP", PlatformPlugin.Util.getString("MSG.014.407.0005", trim));
                if (membershipDomain != null) {
                    this.domains.add(new MembershipDomainHolder(membershipDomain, trim));
                }
            }
        } catch (CryptoException e) {
            LogManager.logCritical("MEMBERSHIP", e, PlatformPlugin.Util.getString("MembershipServiceImpl.Root_password_decryption_failed"));
            throw new ServiceException(e);
        }
    }

    protected void closeService() throws Exception {
        String instanceName = getInstanceName();
        LogManager.logInfo("MEMBERSHIP", PlatformPlugin.Util.getString("MSG.014.407.0001", instanceName));
        shutdownDomains();
        LogManager.logInfo("MEMBERSHIP", PlatformPlugin.Util.getString("MSG.014.407.0002", instanceName));
    }

    private MembershipDomain createDomain(String str, Properties properties) throws ServiceException {
        String property = properties.getProperty("AuthDomainClass");
        if (property == null || property.length() <= 0) {
            throw new ServiceException("ERR.014.407.0024", PlatformPlugin.Util.getString("ERR.014.407.0024", str));
        }
        try {
            MembershipDomain membershipDomain = (MembershipDomain) Class.forName(property).newInstance();
            properties.setProperty(MembershipServiceInterface.DOMAIN_NAME, str);
            String property2 = properties.getProperty(MembershipServiceInterface.DOMAIN_PROPERTIES);
            if (property2 != null) {
                properties.putAll(loadFile(property2, membershipDomain.getClass()));
            }
            membershipDomain.initialize(properties);
            return membershipDomain;
        } catch (Throwable th) {
            throw new ServiceException(th, "ERR.014.407.0023", PlatformPlugin.Util.getString("ERR.014.407.0023", property));
        }
    }

    private void shutdownDomains() {
        if (isClosed()) {
            return;
        }
        Iterator it = this.domains.iterator();
        while (it.hasNext()) {
            try {
                ((MembershipDomainHolder) it.next()).getMembershipDomain().shutdown();
            } catch (Exception e) {
                LogManager.logError("MEMBERSHIP", e, "ERR.014.407.0026");
            }
        }
        this.domains.clear();
    }

    protected void waitForServiceToClear() throws Exception {
        shutdownDomains();
    }

    protected void killService() {
        shutdownDomains();
    }

    void setAllowedAddresses(Pattern pattern) {
        this.allowedAddresses = pattern;
    }

    void setAdminCredentials(String str) {
        this.adminCredentials = str;
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public Serializable authenticateUser(String str, Credentials credentials, Serializable serializable, String str2) throws ServiceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"authenticateUser", str, str2});
        if (credentials != null) {
            String str3 = new String(credentials.getCredentialsAsCharArray());
            if (CryptoUtil.isEncryptionEnabled() && CryptoUtil.isValueEncrypted(str3)) {
                try {
                    credentials = new Credentials(CryptoUtil.stringDecrypt(str3.toCharArray()));
                } catch (CryptoException e) {
                    LogManager.logWarning("MEMBERSHIP", e, PlatformPlugin.Util.getString("MembershipServiceImpl.Decrypt_failed", str));
                }
            }
        }
        if (isSuperUser(str) || !this.isSecurityEnabled) {
            if (this.isSecurityEnabled && this.allowedAddresses != null) {
                SocketAddress remoteSocketAddress = MetaMatrixSessionInfo.getRemoteSocketAddress();
                if (!(remoteSocketAddress instanceof InetSocketAddress)) {
                    LogManager.logWarning("MEMBERSHIP", PlatformPlugin.Util.getString("MembershipServiceImpl.unknown_host"));
                    return new FailedAuthenticationToken();
                }
                InetAddress address = ((InetSocketAddress) remoteSocketAddress).getAddress();
                if (!this.allowedAddresses.matcher(address.getHostAddress()).matches()) {
                    LogManager.logWarning("MEMBERSHIP", PlatformPlugin.Util.getString("MembershipServiceImpl.invalid_host", address.getHostAddress(), this.allowedAddresses.pattern()));
                    return new FailedAuthenticationToken();
                }
            }
            return (!this.isSecurityEnabled || (credentials != null && this.adminCredentials.equals(String.valueOf(credentials.getCredentialsAsCharArray())))) ? new SuccessfulAuthenticationToken(serializable, str) : new FailedAuthenticationToken();
        }
        String baseUsername = getBaseUsername(str);
        for (MembershipDomainHolder membershipDomainHolder : getDomainsForUser(str)) {
            try {
                SuccessfulAuthenticationToken authenticateUser = membershipDomainHolder.getMembershipDomain().authenticateUser(baseUsername, credentials, serializable, str2);
                if (authenticateUser == null) {
                    LogManager.logError("MEMBERSHIP", PlatformPlugin.Util.getString("MembershipServiceImpl.Null_authentication", membershipDomainHolder.getDomainName(), str));
                    return new FailedAuthenticationToken();
                }
                String escapeName = escapeName(authenticateUser.getUserName());
                String domainName = membershipDomainHolder.getDomainName();
                if (authenticateUser.getDomainName() != null) {
                    domainName = authenticateUser.getDomainName();
                }
                return new SuccessfulAuthenticationToken(authenticateUser.getPayload(), escapeName + MembershipServiceInterface.AT + domainName);
            } catch (MembershipSourceException e2) {
                LogManager.logError("MEMBERSHIP", e2, PlatformPlugin.Util.getString("MembershipServiceImpl.source_exception", membershipDomainHolder.getDomainName()));
            } catch (UnsupportedCredentialException e3) {
                LogManager.logDetail("MEMBERSHIP", e3, PlatformPlugin.Util.getString("MembershipServiceImpl.Unsupported_credentials", membershipDomainHolder.getDomainName(), str));
            } catch (LogonException e4) {
                LogManager.logWarning("MEMBERSHIP", e4, new Object[]{PlatformPlugin.Util.getString("MembershipServiceImpl.Logon_failed", membershipDomainHolder.getDomainName(), str)});
                return new FailedAuthenticationToken();
            } catch (InvalidUserException e5) {
                LogManager.logDetail("MEMBERSHIP", e5, PlatformPlugin.Util.getString("MembershipServiceImpl.Invalid_user", membershipDomainHolder.getDomainName(), str));
            }
        }
        LogManager.logDetail("MEMBERSHIP", PlatformPlugin.Util.getString("MembershipServiceImpl.Failed_authentication", str));
        return new FailedAuthenticationToken();
    }

    static String getBaseUsername(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        String str2 = str;
        if (qualifierIndex != -1) {
            str2 = str.substring(0, qualifierIndex);
        }
        return str2.replaceAll("\\\\@", MembershipServiceInterface.AT);
    }

    static String escapeName(String str) {
        return str == null ? str : str.replaceAll(MembershipServiceInterface.AT, "\\\\@");
    }

    static String getDomainName(String str) {
        if (str == null) {
            return str;
        }
        int qualifierIndex = getQualifierIndex(str);
        if (qualifierIndex != -1) {
            return str.substring(qualifierIndex + 1);
        }
        return null;
    }

    static int getQualifierIndex(String str) {
        int length = str.length();
        while (true) {
            int lastIndexOf = str.lastIndexOf(MembershipServiceInterface.AT, length - 1);
            length = lastIndexOf;
            if (lastIndexOf == -1) {
                return -1;
            }
            if (length > 0 && str.charAt(length - 1) != '\\') {
                return length;
            }
        }
    }

    private Collection getDomainsForUser(String str) throws ServiceException {
        if (str == null) {
            return this.domains;
        }
        if (isSuperUser(str) || !this.isSecurityEnabled) {
            return Collections.EMPTY_LIST;
        }
        String domainName = getDomainName(str);
        if (domainName == null) {
            return this.domains;
        }
        MembershipDomainHolder membershipDomainHolder = null;
        Iterator it = this.domains.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            MembershipDomainHolder membershipDomainHolder2 = (MembershipDomainHolder) it.next();
            if (domainName.equalsIgnoreCase(membershipDomainHolder2.getDomainName())) {
                membershipDomainHolder = membershipDomainHolder2;
                break;
            }
        }
        if (membershipDomainHolder == null) {
            return Collections.EMPTY_LIST;
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(membershipDomainHolder);
        return linkedList;
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public MetaMatrixPrincipal getPrincipalForUser(String str) throws MembershipServiceException, ServiceException, InvalidUserException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"getPrincipalForUser", str});
        if (isSuperUser(str) || !this.isSecurityEnabled) {
            return new BasicMetaMatrixPrincipal(str, 2, Collections.EMPTY_SET);
        }
        String baseUsername = getBaseUsername(str);
        Collection domainsForUser = getDomainsForUser(str);
        if (baseUsername == null || domainsForUser.size() != 1) {
            throw new InvalidUserException("ERR.014.407.0031", PlatformPlugin.Util.getString("ERR.014.407.0031", str));
        }
        MembershipDomainHolder membershipDomainHolder = (MembershipDomainHolder) domainsForUser.iterator().next();
        try {
            BasicMetaMatrixPrincipal basicMetaMatrixPrincipal = new BasicMetaMatrixPrincipal(str, 0, getDomainSpecificGroups(membershipDomainHolder.getMembershipDomain().getGroupNamesForUser(baseUsername), membershipDomainHolder.getDomainName()));
            LogManager.logTrace("MEMBERSHIP", new Object[]{"The user \"", str, "\" was obtained from domain \"", membershipDomainHolder.getDomainName(), "\""});
            return basicMetaMatrixPrincipal;
        } catch (InvalidUserException e) {
            String string = PlatformPlugin.Util.getString("MembershipServiceImpl.User_does_not_exist", str, membershipDomainHolder.getDomainName());
            LogManager.logError("MEMBERSHIP", e, string);
            throw new InvalidUserException(string);
        } catch (Throwable th) {
            String string2 = PlatformPlugin.Util.getString("MembershipServiceImpl.source_exception", membershipDomainHolder.getDomainName());
            LogManager.logError("MEMBERSHIP", th, string2);
            throw new MembershipServiceException(string2);
        }
    }

    private Set getDomainSpecificGroups(Set set, String str) {
        if (set == null) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(escapeName((String) it.next()) + MembershipServiceInterface.AT + str);
        }
        return hashSet;
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public Set getGroupsForUser(String str) throws MembershipServiceException, InvalidUserException, ServiceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"getGroupsForUser", str});
        return getPrincipalForUser(str).getGroupNames();
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n*** MembershipService: " + super.getInstanceName() + " ***\n");
        Iterator it = this.domains.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next().toString());
        }
        return stringBuffer.toString();
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public Set getGroupNames() throws ServiceException, RemoteException, MembershipServiceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"getGroupNames"});
        HashSet hashSet = new HashSet();
        for (MembershipDomainHolder membershipDomainHolder : this.domains) {
            try {
                hashSet.addAll(getDomainSpecificGroups(membershipDomainHolder.getMembershipDomain().getGroupNames(), membershipDomainHolder.getDomainName()));
            } catch (Throwable th) {
                String string = PlatformPlugin.Util.getString("MembershipServiceImpl.source_exception", membershipDomainHolder.getDomainName());
                LogManager.logError("MEMBERSHIP", th, string);
                throw new MembershipServiceException(string);
            }
        }
        return hashSet;
    }

    protected List getDomains() {
        return this.domains;
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public List getDomainNames() throws ServiceException, RemoteException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"getDomainNames"});
        ArrayList arrayList = new ArrayList();
        Iterator it = this.domains.iterator();
        while (it.hasNext()) {
            String domainName = ((MembershipDomainHolder) it.next()).getDomainName();
            if (domainName != null) {
                arrayList.add(domainName);
            }
        }
        return arrayList;
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public Set getGroupsForDomain(String str) throws ServiceException, RemoteException, MembershipServiceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{"getGroupsForDomain", str});
        MembershipDomainHolder membershipDomainHolder = null;
        for (MembershipDomainHolder membershipDomainHolder2 : this.domains) {
            String domainName = membershipDomainHolder2.getDomainName();
            if (domainName != null && domainName.equalsIgnoreCase(str)) {
                membershipDomainHolder = membershipDomainHolder2;
            }
        }
        if (membershipDomainHolder == null) {
            return Collections.EMPTY_SET;
        }
        try {
            return membershipDomainHolder.getMembershipDomain().getGroupNames();
        } catch (Throwable th) {
            String string = PlatformPlugin.Util.getString("MembershipServiceImpl.source_exception", membershipDomainHolder.getDomainName());
            LogManager.logError("MEMBERSHIP", th, string);
            throw new MembershipServiceException(string);
        }
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public boolean isSuperUser(String str) throws ServiceException {
        return this.adminUsername.equalsIgnoreCase(str);
    }

    @Override // com.metamatrix.platform.security.api.service.MembershipServiceInterface
    public boolean isSecurityEnabled() throws MembershipServiceException, ServiceException, RemoteException {
        return this.isSecurityEnabled;
    }

    public static Properties loadFile(String str, Class cls) throws ServiceStateException {
        Properties properties = new Properties();
        InputStream resourceAsStream = cls.getResourceAsStream(str);
        if (resourceAsStream == null) {
            try {
                resourceAsStream = new FileInputStream(str);
            } catch (FileNotFoundException e) {
                try {
                    resourceAsStream = new URL(str).openStream();
                } catch (MalformedURLException e2) {
                    throw new ServiceStateException(e, PlatformPlugin.Util.getString("MembershipServiceImpl.load_error", str));
                } catch (IOException e3) {
                    throw new ServiceStateException(e3, PlatformPlugin.Util.getString("MembershipServiceImpl.load_error", str));
                }
            }
        }
        try {
            try {
                properties.load(resourceAsStream);
                return properties;
            } finally {
                try {
                    resourceAsStream.close();
                } catch (IOException e4) {
                }
            }
        } catch (IOException e5) {
            throw new ServiceStateException(e5, PlatformPlugin.Util.getString("MembershipServiceImpl.load_error", str));
        }
    }
}
