package com.iplanet.xslui.auth;

import com.iplanet.xslui.tools.LDAPPool;
import com.iplanet.xslui.tools.PropertyReader;
import com.iplanet.xslui.ui.Logging;
import com.iplanet.xslui.ui.SessionConstants;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPException;

/* loaded from: input_file:118950-21/SUNWpssso/reloc/SUNWps/web-src/WEB-INF/lib/xslui.jar:com/iplanet/xslui/auth/LDAPAuthFilter.class */
public class LDAPAuthFilter extends XSLAuthFilter {
    public static final String CONFIG_FILENAME = "xslauth.properties";
    public static final String CONFIG_DEFAULTDOMAIN = "defaultdomain";
    public static final String LDAPAUTHCONFIGPREFIX = "ldapauth.";
    private static final String CONFIG_STOREPASSWORD = "ldapauth.storepasswordinsession";
    public static final String CONFIG_PROXYUSERS = "ldapauth.admins";
    private static final String CONFIG_AUTHSDKPATH = "authsdkpath";
    private static final String CONFIG_IPSECURITY = "ipsecurity";
    public static final int LDAPVERSION = 3;
    private UserSessionFactory _userFactory = null;
    private String _defaultDomain = null;
    private LDAPPool _ldapPool = null;
    private String[] _proxyUsers = null;
    private String _authSDKPath = null;
    private boolean _ipSecurity = false;
    private boolean _storePassword = false;

    @Override // com.iplanet.xslui.auth.XSLAuthFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        this._config_filename = "xslauth.properties";
        super.init(filterConfig);
        PropertyReader propertyReader = super.getPropertyReader();
        this._defaultDomain = propertyReader.getStringProperty("defaultdomain", "iplanet.com");
        this._proxyUsers = propertyReader.getStringArrayProperty(CONFIG_PROXYUSERS, "");
        this._authSDKPath = propertyReader.getStringProperty(CONFIG_AUTHSDKPATH, "/authSDK");
        this._ipSecurity = propertyReader.getBooleanProperty(CONFIG_IPSECURITY, "false");
        this._storePassword = propertyReader.getBooleanProperty(CONFIG_STOREPASSWORD, "false");
        try {
            this._ldapPool = com.iplanet.xslui.tools.LDAPConfigReader.getLDAPPool(propertyReader, LDAPAUTHCONFIGPREFIX);
            this._userFactory = new LDAPUserSessionFactory();
            if (!this._userFactory.init(propertyReader.getConfigFile())) {
                throw new ServletException("LDAPAuthFilter: Cant init LDAPUserSessionFactory");
            }
        } catch (LDAPException e) {
            throw new ServletException(new StringBuffer().append("LDAPAuthFilter: Cant get LDAP pool: ").append(e.getMessage()).toString());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(true);
        if (((UserSession) session.getAttribute(SessionConstants.USERSESSION)) != null) {
            if (this._ipSecurity) {
                String str = (String) session.getAttribute(SessionConstants.CLIENTIP);
                String remoteAddr = httpServletRequest.getRemoteAddr();
                if (httpServletRequest.getRequestURI().equals(this._authSDKPath)) {
                    remoteAddr = httpServletRequest.getParameter("clientIP");
                }
                if (str.equals(remoteAddr)) {
                    servletRequest.setAttribute("validClientIP", new String("true"));
                } else {
                    servletRequest.setAttribute("validClientIP", new String("false"));
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
            if (XSLAuthFilter.invalidateSession(httpServletRequest)) {
                session.invalidate();
                return;
            }
            return;
        }
        String str2 = (String) session.getAttribute("uid");
        String str3 = (String) session.getAttribute(SessionConstants.DOMAIN);
        if (str3 == null || str3.length() <= 0) {
            session.setAttribute(SessionConstants.DOMAIN, this._defaultDomain);
        }
        boolean z = true;
        if (str2 == null || str2.length() <= 0 || str3 == null || str3.length() <= 0) {
            String userFromRequest = XSLAuthFilter.getUserFromRequest(httpServletRequest);
            if (userFromRequest == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            int lastIndexOf = userFromRequest.lastIndexOf("@");
            if (lastIndexOf != -1) {
                str2 = userFromRequest.substring(0, lastIndexOf);
                str3 = userFromRequest.substring(lastIndexOf + 1);
            } else {
                str2 = userFromRequest;
                str3 = this._defaultDomain;
            }
        } else {
            z = false;
            Logging.trace(64, new StringBuffer().append("LDAPAuthFilter: user already authenticated: ").append(str2).append("@").append(str3).toString());
        }
        Logging.trace(64, new StringBuffer().append("LDAPAuthFilter: login from ").append(str2).toString());
        UserSession newUserSession = this._userFactory.newUserSession(str2, str3);
        if (newUserSession == null) {
            Logging.trace(64, new StringBuffer().append("couldnt create user ").append(str2).append("(domain ").append(str3).append(")").toString());
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (z) {
            String dn = newUserSession.getDN();
            Logging.trace(64, new StringBuffer().append("LDAPAuthFilter: Authenticating ").append(dn).toString());
            String passwordFromRequest = XSLAuthFilter.getPasswordFromRequest(httpServletRequest);
            if (passwordFromRequest == null || passwordFromRequest.equals("")) {
                Logging.trace(64, new StringBuffer().append("no password provided for ").append(dn).toString());
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            try {
                LDAPConnection connection = this._ldapPool.getConnection();
                if (connection == null) {
                    Logging.error(64, new StringBuffer().append("couldnt log in DN=").append(dn).append(" : couldn't get conn from the pool").toString());
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
                connection.authenticate(3, dn, passwordFromRequest);
                this._ldapPool.close(connection);
                String parameter = httpServletRequest.getParameter("proxyauth");
                String stringBuffer = new StringBuffer().append(str2).append("@").append(str3).toString();
                boolean z2 = false;
                String remoteAddr2 = httpServletRequest.getRemoteAddr();
                if (httpServletRequest.getRequestURI().equals(this._authSDKPath)) {
                    remoteAddr2 = httpServletRequest.getParameter("clientIP");
                }
                if (this._proxyUsers != null && parameter != null) {
                    int i = 0;
                    while (true) {
                        if (i >= this._proxyUsers.length) {
                            break;
                        }
                        if (stringBuffer.trim().equalsIgnoreCase(this._proxyUsers[i].trim())) {
                            z2 = true;
                            break;
                        }
                        i++;
                    }
                }
                if (parameter != null && parameter.length() != 0 && z2) {
                    int lastIndexOf2 = parameter.lastIndexOf("@");
                    if (lastIndexOf2 != -1) {
                        str2 = parameter.substring(0, lastIndexOf2);
                        str3 = parameter.substring(lastIndexOf2 + 1);
                    } else {
                        str2 = parameter;
                        str3 = this._defaultDomain;
                    }
                    newUserSession = this._userFactory.newUserSession(str2, str3);
                    if (newUserSession == null || remoteAddr2 == null) {
                        Logging.trace(64, new StringBuffer().append("couldnt create user [ for proxyauth ] ").append(str2).append("(domain ").append(str3).append(")").toString());
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                }
                if (this._ipSecurity) {
                    session.setAttribute(SessionConstants.CLIENTIP, remoteAddr2);
                    servletRequest.setAttribute("validClientIP", new String("true"));
                }
                session.setAttribute("uid", str2);
                session.setAttribute(SessionConstants.DOMAIN, str3);
                if (!z2 && this._storePassword && (newUserSession instanceof LDAPUserSession)) {
                    ((LDAPUserSession) newUserSession).setPassword(passwordFromRequest);
                }
                Logging.trace(64, new StringBuffer().append("LDAPAuthFilter: user ").append(str2).append("@").append(str3).append(" authenticated").toString());
            } catch (LDAPException e) {
                Logging.trace(64, new StringBuffer().append("couldnt log in DN=").append(dn).append(" : ").append(e.errorCodeToString()).append(" : ").append(e.getLDAPErrorMessage()).append(" : ").append(e.getLDAPResultCode()).toString());
                this._ldapPool.close(null);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        session.setAttribute("userlang", newUserSession.getPreferredLanguage());
        session.setAttribute(SessionConstants.USERSESSION, newUserSession);
        Logging.trace(64, new StringBuffer().append("LDAPAuthFilter: user ").append(str2).append("@").append(str3).append(" session created").toString());
        filterChain.doFilter(servletRequest, servletResponse);
        if (XSLAuthFilter.invalidateSession(httpServletRequest)) {
            session.invalidate();
        }
    }

    public void destroy() {
    }
}
