package com.iplanet.am.admin.cli;

import com.iplanet.am.console.base.model.AMAdminConstants;
import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.am.util.Locale;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.authentication.internal.InvalidAuthContextException;
import com.sun.identity.security.AdminDNAction;
import com.sun.identity.security.AdminPasswordAction;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:119465-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/iplanet/am/admin/cli/Authenticator.class */
class Authenticator {
    private ResourceBundle bundle;
    private SSOToken ssoToken;
    private static final String LOGIN_STATUS = "iplanet-am-user-login-status";
    private static final String ACCOUNT_LIFE = "iplanet-am-user-account-life";
    private static final String STRING_ACTIVE = "active";
    private static Set ACTIVE_STATE_ATTRIBUTES = new HashSet(4);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Authenticator(ResourceBundle resourceBundle) {
        this.bundle = resourceBundle;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSOToken getSSOToken() {
        return this.ssoToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sessionBasedLogin(String str, String str2) throws AdminException {
        try {
            sessionBasedLoginInternal(str, str2);
        } catch (AdminException e) {
            logLoginFailure(str);
            throw e;
        }
    }

    private void sessionBasedLoginInternal(String str, String str2) throws AdminException {
        AuthContext authContext = getAuthContext();
        processCallback(authContext, str, str2);
        try {
            this.ssoToken = authContext.getSSOToken();
        } catch (Exception e) {
            throw new AdminException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void ldapLogin(String str, String str2) throws AdminException {
        try {
            ldapLoginInternal(str, str2);
            if (isPrincipalActive()) {
            } else {
                throw new AdminException(this.bundle.getString("ldapauthfail"));
            }
        } catch (AdminException e) {
            logLoginFailure(str);
            throw e;
        }
    }

    void ldapLoginInternal(String str, String str2) throws AdminException {
        if (AdminUtils.logEnabled()) {
            AdminUtils.log(this.bundle.getString("statusmsg6"));
        }
        try {
            com.sun.identity.authentication.internal.AuthContext lDAPAuthContext = getLDAPAuthContext(str, str2);
            if (lDAPAuthContext.getLoginStatus() != 3) {
                if (AdminUtils.logEnabled()) {
                    AdminUtils.log(this.bundle.getString("statusmsg9"));
                }
                throw new AdminException(this.bundle.getString("ldapauthfail"));
            }
            if (AdminUtils.logEnabled()) {
                AdminUtils.log(this.bundle.getString("statusmsg7"));
                AdminUtils.log(this.bundle.getString("statusmsg8"));
            }
            this.ssoToken = lDAPAuthContext.getSSOToken();
            AdminUtils.setSSOToken(this.ssoToken);
        } catch (InvalidAuthContextException e) {
            if (AdminUtils.logEnabled()) {
                AdminUtils.log(this.bundle.getString("ldapauthfail"), e);
            }
            throw new AdminException(this.bundle.getString("ldapauthfail"));
        } catch (LoginException e2) {
            if (AdminUtils.logEnabled()) {
                AdminUtils.log(this.bundle.getString("ldapauthfail"), e2);
            }
            throw new AdminException(this.bundle.getString("ldapauthfail"));
        }
    }

    private com.sun.identity.authentication.internal.AuthContext getLDAPAuthContext(String str, String str2) throws LoginException {
        return new com.sun.identity.authentication.internal.AuthContext(new AuthPrincipal(str), str2.toCharArray());
    }

    private AuthContext getAuthContext() throws AdminException {
        try {
            AuthContext authContext = new AuthContext("/");
            authContext.login(AuthContext.IndexType.MODULE_INSTANCE, "LDAP");
            return authContext;
        } catch (LoginException e) {
            e.printStackTrace();
            throw new AdminException(this.bundle.getString("loginFailed"));
        }
    }

    private void processCallback(AuthContext authContext, String str, String str2) throws AdminException {
        while (authContext.hasMoreRequirements()) {
            Callback[] requirements = authContext.getRequirements();
            if (requirements != null) {
                setCallbackValues(requirements, str, str2);
                authContext.submitRequirements(requirements);
            }
        }
        if (authContext.getStatus() != AuthContext.Status.SUCCESS) {
            throw new AdminException(this.bundle.getString("loginFailed"));
        }
    }

    private void setCallbackValues(Callback[] callbackArr, String str, String str2) {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName(str);
            } else if (callbackArr[i] instanceof PasswordCallback) {
                ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
            }
        }
    }

    private void logLoginFailure(String str) {
        SSOToken adminSSOToken = getAdminSSOToken();
        if (adminSSOToken != null) {
            AdminUtils.logOperation(1, new StringBuffer().append(this.bundle.getString("loginFail")).append(" ").append(str).toString(), adminSSOToken);
        }
    }

    private SSOToken getAdminSSOToken() {
        SSOToken sSOToken = null;
        try {
            sSOToken = SSOTokenManager.getInstance().createSSOToken(new AuthPrincipal((String) AccessController.doPrivileged(new AdminDNAction())), (String) AccessController.doPrivileged(new AdminPasswordAction()));
        } catch (SSOException e) {
            AdminUtils.log(e.getMessage());
        }
        return sSOToken;
    }

    private boolean isPrincipalActive() throws AdminException {
        boolean z = false;
        try {
            new ServiceSchemaManager("iPlanetAMAdminConsoleService", this.ssoToken);
            new ServiceSchemaManager(AMAdminConstants.DAI_SERVICE, this.ssoToken);
            AMStoreConnection aMStoreConnection = new AMStoreConnection(this.ssoToken);
            String property = this.ssoToken.getProperty("Principal");
            int i = 0;
            try {
                i = aMStoreConnection.getAMObjectType(property);
            } catch (AMException e) {
                z = true;
            }
            if (!z) {
                switch (i) {
                    case 1:
                        AMUser user = aMStoreConnection.getUser(property);
                        z = user.isActivated();
                        if (z) {
                            Map attributes = user.getAttributes(ACTIVE_STATE_ATTRIBUTES);
                            String stringValue = getStringValue(attributes, "iplanet-am-user-login-status");
                            z = stringValue == null || stringValue.equalsIgnoreCase("active");
                            if (z) {
                                z = !isExpired(getStringValue(attributes, "iplanet-am-user-account-life"));
                                break;
                            }
                        }
                        break;
                    default:
                        z = aMStoreConnection.getEntity(property).isActivated();
                        break;
                }
            }
        } catch (AMException e2) {
            throw new AdminException(this.bundle.getString("ldapauthfail"));
        } catch (SSOException e3) {
            throw new AdminException(this.bundle.getString("ldapauthfail"));
        } catch (SMSException e4) {
            z = true;
        }
        return z;
    }

    private static String getStringValue(Map map, String str) {
        Set set;
        String str2 = null;
        if (map != null && !map.isEmpty() && (set = (Set) map.get(str)) != null && !set.isEmpty()) {
            str2 = (String) set.iterator().next();
        }
        return str2;
    }

    private static boolean isExpired(String str) {
        boolean z = false;
        if (str != null && str.trim().length() > 0) {
            z = Locale.parseNormalizedDateString(str).before(new Date());
        }
        return z;
    }

    static {
        ACTIVE_STATE_ATTRIBUTES.add("iplanet-am-user-login-status");
        ACTIVE_STATE_ATTRIBUTES.add("iplanet-am-user-account-life");
    }
}
