package com.sun.identity.liberty.ws.soapbinding;

import com.iplanet.am.util.Cache;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.service.ClusterStateService;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.common.Constants;
import com.sun.identity.common.DateUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:120954-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/soapbinding/WebServiceAuthenticatorImpl.class */
public class WebServiceAuthenticatorImpl implements WebServiceAuthenticator {
    private static final String PRINCIPAL_PROP = "Principal";
    private static final String PRINCIPALS_PROP = "Principals";
    private static final String AUTH_TYPE_PROP = "AuthType";
    private static final String AUTH_INSTANT_PROP = "authInstant";
    private static final String ANONYMOUS_PRINCIPAL = "anonymous";
    private static final String SESSION_SERVICE_NAME = "iPlanetAMSessionService";
    private static final String MAX_SESSION_TIME = "iplanet-am-session-max-session-time";
    private static final String IDLE_TIME = "iplanet-am-session-max-idle-time";
    private static final String CACHE_TIME = "iplanet-am-session-max-caching-time";
    private static final int DEFAULT_MAX_SESSION_TIME = 120;
    private static final int DEFAULT_IDLE_TIME = 30;
    private static final int DEFAULT_CACHE_TIME = 3;
    private static SSOTokenManager ssoTokenManager;
    private static ServiceSchema sessionSchema;
    private static Cache ssoTokenCache = new Cache(ClusterStateService.DEFAULT_TIMEOUT);
    private static String rootSuffix = SystemProperties.get(Constants.AM_ROOT_SUFFIX);

    @Override // com.sun.identity.liberty.ws.soapbinding.WebServiceAuthenticator
    public Object authenticate(Message message, HttpServletRequest httpServletRequest) {
        ArrayList<X509Certificate> arrayList = null;
        X509Certificate peerCertificate = message.getPeerCertificate();
        if (peerCertificate != null) {
            arrayList = new ArrayList(2);
            arrayList.add(peerCertificate);
        }
        X509Certificate messageCertificate = message.getMessageCertificate();
        if (messageCertificate != null) {
            if (arrayList == null) {
                arrayList = new ArrayList(1);
            }
            arrayList.add(messageCertificate);
        }
        String str = null;
        StringBuffer stringBuffer = null;
        if (arrayList == null) {
            str = "anonymous";
        } else {
            HashSet<String> hashSet = new HashSet(6);
            for (X509Certificate x509Certificate : arrayList) {
                if (Utils.debug.messageEnabled()) {
                    Utils.debug.message(new StringBuffer().append("WebServiceAuthenticatorImpl.authenticate: cert = ").append(x509Certificate).toString());
                }
                String name = x509Certificate.getSubjectDN().getName();
                if (str == null) {
                    str = name;
                } else if (!str.equals(name)) {
                    hashSet.add(name);
                }
                hashSet.add(x509Certificate.getIssuerDN().getName());
            }
            stringBuffer = new StringBuffer(50);
            for (String str2 : hashSet) {
                if (stringBuffer.length() == 0) {
                    stringBuffer.append(str2);
                } else {
                    stringBuffer.append("|").append(str2);
                }
            }
        }
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message(new StringBuffer().append("WebServiceAuthenticatorImpl.authenticate: principal = ").append(str).append(", principals = ").append((Object) stringBuffer).toString());
        }
        String stringBuffer2 = new StringBuffer().append(message.getAuthenticationMechanism()).append(" ").append(str).toString();
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message(new StringBuffer().append("WebServiceAuthenticatorImpl.authenticate: cacheKey = ").append(stringBuffer2).toString());
        }
        SSOToken sSOToken = (SSOToken) ssoTokenCache.get(stringBuffer2);
        if (sSOToken != null) {
            if (ssoTokenManager.isValidToken(sSOToken)) {
                if (Utils.debug.messageEnabled()) {
                    Utils.debug.message("WebServiceAuthenticatorImpl.authenticate: found ssoToken in cache");
                }
                return sSOToken;
            }
            if (Utils.debug.messageEnabled()) {
                Utils.debug.message("WebServiceAuthenticatorImpl.authenticate: ssoToken in cache expired");
            }
            synchronized (ssoTokenCache) {
                ssoTokenCache.remove(stringBuffer2);
            }
            sSOToken = null;
        }
        String str3 = null;
        try {
            InternalSession newInternalSession = SessionService.getSessionService().newInternalSession(null, null);
            newInternalSession.activate("");
            Map attributeDefaults = sessionSchema.getAttributeDefaults();
            newInternalSession.setMaxSessionTime(Misc.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-session-time", 120, Utils.debug));
            newInternalSession.setMaxIdleTime(Misc.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-idle-time", 30, Utils.debug));
            newInternalSession.setMaxCachingTime(Misc.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-caching-time", 3, Utils.debug));
            newInternalSession.putProperty(AUTH_TYPE_PROP, message.getAuthenticationMechanism());
            str3 = DateUtils.toUTCDateFormat(new Date());
            newInternalSession.putProperty(AUTH_INSTANT_PROP, str3);
            sSOToken = SSOTokenManager.getInstance().createSSOToken(newInternalSession.getID().toString());
        } catch (Exception e) {
            Utils.debug.error("WebServiceAuthenticatorImpl.authenticate: Unable to get SSOToken", e);
        }
        if (sSOToken == null) {
            return null;
        }
        try {
            sSOToken.setProperty("Principal", str);
            if (stringBuffer != null) {
                sSOToken.setProperty(PRINCIPALS_PROP, stringBuffer.toString());
            }
            if (str3 != null) {
                sSOToken.setProperty(AUTH_INSTANT_PROP, str3);
            }
            sSOToken.setProperty(AUTH_TYPE_PROP, message.getAuthenticationMechanism());
            SSOTokenManager.getInstance().refreshSession(sSOToken);
            ssoTokenCache.put(stringBuffer2, sSOToken);
            return sSOToken;
        } catch (Exception e2) {
            Utils.debug.error("WebServiceAuthenticatorImpl.authenticate: Unable to set SSOToken property", e2);
            return null;
        }
    }

    static {
        ssoTokenManager = null;
        sessionSchema = null;
        try {
            ssoTokenManager = SSOTokenManager.getInstance();
        } catch (Exception e) {
            Utils.debug.error("WebServiceAuthenticatorImpl.static: unable to get SSOTokenManager", e);
        }
        try {
            sessionSchema = new ServiceSchemaManager("iPlanetAMSessionService", (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())).getDynamicSchema();
        } catch (Exception e2) {
            Utils.debug.error("WebServiceAuthenticatorImpl.static: unable to get session schema", e2);
        }
    }
}
