package com.sun.identity.liberty.ws.authnsvc.mechanism;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdType;
import com.sun.identity.liberty.ws.authnsvc.AuthnSvcConstants;
import com.sun.identity.liberty.ws.authnsvc.AuthnSvcUtils;
import com.sun.identity.liberty.ws.authnsvc.protocol.SASLRequest;
import com.sun.identity.liberty.ws.authnsvc.protocol.SASLResponse;
import com.sun.identity.liberty.ws.soapbinding.Message;
import com.sun.identity.security.AdminTokenAction;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:120955-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/authnsvc/mechanism/CramMD5MechanismHandler.class */
public class CramMD5MechanismHandler implements MechanismHandler {
    private static final String PROP_SERVER_HOST = "com.iplanet.am.server.host";
    private static final String PROP_DS_HOST = "com.iplanet.am.directory.host";
    private static final String PROP_DS_PORT = "com.iplanet.am.directory.port";
    private static int dsPort;
    private static final int LDAP_VERSION = 3;
    private static final int BLOCK_LENGTH = 64;
    private static final byte IPAD_BYTE = 54;
    private static final byte OPAD_BYTE = 92;
    private static SSOToken adminToken;
    private static Thread cThread;
    private static String defaultOrg = SystemProperties.get("com.iplanet.am.defaultOrg");
    private static final String serverHost = SystemProperties.get("com.iplanet.am.server.host", "localhost");
    private static final String dsHost = SystemProperties.get("com.iplanet.am.directory.host", "localhost");
    private static final int MAX_RANDOM_NUM = 9999;
    private static final int NUM_RANDOM_DIGITS = Integer.toString(MAX_RANDOM_NUM).length();
    private static char[] hexChar = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static SecureRandom secureRandom = new SecureRandom();
    private static Map challengeMap = new HashMap();

    /* renamed from: com.sun.identity.liberty.ws.authnsvc.mechanism.CramMD5MechanismHandler$1, reason: invalid class name */
    /* loaded from: input_file:120955-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/authnsvc/mechanism/CramMD5MechanismHandler$1.class */
    class AnonymousClass1 {
    }

    /* loaded from: input_file:120955-01/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/authnsvc/mechanism/CramMD5MechanismHandler$CleanUpThread.class */
    private static class CleanUpThread extends Thread {
        static final String CHALLENGE_CLEANUP_INTERVAL_PROP = "com.sun.identity.liberty.ws.authnsvc.challengeCleanupInterval";
        static int challenge_cleanup_interval;
        static final String STALE_TIME_LIMIT_PROP = "com.sun.identity.liberty.ws.soap.staleTimeLimit";
        static int stale_time_limit;

        private CleanUpThread() {
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            while (true) {
                long currentTimeMillis = System.currentTimeMillis();
                ArrayList<String> arrayList = new ArrayList();
                synchronized (CramMD5MechanismHandler.challengeMap) {
                    if (AuthnSvcUtils.debug.messageEnabled()) {
                        AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.CleanUpThread.run: challengeMap size = ").append(CramMD5MechanismHandler.challengeMap.size()).toString());
                    }
                    for (String str : CramMD5MechanismHandler.challengeMap.keySet()) {
                        if (currentTimeMillis - ((Long) ((List) CramMD5MechanismHandler.challengeMap.get(str)).get(1)).longValue() > stale_time_limit) {
                            arrayList.add(str);
                        }
                    }
                    for (String str2 : arrayList) {
                        if (AuthnSvcUtils.debug.messageEnabled()) {
                            AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.CleanUpThread.run: removing expired refMessageID: ").append(str2).toString());
                        }
                        CramMD5MechanismHandler.challengeMap.remove(str2);
                    }
                }
                try {
                    Thread.sleep(challenge_cleanup_interval);
                } catch (Exception e) {
                    if (AuthnSvcUtils.debug.messageEnabled()) {
                        AuthnSvcUtils.debug.message("CramMD5MechanismHandler.CleanUpThread.run:", e);
                    }
                }
            }
        }

        CleanUpThread(AnonymousClass1 anonymousClass1) {
            this();
        }

        static {
            challenge_cleanup_interval = IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE;
            stale_time_limit = 300000;
            String str = SystemProperties.get(CHALLENGE_CLEANUP_INTERVAL_PROP);
            if (str != null) {
                try {
                    challenge_cleanup_interval = Integer.parseInt(str);
                } catch (Exception e) {
                    if (AuthnSvcUtils.debug.warningEnabled()) {
                        AuthnSvcUtils.debug.warning("CramMD5MechanismHandler.CleanUpThread.static: Unable to get stale time limit. Default value will be used", e);
                    }
                }
            }
            String str2 = SystemProperties.get(STALE_TIME_LIMIT_PROP);
            if (str2 != null) {
                try {
                    stale_time_limit = Integer.parseInt(str2);
                } catch (Exception e2) {
                    if (AuthnSvcUtils.debug.warningEnabled()) {
                        AuthnSvcUtils.debug.warning("CramMD5MechanismHandler.CleanUpThread.static: Unable to get stale time limit. Default value will be used");
                    }
                }
            }
        }
    }

    @Override // com.sun.identity.liberty.ws.authnsvc.mechanism.MechanismHandler
    public SASLResponse processSASLRequest(SASLRequest sASLRequest, Message message, String str) {
        SASLResponse sASLResponse;
        if (AuthnSvcUtils.debug.messageEnabled()) {
            AuthnSvcUtils.debug.message("CramMD5MechanismHandler.processSASLRequest: ");
        }
        String refToMessageID = sASLRequest.getRefToMessageID();
        boolean z = refToMessageID == null || refToMessageID.length() == 0;
        if (AuthnSvcUtils.debug.messageEnabled()) {
            AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.processSASLRequest: refToMessageID = ").append(refToMessageID).toString());
        }
        byte[] data = sASLRequest.getData();
        if (data != null) {
            String str2 = null;
            try {
                str2 = new String(data, "UTF-8");
            } catch (Exception e) {
                AuthnSvcUtils.debug.error("CramMD5MechanismHandler.processSASLRequest: ", e);
            }
            sASLResponse = str2 == null ? new SASLResponse(SASLResponse.ABORT) : authenticate(str2, message);
            if (z) {
                sASLResponse.setServerMechanism(AuthnSvcConstants.MECHANISM_PLAIN);
            }
        } else if (z) {
            sASLResponse = new SASLResponse(SASLResponse.CONTINUE);
            sASLResponse.setServerMechanism(AuthnSvcConstants.MECHANISM_CRAMMD5);
            byte[] generateChallenge = generateChallenge();
            synchronized (challengeMap) {
                if (AuthnSvcUtils.debug.messageEnabled()) {
                    AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.processSASLRequest: add respMessageID: ").append(str).toString());
                }
                ArrayList arrayList = new ArrayList();
                arrayList.add(generateChallenge);
                arrayList.add(new Long(System.currentTimeMillis()));
                challengeMap.put(str, arrayList);
            }
            sASLResponse.setData(generateChallenge);
        } else {
            sASLResponse = new SASLResponse(SASLResponse.ABORT);
        }
        return sASLResponse;
    }

    private SASLResponse authenticate(String str, Message message) {
        Callback[] requirements;
        int indexOf = str.indexOf(32);
        if (indexOf == -1) {
            return new SASLResponse(SASLResponse.ABORT);
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        String userPassword = getUserPassword(substring);
        if (userPassword == null) {
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.authenticate: can't get password");
            }
            return new SASLResponse(SASLResponse.ABORT);
        }
        String refToMessageID = message.getCorrelationHeader().getRefToMessageID();
        if (refToMessageID == null || refToMessageID.length() == 0) {
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.authenticate: no refToMessageID");
            }
            return new SASLResponse(SASLResponse.ABORT);
        }
        byte[] bArr = null;
        synchronized (challengeMap) {
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.authenticate: remove refToMessageID: ").append(refToMessageID).toString());
            }
            List list = (List) challengeMap.remove(refToMessageID);
            if (list != null) {
                bArr = (byte[]) list.get(0);
            }
        }
        if (bArr == null) {
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.authenticate: no challenge found");
            }
            return new SASLResponse(SASLResponse.ABORT);
        }
        try {
            try {
                if (!substring2.equals(generateHMACMD5(userPassword.getBytes("UTF-8"), bArr))) {
                    if (AuthnSvcUtils.debug.messageEnabled()) {
                        AuthnSvcUtils.debug.message("CramMD5MechanismHandler.authenticate: digests not equal");
                    }
                    return new SASLResponse(SASLResponse.ABORT);
                }
                if (AuthnSvcUtils.debug.messageEnabled()) {
                    AuthnSvcUtils.debug.message("CramMD5MechanismHandler.authenticate: digests equal");
                }
                try {
                    AuthContext authContext = new AuthContext(defaultOrg);
                    authContext.login(AuthContext.IndexType.MODULE_INSTANCE, "LDAP");
                    if (authContext.hasMoreRequirements() && (requirements = authContext.getRequirements()) != null) {
                        fillInCallbacks(requirements, substring, userPassword);
                        authContext.submitRequirements(requirements);
                    }
                    AuthContext.Status status = authContext.getStatus();
                    if (AuthnSvcUtils.debug.messageEnabled()) {
                        AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.authenticate: login status = ").append(status).toString());
                    }
                    if (status != AuthContext.Status.SUCCESS) {
                        return new SASLResponse(SASLResponse.ABORT);
                    }
                    try {
                        SSOToken sSOToken = authContext.getSSOToken();
                        SASLResponse sASLResponse = new SASLResponse("OK");
                        return !AuthnSvcUtils.setResourceOfferingAndCredentials(sASLResponse, message, sSOToken) ? new SASLResponse(SASLResponse.ABORT) : sASLResponse;
                    } catch (Exception e) {
                        AuthnSvcUtils.debug.error("CramMD5MechanismHandler.authenticate: ", e);
                        return new SASLResponse(SASLResponse.ABORT);
                    }
                } catch (AuthLoginException e2) {
                    AuthnSvcUtils.debug.error("CramMD5MechanismHandler.authenticate: ", e2);
                    return new SASLResponse(SASLResponse.ABORT);
                }
            } catch (NoSuchAlgorithmException e3) {
                AuthnSvcUtils.debug.error("CramMD5MechanismHandler.authenticate:", e3);
                return new SASLResponse(SASLResponse.ABORT);
            }
        } catch (UnsupportedEncodingException e4) {
            AuthnSvcUtils.debug.error("CramMD5MechanismHandler.authenticate:", e4);
            return new SASLResponse(SASLResponse.ABORT);
        }
    }

    private static void fillInCallbacks(Callback[] callbackArr, String str, String str2) {
        if (AuthnSvcUtils.debug.messageEnabled()) {
            AuthnSvcUtils.debug.message("CramMD5MechanismHandler.fillInCallbacks:");
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(str);
            } else if (callback instanceof PasswordCallback) {
                ((PasswordCallback) callback).setPassword(str2.toCharArray());
            }
        }
    }

    private static byte[] generateChallenge() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<");
        String num = Integer.toString(secureRandom.nextInt(MAX_RANDOM_NUM));
        for (int length = num.length(); length < NUM_RANDOM_DIGITS; length++) {
            stringBuffer.append("0");
        }
        stringBuffer.append(num).append(".");
        stringBuffer.append(System.currentTimeMillis()).append("@");
        stringBuffer.append(serverHost).append(">");
        try {
            return stringBuffer.toString().getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            return stringBuffer.toString().getBytes();
        }
    }

    private static String getUserPassword(String str) {
        try {
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository(adminToken, defaultOrg);
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setTimeOut(0);
            idSearchControl.setMaxResults(0);
            idSearchControl.setAllReturnAttributes(false);
            Set searchResults = aMIdentityRepository.searchIdentities(IdType.USER, str, idSearchControl).getSearchResults();
            if (searchResults == null || searchResults.isEmpty()) {
                if (!AuthnSvcUtils.debug.messageEnabled()) {
                    return null;
                }
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.getUserPassword: no user found");
                return null;
            }
            if (searchResults.size() > 1) {
                if (!AuthnSvcUtils.debug.messageEnabled()) {
                    return null;
                }
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.getUserPassword: more than 1 user found");
                return null;
            }
            Set attribute = ((AMIdentity) searchResults.iterator().next()).getAttribute("userPassword");
            if (attribute == null || attribute.isEmpty()) {
                if (!AuthnSvcUtils.debug.messageEnabled()) {
                    return null;
                }
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.getUserPassword: user has no password");
                return null;
            }
            if (attribute.size() > 1) {
                if (!AuthnSvcUtils.debug.messageEnabled()) {
                    return null;
                }
                AuthnSvcUtils.debug.message("CramMD5MechanismHandler.getUserPassword: user has more than 1 passwords");
                return null;
            }
            String str2 = (String) attribute.iterator().next();
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message(new StringBuffer().append("CramMD5MechanismHandler.getUserPassword: password = ").append(str2).toString());
            }
            return str2;
        } catch (Exception e) {
            AuthnSvcUtils.debug.error("CramMD5MechanismHandler.getUserPassword: ", e);
            return null;
        }
    }

    private static String generateHMACMD5(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        if (bArr.length > 64) {
            bArr = messageDigest.digest(bArr);
        }
        byte[] bArr3 = new byte[64];
        byte[] bArr4 = new byte[64];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ 54);
            bArr4[i] = (byte) (bArr[i] ^ 92);
        }
        for (int length = bArr.length; length < 64; length++) {
            bArr3[length] = 54;
            bArr4[length] = 92;
        }
        messageDigest.update(bArr3);
        messageDigest.update(bArr2);
        byte[] digest = messageDigest.digest();
        messageDigest.update(bArr4);
        messageDigest.update(digest);
        return toHexString(messageDigest.digest());
    }

    private static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hexChar[(bArr[i] & 240) >>> 4]);
            stringBuffer.append(hexChar[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    static {
        dsPort = 389;
        adminToken = null;
        cThread = null;
        try {
            dsPort = Integer.parseInt(SystemProperties.get("com.iplanet.am.directory.port", "389"));
        } catch (Exception e) {
            if (AuthnSvcUtils.debug.warningEnabled()) {
                AuthnSvcUtils.debug.warning("CramMD5MechanismHandler.static: ", e);
            }
        }
        adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        cThread = new CleanUpThread(null);
        cThread.start();
    }
}
