package com.sun.slamd.admin;

import com.sun.appserv.management.util.misc.StringUtil;
import com.sun.portal.desktop.deployment.CmdVersion;
import com.sun.slamd.common.Constants;
import com.sun.slamd.example.JSSEBlindTrustSocketFactory;
import com.sun.slamd.server.SLAMDServer;
import com.sun.xml.rpc.processor.modeler.rmi.RmiConstants;
import java.util.ArrayList;
import java.util.Hashtable;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPUrl;
import netscape.ldap.factory.JSSESocketFactory;

/* loaded from: input_file:121045-01/com-sun-tools-jesprofiler.nbm:netbeans/modules/ext/slamd/slamd_server.jar:com/sun/slamd/admin/AccessManager.class */
public class AccessManager {
    static String[] noAttrs = {CmdVersion.COMMANDVERSION};
    static String[] memberURLAttrs = {"memberURL"};
    static String[] roleAttrs = {"nsRole"};
    boolean managerStopped;
    boolean useSSL;
    boolean userDirBlindTrust;
    Hashtable userInfoCache;
    int userDirectoryPort;
    LDAPConnection userDirConn;
    Object connMutex;
    Object protectedResourceMutex;
    Object userCacheMutex;
    SLAMDServer slamdServer;
    String sslKeyStore;
    String sslKeyPassword;
    String sslTrustStore;
    String sslTrustPassword;
    String userBaseDN;
    String userDirectoryBindDN;
    String userDirectoryBindPW;
    String userDirectoryHost;
    String userIDAttribute;
    String[][] protectedResources;

    public AccessManager(String str, int i, String str2, String str3, String str4, String str5) {
        this(str, i, str2, str3, str4, str5, false, true, null, null, null, null);
    }

    /* JADX WARN: Type inference failed for: r1v18, types: [java.lang.String[], java.lang.String[][]] */
    public AccessManager(String str, int i, String str2, String str3, String str4, String str5, boolean z, boolean z2, String str6, String str7, String str8, String str9) {
        this.userDirectoryHost = str;
        this.userDirectoryPort = i;
        this.userDirectoryBindDN = str2;
        this.userDirectoryBindPW = str3;
        this.userBaseDN = str4;
        this.userIDAttribute = str5;
        this.useSSL = z;
        this.userDirBlindTrust = z2;
        this.sslKeyStore = str6;
        this.sslKeyPassword = str7;
        this.sslTrustStore = str8;
        this.sslTrustPassword = str9;
        this.managerStopped = true;
        this.connMutex = new Object();
        this.protectedResourceMutex = new Object();
        this.userCacheMutex = new Object();
        this.userInfoCache = new Hashtable();
        this.protectedResources = new String[0];
    }

    void setSLAMDServer(SLAMDServer sLAMDServer) {
        this.slamdServer = sLAMDServer;
        logMessage("Associated the access manager with the SLAMD server");
    }

    public void startAccessManager() throws LDAPException {
        logMessage("Starting the access manager");
        synchronized (this.connMutex) {
            synchronized (this.protectedResourceMutex) {
                synchronized (this.userCacheMutex) {
                    if (!this.useSSL) {
                        this.userDirConn = new LDAPConnection();
                    } else if (this.userDirBlindTrust) {
                        this.userDirConn = new LDAPConnection(new JSSEBlindTrustSocketFactory());
                    } else {
                        if (this.sslKeyStore != null && this.sslKeyStore.length() > 0) {
                            System.setProperty("javax.net.ssl.keyStore", this.sslKeyStore);
                        }
                        if (this.sslKeyPassword != null && this.sslKeyPassword.length() > 0) {
                            System.setProperty("javax.net.ssl.keyStorePassword", this.sslKeyPassword);
                        }
                        if (this.sslTrustStore != null && this.sslTrustStore.length() > 0) {
                            System.setProperty("javax.net.ssl.trustStore", this.sslTrustStore);
                        }
                        if (this.sslTrustPassword != null && this.sslTrustPassword.length() > 0) {
                            System.setProperty("javax.net.ssl.trustStorePassword", this.sslTrustPassword);
                        }
                        this.userDirConn = new LDAPConnection(new JSSESocketFactory((String[]) null));
                    }
                    this.userDirConn.connect(3, this.userDirectoryHost, this.userDirectoryPort, this.userDirectoryBindDN, this.userDirectoryBindPW);
                }
            }
        }
        this.managerStopped = false;
        logMessage("Access manager started");
    }

    public void stopAccessManager() {
        logMessage("Stopping the access manager");
        this.managerStopped = true;
        synchronized (this.connMutex) {
            synchronized (this.protectedResourceMutex) {
                synchronized (this.userCacheMutex) {
                    try {
                        synchronized (this.connMutex) {
                            this.userDirConn.disconnect();
                        }
                    } catch (LDAPException e) {
                        logMessage(new StringBuffer().append("Exception while closing the user directory connection:  ").append(e).toString());
                    }
                    this.userInfoCache.clear();
                }
            }
        }
    }

    public boolean managerIsStopped() {
        return this.managerStopped;
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Object, java.lang.String[], java.lang.String[][]] */
    public void register(String str, String str2, boolean z) {
        logMessage(new StringBuffer().append("In registerProtectedResource(").append(str).append(", ").append(str2).append(", ").append(z).append(RmiConstants.SIG_ENDMETHOD).toString());
        String normalize = LDAPDN.normalize(str2.toLowerCase());
        synchronized (this.protectedResourceMutex) {
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (i >= this.protectedResources.length) {
                    break;
                }
                if (this.protectedResources[i][0].equals(str)) {
                    this.protectedResources[i][1] = normalize;
                    z2 = true;
                    break;
                }
                i++;
            }
            if (!z2) {
                ?? r0 = new String[this.protectedResources.length + 1];
                System.arraycopy(this.protectedResources, 0, r0, 0, this.protectedResources.length);
                int length = this.protectedResources.length;
                String[] strArr = new String[2];
                strArr[0] = str;
                strArr[1] = normalize;
                r0[length] = strArr;
                this.protectedResources = r0;
            }
            if (z) {
                flushUserCache();
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v17, types: [java.lang.Object, java.lang.String[], java.lang.String[][]] */
    public void deregister(String str, boolean z) {
        logMessage(new StringBuffer().append("In deregisterProtectedResource(").append(str).append(", ").append(z).append(RmiConstants.SIG_ENDMETHOD).toString());
        synchronized (this.protectedResourceMutex) {
            for (int i = 0; i < this.protectedResources.length; i++) {
                if (this.protectedResources[i][0].equals(str)) {
                    ?? r0 = new String[this.protectedResources.length - 1];
                    System.arraycopy(this.protectedResources, 0, r0, 0, i);
                    System.arraycopy(this.protectedResources, i + 1, r0, i, r0.length - i);
                    this.protectedResources = r0;
                    if (z) {
                        flushUserCache();
                    }
                    return;
                }
            }
        }
    }

    public String[][] getProtectedResources() {
        String[][] strArr;
        synchronized (this.protectedResourceMutex) {
            logMessage(new StringBuffer().append("getControlledResources() -- returning ").append(this.protectedResources.length).append(" items").toString());
            strArr = this.protectedResources;
        }
        return strArr;
    }

    public void flushUserCache() {
        logMessage("Flushing the user info cache");
        synchronized (this.userCacheMutex) {
            this.userInfoCache.clear();
        }
    }

    public String[] getAccessibleResources(String str) throws AccessDeniedException, LDAPException {
        String[] strArr;
        logMessage(new StringBuffer().append("In getAccessibleResources(").append(str).append(RmiConstants.SIG_ENDMETHOD).toString());
        if (this.managerStopped) {
            logMessage(new StringBuffer().append("getAccessibleResources(").append(str).append(") -- manager stopped; returning null").toString());
        }
        synchronized (this.userCacheMutex) {
            strArr = (String[]) this.userInfoCache.get(str);
            if (strArr == null) {
                strArr = getUserInfoFromDirectory(str);
                if (strArr != null) {
                    this.userInfoCache.put(str, strArr);
                }
            }
        }
        return strArr;
    }

    public boolean mayAccess(String str, String str2) throws AccessDeniedException, LDAPException {
        if (this.managerStopped) {
            logMessage(new StringBuffer().append("mayAccess(").append(str).append(", ").append(str2).append(") -- manager stopped; returning false").toString());
        }
        String[] accessibleResources = getAccessibleResources(str);
        if (accessibleResources == null) {
            logMessage(new StringBuffer().append("mayAccess(").append(str).append(", ").append(str2).append(") -- acessible resources is null; returning false").toString());
            return false;
        }
        for (String str3 : accessibleResources) {
            if (str3.equals(str2)) {
                logMessage(new StringBuffer().append("mayAccess(").append(str).append(", ").append(str2).append(") returning true").toString());
                return true;
            }
        }
        logMessage(new StringBuffer().append("mayAccess(").append(str).append(", ").append(str2).append(") returning false").toString());
        return false;
    }

    private String[] getUserInfoFromDirectory(String str) throws AccessDeniedException, LDAPException {
        String[] stringValueArray;
        String[] stringValueArray2;
        logMessage(new StringBuffer().append("In getUserInfoFromDirectory(").append(str).append(RmiConstants.SIG_ENDMETHOD).toString());
        ArrayList arrayList = new ArrayList();
        String[][] protectedResources = getProtectedResources();
        synchronized (this.connMutex) {
            String str2 = null;
            LDAPSearchResults search = this.userDirConn.search(this.userBaseDN, 2, new StringBuffer().append(RmiConstants.SIG_METHOD).append(this.userIDAttribute).append(Constants.JOB_PARAM_DELIMITER_STRING).append(str).append(RmiConstants.SIG_ENDMETHOD).toString(), roleAttrs, false);
            while (true) {
                if (!search.hasMoreElements()) {
                    break;
                }
                Object nextElement = search.nextElement();
                if (nextElement instanceof LDAPEntry) {
                    LDAPEntry lDAPEntry = (LDAPEntry) nextElement;
                    str2 = LDAPDN.normalize(lDAPEntry.getDN().toLowerCase());
                    LDAPAttribute attribute = lDAPEntry.getAttribute("nsRole");
                    if (attribute != null && (stringValueArray2 = attribute.getStringValueArray()) != null && stringValueArray2.length > 0) {
                        for (int i = 0; i < stringValueArray2.length; i++) {
                            String normalize = LDAPDN.normalize(stringValueArray2[i].toLowerCase());
                            int i2 = 0;
                            while (true) {
                                if (i2 >= protectedResources.length) {
                                    break;
                                }
                                if (normalize.equals(protectedResources[i2][1])) {
                                    arrayList.add(protectedResources[i2][0]);
                                    logMessage(new StringBuffer().append(str).append(" allowed for role resource ").append(protectedResources[i][0]).toString());
                                    break;
                                }
                                i2++;
                            }
                        }
                    }
                }
            }
            if (str2 == null) {
                logMessage(new StringBuffer().append("Could not find user ").append(str).append(" in directory").toString());
                throw new AccessDeniedException(new StringBuffer().append("Could not find user ").append(str).append(" in the user directory").toString());
            }
            for (int i3 = 0; i3 < protectedResources.length; i3++) {
                boolean z = false;
                int i4 = 0;
                while (true) {
                    if (i4 >= arrayList.size()) {
                        break;
                    }
                    if (((String) arrayList.get(i4)).equals(protectedResources[i3][0])) {
                        z = true;
                        break;
                    }
                    i4++;
                }
                if (!z) {
                    try {
                        LDAPSearchResults search2 = this.userDirConn.search(protectedResources[i3][1], 0, new StringBuffer().append("(|(&(objectclass=groupOfNames)(member=").append(str2).append("))(&(objectclass=groupOfUniqueNames)(uniqueMember=").append(str2).append(")))").toString(), noAttrs, false);
                        while (true) {
                            if (!search2.hasMoreElements()) {
                                break;
                            }
                            if (search2.nextElement() instanceof LDAPEntry) {
                                arrayList.add(protectedResources[i3][0]);
                                logMessage(new StringBuffer().append(str).append(" allowed for static group resource ").append(protectedResources[i3][0]).toString());
                                z = true;
                                break;
                            }
                        }
                        if (!z) {
                            LDAPSearchResults search3 = this.userDirConn.search(protectedResources[i3][1], 0, "(objectclass=groupOfURLs)", memberURLAttrs, false);
                            while (true) {
                                if (search3.hasMoreElements()) {
                                    Object nextElement2 = search3.nextElement();
                                    if (nextElement2 instanceof LDAPEntry) {
                                        LDAPAttribute attribute2 = ((LDAPEntry) nextElement2).getAttribute("memberURL");
                                        if (attribute2 != null && (stringValueArray = attribute2.getStringValueArray()) != null && stringValueArray.length > 0) {
                                            try {
                                                LDAPUrl lDAPUrl = new LDAPUrl(stringValueArray[0]);
                                                if (str2.endsWith(LDAPDN.normalize(lDAPUrl.getDN().toLowerCase()))) {
                                                    LDAPSearchResults search4 = this.userDirConn.search(str2, 0, lDAPUrl.getFilter(), noAttrs, false);
                                                    while (true) {
                                                        if (!search4.hasMoreElements()) {
                                                            break;
                                                        }
                                                        if (search4.nextElement() instanceof LDAPEntry) {
                                                            arrayList.add(protectedResources[i3][0]);
                                                            logMessage(new StringBuffer().append(str).append(" allowed for dynamic ").append("group resource ").append(protectedResources[i3][0]).toString());
                                                            break;
                                                        }
                                                    }
                                                }
                                            } catch (Exception e) {
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    } catch (LDAPException e2) {
                        if (e2.getLDAPResultCode() != 32) {
                            throw e2;
                        }
                        logMessage(new StringBuffer().append("Resource DN entry ").append(protectedResources[i3][1]).append(" not found in the user directory").toString());
                    }
                }
            }
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        return strArr;
    }

    public int authenticateClient(String str, String str2, StringBuffer stringBuffer) {
        synchronized (this.connMutex) {
            String stringBuffer2 = new StringBuffer().append(RmiConstants.SIG_METHOD).append(this.userIDAttribute).append(Constants.JOB_PARAM_DELIMITER_STRING).append(str).append(RmiConstants.SIG_ENDMETHOD).toString();
            try {
                LDAPSearchResults search = this.userDirConn.search(this.userBaseDN, 2, stringBuffer2, roleAttrs, false);
                LDAPEntry lDAPEntry = null;
                while (search.hasMoreElements()) {
                    Object nextElement = search.nextElement();
                    if (nextElement instanceof LDAPEntry) {
                        if (lDAPEntry != null) {
                            stringBuffer.append(new StringBuffer().append("Multiple entries found matching filter ").append(stringBuffer2).toString());
                            return 1;
                        }
                        lDAPEntry = (LDAPEntry) nextElement;
                    }
                }
                if (lDAPEntry == null) {
                    stringBuffer.append(new StringBuffer().append("Unknown user \"").append(str).append(StringUtil.QUOTE).toString());
                    return 1;
                }
                String dn = lDAPEntry.getDN();
                LDAPConnection lDAPConnection = this.useSSL ? new LDAPConnection(new JSSESocketFactory((String[]) null)) : new LDAPConnection();
                try {
                    lDAPConnection.connect(this.userDirectoryHost, this.userDirectoryPort, dn, str2);
                    try {
                        lDAPConnection.disconnect();
                    } catch (Exception e) {
                    }
                    String str3 = AdminServlet.resourceDNAuthenticateClient;
                    if (str3 == null || str3.length() <= 0) {
                        return 0;
                    }
                    String normalize = LDAPDN.normalize(str3);
                    LDAPAttribute attribute = lDAPEntry.getAttribute("nsRole");
                    if (attribute != null) {
                        String[] stringValueArray = attribute.getStringValueArray();
                        for (int i = 0; stringValueArray != null && i < stringValueArray.length; i++) {
                            if (normalize.equalsIgnoreCase(LDAPDN.normalize(stringValueArray[i]))) {
                                return 0;
                            }
                        }
                        try {
                            LDAPSearchResults search2 = this.userDirConn.search(str3, 0, new StringBuffer().append("(|(&(objectclass=groupOfNames)(member=").append(dn).append("))(&(objectclass=groupOfUniqueNames)(uniqueMember=").append(dn).append(")))").toString(), noAttrs, false);
                            while (search2.hasMoreElements()) {
                                if (search2.nextElement() instanceof LDAPEntry) {
                                    return 0;
                                }
                            }
                            String str4 = null;
                            try {
                                LDAPSearchResults search3 = this.userDirConn.search(str3, 0, "(objectClass=groupOfURLs)", memberURLAttrs, false);
                                while (true) {
                                    if (!search3.hasMoreElements()) {
                                        break;
                                    }
                                    Object nextElement2 = search3.nextElement();
                                    if (nextElement2 instanceof LDAPEntry) {
                                        LDAPAttribute attribute2 = ((LDAPEntry) nextElement2).getAttribute("memberURL");
                                        if (attribute2 == null) {
                                            stringBuffer.append(new StringBuffer().append("Unable to verify user \"").append(str).append("\" as a member of \"").append(str3).append(StringUtil.QUOTE).toString());
                                            return 20;
                                        }
                                        String[] stringValueArray2 = attribute2.getStringValueArray();
                                        if (stringValueArray2 == null || stringValueArray2.length != 1) {
                                            stringBuffer.append(new StringBuffer().append("Unable to verify user \"").append(str).append("\" as a member of \"").append(str3).append(StringUtil.QUOTE).toString());
                                            return 20;
                                        }
                                        str4 = stringValueArray2[0];
                                    }
                                }
                                if (str4 == null) {
                                    stringBuffer.append(new StringBuffer().append("Unable to verify user \"").append(str).append("\" as a member of \"").append(str3).append(StringUtil.QUOTE).toString());
                                    return 20;
                                }
                                try {
                                    LDAPUrl lDAPUrl = new LDAPUrl(str4);
                                    String normalize2 = LDAPDN.normalize(lDAPUrl.getDN().toLowerCase());
                                    String normalize3 = LDAPDN.normalize(dn);
                                    if (normalize3.endsWith(normalize2)) {
                                        LDAPSearchResults search4 = this.userDirConn.search(normalize3, 0, lDAPUrl.getFilter(), noAttrs, false);
                                        while (search4.hasMoreElements()) {
                                            if (search4.nextElement() instanceof LDAPEntry) {
                                                return 0;
                                            }
                                        }
                                    }
                                } catch (Exception e2) {
                                    stringBuffer.append(new StringBuffer().append("Unable to verify user \"").append(str).append("\" as a member of \"").append(str3).append("\" -- ").append(e2).toString());
                                    return 20;
                                }
                            } catch (LDAPException e3) {
                                stringBuffer.append(new StringBuffer().append("Unable to search the user directory for resource DN \"").append(str3).append("\":  ").append(e3).toString());
                                return 20;
                            }
                        } catch (LDAPException e4) {
                            if (e4.getLDAPResultCode() == 32) {
                                stringBuffer.append(new StringBuffer().append("Resource DN \"").append(str3).append("\" that specifies the clients that may ").append("authenticate does not exist in the user ").append("directory.").toString());
                                return 20;
                            }
                            stringBuffer.append(new StringBuffer().append("Unable to search the user directory for resource DN \"").append(str3).append("\":  ").append(e4).toString());
                            return 20;
                        }
                    }
                    stringBuffer.append(new StringBuffer().append("User \"").append(str).append("\" is not authorized to ").append("connect to the SLAMD server as a client.").toString());
                    return 20;
                } catch (LDAPException e5) {
                    try {
                        lDAPConnection.disconnect();
                    } catch (Exception e6) {
                    }
                    if (e5.getLDAPResultCode() == 49) {
                        stringBuffer.append("Invalid credentials");
                        return 2;
                    }
                    stringBuffer.append(new StringBuffer().append("Unable to verify user credentials:  ").append(e5).toString());
                    return 18;
                }
            } catch (LDAPException e7) {
                stringBuffer.append(new StringBuffer().append("Unable to search user directory:  ").append(e7).toString());
                return 18;
            }
        }
    }

    private void logMessage(String str) {
        if (this.slamdServer != null) {
            this.slamdServer.logMessage(512, str);
        }
    }
}
