package com.sun.portal.admin.server;

import com.iplanet.sso.SSOTokenManager;
import com.sun.cacao.agent.auth.CallbackInfo;
import com.sun.cacao.agent.auth.Credential;
import com.sun.cacao.agent.auth.Mechanism;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.portal.admin.common.context.PortalDomainContext;
import com.sun.portal.admin.common.context.PortalDomainContextFactory;
import com.sun.portal.admin.common.util.AdminUtil;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.management.Notification;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
import javax.management.remote.JMXConnectionNotification;
import javax.security.auth.Subject;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import netscape.ldap.util.DN;

/* JADX WARN: Classes with same name are omitted:
  input_file:121913-01/SUNWportal-admin/reloc/SUNWportal/admin/psconsole.war:WEB-INF/lib/admin_common.jar:com/sun/portal/admin/server/PASMechanism.class
  input_file:121913-01/SUNWportal-admin/reloc/SUNWportal/lib/admin_common.jar:com/sun/portal/admin/server/PASMechanism.class
 */
/* loaded from: input_file:121913-01/SUNWportal-portlets/reloc/SUNWportal/portlet/wsssoportlet.war:WEB-INF/lib/admin_common.jar:com/sun/portal/admin/server/PASMechanism.class */
public class PASMechanism implements Mechanism, NotificationFilter, NotificationListener {
    private static Logger logger = PASLogger.getLogger();

    public String getName() {
        return AdminUtil.JMX_DOMAIN;
    }

    public boolean isIdentityAsserted() {
        return false;
    }

    public CallbackInfo parse(String str, String str2, String[] strArr, String[] strArr2) throws SecurityException {
        String defaultOrg;
        String str3 = strArr[1];
        String str4 = strArr[2];
        String str5 = str3;
        try {
            PortalDomainContext portalDomainContext = PortalDomainContextFactory.getPortalDomainContext(str4);
            if (DN.isDN(str3)) {
                DN dn = new DN(str3);
                String[] explodeDN = dn.explodeDN(true);
                if (explodeDN.length < 3) {
                    String stringBuffer = new StringBuffer().append("Authentication failed due to incorrect user DN format: ").append(str3).toString();
                    logger.log(Level.WARNING, "PSAD_CSPAS0102", str3);
                    throw new SecurityException(stringBuffer);
                }
                str5 = explodeDN[0];
                defaultOrg = dn.getParent().getParent().toString();
            } else {
                defaultOrg = portalDomainContext.getDefaultOrg();
                str3 = new StringBuffer().append("uid=").append(str5).append(",ou=People,").append(defaultOrg).toString();
            }
            if (!new DN(str3).equals(new DN(portalDomainContext.getSuperUser()))) {
                String stringBuffer2 = new StringBuffer().append("Authentication failed: ").append(str3).append(" is not a super user").toString();
                logger.log(Level.WARNING, "PSAD_CSPAS0103", str3);
                throw new SecurityException(stringBuffer2);
            }
            try {
                AuthContext authContext = new AuthContext(defaultOrg);
                authContext.login(AuthContext.IndexType.MODULE_INSTANCE, "LDAP");
                while (authContext.hasMoreRequirements()) {
                    NameCallback[] requirements = authContext.getRequirements();
                    if (requirements != null) {
                        for (int i = 0; i < requirements.length; i++) {
                            if (requirements[i] instanceof NameCallback) {
                                requirements[i].setName(str5);
                            } else if (requirements[i] instanceof PasswordCallback) {
                                ((PasswordCallback) requirements[i]).setPassword(strArr2[0].toCharArray());
                            }
                        }
                        authContext.submitRequirements(requirements);
                    }
                }
                if (authContext.getStatus() != AuthContext.Status.SUCCESS) {
                    Throwable loginException = authContext.getLoginException();
                    String stringBuffer3 = new StringBuffer().append("Authentication failed: ").append(loginException.getMessage()).toString();
                    logger.log(Level.WARNING, "PSAD_CSPAS0101", loginException.getMessage());
                    logger.log(Level.WARNING, "PSAD_CSPAS0000", loginException);
                    throw new SecurityException(stringBuffer3);
                }
                Subject subject = authContext.getSubject();
                PASPrincipal pASPrincipal = new PASPrincipal(str3, str4);
                try {
                    pASPrincipal.setSSOToken(authContext.getSSOToken());
                    subject.getPrincipals().add(pASPrincipal);
                    logger.log(Level.FINER, "PSAD_CSPAS0104", subject);
                    subject.getPublicCredentials().add(new Credential(str));
                    subject.getPrivateCredentials().add(new Credential(str2));
                    return new CallbackInfo(subject, false);
                } catch (Exception e) {
                    String stringBuffer4 = new StringBuffer().append("Authentication failed: ").append(e.getMessage()).toString();
                    logger.log(Level.WARNING, "PSAD_CSPAS0101", e.getMessage());
                    logger.log(Level.WARNING, "PSAD_CSPAS0000", (Throwable) e);
                    throw new SecurityException(stringBuffer4);
                }
            } catch (AuthLoginException e2) {
                String stringBuffer5 = new StringBuffer().append("Authentication failed: ").append(e2.getMessage()).toString();
                logger.log(Level.WARNING, "PSAD_CSPAS0101", e2.getMessage());
                logger.log(Level.WARNING, "PSAD_CSPAS0000", e2);
                throw new SecurityException(stringBuffer5);
            }
        } catch (Exception e3) {
            String stringBuffer6 = new StringBuffer().append("Authentication failed: ").append(e3.getMessage()).toString();
            logger.log(Level.WARNING, "PSAD_CSPAS0101", e3.getMessage());
            logger.log(Level.WARNING, "PSAD_CSPAS0000", (Throwable) e3);
            throw new SecurityException(stringBuffer6);
        }
    }

    @Override // javax.management.NotificationFilter
    public boolean isNotificationEnabled(Notification notification) {
        return notification instanceof JMXConnectionNotification;
    }

    @Override // javax.management.NotificationListener
    public void handleNotification(Notification notification, Object obj) {
        String type = notification.getType();
        if (JMXConnectionNotification.CLOSED.equals(type) || JMXConnectionNotification.FAILED.equals(type)) {
            logger.log(Level.FINER, "PSAD_CSPAS0105", type);
            String connectionId = ((JMXConnectionNotification) notification).getConnectionId();
            logger.log(Level.FINER, "PSAD_CSPAS0106", connectionId);
            StringTokenizer stringTokenizer = new StringTokenizer(connectionId, " ");
            if (stringTokenizer.countTokens() > 2) {
                stringTokenizer.nextToken();
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), ";");
                while (stringTokenizer2.hasMoreTokens()) {
                    String nextToken = stringTokenizer2.nextToken();
                    if (!nextToken.equals("root") && !nextToken.startsWith("com") && !DN.isDN(nextToken)) {
                        try {
                            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                            sSOTokenManager.destroyToken(sSOTokenManager.createSSOToken(nextToken));
                            logger.log(Level.FINER, "PSAD_CSPAS0107", nextToken);
                        } catch (Exception e) {
                        }
                    }
                }
            }
        }
    }
}
