package com.sun.identity.authentication.modules.application;

import com.iplanet.am.util.SystemProperties;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdType;
import com.sun.identity.security.DecodeAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.SMSEntry;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.opendj.ldap.DN;

/* loaded from: input_file:com/sun/identity/authentication/modules/application/Application.class */
public class Application extends AMLoginModule {
    private static String secret;
    private static final String amAuthApplication = "amAuthApplication";
    private static Debug debug = Debug.getInstance(amAuthApplication);
    private static final DN SPECIAL_USERS_ROOT = DN.valueOf("ou=DSAME Users," + SMSEntry.getRootSuffix());
    private String userTokenId = null;
    private Principal userPrincipal = null;
    private String errorMsg = null;
    private ResourceBundle bundle = null;

    public void init(Subject subject, Map map, Map map2) {
        try {
            debug.message("in initialize...");
            Locale loginLocale = getLoginLocale();
            this.bundle = amCache.getResBundle(amAuthApplication, loginLocale);
            debug.message("ApplicationAuth resbundle locale={}", new Object[]{loginLocale});
        } catch (Exception e) {
            debug.error("ApplicationAuthModule Init: {}", new Object[]{e.getMessage()});
            debug.message("Stack trace: ", e);
            this.errorMsg = "appInitFalied";
        }
        if (secret == null || secret.length() == 0) {
            debug.message("Init : NULL secret in AMConfig.properties");
        }
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (this.errorMsg != null) {
            throw new AuthLoginException(amAuthApplication, this.errorMsg, (Object[]) null);
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        String str = null;
        String str2 = null;
        if (httpServletRequest != null) {
            str = httpServletRequest.getParameter("IDToken0");
            str2 = httpServletRequest.getParameter("IDToken1");
            if (str == null && str2 == null) {
                str = httpServletRequest.getParameter("Login.Token0");
                str2 = httpServletRequest.getParameter("Login.Token1");
            }
        }
        if (str2 == null && str == null) {
            Map sendCallback = sendCallback();
            if (sendCallback == null || sendCallback.isEmpty()) {
                throw new AuthLoginException(amAuthApplication, "wrongSecret", (Object[]) null);
            }
            str2 = (String) sendCallback.get("secret");
            str = (String) sendCallback.get("uid");
        }
        if (str2 == null || str2.length() == 0) {
            throw new AuthLoginException(amAuthApplication, "noPassword", (Object[]) null);
        }
        if (secret == null || secret.length() == 0 || !str2.equals(secret)) {
            if (doFallbackAuth(str, str2)) {
                return -1;
            }
            debug.error("App validation failed, User not Valid: " + str);
            setFailureID(str);
            throw new AuthLoginException(amAuthApplication, "userInvalid", (Object[]) null);
        }
        debug.message("App.validate, secret matched for user : {}", new Object[]{str});
        String str3 = "cn=" + ((str == null || str.length() == 0) ? "amService-gateway" : "amService-" + str) + ",ou=DSAME Users," + SMSEntry.getRootSuffix();
        if (isValidUserEntry(str3)) {
            this.userTokenId = str3;
            return -1;
        }
        debug.message("{} is not a valid special user entry", new Object[]{str3});
        if (doFallbackAuth(str, str2)) {
            return -1;
        }
        debug.error("App validation failed, User not Valid: {}", new Object[]{str});
        setFailureID(str);
        throw new AuthLoginException(amAuthApplication, "userInvalid", (Object[]) null);
    }

    private boolean doFallbackAuth(String str, String str2) throws AuthLoginException {
        boolean z = false;
        debug.message("doFallbackAuth : User = {}", new Object[]{str});
        if (str != null && str.length() != 0 && authenticateToDatastore(str, str2)) {
            debug.message("Application.doFallbackAuth: Authenticated to AgentsRepo.");
            if (this.userTokenId == null) {
                this.userTokenId = str;
            }
            z = true;
        }
        return z;
    }

    private boolean authenticateToDatastore(String str, String str2) throws AuthLoginException {
        boolean z = false;
        Callback nameCallback = new NameCallback("NamePrompt");
        nameCallback.setName(str);
        PasswordCallback passwordCallback = new PasswordCallback("PasswordPrompt", false);
        passwordCallback.setPassword(str2.toCharArray());
        try {
            z = getAMIdentityRepository(getRequestOrg()).authenticate(IdType.AGENT, new Callback[]{nameCallback, passwordCallback});
        } catch (IdRepoException e) {
            debug.message("Application.authenticateToDatastore: IdRepo Exception", e);
        }
        return z;
    }

    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.userTokenId == null) {
            return null;
        }
        this.userPrincipal = new ApplicationPrincipal(this.userTokenId);
        return this.userPrincipal;
    }

    private Map sendCallback() {
        String name;
        try {
            CallbackHandler callbackHandler = getCallbackHandler();
            if (callbackHandler == null) {
                throw new AuthLoginException(amAuthApplication, "NoCallbackHandler", (Object[]) null);
            }
            NameCallback[] nameCallbackArr = {new NameCallback(this.bundle.getString("appname")), new PasswordCallback(this.bundle.getString("secret"), true)};
            debug.message("Callback is.. : {}", nameCallbackArr);
            callbackHandler.handle(nameCallbackArr);
            HashMap hashMap = new HashMap();
            for (NameCallback nameCallback : nameCallbackArr) {
                if (nameCallback instanceof PasswordCallback) {
                    char[] password = ((PasswordCallback) nameCallback).getPassword();
                    if (password != null) {
                        hashMap.put("secret", new String(password));
                    }
                } else if ((nameCallback instanceof NameCallback) && (name = nameCallback.getName()) != null) {
                    hashMap.put("uid", name);
                }
            }
            return hashMap;
        } catch (Exception e) {
            debug.error("sendCallback: {}", new Object[]{e.getMessage()});
            debug.message("Stack trace: ", e);
            return null;
        }
    }

    public void destroyModuleState() {
        this.userTokenId = null;
        this.userPrincipal = null;
    }

    public void nullifyUsedVars() {
        this.errorMsg = null;
        this.bundle = null;
    }

    static {
        secret = null;
        debug.message("Application module getting secret");
        secret = (String) AccessController.doPrivileged((PrivilegedAction) new DecodeAction(SystemProperties.get("com.iplanet.am.service.secret").trim()));
    }
}
