package com.sun.identity.authentication.modules.membership;

import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ChoiceCallback;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:com/sun/identity/authentication/modules/membership/Membership.class */
public class Membership extends AMLoginModule {
    private ResourceBundle bundle;
    private Map sharedState;
    private String validatedUserID;
    private MembershipPrincipal userPrincipal;
    private Map options;
    private String serviceStatus;
    private boolean isDisclaimerExist = true;
    private Set defaultRoles;
    private int requiredPasswordLength;
    private String createMyOwn;
    private String userID;
    private String userName;
    private Map userAttrs;
    private static final String amAuthMembership = "amAuthMembership";
    private static final Debug debug = Debug.getInstance(amAuthMembership);
    private String regEx;
    private static final String INVALID_CHARS = "iplanet-am-auth-membership-invalid-chars";
    private boolean getCredentialsFromSharedState;
    private Callback[] callbacks;

    public void init(Subject subject, Map map, Map map2) {
        Locale loginLocale = getLoginLocale();
        this.bundle = amCache.getResBundle(amAuthMembership, loginLocale);
        if (debug.messageEnabled()) {
            debug.message("Membership getting resource bundle for locale: " + loginLocale);
        }
        this.options = map2;
        this.sharedState = map;
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (debug.messageEnabled()) {
            debug.message("in process(), login state is " + i);
        }
        this.callbacks = callbackArr;
        ModuleState moduleState = null;
        switch (ModuleState.get(i)) {
            case DISCLAIMER:
                int selectedIndex = ((ConfirmationCallback) callbackArr[0]).getSelectedIndex();
                if (debug.messageEnabled()) {
                    debug.message("DISCLAIMER page button index: " + selectedIndex);
                }
                if (selectedIndex == 0) {
                    RegistrationResult registerNewUser = registerNewUser();
                    if (!registerNewUser.equals(RegistrationResult.NO_ERROR)) {
                        switch (registerNewUser) {
                            case USER_EXISTS_ERROR:
                                setErrorMessage(registerNewUser, 0);
                                moduleState = ModuleState.REGISTRATION;
                                break;
                            case PROFILE_ERROR:
                                moduleState = ModuleState.PROFILE_ERROR;
                                break;
                            case NO_ERROR:
                                moduleState = ModuleState.COMPLETE;
                                break;
                        }
                    } else {
                        return -1;
                    }
                } else {
                    if (selectedIndex != 1) {
                        throw new AuthLoginException(amAuthMembership, "loginException", (Object[]) null);
                    }
                    moduleState = ModuleState.DISCLAIMER_DECLINED;
                    break;
                }
                break;
            case REGISTRATION:
                int selectedIndex2 = ((ConfirmationCallback) callbackArr[callbackArr.length - 1]).getSelectedIndex();
                if (debug.messageEnabled()) {
                    debug.message("REGISTRATION page button index: " + selectedIndex2);
                }
                if (selectedIndex2 == 0) {
                    clearInfoText(ModuleState.REGISTRATION.intValue());
                    ModuleState andCheckRegistrationFields = getAndCheckRegistrationFields(callbackArr);
                    switch (andCheckRegistrationFields) {
                        case DISCLAIMER:
                            moduleState = processRegistrationResult();
                            break;
                        case REGISTRATION:
                        case CHOOSE_USERNAMES:
                        case PROFILE_ERROR:
                            if (debug.messageEnabled()) {
                                debug.message("Recoverable error: " + andCheckRegistrationFields.toString());
                            }
                            moduleState = andCheckRegistrationFields;
                            break;
                    }
                } else {
                    if (selectedIndex2 != 1) {
                        return 0;
                    }
                    clearCallbacks(callbackArr);
                    moduleState = ModuleState.LOGIN_START;
                    break;
                }
            case CHOOSE_USERNAMES:
                moduleState = chooseUserID(callbackArr);
                break;
            case LOGIN_START:
                int i2 = 0;
                if (callbackArr != null && callbackArr.length != 0) {
                    i2 = ((ConfirmationCallback) callbackArr[2]).getSelectedIndex();
                    if (debug.messageEnabled()) {
                        debug.message("LOGIN page button index: " + i2);
                    }
                }
                if (i2 != 0) {
                    initAuthConfig();
                    clearInfoText(ModuleState.REGISTRATION.intValue());
                    moduleState = ModuleState.REGISTRATION;
                    break;
                } else {
                    moduleState = loginUser(callbackArr);
                    break;
                }
        }
        return moduleState.intValue();
    }

    private ModuleState processRegistrationResult() throws AuthLoginException {
        ModuleState moduleState = null;
        if (!this.isDisclaimerExist) {
            if (debug.messageEnabled()) {
                debug.message("No disclaimer, register user");
            }
            RegistrationResult registerNewUser = registerNewUser();
            switch (registerNewUser) {
                case USER_EXISTS_ERROR:
                    setErrorMessage(registerNewUser, 0);
                    moduleState = ModuleState.REGISTRATION;
                    break;
                case PROFILE_ERROR:
                    moduleState = ModuleState.PROFILE_ERROR;
                    break;
                case NO_ERROR:
                    moduleState = ModuleState.COMPLETE;
                    break;
            }
        } else {
            if (debug.messageEnabled()) {
                debug.message("Move to disclaimer page");
            }
            moduleState = ModuleState.DISCLAIMER;
        }
        return moduleState;
    }

    private void clearCallbacks(Callback[] callbackArr) {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName("");
            }
        }
    }

    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.validatedUserID == null) {
            return null;
        }
        this.userPrincipal = new MembershipPrincipal(this.validatedUserID);
        return this.userPrincipal;
    }

    public void destroyModuleState() {
        this.validatedUserID = null;
    }

    public void nullifyUsedVars() {
        this.bundle = null;
        this.sharedState = null;
        this.options = null;
        this.serviceStatus = null;
        this.defaultRoles = null;
        this.userID = null;
        this.userName = null;
        this.userAttrs = null;
        this.regEx = null;
        this.callbacks = null;
    }

    private void initAuthConfig() throws AuthLoginException {
        if (this.options == null || this.options.isEmpty()) {
            debug.error("options is null or empty");
            throw new AuthLoginException(amAuthMembership, "unable-to-initialize-options", (Object[]) null);
        }
        try {
            String mapAttr = CollectionHelper.getMapAttr(this.options, "iplanet-am-auth-membership-auth-level");
            if (mapAttr != null) {
                try {
                    setAuthLevel(Integer.parseInt(mapAttr));
                } catch (NumberFormatException e) {
                    debug.error("invalid auth level " + mapAttr, e);
                }
            }
            this.regEx = CollectionHelper.getMapAttr(this.options, INVALID_CHARS);
            this.serviceStatus = CollectionHelper.getMapAttr(this.options, "iplanet-am-auth-membership-default-user-status", "Active");
            if (getNumberOfStates() >= ModuleState.DISCLAIMER.intValue()) {
                this.isDisclaimerExist = true;
            } else {
                this.isDisclaimerExist = false;
            }
            this.defaultRoles = (Set) this.options.get("iplanet-am-auth-membership-default-roles");
            if (debug.messageEnabled()) {
                debug.message("defaultRoles is : " + this.defaultRoles);
            }
            String mapAttr2 = CollectionHelper.getMapAttr(this.options, "iplanet-am-auth-membership-min-password-length");
            if (mapAttr2 != null) {
                this.requiredPasswordLength = Integer.parseInt(mapAttr2);
            }
        } catch (Exception e2) {
            debug.error("unable to initialize in initAuthConfig(): ", e2);
            throw new AuthLoginException(amAuthMembership, "Membershipex", (Object[]) null, e2);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x00af A[Catch: IdRepoException -> 0x0101, TryCatch #0 {IdRepoException -> 0x0101, blocks: (B:22:0x000b, B:24:0x0010, B:28:0x0044, B:7:0x009f, B:9:0x00c4, B:11:0x00e8, B:14:0x00f4, B:15:0x0100, B:16:0x00a6, B:18:0x00af, B:19:0x00b7, B:20:0x00c3, B:29:0x0040, B:4:0x007f), top: B:21:0x000b }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.sun.identity.authentication.modules.membership.ModuleState loginUser(javax.security.auth.callback.Callback[] r8) throws com.sun.identity.authentication.spi.AuthLoginException {
        /*
            Method dump skipped, instructions count: 322
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.authentication.modules.membership.Membership.loginUser(javax.security.auth.callback.Callback[]):com.sun.identity.authentication.modules.membership.ModuleState");
    }

    private RegistrationResult registerNewUser() throws AuthLoginException {
        if (debug.messageEnabled()) {
            debug.message("trying to register(create) a new user: " + this.userID);
        }
        try {
            if (userExists(this.userID)) {
                if (debug.messageEnabled()) {
                    debug.message("unable to register, user " + this.userID + " already exists");
                }
                return RegistrationResult.USER_EXISTS_ERROR;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(this.serviceStatus);
            this.userAttrs.put("inetuserstatus", hashSet);
            createIdentity(this.userID, this.userAttrs, this.defaultRoles);
            this.validatedUserID = this.userID;
            if (debug.messageEnabled()) {
                debug.message("registration is completed, created user: " + this.validatedUserID);
            }
            return RegistrationResult.NO_ERROR;
        } catch (SSOException e) {
            debug.error("profile exception occured: ", e);
            return RegistrationResult.PROFILE_ERROR;
        } catch (IdRepoException e2) {
            getLoginState("Membership").logFailed(e2.getMessage(), "CREATE_USER_PROFILE_FAILED", false, (String) null);
            debug.error("profile exception occured: ", e2);
            return RegistrationResult.PROFILE_ERROR;
        }
    }

    private ModuleState getAndCheckRegistrationFields(Callback[] callbackArr) throws AuthLoginException {
        HashMap hashMap = new HashMap();
        this.userID = getCallbackFieldValue(callbackArr[0]);
        if (this.userID == null || this.userID.length() == 0) {
            updateRegistrationCallbackFields(callbackArr);
            setErrorMessage(RegistrationResult.NO_USER_NAME_ERROR, 0);
            return ModuleState.REGISTRATION;
        }
        validateUserName(this.userID, this.regEx);
        String password = getPassword((PasswordCallback) callbackArr[1]);
        String password2 = getPassword((PasswordCallback) callbackArr[2]);
        RegistrationResult checkPassword = checkPassword(password, password2);
        if (debug.messageEnabled()) {
            debug.message("state returned from checkPassword(): " + checkPassword);
        }
        if (!checkPassword.equals(RegistrationResult.NO_ERROR)) {
            updateRegistrationCallbackFields(callbackArr);
            setErrorMessage(checkPassword, 1);
            return ModuleState.REGISTRATION;
        }
        validatePassword(password2);
        if (password.equals(this.userID)) {
            updateRegistrationCallbackFields(callbackArr);
            setErrorMessage(RegistrationResult.USER_PASSWORD_SAME_ERROR, 1);
            return ModuleState.REGISTRATION;
        }
        for (int i = 0; i < callbackArr.length; i++) {
            String attribute = getAttribute(ModuleState.REGISTRATION.intValue(), i);
            Set<String> callbackFieldValues = getCallbackFieldValues(callbackArr[i]);
            if (isRequired(ModuleState.REGISTRATION.intValue(), i) && callbackFieldValues.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("Empty value for required field :" + attribute);
                }
                updateRegistrationCallbackFields(callbackArr);
                setErrorMessage(RegistrationResult.MISSING_REQ_FIELD_ERROR, i);
                return ModuleState.REGISTRATION;
            }
            if (attribute != null && attribute.length() != 0) {
                hashMap.put(attribute, callbackFieldValues);
            }
        }
        this.userAttrs = hashMap;
        try {
            if (!userExists(this.userID)) {
                return ModuleState.DISCLAIMER;
            }
            if (debug.messageEnabled()) {
                debug.message("user ID " + this.userID + " already exists");
            }
            Set newUserIDs = getNewUserIDs(hashMap, 0);
            if (newUserIDs == null) {
                updateRegistrationCallbackFields(callbackArr);
                setErrorMessage(RegistrationResult.USER_EXISTS_ERROR, 0);
                return ModuleState.REGISTRATION;
            }
            List<String> nonExistingUserIDs = getNonExistingUserIDs(newUserIDs);
            resetCallback(ModuleState.CHOOSE_USERNAMES.intValue(), 0);
            ChoiceCallback choiceCallback = getCallback(ModuleState.CHOOSE_USERNAMES.intValue())[0];
            String prompt = choiceCallback.getPrompt();
            this.createMyOwn = choiceCallback.getChoices()[0];
            nonExistingUserIDs.add(this.createMyOwn);
            ChoiceCallback choiceCallback2 = new ChoiceCallback(prompt, (String[]) nonExistingUserIDs.toArray(new String[0]), 0, false);
            choiceCallback2.setSelectedIndex(0);
            replaceCallback(ModuleState.CHOOSE_USERNAMES.intValue(), 0, choiceCallback2);
            return ModuleState.CHOOSE_USERNAMES;
        } catch (SSOException e) {
            debug.error("profile exception occured: ", e);
            return ModuleState.PROFILE_ERROR;
        } catch (IdRepoException e2) {
            debug.error("profile exception occured: ", e2);
            return ModuleState.PROFILE_ERROR;
        }
    }

    private RegistrationResult checkPassword(String str, String str2) {
        if (str == null || str.length() == 0) {
            if (debug.messageEnabled()) {
                debug.message("password was missing from the form");
            }
            return RegistrationResult.NO_PASSWORD_ERROR;
        }
        if (str.length() < this.requiredPasswordLength) {
            if (debug.messageEnabled()) {
                debug.message("password was not long enough");
            }
            return RegistrationResult.PASSWORD_TOO_SHORT;
        }
        if (str2 != null && str2.length() != 0) {
            return !str.equals(str2) ? RegistrationResult.PASSWORD_MISMATCH_ERROR : RegistrationResult.NO_ERROR;
        }
        if (debug.messageEnabled()) {
            debug.message("no confirmation password");
        }
        return RegistrationResult.NO_CONFIRMATION_ERROR;
    }

    private ModuleState chooseUserID(Callback[] callbackArr) throws AuthLoginException {
        String callbackFieldValue = getCallbackFieldValue(callbackArr[0]);
        if (callbackFieldValue.equals(this.createMyOwn)) {
            return ModuleState.REGISTRATION;
        }
        String attribute = getAttribute(ModuleState.REGISTRATION.intValue(), 0);
        this.userID = callbackFieldValue;
        HashSet hashSet = new HashSet();
        hashSet.add(this.userID);
        this.userAttrs.put(attribute, hashSet);
        return processRegistrationResult();
    }

    private String getPassword(PasswordCallback passwordCallback) {
        char[] password = passwordCallback.getPassword();
        if (password == null) {
            password = new char[0];
        }
        char[] cArr = new char[password.length];
        System.arraycopy(password, 0, cArr, 0, password.length);
        return new String(cArr);
    }

    private Set<String> getCallbackFieldValues(Callback callback) {
        HashSet hashSet = new HashSet();
        if (callback instanceof NameCallback) {
            String name = ((NameCallback) callback).getName();
            if (name != null && name.length() != 0) {
                hashSet.add(name);
            }
        } else if (callback instanceof PasswordCallback) {
            String password = getPassword((PasswordCallback) callback);
            if (password != null && password.length() != 0) {
                hashSet.add(password);
            }
        } else if (callback instanceof ChoiceCallback) {
            String[] choices = ((ChoiceCallback) callback).getChoices();
            for (int i : ((ChoiceCallback) callback).getSelectedIndexes()) {
                hashSet.add(choices[i]);
            }
        }
        return hashSet;
    }

    private String getCallbackFieldValue(Callback callback) {
        Iterator<String> it = getCallbackFieldValues(callback).iterator();
        if (it.hasNext()) {
            return it.next();
        }
        return null;
    }

    private List<String> getNonExistingUserIDs(Set<String> set) throws IdRepoException, SSOException {
        ArrayList arrayList = new ArrayList();
        for (String str : set) {
            if (!userExists(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private boolean userExists(String str) throws IdRepoException, SSOException {
        AMIdentityRepository aMIdentityRepository = getAMIdentityRepository(getRequestOrg());
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setRecursive(true);
        idSearchControl.setTimeOut(0);
        idSearchControl.setAllReturnAttributes(true);
        Set set = Collections.EMPTY_SET;
        try {
            idSearchControl.setMaxResults(0);
            IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.USER, str, idSearchControl);
            if (searchIdentities != null) {
                set = searchIdentities.getSearchResults();
            }
        } catch (IdRepoException e) {
            if (debug.messageEnabled()) {
                debug.message("IdRepoException : Error searching  Identities with username : " + e.getMessage());
            }
        }
        return !set.isEmpty();
    }

    private void setErrorMessage(RegistrationResult registrationResult, int i) throws AuthLoginException {
        if (!registrationResult.equals(RegistrationResult.PASSWORD_TOO_SHORT)) {
            substituteInfoText(ModuleState.REGISTRATION.intValue(), i, this.bundle.getString(registrationResult.toString()));
        } else {
            substituteInfoText(ModuleState.REGISTRATION.intValue(), i, com.sun.identity.shared.locale.Locale.formatMessage(this.bundle.getString(registrationResult.toString()), Integer.valueOf(this.requiredPasswordLength)));
        }
    }

    private void updateRegistrationCallbackFields(Callback[] callbackArr) throws AuthLoginException {
        Callback[] callback = getCallback(ModuleState.REGISTRATION.intValue());
        for (int i = 0; i < callback.length; i++) {
            if (callback[i] instanceof NameCallback) {
                Callback callback2 = (NameCallback) callback[i];
                callback2.setName(((NameCallback) callbackArr[i]).getName());
                replaceCallback(ModuleState.REGISTRATION.intValue(), i, callback2);
            } else if (callback[i] instanceof PasswordCallback) {
                PasswordCallback passwordCallback = (PasswordCallback) callback[i];
                passwordCallback.setPassword(((PasswordCallback) callbackArr[i]).getPassword());
                replaceCallback(ModuleState.REGISTRATION.intValue(), i, passwordCallback);
            }
        }
    }
}
