package com.sun.identity.cli;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.authentication.internal.InvalidAuthContextException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.locale.Locale;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/cli/Authenticator.class */
class Authenticator {
    private static final String LOGIN_STATUS = "iplanet-am-user-login-status";
    private static final String ACCOUNT_LIFE = "iplanet-am-user-account-life";
    private static final String STRING_ACTIVE = "active";
    private static final String DEFINED_INDEX_TYPE = "org.forgerock.openam.ssoadm.auth.indexType";
    private static final String DEFINED_INDEX_NAME = "org.forgerock.openam.ssoadm.auth.indexName";
    private static final String LDAP_AUTH_MODULE = "LDAP";
    private static final String FLATFILE_AUTH_MODULE = "DataStore";
    private static Set ACTIVE_STATE_ATTRIBUTES = new HashSet(4);
    private static Authenticator instance = new Authenticator();

    private Authenticator() {
    }

    public static Authenticator getInstance() {
        return instance;
    }

    public AuthContext sessionBasedLogin(CommandManager commandManager, String str, String str2) throws CLIException {
        String[] strArr = {str};
        LogWriter.log(commandManager, 0, Level.INFO, "ATTEMPT_LOGIN", strArr, null);
        try {
            AuthContext sessionBasedLoginInternal = sessionBasedLoginInternal(commandManager, str, str2);
            LogWriter.log(commandManager, 0, Level.INFO, "SUCCEED_LOGIN", strArr, null);
            return sessionBasedLoginInternal;
        } catch (CLIException e) {
            LogWriter.log(commandManager, 1, Level.INFO, "FAILED_LOGIN", new String[]{str, e.getMessage()}, null);
            throw e;
        }
    }

    private AuthContext sessionBasedLoginInternal(CommandManager commandManager, String str, String str2) throws CLIException {
        AuthContext sessionBasedLoginInternal;
        String str3 = SystemProperties.get(DEFINED_INDEX_TYPE);
        String str4 = SystemProperties.get(DEFINED_INDEX_NAME);
        if (str3 == null || str4 == null) {
            try {
                sessionBasedLoginInternal = sessionBasedLoginInternal(commandManager, str, str2, "MODULE_INSTANCE", FLATFILE_AUTH_MODULE);
            } catch (CLIException e) {
                sessionBasedLoginInternal = sessionBasedLoginInternal(commandManager, str, str2, "MODULE_INSTANCE", LDAP_AUTH_MODULE);
            }
        } else {
            sessionBasedLoginInternal = sessionBasedLoginInternal(commandManager, str, str2, str3, str4);
        }
        return sessionBasedLoginInternal;
    }

    private AuthContext sessionBasedLoginInternal(CommandManager commandManager, String str, String str2, String str3, String str4) throws CLIException {
        AuthContext authContext = getAuthContext(commandManager, str3, str4);
        processCallback(commandManager, authContext, str, str2);
        try {
            authContext.getSSOToken();
            return authContext;
        } catch (Exception e) {
            throw new CLIException(commandManager.getResourceBundle().getString("exception-session-based-login-failed"), 20);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSOToken ldapLogin(CommandManager commandManager, String str, String str2) throws CLIException {
        SSOToken sSOToken = null;
        IOutput outputWriter = commandManager.getOutputWriter();
        ResourceBundle resourceBundle = commandManager.getResourceBundle();
        if (commandManager.isVerbose()) {
            outputWriter.printlnMessage(resourceBundle.getString("verbose-authenticating"));
        }
        String[] strArr = {str};
        if (SystemProperties.get("com.sun.identity.security.amadmin", "false").equalsIgnoreCase("false")) {
            LogWriter.log(commandManager, 0, Level.INFO, "ATTEMPT_LOGIN", strArr, null);
            try {
                sSOToken = sessionBasedLoginInternal(commandManager, str, str2).getSSOToken();
                commandManager.registerSSOToken(sSOToken);
            } catch (Exception e) {
                sSOToken = ldapLoginInternal(commandManager, str, str2);
            }
        }
        if (sSOToken == null) {
            sSOToken = ldapLoginInternal(commandManager, str, str2);
        }
        LogWriter.log(commandManager, 0, Level.INFO, "SUCCEED_LOGIN", strArr, null);
        if (commandManager.isVerbose()) {
            outputWriter.printlnMessage(resourceBundle.getString("verbose-authenticated"));
        }
        return sSOToken;
    }

    private SSOToken ldapLoginInternal(CommandManager commandManager, String str, String str2) throws CLIException {
        ResourceBundle resourceBundle = commandManager.getResourceBundle();
        try {
            com.sun.identity.authentication.internal.AuthContext lDAPAuthContext = getLDAPAuthContext(str, str2);
            if (lDAPAuthContext.getLoginStatus() != 3) {
                throw new CLIException(resourceBundle.getString("exception-LDAP-login-failed"), 19);
            }
            SSOToken sSOToken = lDAPAuthContext.getSSOToken();
            sSOToken.setProperty("sun.am.UniversalIdentifier", new AMIdentity(sSOToken, sSOToken.getPrincipal().getName(), IdType.USER, "/", (String) null).getUniversalId());
            return sSOToken;
        } catch (InvalidAuthContextException e) {
            LogWriter.log(commandManager, 1, Level.INFO, "FAILED_LOGIN", new String[]{str, e.getMessage()}, null);
            throw new CLIException(resourceBundle.getString("exception-LDAP-login-failed"), 19);
        } catch (LoginException e2) {
            LogWriter.log(commandManager, 1, Level.INFO, "FAILED_LOGIN", new String[]{str, e2.getMessage()}, null);
            throw new CLIException(resourceBundle.getString("exception-LDAP-login-failed"), 19);
        } catch (SSOException e3) {
            LogWriter.log(commandManager, 1, Level.INFO, "FAILED_LOGIN", new String[]{str, e3.getMessage()}, null);
            throw new CLIException((Throwable) e3, 19);
        }
    }

    private com.sun.identity.authentication.internal.AuthContext getLDAPAuthContext(String str, String str2) throws LoginException {
        return new com.sun.identity.authentication.internal.AuthContext(new AuthPrincipal(str), str2.toCharArray());
    }

    private AuthContext getAuthContext(CommandManager commandManager, String str, String str2) throws CLIException {
        try {
            AuthContext authContext = new AuthContext("/");
            AuthContext.IndexType indexType = null;
            if (str.equalsIgnoreCase("module_instance")) {
                indexType = AuthContext.IndexType.MODULE_INSTANCE;
            } else if (str.equalsIgnoreCase("service")) {
                indexType = AuthContext.IndexType.SERVICE;
            } else if (str.equalsIgnoreCase("user")) {
                indexType = AuthContext.IndexType.USER;
            } else if (str.equalsIgnoreCase("role")) {
                indexType = AuthContext.IndexType.ROLE;
            } else if (str.equalsIgnoreCase("level")) {
                indexType = AuthContext.IndexType.LEVEL;
            } else if (str.equalsIgnoreCase("composite_advice")) {
                indexType = AuthContext.IndexType.COMPOSITE_ADVICE;
            } else if (str.equalsIgnoreCase("resource")) {
                indexType = AuthContext.IndexType.RESOURCE;
            }
            authContext.login(indexType, str2);
            return authContext;
        } catch (LoginException e) {
            throw new CLIException(commandManager.getResourceBundle().getString("exception-LDAP-login-failed"), 20);
        }
    }

    private void processCallback(CommandManager commandManager, AuthContext authContext, String str, String str2) throws CLIException {
        ResourceBundle resourceBundle = commandManager.getResourceBundle();
        while (authContext.hasMoreRequirements()) {
            Callback[] requirements = authContext.getRequirements();
            if (requirements != null) {
                setCallbackValues(requirements, str, str2);
                authContext.submitRequirements(requirements);
            }
        }
        if (authContext.getStatus() != AuthContext.Status.SUCCESS) {
            throw new CLIException(resourceBundle.getString("exception-LDAP-login-failed"), 20);
        }
    }

    private void setCallbackValues(Callback[] callbackArr, String str, String str2) {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof NameCallback) {
                ((NameCallback) callbackArr[i]).setName(str);
            } else if (callbackArr[i] instanceof PasswordCallback) {
                ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
            }
        }
    }

    private static String getStringValue(Map map, String str) {
        Set set;
        String str2 = null;
        if (map != null && !map.isEmpty() && (set = (Set) map.get(str)) != null && !set.isEmpty()) {
            str2 = (String) set.iterator().next();
        }
        return str2;
    }

    private static boolean isExpired(String str) {
        boolean z = false;
        if (str != null && str.trim().length() > 0) {
            z = Locale.parseNormalizedDateString(str).before(Time.newDate());
        }
        return z;
    }

    static {
        ACTIVE_STATE_ATTRIBUTES.add(LOGIN_STATUS);
        ACTIVE_STATE_ATTRIBUTES.add(ACCOUNT_LIFE);
    }
}
