package com.sun.identity.plugin.session.impl;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenEvent;
import com.iplanet.sso.SSOTokenListener;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.service.AMAuthErrorCode;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionListener;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.StringUtils;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.CookieUtils;
import com.sun.identity.shared.locale.Locale;
import com.sun.identity.sm.DNMapper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.callback.NameCallback;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/plugin/session/impl/FMSessionProvider.class */
public class FMSessionProvider implements SessionProvider {
    public static final String RANDOM_SECRET = "randomSecret";
    private static final String AUTH_TYPE = "AuthType";
    private static final String PROPERTY_VALUES_SEPARATOR = "|";
    private static boolean urlRewriteEnabled;
    private static final int SECRET_LENGTH = 20;
    private static ResourceBundle bundle = Locale.getInstallResourceBundle("fmSessionProvider");
    private static Debug debug = Debug.getInstance("libPlugins");
    private static String cookieName = SystemPropertiesManager.get(Constants.AM_COOKIE_NAME);
    private static String lbcookieName = null;
    private static String lbcookieValue = null;
    private static SecureRandom random = new SecureRandom();
    private static Set secretSet = Collections.synchronizedSet(new HashSet(1000));

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/plugin/session/impl/FMSessionProvider$SSOTokenListenerImpl.class */
    class SSOTokenListenerImpl implements SSOTokenListener {
        private Object session;
        private SessionListener listener;

        public SSOTokenListenerImpl(Object obj, SessionListener sessionListener) {
            this.session = null;
            this.listener = null;
            this.session = obj;
            this.listener = sessionListener;
        }

        @Override // com.iplanet.sso.SSOTokenListener
        public void ssoTokenChanged(SSOTokenEvent sSOTokenEvent) {
            int i = -1;
            try {
                i = sSOTokenEvent.getType();
            } catch (SSOException e) {
            }
            if (i == 1 || i == 2 || i == 3) {
                this.listener.sessionInvalidated(this.session);
            }
        }
    }

    public static boolean matchSecret(String str) {
        return secretSet.remove(str);
    }

    private static String generateSecret() {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return new String(bArr);
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public Object createSession(Map map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, StringBuffer stringBuffer) throws SessionException {
        int length;
        String str;
        String str2 = (String) map.get("realm");
        if (str2 == null || str2.length() == 0) {
            throw new SessionException(bundle.getString("nullRealm"));
        }
        String str3 = (String) map.get(SessionProvider.PRINCIPAL_NAME);
        if (str3 == null || str3.length() == 0) {
            throw new SessionException(bundle.getString("nullPrincipal"));
        }
        String str4 = (String) map.get("AuthLevel");
        Object obj = null;
        if (httpServletRequest != null) {
            try {
                obj = getSession(httpServletRequest);
                String lowerCase = getPrincipalName(obj).toLowerCase();
                if (!lowerCase.equals(str3.toLowerCase()) && !lowerCase.startsWith("id=" + str3.toLowerCase() + ",")) {
                    invalidateSession(obj, httpServletRequest, httpServletResponse);
                    obj = null;
                }
            } catch (SessionException e) {
                obj = null;
            }
        }
        try {
            AuthContext authContext = obj != null ? new AuthContext((SSOToken) obj) : new AuthContext(str2);
            authContext.login(AuthContext.IndexType.MODULE_INSTANCE, ISAuthConstants.FEDERATION_MODULE, null, null, httpServletRequest, httpServletResponse);
            NameCallback[] nameCallbackArr = null;
            while (true) {
                if (!authContext.hasMoreRequirements()) {
                    break;
                }
                nameCallbackArr = authContext.getRequirements();
                if (nameCallbackArr != null && nameCallbackArr.length != 0) {
                    for (int i = 0; i < nameCallbackArr.length; i++) {
                        if (nameCallbackArr[i] instanceof NameCallback) {
                            NameCallback nameCallback = nameCallbackArr[i];
                            if (nameCallback.getPrompt().equals(SessionProvider.PRINCIPAL_NAME)) {
                                nameCallback.setName(str3);
                            } else if (nameCallback.getPrompt().equals(RANDOM_SECRET)) {
                                String generateSecret = generateSecret();
                                while (true) {
                                    str = generateSecret;
                                    if (!secretSet.contains(str)) {
                                        break;
                                    }
                                    generateSecret = generateSecret();
                                }
                                secretSet.add(str);
                                nameCallback.setName(str);
                            } else if (nameCallback.getPrompt().equals("AuthLevel")) {
                                nameCallback.setName(str4);
                            }
                        }
                    }
                }
            }
            authContext.submitRequirements(nameCallbackArr);
            if (authContext.getStatus() != AuthContext.Status.SUCCESS) {
                if (authContext.getStatus() != AuthContext.Status.FAILED) {
                    throw new SessionException(bundle.getString("loginFailed"));
                }
                int i2 = SessionException.AUTH_ERROR_NOT_DEFINED;
                AuthLoginException loginException = authContext.getLoginException();
                String errorCode = authContext.getErrorCode();
                if (errorCode == null) {
                    i2 = SessionException.AUTH_ERROR_NOT_DEFINED;
                } else if (errorCode.equals("104")) {
                    i2 = SessionException.AUTH_USER_INACTIVE;
                } else if (errorCode.equals(AMAuthErrorCode.AUTH_USER_LOCKED)) {
                    i2 = SessionException.AUTH_USER_LOCKED;
                } else if (errorCode.equals("101")) {
                    i2 = SessionException.AUTH_ACCOUNT_EXPIRED;
                }
                SessionException sessionException = loginException != null ? new SessionException((Exception) loginException) : new SessionException(bundle.getString("loginFailed"));
                sessionException.setErrCode(i2);
                throw sessionException;
            }
            try {
                SSOToken sSOToken = authContext.getSSOToken();
                if (httpServletResponse != null) {
                    try {
                        try {
                            ServiceSchema globalSchema = new ServiceSchemaManager("iPlanetAMPlatformService", sSOToken).getGlobalSchema();
                            setLoadBalancerCookie(httpServletRequest, httpServletResponse);
                            Set<String> set = globalSchema.getAttributeDefaults().get("iplanet-am-platform-cookie-domains");
                            String sSOTokenID = sSOToken.getTokenID().toString();
                            if (set.size() == 0) {
                                CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(cookieName, sSOTokenID, "/"));
                            } else {
                                for (String str5 : set) {
                                    if (debug.messageEnabled()) {
                                        debug.message("cookieName=" + cookieName);
                                        debug.message("value=" + sSOTokenID);
                                        debug.message("cookieDomain=" + str5);
                                    }
                                    CookieUtils.addCookieToResponse(httpServletResponse, CookieUtils.newCookie(cookieName, sSOTokenID, "/", str5));
                                }
                            }
                            if (urlRewriteEnabled && stringBuffer != null && (length = stringBuffer.length()) > 0) {
                                String rewriteURL = rewriteURL(sSOToken, stringBuffer.toString());
                                stringBuffer.delete(0, length);
                                stringBuffer.append(rewriteURL);
                            }
                        } catch (SMSException e2) {
                            throw new SessionException((Exception) e2);
                        }
                    } catch (Exception e3) {
                        throw new SessionException(e3);
                    }
                }
                try {
                    for (String str6 : map.keySet()) {
                        if (!str6.equals("AuthLevel")) {
                            sSOToken.setProperty(str6, StringUtils.getEscapedValue((String) map.get(str6)));
                        }
                    }
                    return sSOToken;
                } catch (SSOException e4) {
                    throw new SessionException((Exception) e4);
                }
            } catch (Exception e5) {
                throw new SessionException(e5.getMessage());
            }
        } catch (AuthLoginException e6) {
            throw new SessionException((Exception) e6);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public void setLoadBalancerCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        FSUtils.setlbCookie(httpServletRequest, httpServletResponse);
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public Object getSession(String str) throws SessionException {
        try {
            SSOToken createSSOToken = SSOTokenManager.getInstance().createSSOToken(str);
            SSOTokenManager.getInstance().refreshSession(createSSOToken);
            return createSSOToken;
        } catch (Throwable th) {
            throw new SessionException(th);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public Object getSession(HttpServletRequest httpServletRequest) throws SessionException {
        try {
            SSOToken createSSOToken = SSOTokenManager.getInstance().createSSOToken(httpServletRequest);
            SSOTokenManager.getInstance().refreshSession(createSSOToken);
            return createSSOToken;
        } catch (Exception e) {
            debug.message("FMSessionProvider.getSession: Could not get the session from the HTTP request: " + e.getMessage());
            throw new SessionException(e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public void invalidateSession(Object obj, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SessionException {
        try {
            AuthUtils.logout(((SSOToken) obj).getTokenID().toString(), httpServletRequest, httpServletResponse);
            if (httpServletRequest != null && httpServletResponse != null) {
                AuthUtils.clearAllCookies(httpServletRequest, httpServletResponse);
            }
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public boolean isValid(Object obj) throws SessionException {
        try {
            return SSOTokenManager.getInstance().isValidToken((SSOToken) obj);
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public String getSessionID(Object obj) {
        return ((SSOToken) obj).getTokenID().toString();
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public String getPrincipalName(Object obj) throws SessionException {
        try {
            return ((SSOToken) obj).getProperty(Constants.UNIVERSAL_IDENTIFIER);
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public long getTimeLeft(Object obj) throws SessionException {
        try {
            return ((SSOToken) obj).getTimeLeft();
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public void setProperty(Object obj, String str, String[] strArr) throws SessionException {
        String stringBuffer;
        if (str == null || strArr == null || strArr.length == 0) {
            return;
        }
        if (strArr.length == 1) {
            stringBuffer = StringUtils.getEscapedValue(strArr[0]);
        } else {
            StringBuffer stringBuffer2 = new StringBuffer(StringUtils.getEscapedValue(strArr[0]));
            for (int i = 1; i < strArr.length; i++) {
                stringBuffer2.append("|").append(StringUtils.getEscapedValue(strArr[i]));
            }
            stringBuffer = stringBuffer2.toString();
        }
        try {
            ((SSOToken) obj).setProperty(str, stringBuffer);
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public String[] getProperty(Object obj, String str) throws SessionException {
        if (obj == null || str == null || str.length() == 0) {
            return null;
        }
        if (str.equals(SessionProvider.AUTH_METHOD)) {
            str = "AuthType";
        }
        try {
            String property = SAML2Constants.IDP_SESSION_INDEX.equals(str) ? ((SSOToken) obj).getProperty(str, true) : ((SSOToken) obj).getProperty(str);
            if (property == null || property.length() == 0) {
                return null;
            }
            if (!str.equals("AuthType")) {
                if (str.equals("Organization")) {
                    return new String[]{DNMapper.orgNameToRealmName(property)};
                }
                String[] split = property.split("\\|");
                for (int i = 0; i < split.length; i++) {
                    split[i] = StringUtils.getUnescapedValue(split[i]);
                }
                return split;
            }
            String[] strArr = new String[1];
            if (property.equalsIgnoreCase(SAMLConstants.AUTH_METHOD_CERT)) {
                strArr[0] = SAMLConstants.AUTH_METHOD_CERT_URI;
            }
            if (property.equalsIgnoreCase("Kerberos")) {
                strArr[0] = SAMLConstants.AUTH_METHOD_KERBEROS_URI;
            }
            if (SAMLConstants.passwordAuthMethods.contains(property.toLowerCase())) {
                strArr[0] = SAMLConstants.AUTH_METHOD_PASSWORD_URI;
            }
            if (SAMLConstants.tokenAuthMethods.contains(property.toLowerCase())) {
                strArr[0] = SAMLConstants.AUTH_METHOD_HARDWARE_TOKEN_URI;
            } else {
                strArr[0] = SAMLConstants.AUTH_METHOD_URI_PREFIX + property;
            }
            return strArr;
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public String rewriteURL(Object obj, String str) throws SessionException {
        if (!urlRewriteEnabled) {
            return str;
        }
        try {
            return ((SSOToken) obj).encodeURL(str);
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    @Override // com.sun.identity.plugin.session.SessionProvider
    public void addListener(Object obj, SessionListener sessionListener) throws SessionException {
        try {
            ((SSOToken) obj).addSSOTokenListener(new SSOTokenListenerImpl(obj, sessionListener));
        } catch (SSOException e) {
            throw new SessionException((Exception) e);
        }
    }

    static {
        urlRewriteEnabled = false;
        String str = SystemPropertiesManager.get(Constants.REWRITE_AS_PATH);
        if (str == null || str.trim().length() == 0 || !str.trim().toLowerCase().equals("true")) {
            return;
        }
        urlRewriteEnabled = true;
    }
}
