package com.sun.identity.liberty.ws.soapbinding;

import com.iplanet.am.util.Cache;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.dpro.session.service.SessionService;
import com.iplanet.security.x509.CertUtils;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.ServiceSchema;
import com.sun.identity.sm.ServiceSchemaManager;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.openam.sdk.org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/liberty/ws/soapbinding/WebServiceAuthenticatorImpl.class */
class WebServiceAuthenticatorImpl implements WebServiceAuthenticator {
    private static final String PRINCIPAL_PROP = "Principal";
    private static final String PRINCIPALS_PROP = "Principals";
    private static final String AUTH_TYPE_PROP = "AuthType";
    private static final String AUTH_INSTANT_PROP = "authInstant";
    private static final String ANONYMOUS_PRINCIPAL = "anonymous";
    private static final String SESSION_SERVICE_NAME = "iPlanetAMSessionService";
    private static final String MAX_SESSION_TIME = "iplanet-am-session-max-session-time";
    private static final String IDLE_TIME = "iplanet-am-session-max-idle-time";
    private static final String CACHE_TIME = "iplanet-am-session-max-caching-time";
    private static final int DEFAULT_MAX_SESSION_TIME = 120;
    private static final int DEFAULT_IDLE_TIME = 30;
    private static final int DEFAULT_CACHE_TIME = 3;
    private static SSOTokenManager ssoTokenManager;
    private static ServiceSchema sessionSchema;
    private static Cache ssoTokenCache = new Cache(1000);
    private static String rootSuffix = SystemPropertiesManager.get("com.iplanet.am.rootsuffix");
    private static Debug debug = Debug.getInstance("libIDWSF");

    WebServiceAuthenticatorImpl() {
    }

    @Override // com.sun.identity.liberty.ws.soapbinding.WebServiceAuthenticator
    public Object authenticate(Message message, Subject subject, Map map, HttpServletRequest httpServletRequest) {
        ArrayList<X509Certificate> arrayList = null;
        X509Certificate peerCertificate = message.getPeerCertificate();
        if (peerCertificate != null) {
            arrayList = new ArrayList(2);
            arrayList.add(peerCertificate);
        }
        X509Certificate messageCertificate = message.getMessageCertificate();
        if (messageCertificate != null) {
            if (arrayList == null) {
                arrayList = new ArrayList(1);
            }
            arrayList.add(messageCertificate);
        }
        String str = null;
        StringBuffer stringBuffer = null;
        if (arrayList == null) {
            str = "anonymous";
        } else {
            HashSet<String> hashSet = new HashSet(6);
            for (X509Certificate x509Certificate : arrayList) {
                if (debug.messageEnabled()) {
                    debug.message("WebServiceAuthenticatorImpl.authenticate: cert = " + x509Certificate);
                }
                Object subjectName = CertUtils.getSubjectName(x509Certificate);
                if (str == null) {
                    str = subjectName;
                } else if (!str.equals(subjectName)) {
                    hashSet.add(subjectName);
                }
                hashSet.add(CertUtils.getIssuerName(x509Certificate));
            }
            stringBuffer = new StringBuffer(50);
            for (String str2 : hashSet) {
                if (stringBuffer.length() == 0) {
                    stringBuffer.append(str2);
                } else {
                    stringBuffer.append("|").append(str2);
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message("WebServiceAuthenticatorImpl.authenticate: principal = " + str + ", principals = " + ((Object) stringBuffer));
        }
        String str3 = message.getAuthenticationMechanism() + " " + str;
        if (debug.messageEnabled()) {
            debug.message("WebServiceAuthenticatorImpl.authenticate: cacheKey = " + str3);
        }
        SSOToken sSOToken = (SSOToken) ssoTokenCache.get(str3);
        if (sSOToken != null) {
            if (ssoTokenManager.isValidToken(sSOToken)) {
                if (debug.messageEnabled()) {
                    debug.message("WebServiceAuthenticatorImpl.authenticate: found ssoToken in cache");
                }
                return sSOToken;
            }
            if (debug.messageEnabled()) {
                debug.message("WebServiceAuthenticatorImpl.authenticate: ssoToken in cache expired");
            }
            synchronized (ssoTokenCache) {
                ssoTokenCache.remove(str3);
            }
            sSOToken = null;
        }
        String str4 = null;
        try {
            InternalSession newInternalSession = ((SessionService) InjectorHolder.getInstance(SessionService.class)).newInternalSession(null, false);
            newInternalSession.activate("");
            Map<String, Set<String>> attributeDefaults = sessionSchema.getAttributeDefaults();
            newInternalSession.setMaxSessionTime(CollectionHelper.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-session-time", 120, debug));
            newInternalSession.setMaxIdleTime(CollectionHelper.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-idle-time", 30, debug));
            newInternalSession.setMaxCachingTime(CollectionHelper.getIntMapAttr(attributeDefaults, "iplanet-am-session-max-caching-time", 3, debug));
            newInternalSession.putProperty("AuthType", message.getAuthenticationMechanism());
            str4 = DateUtils.toUTCDateFormat(Time.newDate());
            newInternalSession.putProperty("authInstant", str4);
            sSOToken = SSOTokenManager.getInstance().createSSOToken(newInternalSession.getID().toString());
        } catch (Exception e) {
            debug.error("WebServiceAuthenticatorImpl.authenticate: Unable to get SSOToken", e);
        }
        if (sSOToken == null) {
            return null;
        }
        try {
            sSOToken.setProperty("Principal", str);
            if (stringBuffer != null) {
                sSOToken.setProperty("Principals", stringBuffer.toString());
            }
            if (str4 != null) {
                sSOToken.setProperty("authInstant", str4);
            }
            sSOToken.setProperty("AuthType", message.getAuthenticationMechanism());
            SSOTokenManager.getInstance().refreshSession(sSOToken);
            ssoTokenCache.put(str3, sSOToken);
            return sSOToken;
        } catch (Exception e2) {
            debug.error("WebServiceAuthenticatorImpl.authenticate: Unable to set SSOToken property", e2);
            return null;
        }
    }

    static {
        ssoTokenManager = null;
        sessionSchema = null;
        try {
            ssoTokenManager = SSOTokenManager.getInstance();
        } catch (Exception e) {
            debug.error("WebServiceAuthenticatorImpl.static: unable to get SSOTokenManager", e);
        }
        try {
            sessionSchema = new ServiceSchemaManager("iPlanetAMSessionService", (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())).getDynamicSchema();
        } catch (Exception e2) {
            debug.error("WebServiceAuthenticatorImpl.static: unable to get session schema", e2);
        }
    }
}
