package com.sun.identity.security;

import com.iplanet.am.util.AdminUtils;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.services.util.Crypt;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.internal.AuthContext;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.common.ShutdownManager;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.shared.debug.Debug;
import java.security.PrivilegedAction;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/security/AdminTokenAction.class */
public class AdminTokenAction implements PrivilegedAction<SSOToken> {
    public static final String AMADMIN_MODE = "com.sun.identity.security.amadmin";
    public static final String VALIDATE_SESSION = "openam.identity.security.validateSession";
    static final Debug debug = Debug.getInstance("amSecurity");
    private static final String ADMIN_TOKEN_PROVIDER = "com.sun.identity.security.AdminToken";
    private static final String APP_USERNAME = "com.sun.identity.agents.app.username";
    private static final String APP_SECRET = "com.iplanet.am.service.secret";
    private static final String APP_PASSWORD = "com.iplanet.am.service.password";
    private static volatile AdminTokenAction instance;
    private final SSOTokenManager tokenManager = SSOTokenManager.getInstance();
    private SSOToken appSSOToken;
    private SSOToken internalAppSSOToken;
    private boolean authInitialized;
    private final boolean validateSession;

    public static AdminTokenAction getInstance() {
        if (instance == null) {
            synchronized (AdminTokenAction.class) {
                if (instance == null) {
                    try {
                        instance = new AdminTokenAction();
                    } catch (SSOException e) {
                        debug.error("AdminTokenAction::init Unable to get SSOTokenManager", e);
                    }
                }
            }
        }
        return instance;
    }

    private AdminTokenAction() throws SSOException {
        ShutdownManager.getInstance().addApplicationSSOTokenDestroyer(AdminTokenAction::reset);
        this.validateSession = SystemProperties.getAsBoolean(VALIDATE_SESSION);
    }

    public void authenticationInitialized() {
        this.authInitialized = true;
        this.appSSOToken = getSSOToken();
        if (debug.messageEnabled()) {
            debug.message("AdminTokenAction:authenticationInit called. AppSSOToken className=" + (this.appSSOToken == null ? PolicyUtils.NULL_STRING : this.appSSOToken.getClass().getName()));
        }
    }

    public static void invalid() {
        getInstance().invalidate();
        if (debug.messageEnabled()) {
            debug.message("AdminTokenAction:invalid called");
        }
    }

    private void invalidate() {
        this.appSSOToken = null;
    }

    public static void reset() {
        getInstance().resetInstance();
    }

    private void resetInstance() {
        if (this.appSSOToken != null) {
            try {
                getInstance().tokenManager.destroyToken(this.appSSOToken);
            } catch (SSOException e) {
                debug.error("AdminTokenAction.reset: cannot destroy appSSOToken.", e);
            }
            this.appSSOToken = null;
        }
        this.internalAppSSOToken = null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.security.PrivilegedAction
    public SSOToken run() {
        if (this.appSSOToken != null) {
            if (this.tokenManager.isValidToken(this.appSSOToken)) {
                try {
                    if (this.validateSession) {
                        this.tokenManager.refreshSession(this.appSSOToken);
                    }
                    if (this.tokenManager.isValidToken(this.appSSOToken)) {
                        return this.appSSOToken;
                    }
                    debug.message("AdminTokenAction.reset: invalid token.");
                    this.appSSOToken = null;
                } catch (SSOException e) {
                    debug.error("AdminTokenAction.reset: couldn't retrieve valid token.", e);
                    this.appSSOToken = null;
                }
            } else {
                debug.message("AdminTokenAction.reset: invalid token.");
                this.appSSOToken = null;
            }
        }
        if (!this.authInitialized && this.internalAppSSOToken != null) {
            if (this.tokenManager.isValidToken(this.internalAppSSOToken)) {
                return this.internalAppSSOToken;
            }
            this.internalAppSSOToken = null;
        }
        synchronized (this) {
            if (this.appSSOToken != null) {
                return this.appSSOToken;
            }
            SSOToken sSOToken = getSSOToken();
            if (sSOToken != null) {
                if (!SystemProperties.isServerMode() || this.authInitialized) {
                    this.appSSOToken = sSOToken;
                }
                return sSOToken;
            }
            if (debug.messageEnabled()) {
                debug.message("AdminTokenAction::run Unable to get SSOToken from serverconfig.xml");
            }
            String str = SystemProperties.get(ADMIN_TOKEN_PROVIDER);
            if (str != null) {
                try {
                    sSOToken = ((AppSSOTokenProvider) Class.forName(str).asSubclass(AppSSOTokenProvider.class).newInstance()).getAppSSOToken();
                } catch (Throwable th) {
                    debug.error("AdminTokenAction: Exception while calling appSSOToken provider plugin.", th);
                }
            } else {
                String str2 = SystemProperties.get(APP_USERNAME);
                String str3 = SystemProperties.get("com.iplanet.am.service.secret");
                String str4 = SystemProperties.get(APP_PASSWORD);
                String str5 = null;
                if (str4 != null && !str4.isEmpty()) {
                    str5 = str4;
                } else if (str3 != null && !str3.isEmpty()) {
                    try {
                        str5 = Crypt.decode(str3);
                    } catch (Throwable th2) {
                        debug.error("AdminTokenAction::run Unable to decrypt secret password", th2);
                    }
                }
                if (str2 == null || str2.isEmpty() || str5 == null || str5.isEmpty()) {
                    debug.error("AdminTokenAction: App user name or password is empty");
                } else {
                    if (debug.messageEnabled()) {
                        debug.message("App user name: " + str2);
                    }
                    sSOToken = new SystemAppTokenProvider(str2, str5).getAppSSOToken();
                }
            }
            if (sSOToken == null) {
                debug.error("AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.");
                throw new AMSecurityPropertiesException("AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.");
            }
            if (!SystemProperties.isServerMode() || this.authInitialized) {
                this.appSSOToken = sSOToken;
            }
            return sSOToken;
        }
    }

    /* JADX WARN: Finally extract failed */
    private SSOToken getSSOToken() {
        SSOToken sSOToken = null;
        try {
            if (AdminUtils.getAdminPassword() != null) {
                String adminDN = AdminUtils.getAdminDN();
                String str = new String(AdminUtils.getAdminPassword());
                if (this.authInitialized || (!SystemProperties.isServerMode() && SystemProperties.get(AMADMIN_MODE) == null)) {
                    boolean z = this.authInitialized;
                    while (true) {
                        if (sSOToken != null) {
                            break;
                        }
                        if (z) {
                            try {
                                try {
                                    this.authInitialized = false;
                                } catch (Throwable th) {
                                    if (z && sSOToken != null) {
                                        this.authInitialized = true;
                                    }
                                    throw th;
                                }
                            } catch (NoClassDefFoundError e) {
                                throw e;
                            } catch (Throwable th2) {
                                debug.error("AdminTokenAction::getSSOToken Exception reading from serverconfig.xml", th2);
                                if (z) {
                                    if (z && sSOToken != null) {
                                        this.authInitialized = true;
                                    }
                                } else if (z && sSOToken != null) {
                                    this.authInitialized = true;
                                }
                            }
                        }
                        sSOToken = new SystemAppTokenProvider(adminDN, str).getAppSSOToken();
                        if (z && sSOToken != null) {
                            this.authInitialized = true;
                        }
                    }
                } else {
                    SSOToken sSOToken2 = new AuthContext(new AuthPrincipal(adminDN), str.toCharArray()).getSSOToken();
                    sSOToken = sSOToken2;
                    this.internalAppSSOToken = sSOToken2;
                    debug.error("created internalAppSSOToken:{}, authInitialized: {}, SystemProperties.isServerMode(): {},  SystemProperties.get(AMADMIN_MODE): {}", this.internalAppSSOToken.getTokenID().toString(), Boolean.valueOf(this.authInitialized), Boolean.valueOf(SystemProperties.isServerMode()), SystemProperties.get(AMADMIN_MODE));
                }
            }
        } catch (NoClassDefFoundError e2) {
            debug.error("AdminTokenAction::getSSOToken Not found AdminDN and AdminPassword.", e2);
        } catch (Throwable th3) {
            debug.error("AdminTokenAction::getSSOToken Exception reading from serverconfig.xml", th3);
        }
        return sSOToken;
    }
}
