package com.iplanet.sso.providers.dpro;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.Session;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.SessionID;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOProvider;
import com.iplanet.sso.SSOToken;
import com.sun.identity.shared.debug.Debug;
import java.net.InetAddress;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.forgerock.openam.sdk.org.forgerock.util.annotations.VisibleForTesting;
import org.forgerock.openam.session.SessionCache;
import org.forgerock.openam.utils.ClientUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/iplanet/sso/providers/dpro/SSOProviderImpl.class */
public final class SSOProviderImpl implements SSOProvider {
    public static Debug debug;
    private static boolean checkIP = Boolean.valueOf(SystemProperties.get("com.iplanet.am.clientIPCheckEnabled")).booleanValue();
    private final SessionCache sessionCache;

    public SSOProviderImpl() throws SSOException {
        this(SessionCache.getInstance());
    }

    @VisibleForTesting
    SSOProviderImpl(SessionCache sessionCache) {
        this.sessionCache = sessionCache;
    }

    @Override // com.iplanet.sso.SSOProvider
    public SSOToken createSSOToken(HttpServletRequest httpServletRequest) throws SSOException {
        try {
            SessionID sessionID = new SessionID(httpServletRequest);
            Session session = this.sessionCache.getSession(sessionID);
            if (sessionID != null) {
                Boolean cookieMode = sessionID.getCookieMode();
                if (debug.messageEnabled()) {
                    debug.message("cookieMode is :" + cookieMode);
                }
                if (cookieMode != null) {
                    session.setCookieMode(cookieMode);
                }
            }
            if (!checkIP || isIPValid(session, ClientUtils.getClientIPAddress(httpServletRequest))) {
                return new SSOTokenImpl(session);
            }
            throw new Exception(SSOProviderBundle.getString("invalidIP"));
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("could not create SSOToken from HttpRequest (" + e.getMessage() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            }
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public SSOToken createSSOToken(Principal principal, String str) throws SSOException, UnsupportedOperationException {
        try {
            SSOTokenImpl sSOTokenImpl = new SSOTokenImpl(principal, str);
            if (debug.messageEnabled()) {
                debug.message("SSO token ldap auth successful for " + principal.toString());
            }
            return sSOTokenImpl;
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("could not create SSOToken for user \"" + principal.getName() + "\"", e);
            }
            throw new SSOException(e);
        }
    }

    public SSOToken createSSOToken(String str, boolean z) throws SSOException, UnsupportedOperationException {
        return createSSOToken(str, z, true);
    }

    @Override // com.iplanet.sso.SSOProvider
    public SSOToken createSSOToken(String str, boolean z, boolean z2) throws SSOException, UnsupportedOperationException {
        try {
            SessionID sessionID = new SessionID(str);
            sessionID.setComingFromAuth(z);
            return new SSOTokenImpl(this.sessionCache.getSession(sessionID, false, z2));
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SSOProviderImpl.createSSOToken(tokenId, " + z + ", " + z2 + ") could not create SSOToken for token ID \"" + str + "\" (" + e.getMessage() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            }
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public SSOToken createSSOToken(String str) throws SSOException, UnsupportedOperationException {
        return createSSOToken(str, false);
    }

    @Override // com.iplanet.sso.SSOProvider
    public SSOToken createSSOToken(String str, String str2) throws SSOException, UnsupportedOperationException {
        try {
            Session session = this.sessionCache.getSession(new SessionID(str));
            if (!checkIP || isIPValid(session, str2)) {
                return new SSOTokenImpl(session);
            }
            throw new Exception(SSOProviderBundle.getString("invalidIP"));
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("could not create SSOToken for token ID \"" + str + "\" (" + e.getMessage() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            }
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public boolean isValidToken(SSOToken sSOToken) {
        return isValidToken(sSOToken, true);
    }

    @Override // com.iplanet.sso.SSOProvider
    public boolean isValidToken(SSOToken sSOToken, boolean z) {
        return ((SSOTokenImpl) sSOToken).isValid(z);
    }

    @Override // com.iplanet.sso.SSOProvider
    public void validateToken(SSOToken sSOToken) throws SSOException {
        try {
            ((SSOTokenImpl) sSOToken).validate();
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("validateToken: ", e);
            }
            throw new SSOException(SSOProviderBundle.rbName, "invalidtoken", null);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public void destroyToken(SSOToken sSOToken) throws SSOException {
        try {
            SSOTokenImpl sSOTokenImpl = (SSOTokenImpl) sSOToken;
            if (sSOTokenImpl.isLdapConnection()) {
                sSOTokenImpl.setStatus(false);
                return;
            }
            Session session = this.sessionCache.getSession(new SessionID(sSOToken.getTokenID().toString()));
            session.destroySession(session);
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("DestroyToken: ", e);
            }
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public void logout(SSOToken sSOToken) throws SSOException {
        try {
            this.sessionCache.getSession(new SessionID(sSOToken.getTokenID().toString())).logout();
        } catch (SessionException e) {
            if (debug.messageEnabled()) {
                debug.message("Logout: ", e);
            }
            throw new SSOException(e);
        }
    }

    public boolean isIPValid(Session session, String str) throws SSOException {
        boolean z = false;
        try {
            if (InetAddress.getByName(session.getProperty("Host")).equals(InetAddress.getByName(str))) {
                z = true;
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("IP address check of Token Failed", e);
            }
        }
        return z;
    }

    @Override // com.iplanet.sso.SSOProvider
    public void refreshSession(SSOToken sSOToken) throws SSOException {
        refreshSession(sSOToken, true);
    }

    @Override // com.iplanet.sso.SSOProvider
    public void refreshSession(SSOToken sSOToken, boolean z) throws SSOException {
        try {
            this.sessionCache.getSession(new SessionID(sSOToken.getTokenID().toString()), false, false).refresh(z);
        } catch (Exception e) {
            debug.error("Error in refreshing the session from sessions server");
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public void destroyToken(SSOToken sSOToken, SSOToken sSOToken2) throws SSOException {
        try {
            ((SSOTokenImpl) sSOToken).getSession().destroySession(((SSOTokenImpl) sSOToken2).getSession());
        } catch (SessionException e) {
            throw new SSOException(e);
        }
    }

    @Override // com.iplanet.sso.SSOProvider
    public Set<SSOToken> getValidSessions(SSOToken sSOToken, String str) throws SSOException {
        HashSet hashSet = new HashSet();
        try {
            for (Session session : ((SSOTokenImpl) sSOToken).getSession().getValidSessions(str, (String) null).getSearchResults()) {
                if (session != null) {
                    hashSet.add(new SSOTokenImpl(session));
                }
            }
            return hashSet;
        } catch (SessionException e) {
            throw new SSOException(e);
        }
    }

    static {
        debug = null;
        debug = Debug.getInstance("amSSOProvider");
    }
}
