package com.edulib.ice.security.authentication;

import com.edulib.ice.core.ICECore;
import com.edulib.ice.security.ICESubject;
import com.edulib.ice.security.ICEUserPrincipal;
import com.edulib.ice.util.ICECrypt;
import com.edulib.ice.util.ICEPasswordUtil;
import com.edulib.ice.util.ICEXmlUtil;
import com.edulib.ice.util.configuration.ICEConfiguration;
import com.edulib.ice.util.log.ICELog;
import com.edulib.ice.util.resources.BundleConstants;
import com.edulib.ice.util.resources.ICEResourceFactory;
import com.edulib.ice.util.score.ICEScoreQuality;
import com.installshield.qjml.QJML;
import com.jxml.protocol.Protocol;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.Provider;
import java.security.Security;
import java.util.Hashtable;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:install/data/9c285435c4e09b0Muse_Applications/2.1.0.1/assembly.dat:acbf824bf0a1940ada7f616f8941b821/ice.jar:com/edulib/ice/security/authentication/ICELoginModuleLDAP.class */
public class ICELoginModuleLDAP implements LoginModule {
    private DirContext ctx;
    private static final String NAME = "ldapUserID";
    private static final String PWD = "ldapUserPwd";
    private static final String CRYPT_TOKENS = "CRYPT,UNIX,MD5,SHA";
    private static final String LDAP_USER_PWD = "userPassword";
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private ICESubject iceSubject = null;
    private ICEUserPrincipal userPrincipal = null;
    private String user = null;
    private String password = null;
    private String encryption = null;
    private ICELog log = null;
    private boolean encrypted = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    public final String INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public final String PROVIDER_URL = "ldap://localhost:389";
    public final String AUTHENTICATION_TYPE = "simple";
    private String authenticationType = "simple";
    private String authenticationMechanism = null;
    private String realm = null;
    private boolean integrityProtection = true;
    private String providerUrl = "ldap://localhost:389";
    private String rootDN = null;
    private String searchBase = null;
    private String searchString = null;
    private String rootPassword = null;
    private String baseDN = null;
    private String fqDN = null;
    private String configurationFile = null;
    private boolean rootAuthentication = false;
    private boolean traceCommunication = false;
    private boolean sslEnable = false;
    private boolean reAuthenticate = false;
    private String[] returnAttributes = null;
    private Hashtable parameters = new Hashtable();
    private Hashtable localParameters = new Hashtable();
    private ResourceBundle resourceBundle = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.configurationFile = (String) map2.get("config");
    }

    public boolean login() throws LoginException {
        this.resourceBundle = ICECore.getICEResourceBundle();
        if (this.providerUrl == null) {
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, null, BundleConstants.ERROR_LOGIN_JNDI, new String[0]));
        }
        if (this.callbackHandler == null && this.user == null) {
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, null, BundleConstants.ERROR_LOGIN_NOCALLBACK, "CallbackHandler"));
        }
        retrieveData();
        Callback[] callbackArr = {new ICECallback()};
        try {
            this.callbackHandler.handle(callbackArr);
            ICECallback iCECallback = (ICECallback) callbackArr[0];
            this.iceSubject = iCECallback.getSubject();
            if (this.iceSubject.getSubject() != null) {
                this.subject = this.iceSubject.getSubject();
            } else {
                this.iceSubject.setSubject(this.subject);
            }
            this.log = iCECallback.getLog();
            if (iCECallback.getResourceBundle() != null) {
                this.resourceBundle = iCECallback.getResourceBundle();
            }
            if (this.user == null) {
                this.user = iCECallback.getParameter(NAME);
            }
            if (this.password == null) {
                this.password = iCECallback.getParameter(PWD);
            }
            if (this.encryption == null) {
                this.encryption = iCECallback.getParameter("encryption");
            }
            if (this.encryption != null && this.encryption.trim().equals("")) {
                this.encryption = null;
            }
            if (this.password == null) {
                this.password = new String(new char[0]);
            }
            if (this.user == null || this.password == null) {
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, ""));
            }
            try {
                log(4, "Authenticating user: " + this.user);
                attemptAuthentication(true);
                this.succeeded = true;
                log(8, "Authentication succeeded");
                this.userPrincipal = new ICEUserPrincipal(this.user);
                return true;
            } catch (LoginException e) {
                cleanState();
                log(8, "Authentication failed: " + e.getMessage());
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_AUTHENTICATION_FAILED, e.getMessage()));
            }
        } catch (IOException e2) {
            this.log.log(1, (Object) this, e2.getMessage());
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e2.getMessage()));
        } catch (UnsupportedCallbackException e3) {
            this.log.log(1, (Object) this, "Login failed: " + e3.getCallback().toString() + " not available to garner authentication information from the user.");
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NOCALLBACK, e3.getCallback().toString()));
        }
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            this.log.log(8, (Object) this, "Authentication failed. Cannot proceed to phase 2");
            return false;
        }
        log(8, "Phase 1 of authentication succeeded. Proceeding to phase 2.");
        if (this.subject.isReadOnly()) {
            cleanState();
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_SUBJECT, new String[0]));
        }
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        this.sharedState.putAll(this.localParameters);
        this.iceSubject.getLocalProperties().putAll(this.localParameters);
        this.commitSucceeded = true;
        log(8, "Phase 2 of authentication succeeded. Proceeding...");
        this.log.log(4, (Object) this, "Authentication succeeded.");
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            this.log.log(8, (Object) this, "Login failed. Aborting...");
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            this.log.log(8, (Object) this, "Authentication succeeded, but someone else commit failed... Logout");
            logout();
            return true;
        }
        this.log.log(8, (Object) this, "Authentication failed. Aborting...");
        this.succeeded = false;
        this.user = null;
        this.userPrincipal = null;
        this.password = null;
        return true;
    }

    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            cleanState();
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_SUBJECT, new String[0]));
        }
        this.subject.getPrincipals().remove(this.userPrincipal);
        cleanState();
        this.succeeded = false;
        this.commitSucceeded = false;
        log(8, "Log out.");
        return this.subject.getPrincipals().remove(this.userPrincipal);
    }

    public void saveData() {
        this.sharedState.put(NAME, this.user);
        this.sharedState.put(PWD, this.password);
    }

    public void retrieveData() {
        if (this.sharedState.containsKey(NAME)) {
            this.user = (String) this.sharedState.get(NAME);
        }
        if (this.sharedState.containsKey(PWD)) {
            this.password = (String) this.sharedState.get(PWD);
        }
        if (this.sharedState.containsKey("isEncrypted")) {
            this.encrypted = "true".equalsIgnoreCase((String) this.sharedState.get("isEncrypted"));
        }
        if (this.sharedState.containsKey("encryption")) {
            this.encryption = (String) this.sharedState.get("encryption");
        }
        if (this.sharedState.containsKey("fq-dn")) {
            this.fqDN = (String) this.sharedState.get("fq-dn");
            this.reAuthenticate = true;
        }
    }

    private void log(int i, String str) {
        if (this.log != null) {
            this.log.log(i, (Object) this, str);
        }
    }

    public String toString() {
        return "[" + getClass().getName() + "]";
    }

    private void attemptAuthentication(boolean z) throws LoginException {
        String str;
        String str2;
        String str3;
        if (z) {
            retrieveData();
        }
        if ("anonymous".equals(this.user)) {
            return;
        }
        try {
            parseConfigFile(this.configurationFile);
            if (this.reAuthenticate) {
                this.rootAuthentication = false;
                str2 = this.fqDN;
                log(8, "Found parameter fq-dn. Authenticating directly to: " + this.fqDN);
                str3 = this.password;
            } else if (this.rootAuthentication) {
                str2 = this.rootDN;
                str3 = this.rootPassword;
            } else {
                str2 = replaceVariable(this.fqDN, "${NAME}", this.user);
                str3 = this.password;
            }
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            log(8, "Provider URL: " + this.providerUrl);
            if (this.providerUrl == null) {
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NO_LDAP_SERVER, new String[0]));
            }
            hashtable.put("java.naming.provider.url", this.providerUrl);
            log(8, "Authentication Type: " + this.authenticationType);
            hashtable.put("java.naming.security.authentication", this.authenticationMechanism);
            if (this.sslEnable) {
                log(8, "Using SSL Connection.");
                hashtable.put("java.naming.security.protocol", "ssl");
            }
            log(8, "User: " + str2);
            hashtable.put("java.naming.security.principal", str2);
            hashtable.put("java.naming.security.credentials", str3);
            if (this.integrityProtection) {
                log(8, "Request integrity protection.");
                hashtable.put("javax.security.sasl.qop", "auth-int");
            }
            if (this.traceCommunication) {
                log(8, "Tracing communication to System.out.");
                hashtable.put("com.sun.jndi.ldap.trace.ber", System.out);
            }
            System.setProperty(Protocol.protocolProperty, "com.sun.net.ssl.internal.www.protocol");
            Class<?> cls = Class.forName("com.sun.net.ssl.internal.ssl.Provider");
            if (cls != null && Security.getProvider("SunJSSE") == null) {
                Security.addProvider((Provider) cls.newInstance());
            }
            log(8, "Initializing context.");
            this.ctx = (DirContext) new InitialContext(hashtable).lookup(this.providerUrl);
            if (!this.rootAuthentication) {
                log(8, "Authentication succeeded...");
                log(8, "Retrieving attributes...");
                Attributes attributes = this.ctx.getAttributes(str2);
                NamingEnumeration iDs = attributes.getIDs();
                while (iDs.hasMore()) {
                    String str4 = (String) iDs.next();
                    if (this.parameters.containsKey(str4)) {
                        log(8, "Saving attribute: " + str4 + " as: " + this.parameters.get(str4));
                        if (attributes.size() > 0) {
                            this.localParameters.put(this.parameters.get(str4), attributes.get(str4).get(0));
                        }
                    }
                }
                return;
            }
            if (this.searchString != null) {
                this.searchString = replaceVariable(this.searchString, "${NAME}", this.user);
            }
            log(8, "Root authentication succeeded. Searching for: " + this.searchString + ". Starting from: " + this.searchBase);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(this.returnAttributes);
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < this.returnAttributes.length; i++) {
                stringBuffer.append(this.returnAttributes[i]);
                if (i != this.returnAttributes.length - 1) {
                    stringBuffer.append(", ");
                }
            }
            log(8, "Attribute filter: " + stringBuffer.toString());
            NamingEnumeration search = this.ctx.search(this.searchBase, this.searchString, searchControls);
            if (search == null || !search.hasMore()) {
                log(1, "User not found");
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, ""));
            }
            SearchResult searchResult = (SearchResult) search.next();
            Attribute attribute = searchResult.getAttributes().get(LDAP_USER_PWD);
            if (attribute == null && "".equals(this.password) && !this.reAuthenticate) {
                this.succeeded = true;
                return;
            }
            if (attribute == null && !"".equals(this.password)) {
                String str5 = searchResult.getName() + "," + this.baseDN;
                log(8, "Password read from LDAP tree is null. Saving the fq-dn of current user [ " + str5 + " ] to shared state in order to try again.");
                this.sharedState.put("fq-dn", str5);
                this.succeeded = true;
                return;
            }
            String str6 = new String((byte[]) attribute.get(), QJML.QJML_ENCODING);
            if (str6.startsWith(ICEConfiguration.DEFAULT_START_VAR_DELIMIT)) {
                log(8, "The password is encrypted.");
                int indexOf = str6.indexOf(ICEConfiguration.DEFAULT_END_VAR_DELIMIT, 1);
                String substring = str6.substring(1, indexOf);
                String substring2 = str6.substring(indexOf + ICEConfiguration.DEFAULT_START_VAR_DELIMIT.length());
                StringTokenizer stringTokenizer = new StringTokenizer(CRYPT_TOKENS, ",");
                boolean z2 = false;
                while (true) {
                    if (stringTokenizer.hasMoreTokens()) {
                        if (substring.equals(stringTokenizer.nextToken())) {
                            z2 = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z2) {
                    throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_ENCRYPTION, new String[0]));
                }
                log(8, "Encryption algorithm: " + substring);
                this.succeeded = verifyPassword(substring2, this.password, substring);
            } else {
                log(8, "The password is not encrypted.");
                this.succeeded = str6.equals(this.password);
            }
            if (!this.succeeded) {
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, ""));
            }
            log(8, "Passwords match");
            if (!this.sharedState.containsKey(NAME) && !this.sharedState.containsKey(PWD)) {
                this.sharedState.put(NAME, this.user);
                this.sharedState.put(PWD, this.password);
            }
        } catch (Exception e) {
            log(1, e.getMessage());
            throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e.getMessage()));
        } catch (NamingException e2) {
            Throwable rootCause = e2.getRootCause();
            String explanation = e2.getExplanation();
            str = "Unable to logon. ";
            str = rootCause != null ? str + " RootCause: " + rootCause.getMessage() : "Unable to logon. ";
            if (explanation != null) {
                str = str + " [" + explanation + "].";
            }
            if (str.trim().length() > 0) {
                log(1, str);
            } else {
                log(1, str + e2.getMessage());
            }
            StringWriter stringWriter = new StringWriter();
            e2.printStackTrace(new PrintWriter(stringWriter));
            log(8, stringWriter.toString());
            throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_USER_NOT_FOUND, e2.getMessage()));
        } catch (IOException e3) {
            log(1, "Cannot parse configuration file [ " + e3.getMessage() + " ].");
            throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_USER_NOT_FOUND, ""));
        }
    }

    private void cleanState() {
        log(8, "Cleaning current state.");
        this.user = null;
        if (this.password != null) {
            this.password = null;
        }
        this.ctx = null;
        this.sharedState.remove(NAME);
        this.sharedState.remove(PWD);
    }

    private void parseConfigFile(String str) throws IOException {
        String nodeValue;
        if (str == null) {
            throw new IOException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_CONFIG, new String[0]));
        }
        String resolveVariables = ICEConfiguration.resolveVariables(str);
        log(8, "Parsing: " + resolveVariables);
        try {
            Document createXmlDocument = ICEXmlUtil.createXmlDocument(new File(resolveVariables), false);
            this.providerUrl = ICEXmlUtil.getTagValue(createXmlDocument, "LDAP-URL");
            this.traceCommunication = "yes".equals(ICEXmlUtil.getTagValue(createXmlDocument, "DEBUG"));
            this.sslEnable = "yes".equals(ICEXmlUtil.getAttributeValue(createXmlDocument, "LDAP-URL", "use-ssl"));
            this.baseDN = ICEXmlUtil.getTagValue(createXmlDocument, "BASE-DN");
            this.authenticationType = ICEXmlUtil.getAttributeValue(createXmlDocument, "AUTHENTICATION", "type");
            this.integrityProtection = "true".equals(ICEXmlUtil.getAttributeValue(createXmlDocument, "AUTHENTICATION", "integrity-protection"));
            if ("sasl".equalsIgnoreCase(this.authenticationType)) {
                this.authenticationMechanism = ICEXmlUtil.getTagValue(createXmlDocument, "AUTHENTICATION-MECHANISM");
                this.realm = ICEXmlUtil.getTagValue(createXmlDocument, "REALM");
            } else {
                this.authenticationMechanism = this.authenticationType;
            }
            Element element = (Element) createXmlDocument.getDocumentElement().getElementsByTagName("AUTHORIZATION_PARAMETERS").item(0);
            if (element != null) {
                NodeList elementsByTagName = element.getElementsByTagName("PARAMETER");
                int length = elementsByTagName.getLength();
                for (int i = 0; i < length; i++) {
                    Element element2 = (Element) elementsByTagName.item(i);
                    if (element2.hasAttribute("name") && element2.hasChildNodes()) {
                        String attribute = element2.getAttribute("name");
                        if (element2.getFirstChild() != null && (nodeValue = element2.getFirstChild().getNodeValue()) != null) {
                            this.parameters.put(attribute, nodeValue);
                        }
                    }
                }
            }
            this.rootDN = ICEXmlUtil.getTagValue(createXmlDocument, "ROOT-DN");
            if (!"true".equals(ICEXmlUtil.getAttributeValue(createXmlDocument, "ROOT-AUTHENTICATION", "enable")) || this.reAuthenticate) {
                if ("true".equals(ICEXmlUtil.getAttributeValue(createXmlDocument, "USER-AUTHENTICATION", "enable"))) {
                    log(8, "User authentication enabled");
                    this.rootAuthentication = false;
                    this.fqDN = ICEXmlUtil.getTagValue(createXmlDocument, "FQ-DN");
                    if (this.baseDN != null) {
                        this.fqDN += "," + this.baseDN;
                    }
                    log(8, "Fully qualified DN: " + this.fqDN);
                    return;
                }
                return;
            }
            log(8, "Root authentication enabled");
            this.rootAuthentication = true;
            this.rootPassword = ICEXmlUtil.getTagValue(createXmlDocument, "ROOT-PASSWORD");
            this.searchBase = ICEXmlUtil.getTagValue(createXmlDocument, "SEARCH-BASE");
            if (this.baseDN == null) {
                this.searchBase = "";
            } else if (this.searchBase == null) {
                this.searchBase = this.baseDN;
            } else {
                this.searchBase += "," + this.baseDN;
            }
            this.searchString = ICEXmlUtil.getTagValue(createXmlDocument, "SEARCH-STRING");
            String tagValue = ICEXmlUtil.getTagValue(createXmlDocument, "ATTR-FILTER");
            Vector vector = new Vector();
            vector.add(LDAP_USER_PWD);
            if (tagValue != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(tagValue, ICEScoreQuality.DEFAULT_WORD_DELIMITERS);
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    if (nextToken.length() > 0) {
                        vector.add(nextToken);
                    }
                }
            }
            this.returnAttributes = (String[]) vector.toArray(new String[0]);
        } catch (SAXException e) {
            throw new IOException(e.getMessage());
        }
    }

    private String replaceVariable(String str, String str2, String str3) {
        int length;
        int indexOf = str.indexOf(str2);
        if (indexOf != -1 && (length = indexOf + str2.length()) <= str.length()) {
            return str.substring(0, indexOf) + str3 + str.substring(length);
        }
        return str;
    }

    private boolean verifyPassword(String str, String str2, String str3) {
        if (str == null) {
            return false;
        }
        if (!"CRYPT".equals(str3) && !"UNIX".equals(str3)) {
            try {
                return str.equals(new String(ICEPasswordUtil.encode(str2, str3, true)));
            } catch (Exception e) {
                log(1, e.getMessage());
                return false;
            }
        }
        ICECrypt iCECrypt = new ICECrypt();
        byte[] bytes = str.getBytes();
        byte[] crypt = iCECrypt.crypt(str2.getBytes(), bytes);
        if (crypt.length != bytes.length) {
            return false;
        }
        for (int i = 0; i < crypt.length; i++) {
            if (bytes[i] != crypt[i]) {
                return false;
            }
        }
        return true;
    }
}
