package com.edulib.ice.security.authentication;

import com.edulib.ice.core.ICECore;
import com.edulib.ice.security.ICEGroupPrincipal;
import com.edulib.ice.security.ICEUserPrincipal;
import com.edulib.ice.security.authentication.exceptions.ICEUserFailedLoginException;
import com.edulib.ice.util.ICEPasswordUtil;
import com.edulib.ice.util.ICEXmlUtil;
import com.edulib.ice.util.configuration.ICEConfiguration;
import com.edulib.ice.util.log.ICELog;
import com.edulib.ice.util.resources.BundleConstants;
import com.edulib.ice.util.resources.ICEResourceFactory;
import com.installshield.database.designtime.ISTableConst;
import com.installshield.qjml.QJML;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:install/data/c209c5bada6eba92aa597d306a6100b8/2.1.0.1/assembly.dat:4b3ab592ba31a92e7ec58487ebc8e2b4/ice.jar:com/edulib/ice/security/authentication/ICELoginModuleJMX.class */
public class ICELoginModuleJMX implements LoginModule {
    public static final String PASSWORDS = "${ICE_HOME}" + File.separator + "profiles" + File.separator + "passwords.xml";
    private String passwords = null;
    private String userID = null;
    private String userPassword = null;
    private String userName = null;
    private String userHome = null;
    private String userGroup = null;
    private String encryption = null;
    private boolean expired = false;
    private String userExpiry = null;
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private ICEUserPrincipal userPrincipal = null;
    private ICEGroupPrincipal groupPrincipal = null;
    private ICELog log = null;
    private ResourceBundle resourceBundle = null;

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.passwords = (String) map2.get("passwords");
    }

    public final boolean login() throws LoginException {
        this.resourceBundle = ICECore.getICEResourceBundle();
        this.log = ICECore.getLog();
        if (this.callbackHandler == null) {
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, null, BundleConstants.ERROR_LOGIN_NOCALLBACK, "CallbackHandler"));
        }
        NameCallback[] nameCallbackArr = {new NameCallback("username"), new PasswordCallback("pass", false)};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            this.userID = nameCallbackArr[0].getName();
            this.userPassword = new String(((PasswordCallback) nameCallbackArr[1]).getPassword());
            this.encryption = null;
            if (this.userPassword == null) {
                this.userPassword = new String(new char[0]);
            }
            if (this.userID == null) {
                log(1, "Login failed: User ID not present. Nothing to authenticate.");
                throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_PARAM_EMPTY, "User ID"));
            }
            log(4, "Authenticating JMX user: " + this.userID + "...");
            if (this.encryption != null) {
                log(8, "Using encryption: " + this.encryption);
                try {
                    MessageDigest.getInstance(this.encryption);
                } catch (NoSuchAlgorithmException e) {
                    log(1, "Login failed: Unsupported encryption algorithm: " + this.encryption);
                    throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_ENCRYPTION, this.encryption));
                }
            }
            if (this.passwords == null) {
                log(1, "Passwords file not set in jaas.config.");
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NO_PASWORDS_FILE, new String[0]));
            }
            String resolveVariables = ICEConfiguration.resolveVariables(this.passwords);
            log(8, "Password file location: " + resolveVariables);
            try {
                Document createXmlDocument = ICEXmlUtil.createXmlDocument(new File(resolveVariables), false);
                boolean z = false;
                if (createXmlDocument.getDocumentElement() == null) {
                    log(1, "Login failed: Error reading configuration files");
                    throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_CONFIG, new String[0]));
                }
                NodeList elementsByTagName = createXmlDocument.getDocumentElement().getElementsByTagName("USER_RECORD");
                int i = 0;
                int length = elementsByTagName.getLength();
                for (int i2 = 0; i2 < length; i2++) {
                    Node item = elementsByTagName.item(i2);
                    String searchNodeValue = searchNodeValue(item, ISTableConst.IS_ACTION_PARAMETER_ID);
                    i++;
                    if (searchNodeValue != null) {
                        try {
                            if (searchNodeValue.equals(this.userID)) {
                                z = true;
                                String searchNodeValue2 = searchNodeValue(item, "PWD");
                                String searchNodeAttribValue = searchNodeAttribValue(item, "PWD", "encryption");
                                if (searchNodeAttribValue != null && this.encryption != null && !searchNodeAttribValue.equals(this.encryption)) {
                                    throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_ALGORTIM, new String[0]));
                                }
                                if (searchNodeValue2 == null || !checkPassword(this.userPassword, this.encryption, searchNodeValue2, searchNodeAttribValue)) {
                                    this.succeeded = false;
                                    throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, "Login"));
                                }
                                this.userName = searchNodeValue(item, "NAME");
                                this.userGroup = searchNodeValue(item, "GROUP");
                                this.userExpiry = searchNodeValue(item, "EXPIRY");
                                if (this.userExpiry != null && this.userExpiry.trim().length() != 0) {
                                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MM/dd/yyyy");
                                    simpleDateFormat.setLenient(true);
                                    try {
                                        if (new Date().after(simpleDateFormat.parse(this.userExpiry))) {
                                            this.expired = true;
                                        }
                                    } catch (ParseException e2) {
                                        this.expired = false;
                                    }
                                }
                                if (this.expired) {
                                    throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_SECURITY_EXPIRED, new String[0]));
                                }
                                this.succeeded = true;
                            }
                        } catch (NullPointerException e3) {
                            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e3.getLocalizedMessage()));
                        }
                    }
                }
                if (z) {
                    return this.succeeded;
                }
                this.succeeded = false;
                throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, "Login"));
            } catch (IOException e4) {
                log(1, "Login failed: " + e4.getMessage());
                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e4.getMessage()));
            } catch (SAXException e5) {
                if (e5.getException() != null) {
                    log(1, "Login failed: " + e5.getException().getMessage());
                    throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e5.getException().getLocalizedMessage()));
                }
                log(1, "Login failed: " + e5.getMessage());
                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e5.getLocalizedMessage()));
            }
        } catch (IOException e6) {
            log(1, e6.toString());
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e6.getMessage()));
        } catch (UnsupportedCallbackException e7) {
            log(1, "Login failed: " + e7.getCallback().toString() + " not available to garner authentication information from the user.");
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NOCALLBACK, e7.getCallback().toString()));
        }
    }

    public final boolean commit() throws LoginException {
        if (!this.succeeded) {
            log(8, "Authentication failed. Cannot proceed to phase 2");
            return false;
        }
        this.userPrincipal = new ICEUserPrincipal();
        this.userPrincipal.setUserName(this.userID);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        this.groupPrincipal = new ICEGroupPrincipal();
        this.groupPrincipal.setUserGroup(this.userGroup);
        if (!this.subject.getPrincipals().contains(this.groupPrincipal)) {
            this.subject.getPrincipals().add(this.groupPrincipal);
        }
        this.commitSucceeded = true;
        log(8, "Phase 2 of authentication succeeded. Proceeding...");
        log(4, "Authentication succeeded.");
        return true;
    }

    public final boolean abort() throws LoginException {
        if (!this.succeeded) {
            log(8, "Login failed. Aborting...");
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            log(8, "Authentication succeeded, but someone else commit failed... Logout");
            logout();
            return true;
        }
        log(8, "Authentication failed. Aborting...");
        logout();
        return true;
    }

    public final boolean logout() throws LoginException {
        log(8, "Log out.");
        this.succeeded = false;
        this.succeeded = this.commitSucceeded;
        this.userName = null;
        this.userPassword = null;
        return true;
    }

    private boolean checkPassword(String str, String str2, String str3, String str4) {
        try {
            if (str2 == null) {
                return str4 == null ? str3.equals(str) : str3.equals(new String(ICEPasswordUtil.encode(str, str4, true), QJML.QJML_ENCODING));
            }
            byte[] bytes = str3.getBytes(QJML.QJML_ENCODING);
            if (str4 == null) {
                bytes = ICEPasswordUtil.encode(str3, str2, true);
            }
            return str.equals(new String(bytes, QJML.QJML_ENCODING));
        } catch (UnsupportedEncodingException e) {
            return false;
        } catch (NoSuchAlgorithmException e2) {
            return false;
        } catch (Exception e3) {
            return false;
        }
    }

    private static String searchNodeValue(Node node, String str) {
        return ICEXmlUtil.searchNodeValue(node, str);
    }

    private static String searchNodeAttribValue(Node node, String str, String str2) {
        Node searchNode;
        if (str2 == null || (searchNode = ICEXmlUtil.searchNode(node, str)) == null || searchNode.getNodeType() != 1) {
            return null;
        }
        String attribute = ((Element) searchNode).getAttribute(str2);
        if (attribute != null && attribute.trim().equals("")) {
            attribute = null;
        }
        return attribute;
    }

    private void log(int i, String str) {
        if (this.log != null) {
            this.log.log(i, (Object) this, str);
        }
    }
}
