package com.edulib.ice.security.authentication;

import com.edulib.ice.core.ICECore;
import com.edulib.ice.security.ICEGroupPrincipal;
import com.edulib.ice.security.ICESubject;
import com.edulib.ice.security.ICEUserPrincipal;
import com.edulib.ice.security.authentication.exceptions.ICEUserFailedLoginException;
import com.edulib.ice.util.ICEXmlUtil;
import com.edulib.ice.util.configuration.ICEConfiguration;
import com.edulib.ice.util.log.ICELog;
import com.edulib.ice.util.net.IPAddress;
import com.edulib.ice.util.net.IPFilter;
import com.edulib.ice.util.net.MalformedIPAddressException;
import com.edulib.ice.util.resources.BundleConstants;
import com.edulib.ice.util.resources.ICEResourceFactory;
import com.installshield.database.designtime.ISTableConst;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:install/data/c209c5bada6eba92aa597d306a6100b8/2.1.0.1/assembly.dat:4b3ab592ba31a92e7ec58487ebc8e2b4/ice.jar:com/edulib/ice/security/authentication/ICELoginModuleIP.class */
public class ICELoginModuleIP implements LoginModule {
    public static final String HOSTS = "${ICE_HOME}" + File.separator + "profiles" + File.separator + "hosts.xml";
    private String hosts = null;
    private String userID = null;
    private String userGroup = null;
    private String userAddress = null;
    private String remotePort = null;
    private ICESubject iceSubject = null;
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map<Object, Object> options = null;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private ICEUserPrincipal userPrincipal = null;
    private ICEGroupPrincipal groupPrincipal = null;
    private ICELog log = null;
    private ResourceBundle resourceBundle = null;

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.hosts = (String) map2.get("hosts");
    }

    public final boolean login() throws LoginException {
        this.resourceBundle = ICECore.getICEResourceBundle();
        if (this.callbackHandler == null) {
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, null, BundleConstants.ERROR_LOGIN_NOCALLBACK, "CallbackHandler"));
        }
        Callback[] callbackArr = {new ICECallback()};
        try {
            this.callbackHandler.handle(callbackArr);
            ICECallback iCECallback = (ICECallback) callbackArr[0];
            this.iceSubject = ((ICECallback) callbackArr[0]).getSubject();
            this.log = ((ICECallback) callbackArr[0]).getLog();
            this.userID = ((ICECallback) callbackArr[0]).getParameter("userID");
            this.userAddress = ((ICECallback) callbackArr[0]).getParameter("userAddress");
            this.remotePort = ((ICECallback) callbackArr[0]).getParameter("remotePort");
            if (iCECallback.getResourceBundle() != null) {
                this.resourceBundle = iCECallback.getResourceBundle();
            }
            if (this.iceSubject.getSubject() != null) {
                this.subject = this.iceSubject.getSubject();
            } else {
                this.iceSubject.setSubject(this.subject);
            }
            if (this.userID == null) {
                this.log.log(1, (Object) this, "Login failed: User ID not present. Nothing to authenticate.");
                throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_PARAM_EMPTY, "User ID"));
            }
            this.log.log(4, (Object) this, "Authenticating user: " + this.userID + " from " + this.userAddress + "...");
            if (this.hosts == null) {
                this.log.log(1, (Object) this, "Hosts file not set in jaas.config.");
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NO_HOST_FILE, new String[0]));
            }
            String resolveVariables = ICEConfiguration.resolveVariables(this.hosts);
            this.log.log(4, (Object) this, "Hosts file location: " + resolveVariables);
            try {
                Document createXmlDocument = ICEXmlUtil.createXmlDocument(new File(resolveVariables), false);
                try {
                    InetAddress byName = InetAddress.getByName(this.userAddress);
                    if (createXmlDocument.getDocumentElement() == null) {
                        this.log.log(1, (Object) this, "Error reading the configuration files");
                        return false;
                    }
                    NodeList elementsByTagName = createXmlDocument.getDocumentElement().getElementsByTagName("USER_RULE");
                    for (int i = 0; i < elementsByTagName.getLength(); i++) {
                        Node item = elementsByTagName.item(i);
                        String searchNodeValue = searchNodeValue(item, ISTableConst.IS_ACTION_PARAMETER_ID);
                        if (searchNodeValue != null) {
                            try {
                                if (searchNodeValue.equals(this.userID)) {
                                    this.userGroup = searchNodeValue(item, "GROUP");
                                    NodeList childNodes = item.getChildNodes();
                                    int length = childNodes.getLength();
                                    String iPAddress = new IPAddress(byName).toString();
                                    for (int i2 = 0; i2 < length; i2++) {
                                        Node item2 = childNodes.item(i2);
                                        if (item2.getNodeType() == 1 && (item2.getNodeName().equals("ALLOW") || item2.getNodeName().equals("DENY"))) {
                                            String nodeValue = item2.getFirstChild() != null ? item2.getFirstChild().getNodeValue() : null;
                                            boolean equals = item2.getNodeName().equals("ALLOW");
                                            boolean checkAddress = checkAddress(iPAddress, iPAddress, nodeValue);
                                            this.log.log(8, (Object) this, "Check rule: " + nodeValue + " type " + item2.getNodeName() + " with :" + iPAddress + " result :" + checkAddress);
                                            if (nodeValue != null && checkAddress) {
                                                this.succeeded = equals;
                                                if (!this.succeeded) {
                                                    throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_DENY_ACCESS, this.userAddress));
                                                }
                                                if (this.remotePort != null) {
                                                    this.succeeded = checkRemotePort(item, this.remotePort);
                                                    if (!this.succeeded) {
                                                        throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_DENY_ACCESS, this.userAddress, this.remotePort));
                                                    }
                                                }
                                                return this.succeeded;
                                            }
                                        }
                                    }
                                    String hostName = byName.getHostName();
                                    if (hostName != null && iPAddress != null && !iPAddress.equals(hostName)) {
                                        for (int i3 = 0; i3 < length; i3++) {
                                            Node item3 = childNodes.item(i3);
                                            if (item3.getNodeType() == 1 && (item3.getNodeName().equals("ALLOW") || item3.getNodeName().equals("DENY"))) {
                                                String nodeValue2 = item3.getFirstChild() != null ? item3.getFirstChild().getNodeValue() : null;
                                                boolean equals2 = item3.getNodeName().equals("ALLOW");
                                                if (iPAddress.equals(hostName)) {
                                                    this.log.log(2, (Object) this, "IP " + iPAddress + " doesn't resolve to a host name.");
                                                }
                                                boolean checkAddress2 = checkAddress(hostName, hostName, nodeValue2);
                                                this.log.log(8, (Object) this, "Check rule: " + nodeValue2 + " type " + item3.getNodeName() + " with :" + hostName + " result :" + checkAddress2);
                                                if (nodeValue2 != null && checkAddress2) {
                                                    this.succeeded = equals2;
                                                    if (!this.succeeded) {
                                                        throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_DENY_ACCESS, this.userAddress));
                                                    }
                                                    if (this.remotePort != null) {
                                                        this.succeeded = checkRemotePort(item, this.remotePort);
                                                        if (!this.succeeded) {
                                                            throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_DENY_ACCESS, this.userAddress, this.remotePort));
                                                        }
                                                    }
                                                    return this.succeeded;
                                                }
                                            }
                                        }
                                    }
                                    this.succeeded = false;
                                    throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NO_PERMISSION, this.userAddress));
                                }
                            } catch (NullPointerException e) {
                                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e.getLocalizedMessage()));
                            }
                        }
                    }
                    if (0 != 0) {
                        return false;
                    }
                    this.succeeded = false;
                    throw new ICEUserFailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_USER_NOT_FOUND, this.userID));
                } catch (UnknownHostException e2) {
                    this.log.log(1, (Object) this, e2.getMessage());
                    return false;
                }
            } catch (IOException e3) {
                this.log.log(1, (Object) this, "Login failed: " + e3.getMessage());
                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e3.getLocalizedMessage()));
            } catch (SAXException e4) {
                if (e4.getException() != null) {
                    this.log.log(1, (Object) this, "Login failed: " + e4.getException().getMessage());
                    throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e4.getException().getLocalizedMessage()));
                }
                this.log.log(1, (Object) this, "Login failed: " + e4.getMessage());
                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e4.getLocalizedMessage()));
            }
        } catch (IOException e5) {
            this.log.log(1, (Object) this, e5.toString());
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e5.toString()));
        } catch (UnsupportedCallbackException e6) {
            this.log.log(1, (Object) this, "Login failed: " + e6.getCallback().toString() + " not available to garner authentication information from the user.");
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NOCALLBACK, e6.getCallback().toString()));
        }
    }

    public final boolean checkRemotePort(Node node, String str) {
        NodeList childNodes = node.getChildNodes();
        int length = childNodes.getLength();
        boolean z = false;
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1 && item.getNodeName().equals("REMOTE_PORTS")) {
                z = true;
                NodeList childNodes2 = item.getChildNodes();
                int length2 = childNodes2.getLength();
                for (int i2 = 0; i2 < length2; i2++) {
                    Node item2 = childNodes2.item(i2);
                    if (item2.getNodeType() == 1 && (item2.getNodeName().equals("ALLOW") || item2.getNodeName().equals("DENY"))) {
                        String nodeValue = item2.getFirstChild() != null ? item2.getFirstChild().getNodeValue() : null;
                        boolean equals = item2.getNodeName().equals("ALLOW");
                        boolean z2 = false;
                        if (str != null && nodeValue != null) {
                            z2 = IPFilter.matchByName(str, nodeValue);
                        }
                        this.log.log(8, (Object) this, "Check rule: port " + nodeValue + " type " + item2.getNodeName() + " with :" + str + " result :" + z2);
                        if (z2) {
                            return equals;
                        }
                    }
                }
            }
        }
        return !z;
    }

    public final boolean commit() throws LoginException {
        if (!this.succeeded) {
            this.log.log(8, (Object) this, "Authentication failed. Cannot proceed to phase 2");
            return false;
        }
        this.log.log(8, (Object) this, "Phase 1 of authentication succeeded. Proceeding to phase 2.");
        this.userPrincipal = new ICEUserPrincipal();
        this.userPrincipal.setUserName(this.userID);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.groupPrincipal = new ICEGroupPrincipal();
            this.groupPrincipal.setUserGroup(this.userGroup);
            if (!this.subject.getPrincipals().contains(this.groupPrincipal)) {
                this.subject.getPrincipals().add(this.groupPrincipal);
            }
        }
        this.sharedState.put("userID", this.userID);
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.sharedState.put("userGroup", this.userGroup);
        }
        this.iceSubject.setUserName(this.userID);
        if (this.userGroup != null && this.userGroup.length() > 0) {
            this.iceSubject.setUserGroup(this.userGroup);
        }
        this.commitSucceeded = true;
        this.log.log(8, (Object) this, "Phase 2 of authentication succeeded. Proceeding...");
        this.log.log(4, (Object) this, "Authentication succeeded.");
        return true;
    }

    public final boolean abort() throws LoginException {
        if (!this.succeeded) {
            this.log.log(8, (Object) this, "Login failed. Aborting...");
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            this.log.log(8, (Object) this, "Authentication succeeded, but someone else commit failed... Logout.");
            logout();
            return true;
        }
        this.log.log(8, (Object) this, "Authentication failed. Aborting...");
        this.succeeded = false;
        this.userPrincipal = null;
        this.userAddress = null;
        return true;
    }

    public final boolean logout() throws LoginException {
        this.log.log(8, (Object) this, "Log out.");
        this.succeeded = false;
        this.succeeded = this.commitSucceeded;
        this.userAddress = null;
        return this.subject.getPrincipals().remove(this.userPrincipal);
    }

    private boolean checkAddress(String str, String str2, String str3) {
        if (str == null) {
            return false;
        }
        boolean z = false;
        int indexOf = str3.indexOf(47);
        if (indexOf == -1) {
            if (str3.indexOf(42) == -1) {
                try {
                    str3 = InetAddress.getByName(str3).getHostAddress();
                } catch (UnknownHostException e) {
                }
            }
            z = IPFilter.matchByName(str2, str3);
            if (!z) {
                z = IPFilter.matchByName(str, str3);
            }
        } else {
            String substring = str3.substring(0, indexOf);
            if (substring.indexOf(42) == -1) {
                try {
                    substring = InetAddress.getByName(substring).getHostAddress();
                } catch (UnknownHostException e2) {
                }
            }
            String substring2 = str3.substring(indexOf + 1);
            IPAddress iPAddress = null;
            if (substring2.indexOf(".") == -1) {
                try {
                    iPAddress = new IPAddress(Integer.parseInt(substring2));
                } catch (MalformedIPAddressException e3) {
                    this.log.log(1, (Object) this, e3.getMessage());
                } catch (NumberFormatException e4) {
                    this.log.log(1, (Object) this, "Invalid template:" + str3);
                }
            } else {
                try {
                    iPAddress = new IPAddress(substring2);
                } catch (MalformedIPAddressException e5) {
                    this.log.log(1, (Object) this, "Invalid template:" + str3);
                }
            }
            try {
                z = IPFilter.matchByNetwork(str, new IPAddress(substring).toString(), iPAddress.toString());
            } catch (MalformedIPAddressException e6) {
                this.log.log(1, (Object) this, e6.getMessage());
            }
        }
        return z;
    }

    private static String searchNodeValue(Node node, String str) {
        return ICEXmlUtil.searchNodeValue(node, str);
    }
}
