package com.edulib.ice.security.authentication;

import com.edulib.ice.core.ICECore;
import com.edulib.ice.security.ICEGroupPrincipal;
import com.edulib.ice.security.ICESubject;
import com.edulib.ice.security.ICEUserPrincipal;
import com.edulib.ice.util.ICEPasswordUtil;
import com.edulib.ice.util.ICEXmlUtil;
import com.edulib.ice.util.configuration.ICEConfiguration;
import com.edulib.ice.util.html.URLEncoderUtil;
import com.edulib.ice.util.log.ICELog;
import com.edulib.ice.util.resources.BundleConstants;
import com.edulib.ice.util.resources.ICEResourceFactory;
import com.installshield.database.designtime.ISTableConst;
import com.installshield.qjml.QJML;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:install/data/9c285435c4e09b0Muse_Applications/2.1.0.1/assembly.dat:71f70dfe8f27032fc7b4823ce411c802/ice.jar:com/edulib/ice/security/authentication/ICELoginModuleAuthority.class */
public class ICELoginModuleAuthority implements LoginModule {
    private String passwords = null;
    private String userID = null;
    private String userPassword = null;
    private String encryption = null;
    private String userName = null;
    private String userHome = null;
    private String userGroup = null;
    private String userExpiry = null;
    private long userExpiryLong = 0;
    private String applicationID = null;
    private String applicationPassword = null;
    private String applicationPasswordEncryption = null;
    private boolean isEncrypted = false;
    private ICESubject iceSubject = null;
    private Subject subject = null;
    private CallbackHandler callbackHandler = null;
    private Map sharedState = null;
    private Map options = null;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private ICEUserPrincipal userPrincipal = null;
    private ICEGroupPrincipal groupPrincipal = null;
    private ICELog log = null;
    private ResourceBundle resourceBundle = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.passwords = (String) map2.get("passwords");
    }

    public boolean login() throws LoginException {
        String str;
        this.resourceBundle = ICECore.getICEResourceBundle();
        if (this.callbackHandler == null) {
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, null, BundleConstants.ERROR_LOGIN_NOCALLBACK, "CallbackHandler"));
        }
        Callback[] callbackArr = {new ICECallback()};
        try {
            this.callbackHandler.handle(callbackArr);
            ICECallback iCECallback = (ICECallback) callbackArr[0];
            this.iceSubject = ((ICECallback) callbackArr[0]).getSubject();
            this.log = ((ICECallback) callbackArr[0]).getLog();
            this.userID = ((ICECallback) callbackArr[0]).getParameter("userID");
            this.userPassword = ((ICECallback) callbackArr[0]).getParameter("userPwd");
            this.encryption = ((ICECallback) callbackArr[0]).getParameter("encryption");
            this.applicationID = ((ICECallback) callbackArr[0]).getParameter("applicationID");
            this.applicationPassword = ((ICECallback) callbackArr[0]).getParameter("applicationPwd");
            if (iCECallback.getResourceBundle() != null) {
                this.resourceBundle = iCECallback.getResourceBundle();
            }
            if (this.userPassword == null) {
                this.userPassword = new String(new char[0]);
            }
            if (this.encryption != null && this.encryption.trim().equals("")) {
                this.encryption = null;
            }
            if (this.encryption != null && ("DES".equalsIgnoreCase(this.encryption) || "DESede".equalsIgnoreCase(this.encryption))) {
                try {
                    String str2 = ICEPasswordUtil.DES_ENCRYPTION_KEY;
                    if ("DESede".equalsIgnoreCase(this.encryption)) {
                        str2 = ICEPasswordUtil.DES3_ENCRYPTION_KEY;
                    }
                    this.userPassword = ICEPasswordUtil.decrypt(this.encryption, str2, ICEPasswordUtil.hexToString(this.userPassword), "UTF-16BE");
                    if (this.applicationPassword != null) {
                        this.applicationPassword = ICEPasswordUtil.decrypt(this.encryption, str2, ICEPasswordUtil.hexToString(this.applicationPassword), "UTF-16BE");
                    }
                } catch (Exception e) {
                    str = "Cannot handle parameter userPwd and encryption";
                    str = e.getMessage() != null ? str + "[" + e.getMessage() + "]." : "Cannot handle parameter userPwd and encryption";
                    log(1, str + "encryption=" + this.encryption);
                    throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", str));
                }
            }
            if (this.iceSubject.getSubject() != null) {
                this.subject = this.iceSubject.getSubject();
            } else {
                this.iceSubject.setSubject(this.subject);
            }
            if (this.userID == null) {
                throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_PARAM_EMPTY, "User ID"));
            }
            if (this.passwords == null) {
                log(1, "Passwords file not set in jaas.config.");
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NO_PASWORDS_FILE, new String[0]));
            }
            String resolveVariables = ICEConfiguration.resolveVariables(this.passwords);
            log(8, "Password file location: " + resolveVariables);
            try {
                log(4, "Trying to authenticate user: " + this.userID);
                Document createXmlDocument = ICEXmlUtil.createXmlDocument(new File(resolveVariables), false);
                log(8, "Successfully parsed passwords file");
                NodeList elementsByTagName = createXmlDocument.getElementsByTagName("USER_RECORD");
                if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
                    log(8, "Searching for user: " + this.userID);
                    int length = elementsByTagName.getLength();
                    for (int i = 0; i < length; i++) {
                        if (elementsByTagName.item(i).getNodeType() == 1) {
                            Element element = (Element) elementsByTagName.item(i);
                            if (getElementValue(element, ISTableConst.IS_ACTION_PARAMETER_ID).equals(this.userID)) {
                                log(8, "User found");
                                String elementValue = getElementValue(element, "PWD");
                                if (elementValue == null) {
                                    elementValue = "";
                                }
                                String attributeValue = getAttributeValue(element, "PWD", "encryption");
                                if (attributeValue == null) {
                                    attributeValue = "";
                                }
                                String elementValue2 = getElementValue(element, "APP_ID");
                                if (this.applicationID == null || this.applicationID.equals(elementValue2)) {
                                    this.applicationID = elementValue2;
                                    log(8, "Checking passwords");
                                    if (elementValue == null || !checkPassword(this.userPassword, null, elementValue, attributeValue)) {
                                        throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN, ""));
                                    }
                                    log(8, "Passwords match");
                                    this.userName = getElementValue(element, "NAME");
                                    this.userHome = getElementValue(element, "HOME");
                                    this.userGroup = getElementValue(element, "GROUP");
                                    this.userExpiry = getElementValue(element, "EXPIRY");
                                    if (this.userExpiry != null && this.userExpiry.trim().length() != 0) {
                                        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MM/dd/yyyy");
                                        simpleDateFormat.setLenient(true);
                                        try {
                                            Date parse = simpleDateFormat.parse(this.userExpiry);
                                            this.userExpiryLong = parse.getTime();
                                            if (new Date().after(parse)) {
                                                log(4, "Account for " + this.userID + " has expired:");
                                                throw new AccountExpiredException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_SECURITY_EXPIRED, new String[0]));
                                            }
                                        } catch (ParseException e2) {
                                            log(1, e2.getMessage());
                                        }
                                    }
                                    if (this.applicationPassword == null) {
                                        this.applicationPassword = getElementValue(element, "APP_PWD");
                                        this.applicationPasswordEncryption = getAttributeValue(element, "APP_PWD", "encryption");
                                        this.encryption = this.applicationPasswordEncryption;
                                        if (this.encryption != null) {
                                            this.isEncrypted = true;
                                        }
                                    } else {
                                        this.isEncrypted = false;
                                    }
                                    this.succeeded = true;
                                    saveData();
                                    return true;
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                    log(8, "User " + this.userID + " not found in password file");
                }
                return false;
            } catch (Exception e3) {
                throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_UNABLE, e3.getMessage()));
            }
        } catch (IOException e4) {
            log(1, e4.toString());
            throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_GENERAL, "Login", e4.getMessage()));
        } catch (UnsupportedCallbackException e5) {
            log(1, "Login failed: " + e5.getCallback().toString() + " not available to garner authentication information from the user.");
            throw new LoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_NOCALLBACK, e5.getCallback().toString()));
        }
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            log(4, "Authentication failed. Cannot proceed to phase 2");
            throw new FailedLoginException(ICEResourceFactory.getMessage(this.resourceBundle, this.log, BundleConstants.ERROR_LOGIN_UNABLE, this.userID));
        }
        log(8, "Phase 1 of authentication succeeded. Proceeding to phase 2.");
        this.userPrincipal = new ICEUserPrincipal();
        this.userPrincipal.setUserName(this.userID);
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        this.groupPrincipal = new ICEGroupPrincipal();
        this.groupPrincipal.setUserGroup(this.userGroup);
        if (!this.subject.getPrincipals().contains(this.groupPrincipal)) {
            this.subject.getPrincipals().add(this.groupPrincipal);
        }
        if (this.applicationID != null) {
            this.iceSubject.setUserName(this.applicationID);
        }
        if (this.userName != null) {
            this.iceSubject.setUserFullName(this.userName);
        }
        if (this.userHome != null) {
            this.iceSubject.setUserHome(this.userHome);
        }
        if (this.userGroup != null) {
            this.iceSubject.setUserGroup(this.userGroup);
        }
        this.iceSubject.setUserExpiry(this.userExpiryLong);
        if (this.applicationID != null) {
            this.iceSubject.setLocalProperty("applicationId", this.applicationID);
        }
        if (this.applicationPassword != null) {
            this.iceSubject.setLocalProperty("applicationPassword", this.applicationPassword);
        }
        if (this.applicationPasswordEncryption != null) {
            this.iceSubject.setLocalProperty("applicationPasswordEncryption", this.applicationPasswordEncryption);
        }
        this.commitSucceeded = true;
        log(8, "Phase 2 of authentication succeeded. Proceeding...");
        log(4, "Authenticated user:" + this.userID);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            log(8, "Login failed. Aborting...");
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            log(8, "Authentication succeeded, but someone else commit failed... Logout");
            logout();
            return true;
        }
        log(8, "Authentication failed. Aborting...");
        this.succeeded = false;
        this.userName = null;
        this.userPrincipal = null;
        this.userPassword = null;
        return true;
    }

    public boolean logout() throws LoginException {
        log(8, "Log out.");
        this.succeeded = false;
        this.succeeded = this.commitSucceeded;
        this.userName = null;
        this.userPassword = null;
        return this.subject.getPrincipals().remove(this.userPrincipal);
    }

    private String getElementValue(Element element, String str) {
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName == null || elementsByTagName.getLength() <= 0 || elementsByTagName.item(0).getNodeType() != 1) {
            return null;
        }
        Element element2 = (Element) elementsByTagName.item(0);
        if (element2.hasChildNodes()) {
            return element2.getFirstChild().getNodeValue();
        }
        return null;
    }

    private String getAttributeValue(Element element, String str, String str2) {
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName == null || elementsByTagName.getLength() <= 0 || elementsByTagName.item(0).getNodeType() != 1) {
            return null;
        }
        Element element2 = (Element) elementsByTagName.item(0);
        if (element2.hasAttribute(str2)) {
            return element2.getAttribute(str2);
        }
        return null;
    }

    private boolean checkPassword(String str, String str2, String str3, String str4) {
        try {
            if (str2 == null) {
                return (str4 == null || str4.trim().length() == 0) ? str3.equals(str) : str3.equals(new String(ICEPasswordUtil.encode(str, str4, true), QJML.QJML_ENCODING));
            }
            byte[] bytes = str3.getBytes(QJML.QJML_ENCODING);
            if (str4 == null) {
                bytes = ICEPasswordUtil.encode(str3, str2, true);
            }
            return str.equals(new String(bytes, QJML.QJML_ENCODING));
        } catch (UnsupportedEncodingException e) {
            return false;
        } catch (NoSuchAlgorithmException e2) {
            return false;
        } catch (Exception e3) {
            return false;
        }
    }

    public void saveData() {
        log(8, "Share data with other modules.");
        if (this.applicationID != null) {
            this.sharedState.put("userID", this.applicationID);
        }
        if (this.applicationPassword != null) {
            this.sharedState.put("userPwd", this.applicationPassword);
        }
        this.sharedState.put("isEncrypted", "" + this.isEncrypted);
        if (this.encryption != null) {
            this.sharedState.put("encryption", this.encryption);
        }
        this.sharedState.put("userFullName", this.userName);
        this.sharedState.put("userGroup", this.userGroup);
        this.sharedState.put("userHome", this.userHome);
        this.sharedState.put("customParameter", "authorityUserID=" + URLEncoderUtil.encode(this.userID) + ",");
    }

    private void log(int i, String str) {
        this.log.log(i, (Object) this, str);
    }

    public String toString() {
        return "[" + getClass().getName() + "]";
    }
}
