package com.sun.identity.authentication.modules.unix;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.AuthenticationException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.security.auth.SolarisPrincipal;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:120954-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/authentication/modules/unix/Unix.class */
public class Unix extends AMLoginModule {
    private static int UNIX_HELPER_PORT;
    private static final String DEFAULT_UNIX_HELPER_PORT = "57946";
    private static final String DEFAULT_UNIX_TIMEOUT = "3";
    private static final String DEFAULT_UNIX_THREADS = "5";
    private String str_UNIX_TIMEOUT;
    private String str_UNIX_THREADS;
    private String str_UNIX_HELPER_PORT;
    private String password;
    private Map sharedState;
    private String userTokenId;
    private String user;
    private String serviceModule;
    private String clientIPAddr;
    private UnixHelper unixClient;
    private static int helper_config_done = 0;
    private static Locale locale = null;
    private static String amAuthUnix = "amAuthUnix";
    private static Debug debug = null;
    private static String PAM_SERVICE_ATTR = "iplanet-am-auth-unix-pam-service-name";
    private static String CONFIG_PORT_ATTR = "iplanet-am-auth-unix-config-port";
    private static String HELPER_PORT_ATTR = "iplanet-am-auth-unix-helper-port";
    private static String HELPER_TIMEOUT_ATTR = "iplanet-am-auth-unix-helper-timeout";
    private static String HELPER_THREADS_ATTR = "iplanet-am-auth-unix-helper-threads";
    private static String AUTH_LEVEL_ATTR = "iplanet-am-auth-unix-auth-level";
    private int UNIX_CONFIG_PORT = 58946;
    private ResourceBundle bundle = null;
    private Principal userPrincipal = null;
    private Map options = null;
    private boolean getCredentialsFromSharedState = false;
    private boolean needInit = true;

    public Unix() throws AuthLoginException {
        try {
            debug = Debug.getInstance(amAuthUnix);
            debug.message("Unix constructor called");
        } catch (Exception e) {
            debug.error("this is an error ", e);
        }
    }

    public void init_helper() throws AuthLoginException {
        try {
            this.unixClient = new UnixHelper(this.UNIX_CONFIG_PORT, amAuthUnix);
            debug.message("Re-initializing helper.");
            int configHelper = this.unixClient.configHelper(this.str_UNIX_HELPER_PORT, this.str_UNIX_TIMEOUT, this.str_UNIX_THREADS, debug, this.bundle);
            this.unixClient.destroy(this.bundle);
            if (configHelper != 0) {
                debug.message("Unable to contact helper to re-initialize(1).");
                throw new AuthLoginException(amAuthUnix, "UnixconfigHelper", null);
            }
            Thread.sleep(1000L);
        } catch (AuthLoginException e) {
            debug.message("Unable to contact helper to re-initialize(2).");
            throw new AuthLoginException(amAuthUnix, "UnixInitializeLex", null, e);
        } catch (Exception e2) {
            debug.message("Unable to contact helper to re-initialize(3).");
            throw new AuthLoginException(amAuthUnix, "UnixInitializeEx", null, e2);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void init(Subject subject, Map map, Map map2) {
        try {
            debug.message("in init ...");
            Locale loginLocale = getLoginLocale();
            this.bundle = AMLoginModule.amCache.getResBundle(amAuthUnix, loginLocale);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Unix resource bundle locale=").append(loginLocale).toString());
            }
            this.options = map2;
            this.serviceModule = Misc.getMapAttr(map2, PAM_SERVICE_ATTR);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("serviceModule is : ").append(this.serviceModule).toString());
            }
            this.sharedState = map;
            String mapAttr = Misc.getMapAttr(map2, AUTH_LEVEL_ATTR);
            if (mapAttr != null) {
                try {
                    setAuthLevel(Integer.parseInt(mapAttr));
                } catch (Exception e) {
                    debug.error(new StringBuffer().append("Unable to set auth level ").append(mapAttr).toString(), e);
                }
            }
        } catch (Exception e2) {
            debug.error("Error....", e2);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        if (this.needInit) {
            initialize_helper();
            debug.message("initialized helper");
        }
        if (getHttpServletRequest() != null) {
            this.clientIPAddr = getHttpServletRequest().getRemoteAddr();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("Unix client IPAddr = ").append(this.clientIPAddr).toString());
            }
        }
        if (i != 1) {
            debug.message("Inavlid login state");
            throw new AuthLoginException(amAuthUnix, "UnixInvalidState", new Object[]{new Integer(i)});
        }
        if (callbackArr == null || callbackArr.length != 0) {
            this.user = ((NameCallback) callbackArr[0]).getName();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("user is.. ").append(this.user).toString());
            }
            if (callbackArr.length > 1) {
                char[] password = ((PasswordCallback) callbackArr[1]).getPassword();
                if (password == null) {
                    password = new char[0];
                }
                this.password = new String(password);
                ((PasswordCallback) callbackArr[1]).clearPassword();
            }
        } else {
            this.user = (String) this.sharedState.get(getUserKey());
            this.password = (String) this.sharedState.get(getPwdKey());
            if (this.user == null || this.password == null) {
                return 1;
            }
            this.getCredentialsFromSharedState = true;
        }
        storeUsernamePasswd(this.user, this.password);
        if (this.user == null || this.user.equals("")) {
            debug.message("user id empty....");
            throw new AuthLoginException(amAuthUnix, "UnixUserIdNull", null);
        }
        try {
            if (!this.user.equals(new String(this.user.getBytes("ASCII"), "ASCII"))) {
                debug.message("enter ascii for user");
                setFailureID(this.user);
                throw new AuthLoginException(amAuthUnix, "UnixUseridNotASCII", null);
            }
            if (this.password == null) {
                this.password = "";
            } else {
                try {
                    if (!this.password.equals(new String(this.password.getBytes("ASCII"), "ASCII"))) {
                        throw new AuthLoginException(amAuthUnix, "UnixPasswordNotASCII", null);
                    }
                } catch (UnsupportedEncodingException e) {
                    if (this.getCredentialsFromSharedState) {
                        this.getCredentialsFromSharedState = false;
                        return 1;
                    }
                    setFailureID(this.user);
                    throw new AuthLoginException(amAuthUnix, "UnixInputEncodingException", null);
                }
            }
            debug.message("before calling unixClient...");
            int i2 = -1;
            try {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("unixClient is... ").append(this.unixClient).toString());
                }
                i2 = this.unixClient.authenticate(this.user, this.password, this.serviceModule, this.clientIPAddr, this.bundle);
                this.unixClient.destroy(this.bundle);
            } catch (Exception e2) {
                debug.error(new StringBuffer().append("Exception unixClient... :").append(e2.getMessage()).toString());
                if (debug.messageEnabled()) {
                    debug.message("Stack: ", e2);
                }
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("ires...... is... ").append(i2).toString());
            }
            if (i2 == 0) {
                this.userTokenId = this.user;
            } else {
                if (this.getCredentialsFromSharedState) {
                    this.getCredentialsFromSharedState = false;
                    return 1;
                }
                setFailureID(this.user);
                if (i2 == -1) {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("Auth failed for user ").append(this.user).toString());
                    }
                    throw new InvalidPasswordException(amAuthUnix, "UnixLoginFailed", new Object[]{this.user}, this.user, null);
                }
                if (i2 == 2) {
                    if (!debug.messageEnabled()) {
                        return 2;
                    }
                    debug.message(new StringBuffer().append("Auth failed for user ").append(this.user).append(". Password expired.").toString());
                    return 2;
                }
            }
            if (!debug.messageEnabled()) {
                return -1;
            }
            debug.message(new StringBuffer().append("Authentication for ").append(this.user).append(" succeeded!!").toString());
            return -1;
        } catch (UnsupportedEncodingException e3) {
            if (this.getCredentialsFromSharedState) {
                this.getCredentialsFromSharedState = false;
                return 1;
            }
            debug.message("unsupported encodidng..");
            throw new AuthLoginException(amAuthUnix, "UnixInputEncodingException", null);
        }
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public Principal getPrincipal() {
        if (this.userPrincipal != null) {
            return this.userPrincipal;
        }
        if (this.userTokenId == null) {
            return null;
        }
        this.userPrincipal = new SolarisPrincipal(this.userTokenId);
        return this.userPrincipal;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void destroyModuleState() {
        this.userTokenId = null;
        this.userPrincipal = null;
    }

    @Override // com.sun.identity.authentication.spi.AMLoginModule
    public void nullifyUsedVars() {
        this.sharedState = null;
        this.bundle = null;
        this.str_UNIX_HELPER_PORT = null;
        this.str_UNIX_TIMEOUT = null;
        this.str_UNIX_THREADS = null;
        this.user = null;
        this.password = null;
        this.serviceModule = null;
        this.clientIPAddr = null;
        this.password = null;
        this.unixClient = null;
        this.options = null;
    }

    public void getDaemonParams() {
        String mapAttr = Misc.getMapAttr(this.options, CONFIG_PORT_ATTR);
        this.str_UNIX_HELPER_PORT = Misc.getMapAttr(this.options, HELPER_PORT_ATTR);
        this.str_UNIX_TIMEOUT = Misc.getMapAttr(this.options, HELPER_TIMEOUT_ATTR);
        this.str_UNIX_THREADS = Misc.getMapAttr(this.options, HELPER_THREADS_ATTR);
        if (mapAttr != null) {
            try {
                this.UNIX_CONFIG_PORT = Integer.parseInt(mapAttr);
            } catch (NumberFormatException e) {
            }
        }
        if (this.str_UNIX_HELPER_PORT == null || this.str_UNIX_HELPER_PORT.length() == 0) {
            this.str_UNIX_HELPER_PORT = DEFAULT_UNIX_HELPER_PORT;
        }
        try {
            UNIX_HELPER_PORT = Integer.parseInt(this.str_UNIX_HELPER_PORT);
        } catch (NumberFormatException e2) {
        }
        if (this.str_UNIX_TIMEOUT == null || this.str_UNIX_TIMEOUT.length() == 0) {
            this.str_UNIX_TIMEOUT = "3";
        }
        if (this.str_UNIX_THREADS == null || this.str_UNIX_THREADS.length() == 0) {
            this.str_UNIX_THREADS = "5";
        }
    }

    public void initialize_helper() throws AuthLoginException {
        getDaemonParams();
        if (helper_config_done == 0) {
            init_helper();
            helper_config_done = 1;
        }
        try {
            this.unixClient = new UnixHelper(UNIX_HELPER_PORT, amAuthUnix);
        } catch (AuthenticationException e) {
            debug.message("Unable to connect to auth port; Try init again.");
            try {
                getDaemonParams();
                init_helper();
                debug.message("Successfully re-initialized helper.");
                try {
                    this.unixClient = new UnixHelper(UNIX_HELPER_PORT, amAuthUnix);
                    debug.message("Re-opened auth port tohelper(2).");
                } catch (AuthenticationException e2) {
                    debug.error("Unable to open auth port to helper(2)", e2);
                    throw new AuthLoginException(amAuthUnix, "UnixInitializeLex", null, e2);
                }
            } catch (AuthLoginException e3) {
                debug.error("Unable to contact helper to re-init", e3);
                throw new AuthLoginException(amAuthUnix, "UnixInitLex", null);
            }
        } catch (Exception e4) {
            debug.error("Exception... ", e4);
            throw new AuthLoginException(amAuthUnix, "UnixInitEx", null);
        }
        this.needInit = false;
    }
}
