package com.iplanet.services.cdc;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMOrganizationalUnit;
import com.iplanet.am.sdk.AMSDKBundle;
import com.iplanet.am.sdk.AMSearchControl;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction;
import com.iplanet.dpro.session.TokenRestriction;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.internal.AuthPrincipal;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.admin.AdminInterfaceUtils;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.password.ui.model.PWResetModel;
import com.sun.identity.security.AdminDNAction;
import com.sun.identity.security.AdminPasswordAction;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:117585-13/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/iplanet/services/cdc/LdapSPValidator.class */
public class LdapSPValidator implements SPValidator {
    private AMOrganizationalUnit orgUnit;
    private Exception exception;
    private static final String LDAP_ATTR_NAME = "sunIdentityServerDeviceKeyValue";
    private static final String LDAP_STATUS_ATTR_NAME = "sunIdentityServerDeviceStatus";
    private static final String PROVIDER_ID_ATTR_NAME = "agentRootURL";
    private static final int PROVIDER_ID_ATTR_LEN = 13;
    private static final String HOSTNAME_ATTR_NAME = "hostname";
    private static final int HOSTNAME_ATTR_LEN = 9;

    public LdapSPValidator() {
        String str = (String) AccessController.doPrivileged(new AdminDNAction());
        try {
            AMStoreConnection aMStoreConnection = new AMStoreConnection(SSOTokenManager.getInstance().createSSOToken(new AuthPrincipal(str), (String) AccessController.doPrivileged(new AdminPasswordAction())));
            this.orgUnit = aMStoreConnection.getOrganizationalUnit(new StringBuffer().append(AMStoreConnection.getNamingAttribute(3)).append("=").append(AdminInterfaceUtils.defaultAgentContainerName()).append(",").append(aMStoreConnection.getOrganizationDN("/", null)).toString());
            if (!this.orgUnit.isExists()) {
                this.exception = new AMException(AMSDKBundle.getString("32"), "32");
            }
        } catch (AMException e) {
            this.exception = e;
            CDCServlet.debug.error("CDC::dapSPValidator unable to get Agent container: ", e);
        } catch (SSOException e2) {
            this.exception = e2;
            CDCServlet.debug.error("CDC:LdapSPValidator unable to get SSO Token: ", e2);
        }
    }

    @Override // com.iplanet.services.cdc.SPValidator
    public TokenRestriction validateAndGetRestriction(FSAuthnRequest fSAuthnRequest, String str) throws Exception {
        if (this.exception != null) {
            throw this.exception;
        }
        URL url = new URL(fSAuthnRequest.getProviderId());
        StringBuffer stringBuffer = new StringBuffer(50);
        stringBuffer.append(url.getProtocol()).append(ISAuthConstants.URL_SEPARATOR).append(url.getHost()).append(":").append(url.getPort()).append("/");
        Map searchAgents = searchAgents(stringBuffer);
        if (searchAgents.size() == 0) {
            if (CDCServlet.debug.warningEnabled()) {
                CDCServlet.debug.warning(new StringBuffer().append("CDC Component: Invalid agent ID: ").append((Object) stringBuffer).toString());
            }
            throw new Exception("Invalid Agent: Not configured in directory");
        }
        r14 = null;
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        boolean z2 = false;
        URL url2 = new URL(str);
        String lowerCase = url2.getHost().toLowerCase();
        String lowerCase2 = url2.getProtocol().toLowerCase();
        int port = url2.getPort();
        for (String str2 : searchAgents.keySet()) {
            Map map = (Map) searchAgents.get(str2);
            boolean isAgentActive = isAgentActive(map);
            z = isAgentActive;
            if (isAgentActive && validateGotoUrlAndUpdateHostList(map, arrayList, z2, lowerCase, lowerCase2, port)) {
                z2 = true;
            }
        }
        if (!z) {
            if (CDCServlet.debug.warningEnabled()) {
                CDCServlet.debug.warning(new StringBuffer().append("Invalid request for Agent ID: ").append((Object) stringBuffer).toString());
            }
            throw new Exception("Agent is not active");
        }
        if (z2) {
            if (CDCServlet.debug.messageEnabled()) {
                CDCServlet.debug.message(new StringBuffer().append("CDC Servlet: Restriction string for: ").append((Object) stringBuffer).append(" is: ").append(str2).append(" ").append(arrayList).toString());
            }
            return new DNOrIPAddressListTokenRestriction(str2, arrayList);
        }
        if (CDCServlet.debug.warningEnabled()) {
            CDCServlet.debug.warning(new StringBuffer().append("Invalid GoTo URL: ").append(str).append(" for Agent ID: ").append((Object) stringBuffer).toString());
        }
        throw new Exception("Goto URL not valid for the agent Provider ID");
    }

    private Map searchAgents(StringBuffer stringBuffer) throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(new StringBuffer().append("agentRootURL=").append(stringBuffer.toString()).toString());
        HashMap hashMap = new HashMap();
        hashMap.put(LDAP_ATTR_NAME, hashSet);
        AMSearchControl aMSearchControl = new AMSearchControl();
        HashSet hashSet2 = new HashSet();
        hashSet2.add(LDAP_ATTR_NAME);
        hashSet2.add(LDAP_STATUS_ATTR_NAME);
        aMSearchControl.setReturnAttributes(hashSet2);
        Map resultAttributes = this.orgUnit.searchEntities("*", hashMap, (String) null, aMSearchControl).getResultAttributes();
        if (CDCServlet.debug.messageEnabled()) {
            CDCServlet.debug.message(new StringBuffer().append("CDC Servlet: Directory matches for ").append((Object) stringBuffer).append(" is:").append(resultAttributes).toString());
        }
        return resultAttributes;
    }

    private boolean isAgentActive(Map map) {
        Set set;
        boolean z = false;
        if (map != null && (set = (Set) map.get(LDAP_STATUS_ATTR_NAME)) != null && !set.isEmpty() && ((String) set.iterator().next()).equalsIgnoreCase(PWResetModel.ACTIVE)) {
            z = true;
        }
        return z;
    }

    private boolean validateGotoUrlAndUpdateHostList(Map map, ArrayList arrayList, boolean z, String str, String str2, int i) throws MalformedURLException {
        Set<String> set;
        boolean z2 = false;
        if (map != null && (set = (Set) map.get(LDAP_ATTR_NAME)) != null) {
            for (String str3 : set) {
                if (str3.startsWith(PROVIDER_ID_ATTR_NAME)) {
                    URL url = new URL(str3.substring(13));
                    arrayList.add(url.getHost());
                    if (!z && url.getHost().toLowerCase().equals(str) && url.getProtocol().toLowerCase().equals(str2) && url.getPort() == i) {
                        z2 = true;
                    }
                } else if (str3.startsWith(HOSTNAME_ATTR_NAME)) {
                    arrayList.add(str3.substring(9));
                }
            }
        }
        return z2;
    }
}
