package com.ibm.wps.engine.commands;

import com.ibm.websphere.security.SSOAuthenticator;
import com.ibm.wps.auth.ErrorBean;
import com.ibm.wps.engine.RunData;
import com.ibm.wps.puma.User;
import com.ibm.wps.puma.UserManager;
import com.ibm.wps.services.config.Config;
import com.ibm.wps.services.log.Log;
import com.ibm.wps.sso.PortalCallbackHandler;
import com.ibm.wps.sso.UserDNPrincipal;
import com.ibm.wps.util.DataBackendException;
import com.ibm.wps.util.StringUtils;
import com.ibm.ws.security.util.ServerSideAuthenticator;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.omg.SecurityLevel2.Credentials;

/* loaded from: input_file:wps.jar:com/ibm/wps/engine/commands/LoginUserAuth.class */
public class LoginUserAuth extends LoginUser {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-B88, (C) Copyright IBM Corp. 2001, 2002 - All Rights reserved.";
    private static final String PACKAGE_NAME;
    private static final boolean PACKAGE_DEBUG;
    private static final boolean multipleRealmsEnabled;
    private static final String defaultRealm;
    private static final String userTemplate;
    private static Class userDnHolderClass;
    static Class class$com$ibm$wps$engine$commands$LoginUserAuth;
    static Class class$com$ibm$wps$sso$UserDNPrincipal;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.wps.engine.commands.LoginUser
    public ErrorBean doAuthenticate(RunData runData, String str, String str2) {
        User user;
        if (PACKAGE_DEBUG) {
            Log.debug(PACKAGE_NAME, "LoginUserAuth (enter)");
        }
        if (str != null) {
            if (multipleRealmsEnabled) {
                str = prepareDN(str);
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: prepareDN is now: ").append(str).toString());
                }
            }
            try {
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: Trying to authenticate user ").append(str).toString());
                }
                ServerSideAuthenticator serverSideAuthenticator = new ServerSideAuthenticator();
                Credentials authenticate = serverSideAuthenticator.authenticate(str, str2);
                if (authenticate == null) {
                    if (PACKAGE_DEBUG) {
                        Log.debug(PACKAGE_NAME, "LoginUserAuth: Authentication failed, retCreds are null");
                    }
                    throw new Exception("ServerSideAuthenticator.authenticate returned null!");
                }
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: Authentication successful, UserName is: ").append(serverSideAuthenticator.getUserName(authenticate)).toString());
                }
                serverSideAuthenticator.setInvocationCredentials(authenticate);
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, "LoginUserAuth: InvocationCredentials set.");
                }
                SSOAuthenticator sSOAuthenticator = new SSOAuthenticator();
                sSOAuthenticator.login(str, str2, runData.getRequest(), runData.getResponse());
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, "LoginUserAuth: Single Sign-On cookie set");
                }
                String refererURL = sSOAuthenticator.getRefererURL(runData.getRequest(), runData.getResponse());
                if (refererURL != null && refererURL.length() > 0 && refererURL.toCharArray()[0] != '/') {
                    refererURL = new StringBuffer().append("/").append(refererURL).toString();
                }
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: redirectURL set to: ").append(refererURL).toString());
                }
                runData.setRedirectURL(refererURL);
                invalidateWasReqUrlCookie(runData);
            } catch (Exception e) {
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: Could not authenticate user ('").append(str).append("').").toString(), e);
                }
                return new ErrorBean(5, e);
            }
        }
        try {
            Hashtable hashtable = new Hashtable();
            if (str != null) {
                hashtable.put("USER_ID", str);
                hashtable.put(PortalCallbackHandler.USER_PASSWORD_KEY, str2);
            }
            hashtable.put(PortalCallbackHandler.REQUEST_KEY, runData.getRequest());
            LoginUser.addOtherHeaders(runData.getRequest(), hashtable);
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, "LoginUserAuth: (1) new LoginContext");
            }
            LoginContext loginContext = new LoginContext("WpsNewSubject", new PortalCallbackHandler(hashtable));
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, "LoginUserAuth: (2) lc.login");
            }
            loginContext.login();
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, "LoginUserAuth: (3) lc.getSubject");
            }
            Subject subject = loginContext.getSubject();
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, "LoginUserAuth: (4) getPrincipals");
            }
            Iterator it = subject.getPrincipals(userDnHolderClass).iterator();
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: (5) UserDNPrincipal? ( hasNext: ").append(it.hasNext()).append(" ,userDNs: ").append(it).append(")").toString());
            }
            if (!it.hasNext()) {
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, "LoginUserAuth: (5b) not found.");
                }
                Log.error(PACKAGE_NAME, "LoginUserAuth: Failed to retrive userDNPrincipals!");
                throw new Exception("Failed to retrive userDNPrincipals!");
            }
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, "LoginUserAuth: (5a) found.");
            }
            String name = ((UserDNPrincipal) it.next()).getName();
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: userDN is ").append(name).toString());
            }
            try {
                User user2 = (User) UserManager.instance().findById(name);
                if (user2 == null) {
                    throw new DataBackendException(new StringBuffer().append("User ").append(name).append(" doesn't exist!").toString());
                }
                user2.setSubject(subject);
                HttpSession session = runData.getSession(false);
                if (session != null && (user = runData.getUser()) != null && user.getID().equals(user2.getID())) {
                    if (PACKAGE_DEBUG) {
                        Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: HTTP Session already exists and seems to belong to another user! ('").append(user.getID()).append("').").append("Deleting all existing attributes.").toString());
                    }
                    Enumeration attributeNames = session.getAttributeNames();
                    while (attributeNames.hasMoreElements()) {
                        session.removeAttribute((String) attributeNames.nextElement());
                    }
                }
                runData.setUser(user2);
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, "LoginUserAuth (exit)");
                }
                return new ErrorBean(0, null);
            } catch (Exception e2) {
                Log.error(PACKAGE_NAME, "LoginUserAuth: Could not retrieve the user object.", e2);
                return new ErrorBean(2, e2);
            }
        } catch (Exception e3) {
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: JAAS login failed for user ('").append(str).append("').").toString(), e3);
            }
            return new ErrorBean(6, e3);
        }
    }

    protected void invalidateWasReqUrlCookie(RunData runData) throws Exception {
        if (PACKAGE_DEBUG) {
            Log.debug(PACKAGE_NAME, "LoginUserAuth.invalidateWasReqUrlCookie (enter)");
        }
        Cookie[] cookies = runData.getRequest().getCookies();
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (PACKAGE_DEBUG) {
                    Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth.invalidateWasReqUrlCookie looking at cookie:").append(cookies[i].getName()).toString());
                }
                if (cookies[i].getName().equals("WASReqURL")) {
                    Cookie cookie = new Cookie("WASReqURL", "");
                    cookie.setPath(cookies[i].getPath());
                    cookie.setMaxAge(0);
                    runData.getResponse().addCookie(cookie);
                    if (PACKAGE_DEBUG) {
                        Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth.invalidateWasReqUrlCookie cookie added to response:").append(cookies[i]).toString());
                    }
                }
            }
        }
        if (PACKAGE_DEBUG) {
            Log.debug(PACKAGE_NAME, "LoginUserAuth.invalidateWasReqUrlCookie (exit)");
        }
    }

    @Override // com.ibm.wps.engine.commands.LoginUser
    protected void compensateDoAuthenticate(RunData runData, ErrorBean errorBean) throws Exception {
        new SSOAuthenticator().logout(runData.getRequest(), runData.getResponse());
        invalidateWasReqUrlCookie(runData);
        runData.setUser(null);
        HttpSession session = runData.getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }

    private static String prepareDN(String str) {
        if (PACKAGE_DEBUG) {
            Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth: PrepareDN for ").append(str).toString());
        }
        String str2 = null;
        String str3 = null;
        if (str.indexOf("=") == -1) {
            int indexOf = str.indexOf("@");
            if (indexOf > 0 && indexOf < str.length() - 1) {
                str2 = str.substring(0, indexOf);
                str3 = str.substring(indexOf + 1);
            } else if (indexOf < 0) {
                str2 = str;
                str3 = defaultRealm;
            }
        }
        if (str2 == null || str3 == null) {
            if (PACKAGE_DEBUG) {
                Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth-PreapreDN: aUserID= ").append(str).toString());
            }
            return str;
        }
        String format = new MessageFormat(userTemplate).format(new Object[]{str2, str3});
        if (PACKAGE_DEBUG) {
            Log.debug(PACKAGE_NAME, new StringBuffer().append("LoginUserAuth-PreapreDN: DN= ").append(format).toString());
        }
        return format;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$com$ibm$wps$engine$commands$LoginUserAuth == null) {
            cls = class$("com.ibm.wps.engine.commands.LoginUserAuth");
            class$com$ibm$wps$engine$commands$LoginUserAuth = cls;
        } else {
            cls = class$com$ibm$wps$engine$commands$LoginUserAuth;
        }
        PACKAGE_NAME = StringUtils.packageOf(cls);
        PACKAGE_DEBUG = Log.isDebugEnabled(PACKAGE_NAME);
        multipleRealmsEnabled = Config.getParameters().getBoolean("multiple.realms.enabled", false);
        defaultRealm = Config.getParameters().getString("multiple.realms.login.default.realm");
        userTemplate = Config.getParameters().getString("multiple.realms.user.dn.template");
        if (class$com$ibm$wps$sso$UserDNPrincipal == null) {
            cls2 = class$("com.ibm.wps.sso.UserDNPrincipal");
            class$com$ibm$wps$sso$UserDNPrincipal = cls2;
        } else {
            cls2 = class$com$ibm$wps$sso$UserDNPrincipal;
        }
        userDnHolderClass = cls2;
    }
}
