package oracle.security.jazn.oc4j;

import com.evermind.security.Group;
import com.evermind.security.User;
import com.evermind.server.http.HttpAuthenticator;
import java.io.File;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import javax.mail.internet.MimeUtility;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import oracle.ldap.util.Guid;
import oracle.security.jazn.ApplicationServerProxy;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.JAZNException;
import oracle.security.jazn.JAZNInitException;
import oracle.security.jazn.JAZNRuntimeException;
import oracle.security.jazn.JAZNWebAppConfig;
import oracle.security.jazn.action.GetJAZNConfigPropertyAction;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RealmUser;
import oracle.security.jazn.spi.ldap.LDAPRealmUser;
import oracle.security.jazn.spi.xml.XMLJAZNProvider;
import oracle.security.jazn.util.Dbg;
import oracle.security.jazn.util.DbgWriter;
import oracle.security.jazn.util.Env;
import oracle.security.jazn.util.Misc;
import oracle.security.jazn.util.Synchronizable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/security/jazn/oc4j/RealmUserManager.class */
public class RealmUserManager extends GenericUserManager implements Synchronizable {
    protected boolean _isValid;
    protected String _dftRealmName;
    protected boolean _isExtSyncEnabled = true;
    protected boolean _isRBACHierarchyEnabled = true;
    private HashMap _authenticatorMap = new HashMap();

    public RealmUserManager() {
        this._id = nextID();
    }

    public RealmUserManager(JAZNConfig jAZNConfig) {
        try {
            init(jAZNConfig);
            this._id = nextID();
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            throw new JAZNInitException(th.getMessage(), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDefaultRealmName() {
        return this._dftRealmName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public Realm getDefaultRealm() {
        try {
            Realm realm = getJAZNConfig().getRealmManager().getRealm(this._dftRealmName);
            if (realm == null) {
            }
            return realm;
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            throw new JAZNRuntimeException(th.getMessage(), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public boolean isCacheEnabled() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public boolean isRBACHierarchyEnabled() {
        return this._isRBACHierarchyEnabled;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public boolean isExtSyncEnabled() {
        return this._isExtSyncEnabled;
    }

    protected boolean isValid() {
        return this._isValid;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkValidity() {
        if (!isValid()) {
            throw new IllegalStateException();
        }
    }

    private String getJAZNProperty(String str) {
        return getJAZNProperty(str, null);
    }

    private String getJAZNProperty(String str, String str2) {
        return (String) AccessController.doPrivileged((PrivilegedAction) new GetJAZNConfigPropertyAction(this._config, str, str2));
    }

    private boolean getBoolJAZNProperty(String str, String str2) {
        return Boolean.valueOf(getJAZNProperty(str, str2)).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager
    public void reset() {
        super.reset();
        this._isValid = false;
        this._isExtSyncEnabled = true;
        this._isRBACHierarchyEnabled = true;
        this._dftRealmName = null;
        this._anonymousUser = null;
    }

    protected void initProperties() throws JAZNException {
        this._isExtSyncEnabled = getBoolJAZNProperty(Env.EXT_SYNC, Env.EXT_SYNC_DEFAULT);
        this._isRBACHierarchyEnabled = getBoolJAZNProperty(Env.RBAC_HIERARCHY, Env.RBAC_HIERARCHY_DEFAULT);
    }

    private synchronized void initDefaultRealmName() throws JAZNException {
        this._dftRealmName = getJAZNProperty(Env.PROP_DEFAULT_REALM);
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-OC4J: App-specific <jazn> realm.default=").append(this._dftRealmName).toString());
        }
        if (this._dftRealmName == null) {
            this._dftRealmName = JAZNConfig.getJAZNConfig().getProperty(Env.PROP_DEFAULT_REALM);
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-OC4J: Global jazn.xml realm.default=").append(this._dftRealmName).toString());
            }
            if (this._dftRealmName == null) {
                this._dftRealmName = Misc.getJ2eeHomeJAZNConfig().getProperty(Env.PROP_DEFAULT_REALM);
                if (Dbg.LOG) {
                    System.out.println(new StringBuffer().append("JAAS-OC4J: $J2EE_HOME/config/jazn.xml: realm.default=").append(this._dftRealmName).toString());
                }
            }
        }
        if (this._dftRealmName != null && this._config.getRealmManager().getRealm(this._dftRealmName) == null) {
            this._dftRealmName = null;
        }
        if (this._dftRealmName == null && getProviderType() != null && getProviderType().equalsIgnoreCase("LDAP")) {
            this._dftRealmName = this._config.getRealmManager().getDefaultSubscriberRealm().getName();
        }
        if (this._dftRealmName == null) {
            Set realms = this._config.getRealmManager().getRealms();
            if (realms.size() == 1) {
                this._dftRealmName = ((Realm) realms.iterator().next()).getName();
            }
        }
        if (this._dftRealmName == null) {
            if (Dbg.LOG) {
                System.out.println("JAAS-OC4J: **WARNING** default-realm not initialized.");
            }
            if (Dbg.LOG) {
                Thread.dumpStack();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.security.jazn.oc4j.GenericUserManager
    public synchronized void init(JAZNConfig jAZNConfig) {
        try {
            super.init(jAZNConfig);
            initDefaultRealmName();
            initProperties();
            this._isValid = true;
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            throw new JAZNInitException(th.getMessage(), th);
        }
    }

    public void setOutOfSyncBit(boolean z) {
        if (this._isExtSyncEnabled) {
            getJAZNProvider().setOutOfSyncBit(z);
        }
    }

    public boolean isOutOfSync() {
        return this._isExtSyncEnabled && getJAZNProvider().isOutOfSync();
    }

    public void refresh() {
        getJAZNProvider().refresh();
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public boolean isUpdated() {
        return isOutOfSync();
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized void update() throws InstantiationException {
        refresh();
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized void invalidate() {
        getJAZNProvider().setOutOfSyncBit(true);
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized void create(URL url) throws IOException {
        if (url == null) {
            store();
        }
        XMLJAZNProvider jAZNProvider = getJAZNProvider();
        if (!(jAZNProvider instanceof XMLJAZNProvider)) {
            throw new UnsupportedOperationException();
        }
        jAZNProvider.writeXML(new OutputStreamWriter(url.openConnection().getOutputStream(), "UTF-8"));
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized void store() throws IOException {
        try {
            getJAZNProvider().persist();
        } catch (JAZNException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected RealmUserAdaptor getRealmUserAdaptor(RealmUser realmUser) {
        if (realmUser == null) {
            throw new IllegalArgumentException();
        }
        return new RealmUserAdaptor(this, realmUser);
    }

    protected RealmGroupAdaptor getRealmGroupAdaptor(RealmRole realmRole) {
        if (realmRole == null) {
            throw new IllegalArgumentException();
        }
        return new RealmGroupAdaptor(this, realmRole);
    }

    protected synchronized RealmUser getRealmUser(String str) {
        try {
            RealmPrincipalInfo realmPrincipalInfo = new RealmPrincipalInfo(this, str);
            if (realmPrincipalInfo.realm != null) {
                return realmPrincipalInfo.realm.getUserManager().getUser(str);
            }
            return null;
        } catch (Throwable th) {
            if (!Dbg.LOG) {
                return null;
            }
            th.printStackTrace();
            return null;
        }
    }

    protected synchronized RealmRole getRealmRole(String str) {
        try {
            RealmPrincipalInfo realmPrincipalInfo = new RealmPrincipalInfo(this, str);
            if (realmPrincipalInfo.realm != null) {
                return realmPrincipalInfo.realm.getRoleManager().getRole(str);
            }
            return null;
        } catch (Throwable th) {
            if (!Dbg.LOG) {
                return null;
            }
            th.printStackTrace();
            return null;
        }
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized User getUser(String str) {
        if (str == null) {
            throw new IllegalArgumentException(s_res.getString("Invalid input arguments."));
        }
        if (str.equals(Env.UNAUTH_USER)) {
            return getUnauthenticatedUser();
        }
        checkValidity();
        RealmUser realmUser = getRealmUser(str);
        if (realmUser != null) {
            return new JAZNUserAdaptor(getRealmUserAdaptor(realmUser));
        }
        if (getParent() != null) {
            return getParent().getUser(str);
        }
        return null;
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized Group getGroup(String str) {
        if (str == null) {
            throw new IllegalArgumentException(s_res.getString("Invalid input arguments."));
        }
        if (str.equals(getPublicGroupName())) {
            return getPublicGroup();
        }
        checkValidity();
        RealmRole realmRole = getRealmRole(str);
        if (realmRole != null) {
            return new JAZNGroupAdaptor(getRealmGroupAdaptor(realmRole));
        }
        if (getParent() != null) {
            return getParent().getGroup(str);
        }
        return null;
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public synchronized User getAnonymousUser() {
        checkValidity();
        if (this._anonymousUser != null) {
            return this._anonymousUser;
        }
        try {
            RealmUser realmUser = getRealmUser("anonymous");
            if (realmUser != null) {
                this._anonymousUser = new JAZNUserAdaptor(getRealmUserAdaptor(realmUser));
                return this._anonymousUser;
            }
            if (getParent() != null) {
                return getParent().getAnonymousUser();
            }
            return null;
        } catch (Throwable th) {
            if (!Dbg.LOG) {
                return null;
            }
            th.printStackTrace();
            return null;
        }
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public int getUserCount() {
        checkValidity();
        try {
            return getDefaultRealm().getUserManager().getUserCount();
        } catch (JAZNException e) {
            if (Dbg.LOG) {
                e.printStackTrace();
            }
            throw new IllegalStateException(e.getMessage());
        }
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public int getGroupCount() {
        checkValidity();
        try {
            return getDefaultRealm().getRoleManager().getRoleCount();
        } catch (JAZNException e) {
            if (Dbg.LOG) {
                e.printStackTrace();
            }
            throw new IllegalStateException(e.getMessage());
        }
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public List getUsers(int i, int i2) {
        checkValidity();
        try {
            ArrayList arrayList = new ArrayList();
            Iterator it = getDefaultRealm().getUserManager().getUsers().iterator();
            while (it.hasNext()) {
                arrayList.add(new JAZNUserAdaptor(getRealmUserAdaptor((RealmUser) it.next())));
            }
            Collections.sort(arrayList);
            return arrayList.subList(i, i2);
        } catch (JAZNException e) {
            if (!Dbg.LOG) {
                return null;
            }
            e.printStackTrace();
            return null;
        }
    }

    @Override // oracle.security.jazn.oc4j.AbstractUserManager
    public List getGroups(int i, int i2) {
        checkValidity();
        try {
            ArrayList arrayList = new ArrayList();
            Iterator it = getDefaultRealm().getRoleManager().getRoles().iterator();
            while (it.hasNext()) {
                arrayList.add(new JAZNGroupAdaptor(getRealmGroupAdaptor((RealmRole) it.next())));
            }
            Collections.sort(arrayList);
            return arrayList.subList(i, i2);
        } catch (JAZNException e) {
            if (!Dbg.LOG) {
                return null;
            }
            e.printStackTrace();
            return null;
        }
    }

    private boolean detectOCA(boolean z) {
        String property;
        URL deploymentURL;
        try {
            Properties iASProperties = Misc.getIASProperties();
            if (iASProperties != null && (property = iASProperties.getProperty("OCA.LaunchSuccess")) != null && property.equalsIgnoreCase("true") && (deploymentURL = getJAZNConfig().getDeploymentURL()) != null) {
                if (Dbg.LOG) {
                    System.out.println(new StringBuffer().append("JAAS-OC4J: Check deployment URL: ").append(deploymentURL).toString());
                }
                String file = deploymentURL.getFile();
                if (file != null) {
                    if (file.indexOf(new StringBuffer().append(File.separatorChar).append("j2ee").append(File.separatorChar).append("oca").append(File.separatorChar).toString()) != -1) {
                        if (Dbg.LOG) {
                            System.out.println("JAAS-OC4J: OC4J \"oca\" instance verified.");
                        }
                        if (!z) {
                            return true;
                        }
                        if (file.indexOf(new StringBuffer().append(File.separatorChar).append("oca").append(File.separatorChar).append("application-deployments").append(File.separatorChar).append("ocaapp").toString()) != -1) {
                            if (!Dbg.LOG) {
                                return true;
                            }
                            System.out.println("JAAS-OC4J: Application \"ocaapp\" verified.");
                            return true;
                        }
                        if (!Dbg.LOG) {
                            return true;
                        }
                        System.out.println("JAAS-OC4J: Application \"ocaapp\" NOT verified.");
                        return true;
                    }
                    if (Dbg.LOG) {
                        System.out.println("JAAS-OC4J: OC4J \"oca\" instance NOT verified.");
                    }
                }
            }
            return false;
        } catch (Throwable th) {
            if (!Dbg.LOG) {
                return false;
            }
            th.printStackTrace();
            return false;
        }
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager
    protected boolean installFilter(JAZNWebAppConfig jAZNWebAppConfig) {
        if (jAZNWebAppConfig != null || getJAZNProperty(Env.PROP_AUTH_METHOD) != null || getJAZNProperty(Env.PROP_RUNAS_MODE) != null || getJAZNProperty(Env.PROP_DOASPRIV_MODE) != null) {
            return true;
        }
        if (!detectOCA(true)) {
            return false;
        }
        if (!Dbg.LOG) {
            return true;
        }
        System.out.println("JAAS-OC4J: Install JAZNFilter for OCA");
        return true;
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager, oracle.security.jazn.oc4j.OC4JCallback
    public User getUser(HttpServletRequest httpServletRequest, String str) {
        String str2 = str;
        String header = httpServletRequest.getHeader("OSSO-USER-DN");
        String header2 = httpServletRequest.getHeader("OSSO-SUBSCRIBER");
        String header3 = httpServletRequest.getHeader("OSSO-SUBSCRIBER-DN");
        if (str2 != null) {
            try {
                str2 = MimeUtility.decodeText(str2);
            } catch (UnsupportedEncodingException e) {
                str2 = httpServletRequest.getRemoteUser();
                header = httpServletRequest.getHeader("OSSO-USER-DN");
                header2 = httpServletRequest.getHeader("OSSO-SUBSCRIBER");
                header3 = httpServletRequest.getHeader("OSSO-SUBSCRIBER-DN");
            }
        }
        if (header != null) {
            header = MimeUtility.decodeText(header);
        }
        if (header2 != null) {
            header2 = MimeUtility.decodeText(header2);
        }
        if (header3 != null) {
            header3 = MimeUtility.decodeText(header3);
        }
        String stringBuffer = new StringBuffer().append(header2).append("/").append(str2).toString();
        if (isCacheEnabled()) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                if (Dbg.PERF) {
                    DbgWriter.writeln("session exists");
                }
                try {
                    Object attribute = session.getAttribute(stringBuffer);
                    if (attribute != null && (attribute instanceof JAZNUserAdaptor)) {
                        if (Dbg.PERF) {
                            System.out.println(new StringBuffer().append("got user from session cache ").append(attribute).toString());
                        }
                        return (JAZNUserAdaptor) attribute;
                    }
                } catch (IllegalStateException e2) {
                    if (Dbg.PERF) {
                        System.out.println(new StringBuffer().append("Exception ").append(e2).toString());
                    }
                    if (Dbg.PERF) {
                        System.out.println("session illegal, create one");
                    }
                    httpServletRequest.getSession();
                }
            } else {
                if (Dbg.PERF) {
                    DbgWriter.writeln("session doesn't exist, create one");
                }
                HttpSession session2 = httpServletRequest.getSession();
                if (Dbg.PERF) {
                    DbgWriter.writeln(new StringBuffer().append("session ").append(session2).toString());
                }
            }
        }
        String header4 = httpServletRequest.getHeader("OSSO-USER-GUID");
        httpServletRequest.getHeader("OSSO-SUBSCRIBER-GUID");
        if (header2 == null || header == null) {
            return getUser(str2);
        }
        try {
            int indexOf = header3.indexOf("=");
            int indexOf2 = header3.indexOf(",");
            Realm realm = this._config.getRealmManager().getRealm(indexOf2 != -1 ? header3.substring(indexOf + 1, indexOf2) : header3.substring(indexOf + 1));
            if (realm == null) {
                return null;
            }
            JAZNUserAdaptor jAZNUserAdaptor = new JAZNUserAdaptor(getRealmUserAdaptor(new LDAPRealmUser(this._config, str2, header, new Guid(header4), realm)));
            if (isCacheEnabled()) {
                httpServletRequest.getSession(false).setAttribute(stringBuffer, jAZNUserAdaptor);
                if (Dbg.PERF) {
                    DbgWriter.writeln(new StringBuffer().append("put to session cache ").append(jAZNUserAdaptor).toString());
                }
            }
            return jAZNUserAdaptor;
        } catch (JAZNException e3) {
            if (!Dbg.LOG) {
                return null;
            }
            e3.printStackTrace();
            return null;
        }
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager, oracle.security.jazn.oc4j.OC4JCallback
    public synchronized HttpAuthenticator getHttpAuthenticator(JAZNWebAppConfig jAZNWebAppConfig) {
        String jAZNProperty = getJAZNProperty(Env.PROP_AUTH_METHOD);
        if (jAZNProperty == null && jAZNWebAppConfig != null) {
            jAZNProperty = jAZNWebAppConfig.getAuthenticationMethod();
        }
        if (jAZNProperty == null) {
            return null;
        }
        if (jAZNProperty.equals(KerberosAuthenticator.SSO_REALM)) {
            return new WebSSOAuthenticator(getJAZNConfig(), jAZNWebAppConfig);
        }
        if (jAZNProperty.equals("BASIC")) {
            return new BasicAuthenticator(getJAZNConfig(), jAZNWebAppConfig, ApplicationServerProxy.getApplicationName());
        }
        if (jAZNProperty.equals("WINDOWS_KERBEROS_AUTH")) {
            return new KerberosAuthenticator(getJAZNProperty(Env.PROP_KERB_SSO_FALLBACK), getJAZNProperty(Env.PROP_KERB_SERVICE_NAME), getJAZNProperty(Env.PROP_WIN_DOMAIN_SEP), getJAZNConfig());
        }
        try {
            return (HttpAuthenticator) Misc.newJAZNInstance(getJAZNConfig(), jAZNProperty, (String) null, true);
        } catch (Exception e) {
            if (Dbg.LOG) {
                e.printStackTrace();
            }
            throw new JAZNRuntimeException(e.getMessage(), e);
        }
    }

    @Override // oracle.security.jazn.oc4j.GenericUserManager, oracle.security.jazn.oc4j.AbstractUserManager
    public String toString() {
        return new StringBuffer().append("[RealmUserManager: dftRealm=").append(this._dftRealmName).append("]").toString();
    }
}
