package com.rsa.login;

import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
import com.sap.engine.lib.security.http.HttpGetterCallback;
import com.sap.tc.logging.Location;
import java.net.URLDecoder;
import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import sirrus.connect.ConnectionDescriptor;
import sirrus.runtime.APIFactory;
import sirrus.runtime.RuntimeAPI;
import sirrus.runtime.RuntimeAPIException;

/* loaded from: input_file:com/rsa/login/RSAAccessManagerLoginModule.class */
public class RSAAccessManagerLoginModule extends AbstractLoginModule {
    private static final Location logLocation;
    private static final String USER_PROPERTY = "user_property";
    private static final String CTSESSION = "CTSESSION";
    private static final String COOKIE_NAME = "cookie_name";
    private static final String HEADER_NAME = "header_name";
    private static final String DISPATCHER_LIST = "dispatcher_list";
    private static final String DEBUG = "debug";
    private static final String TIMEOUT = "timeout";
    private static final String RETRY_COUNT = "retry_count";
    private static final String IS_VALID = "SC_IS_VALID";
    private static final String CONNECTION_TYPE = "connection_type";
    private static final String CLEAR = "clear";
    private static final String ANON = "ssl_anon";
    private static final String AUTH = "ssl_auth";
    private static final String KEYSTORE = "keystore";
    private static final String KEYSTORE_PASSWORD = "keystore_password";
    private static final String KEY_ALIAS = "key_alias";
    private static final String KEY_PASSWORD = "key_password";
    private CallbackHandler callbackHandler;
    private Subject subject;
    private Map sharedState;
    private static String headerName;
    private static String dispatcherList;
    private static String connectionType;
    private static String cookieName;
    private static int retryCount;
    private static int timeout;
    private static String keystore;
    private static String keystorePassword;
    private static String keyAlias;
    private static String keyPassword;
    private String userId;
    private String userProperty;
    private static RuntimeAPI runtimeApi;
    private static Object runtimeApiSync;
    static Class class$com$rsa$login$RSAAccessManagerLoginModule;
    private boolean debug = true;
    private boolean succeeded = false;
    private boolean userIdSet = true;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        debug("RSAAccessManagerLoginModule.initialize()", "Initializing RSA  AxM Login Module.");
        this.callbackHandler = callbackHandler;
        this.subject = subject;
        this.sharedState = map;
        this.debug = "true".equalsIgnoreCase((String) map2.get(DEBUG));
        debug("RSAAccessManagerLoginModule.initialize()", "Initializing RSA AxM Login Module.");
        headerName = "";
        headerName = (String) map2.get(HEADER_NAME);
        String str = (String) map2.get(DISPATCHER_LIST);
        if (dispatcherList != null && !dispatcherList.equals(str)) {
            disconnect();
        }
        dispatcherList = str;
        if (dispatcherList == null || dispatcherList.trim().length() <= 0) {
            error(getEmptyParameterMessage(DISPATCHER_LIST, ""));
            debug("RSAAccessManagerLoginModule.initialize() failed.");
            return;
        }
        debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Dispatcher List: ").append(dispatcherList).toString());
        String str2 = (String) map2.get(CONNECTION_TYPE);
        if (connectionType != null && !connectionType.equalsIgnoreCase(str2)) {
            disconnect();
        }
        connectionType = str2;
        debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Connection Type: ").append(connectionType).toString());
        if (connectionType.equalsIgnoreCase(AUTH)) {
            boolean z = false;
            keystore = (String) map2.get(KEYSTORE);
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Keystore: ").append(keystore).toString());
            if (keystore == null || keystore.trim().length() <= 0) {
                error(getEmptyParameterMessage(KEYSTORE, "Note: It is only mandatory for SSL Authentication connections to the RSA Access Manager dispatcher (i.e. when connection_type is set to 'AUTH'"));
                z = true;
            }
            keystorePassword = (String) map2.get(KEYSTORE_PASSWORD);
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Keystore Password: ").append(keystorePassword).toString());
            if (keystorePassword == null || keystorePassword.trim().length() <= 0) {
                error(getEmptyParameterMessage(KEYSTORE_PASSWORD, "Note: It is only mandatory for SSL Authentication connections to the RSA Access Manager dispatcher (i.e. when connection_type is set to 'AUTH'"));
                z = true;
            }
            keyAlias = (String) map2.get(KEY_ALIAS);
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Key Alias: ").append(keyAlias).toString());
            if (keyAlias == null || keyAlias.trim().length() <= 0) {
                error(getEmptyParameterMessage(KEY_ALIAS, "Note: It is only mandatory for SSL Authentication connections to the RSA Access Manager dispatcher (i.e. when connection_type is set to 'AUTH'"));
                z = true;
            }
            keyPassword = (String) map2.get(KEY_PASSWORD);
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Key Password: ").append(keyPassword).toString());
            if (keyPassword == null || keyPassword.trim().length() <= 0) {
                error(getEmptyParameterMessage(KEY_PASSWORD, "Note: It is only mandatory for SSL Authentication connections to the RSA Access Manager dispatcher (i.e. when connection_type is set to 'AUTH'"));
                z = true;
            }
            if (z) {
                debug("RSAAccessManagerLoginModule.initialize() failed.");
                return;
            }
        }
        cookieName = (String) map2.get(COOKIE_NAME);
        if (cookieName == null || cookieName.trim().equals("")) {
            cookieName = CTSESSION;
        }
        debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("SSO Cookie Name: ").append(cookieName).toString());
        String str3 = (String) map2.get(TIMEOUT);
        if (str3 != null) {
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Timeout: ").append(str3).toString());
            int parseInt = Integer.parseInt(str3);
            if (timeout != parseInt) {
                timeout = parseInt;
                disconnect();
            }
        }
        String str4 = (String) map2.get(RETRY_COUNT);
        if (str4 != null) {
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("Retry Count: ").append(str4).toString());
            int parseInt2 = Integer.parseInt(str4);
            if (retryCount != parseInt2) {
                retryCount = parseInt2;
                disconnect();
            }
        }
        String str5 = (String) map2.get(USER_PROPERTY);
        if (str5 != null) {
            debug("RSAAccessManagerLoginModule.initialize()", new StringBuffer().append("User Property: ").append(str5).toString());
            this.userProperty = str5;
        }
        String property = System.getProperty("line.separator");
        debug("RSAAccessManagerLoginModule.initialize() set the following parameters:", new StringBuffer().append(property).append("                              ").append(DEBUG).append(":").append(this.debug).append(property).append("                              ").append(COOKIE_NAME).append(":").append(cookieName).append(property).append("                              ").append(USER_PROPERTY).append(":").append(this.userProperty).append(property).append("                              ").append(DISPATCHER_LIST).append(":").append(dispatcherList).append(property).append("                              ").append(CONNECTION_TYPE).append(":").append(connectionType).append(property).append("                              ").append(KEYSTORE).append(":").append(keystore).append(property).append("                              ").append(KEYSTORE_PASSWORD).append(":").append(keystorePassword).append(property).append("                              ").append(KEY_ALIAS).append(":").append(keyAlias).append(property).append("                              ").append(KEY_PASSWORD).append(":").append(keyPassword).append(property).append("                              ").append(TIMEOUT).append(":").append(timeout).append(property).append("                              ").append(RETRY_COUNT).append(":").append(retryCount).toString());
        getRuntimeApi();
    }

    public boolean login() throws LoginException {
        debug("RSAAccessManagerLoginModule.login()");
        Callback httpGetterCallback = new HttpGetterCallback();
        debug("RSAAccessManagerLoginModule.login()", "Initializing HttpGetterCallback object.");
        httpGetterCallback.setType((byte) 2);
        httpGetterCallback.setName(cookieName);
        try {
            this.callbackHandler.handle(new Callback[]{httpGetterCallback});
            String str = (String) httpGetterCallback.getValue();
            if (str == null) {
                debug("login()", "No token - returning false");
                return false;
            }
            String decode = URLDecoder.decode(str, "UTF-8");
            debug("RSAAccessManagerLoginModule.login()", new StringBuffer().append("Retrieved RSA Access Manager SSO token from the ").append(cookieName).append(" cookie.  ").append("Its value is: ").append(decode).toString());
            long currentTimeMillis = System.currentTimeMillis();
            if (!isTokenValid(decode)) {
                debug("RSAAccessManagerLoginModule.login()", "Invalid token - returning false.");
                return false;
            }
            getUserId(decode);
            info("RSAAccessManagerLoginModule.login()", new StringBuffer().append("Authentication check duration: ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms").toString());
            if (this.sharedState.get("javax.security.auth.login.name") == null) {
                this.sharedState.put("javax.security.auth.login.name", this.userId);
                this.userIdSet = true;
            }
            this.succeeded = true;
            debug("RSAAccessManagerLoginModule.login()", new StringBuffer().append("Access Manager Username: ").append(this.userId).toString());
            return true;
        } catch (Exception e) {
            debug("RSAAccessManagerLoginModule.login() Exception", e.toString());
            error(new StringBuffer().append("Error validating token: ").append(e.getMessage()).toString());
            return false;
        }
    }

    public boolean commit() throws LoginException {
        try {
            if (!this.succeeded) {
                debug("RSAAccessManagerLoginModule.commit() failed - returning false.");
                this.userId = null;
                return false;
            }
            debug("RSAAccessManagerLoginModule.commit()", new StringBuffer().append("Login succeeded. Creating Principal for ").append(this.userId).append(".").toString());
            Principal principal = new com.sap.engine.lib.security.Principal(this.userId);
            this.subject.getPrincipals().add(principal);
            if (!this.userIdSet) {
                return true;
            }
            this.sharedState.put("javax.security.auth.login.principal", principal);
            return true;
        } catch (Exception e) {
            debug("RSAAccessManagerLoginModule.commit() Exception", e.toString());
            return true;
        }
    }

    public boolean abort() throws LoginException {
        debug("RSAAccessManagerLoginModule.abort() called");
        try {
            this.succeeded = false;
            return true;
        } catch (Exception e) {
            debug("RSAAccessManagerLoginModule.abort() Exception", e.toString());
            return false;
        }
    }

    public boolean logout() throws LoginException {
        debug("RSAAccessManagerLoginModule.logout() called");
        try {
            this.succeeded = false;
            return true;
        } catch (Exception e) {
            debug("RSAAccessManagerLoginModule.logout() Exception", e.toString());
            return false;
        }
    }

    private void disconnect() {
        debug("RSAAccessManagerLoginModule.disconnect()");
        if (runtimeApi != null) {
            synchronized (runtimeApiSync) {
                if (runtimeApi != null) {
                    try {
                        runtimeApi.close();
                    } catch (Exception e) {
                        error("RSAAccessManagerLoginModule.disconnect()", new StringBuffer().append("Exception: ").append(e.toString()).toString());
                    }
                    runtimeApi = null;
                }
            }
        }
    }

    private void connect() {
        debug("RSAAccessManagerLoginModule.connect()");
        try {
            String[] split = dispatcherList.split(",");
            ConnectionDescriptor[] connectionDescriptorArr = new ConnectionDescriptor[split.length];
            int i = connectionType.equalsIgnoreCase(AUTH) ? 2 : 1;
            if (connectionType.equalsIgnoreCase(CLEAR)) {
                i = 0;
            }
            for (int i2 = 0; i2 < split.length; i2++) {
                String[] split2 = split[i2].split(":");
                if (i == 2) {
                    connectionDescriptorArr[i2] = createAuthSSLConnectionDescriptor(split2[0], Integer.parseInt(split2[1]), timeout);
                } else {
                    connectionDescriptorArr[i2] = new ConnectionDescriptor(split2[0], Integer.parseInt(split2[1]), i, timeout);
                    debug("RSAAccessManagerLoginModule.connect()", new StringBuffer().append("Parsed dispatcher: ").append(split2[0]).append(" port: ").append(split2[1]).toString());
                }
            }
            HashMap hashMap = new HashMap();
            hashMap.put("EMPTY_POOL_OK", "ON");
            long currentTimeMillis = System.currentTimeMillis();
            debug("RSAAccessManagerLoginModule.connect() - Connecting to dispatchers...");
            runtimeApi = APIFactory.createFromServerDispatchers(hashMap, connectionDescriptorArr, timeout, true, (String[]) null, retryCount);
            debug(new StringBuffer().append("Connection established in ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms.").toString());
        } catch (RuntimeAPIException e) {
            error(new StringBuffer().append("Error connecting to dispatchers: ").append(e.getMessage()).toString());
            debug(new StringBuffer().append("RSAAccessManagerLoginModule.connect() - RuntimeAPIException: ").append(e.toString()).toString());
            throw new RuntimeException("Could not connect to Access Manager servers. ", e);
        } catch (Exception e2) {
            error(new StringBuffer().append("Error connecting to dispatchers: ").append(e2.getMessage()).toString());
            debug(new StringBuffer().append("RSAAccessManagerLoginModule.connect() - Exception: ").append(e2.toString()).toString());
        }
    }

    private ConnectionDescriptor createAuthSSLConnectionDescriptor(String str, int i, int i2) {
        return new ConnectionDescriptor(str, i, 2, keystore, keystorePassword, keystore, keystorePassword, keyAlias, keyPassword, i2);
    }

    private RuntimeAPI getRuntimeApi() {
        if (runtimeApi == null) {
            synchronized (runtimeApiSync) {
                if (runtimeApi == null) {
                    connect();
                }
            }
        }
        return runtimeApi;
    }

    private boolean isTokenValid(String str) {
        debug("RSAAccessManagerLoginModule.isTokenValid()", "Validating RSA Access Manager SSO token.");
        if (str == null) {
            error("RSAAccessManagerLoginModule.isTokenValid()", "RSA Access Manager token is corrupt or not present.");
            throw new IllegalStateException("RSA Access Manager token is corrupt or not present");
        }
        try {
            debug("RSAAccessManagerLoginModule.isTokenValid()", new StringBuffer().append("Vaidating token: ").append(str).toString());
            return getRuntimeApi().getTokenValue(str, IS_VALID).equalsIgnoreCase("true");
        } catch (Exception e) {
            error("RSAAccessManagerLoginModule.isTokenValid()", new StringBuffer().append("Could not validate user token. ").append(str).append(" ").append(e.getMessage()).toString());
            debug(e.toString());
            throw new IllegalStateException("The token is invallid.");
        }
    }

    private void getUserId(String str) {
        debug("RSAAccessManagerLoginModule.getUserId()", "Attempting to retrieve the authenticated username from the SSO token.");
        if (str == null) {
            debug("RSAAccessManagerLoginModule.getUserId()", "RSA Access Manager token is corrupt or not present");
            throw new IllegalStateException("RSA Access Manager token is corrupt or not present");
        }
        try {
            if (this.userProperty != null) {
                debug("RSAAccessManagerLoginModule.getUserId()", new StringBuffer().append("Getting user property ").append(this.userProperty).toString());
                HashSet hashSet = new HashSet();
                hashSet.add(this.userProperty);
                HashMap hashMap = new HashMap();
                hashMap.put("SC_TOKEN", str);
                Set set = (Set) getRuntimeApi().getUserProperties(hashMap, hashSet).get(this.userProperty);
                if (set != null) {
                    Iterator it = set.iterator();
                    while (it.hasNext()) {
                        this.userId = (String) it.next();
                    }
                }
            } else {
                debug("RSAAccessManagerLoginModule.getUserId()", "Getting user ID from token.");
                this.userId = getRuntimeApi().getTokenValue(str, "SC_USER_ID");
            }
            debug("RSAAccessManagerLoginModule.getUserId()", new StringBuffer().append("Retrieved username: ").append(this.userId).toString());
        } catch (Exception e) {
            error("RSAAccessManagerLoginModule.getUserId()", new StringBuffer().append("Could not validate user token. ").append(e.getMessage()).toString());
            debug(e.toString());
            throw new IllegalStateException("Unable to get RSA Access Manager username");
        }
    }

    private void info(String str, String str2) {
        logLocation.infoT(str, str2);
    }

    private void error(String str) {
        logLocation.errorT(str);
    }

    private void error(String str, String str2) {
        logLocation.errorT(str, str2);
    }

    private void debug(String str) {
        if (this.debug) {
            logLocation.debugT(str);
        }
    }

    private void debug(String str, String str2) {
        if (this.debug) {
            logLocation.debugT(str, str2);
        }
    }

    private String getEmptyParameterMessage(String str, String str2) {
        String stringBuffer = new StringBuffer().append("Error: The mandatory parameter - '").append(str).append("' - is empty.").toString();
        if (str2 != null && str2.trim().length() > 0) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("  ").append(str2).toString();
        }
        return stringBuffer;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$rsa$login$RSAAccessManagerLoginModule == null) {
            cls = class$("com.rsa.login.RSAAccessManagerLoginModule");
            class$com$rsa$login$RSAAccessManagerLoginModule = cls;
        } else {
            cls = class$com$rsa$login$RSAAccessManagerLoginModule;
        }
        logLocation = Location.getLocation(cls);
        cookieName = CTSESSION;
        retryCount = 3;
        timeout = 10000;
        keystore = "";
        keystorePassword = "";
        keyAlias = "";
        keyPassword = "";
        runtimeApiSync = new Object();
    }
}
