package com.ibm.rcp.dombrowser.sso;

import com.ibm.rcp.accounts.Account;
import com.ibm.rcp.accounts.AccountsLoginContextService;
import com.ibm.rcp.accounts.AccountsManager;
import com.ibm.rcp.accounts.AccountsManagerFactory;
import com.ibm.rcp.security.auth.PBEKeyCredential;
import com.ibm.rcp.security.auth.SingleSignonToken;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.spec.PBEKeySpec;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.commons.httpclient.Cookie;
import org.eclipse.osgi.util.NLS;
import org.eclipse.swt.browser.DOMBrowser;
import org.eclipse.swt.browser.DOMBrowserNLS;
import org.eclipse.swt.widgets.Display;

/* loaded from: input_file:ws/win32/iedom.jar:com/ibm/rcp/dombrowser/sso/BrowserSSOUtil.class */
public class BrowserSSOUtil {
    private static final String PROXY_ACCOUNT = "PROXY.ACCOUNT";
    private static final String PROXY_BASIC = "PROXY.BASIC";
    private static final String PROXY_NTLM = "PROXY.NTLM";
    private static final String BLANK_URL = "about:blank";
    private static final String HTTP_PROTOCOL = "http";
    private static final String HTTPS_PROTOCOL = "https";
    private static final String SSO_THREAD = "Browser SSO Thread";
    private static final String PROXY_SSO_THREAD = "Browser PROXY SSO Thread";
    private static final int ssoTimeOutValue = 6000;
    private static String location;
    private static DOMBrowser browser;
    private static String username;
    private static char[] password;
    private static final int QUERYLOCK = 0;
    private static final int SETLOCK = 1;
    private static final int UNLOCK = 2;
    public static final String CLASS_NAME = BrowserSSOUtil.class.getName();
    private static final String PKG = BrowserSSOUtil.class.getPackage().getName();
    private static Logger _logger = Logger.getLogger(PKG);
    private static boolean locked = false;

    public static synchronized boolean ssoForProxyInThread(String str, DOMBrowser dOMBrowser) {
        location = str;
        browser = dOMBrowser;
        username = null;
        password = null;
        _logger.entering(CLASS_NAME, "ssoForProxyInThread");
        Thread thread = new Thread(PROXY_SSO_THREAD) { // from class: com.ibm.rcp.dombrowser.sso.BrowserSSOUtil.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                AccountsManager accountsManager = AccountsManagerFactory.getAccountsManager();
                if (accountsManager == null) {
                    BrowserSSOUtil.isLocked(2);
                    return;
                }
                Account accountByName = accountsManager.getAccountByName(BrowserSSOUtil.PROXY_ACCOUNT);
                if (accountByName == null) {
                    BrowserSSOUtil.isLocked(2);
                    return;
                }
                if (!BrowserSSOUtil.validateUrl(BrowserSSOUtil.location)) {
                    BrowserSSOUtil.isLocked(2);
                    return;
                }
                try {
                    String type = accountByName.getType();
                    if (BrowserSSOUtil.PROXY_BASIC.equalsIgnoreCase(type) || BrowserSSOUtil.PROXY_NTLM.equalsIgnoreCase(type)) {
                        BrowserSSOUtil.username = accountByName.getProperty("username");
                        BrowserSSOUtil.password = accountByName.getLoginContext().getAccountPassword();
                        BrowserSSOUtil.isLocked(2);
                        return;
                    }
                } catch (Throwable th) {
                    BrowserSSOUtil._logger.logp(Level.SEVERE, BrowserSSOUtil.CLASS_NAME, "ssoForProxyInThread", NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO_PROXY, ""), th);
                }
                BrowserSSOUtil.isLocked(2);
            }
        };
        long currentTimeMillis = System.currentTimeMillis();
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForProxyInThread", "SSO Thread Start time: " + currentTimeMillis);
        }
        isLocked(1);
        long currentTimeMillis2 = System.currentTimeMillis();
        thread.start();
        Display current = Display.getCurrent();
        while (isLocked(0) && !current.isDisposed()) {
            try {
            } catch (Throwable th) {
                _logger.logp(Level.SEVERE, CLASS_NAME, "ssoForProxyInThread", SSO_THREAD, th);
            }
            if (System.currentTimeMillis() - currentTimeMillis2 >= 6000) {
                isLocked(2);
                _logger.logp(Level.WARNING, CLASS_NAME, "ssoForProxyInThread-Browser SSO Thread TimeOut", NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, location));
                break;
            }
            if (!current.readAndDispatch()) {
                current.sleep();
            }
        }
        if (_logger.isLoggable(Level.FINEST)) {
            long currentTimeMillis3 = System.currentTimeMillis();
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForProxyInThread", "SSO Thread End time: " + currentTimeMillis3);
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForProxyInThread", "SSO Thread costs(ms): " + (currentTimeMillis3 - currentTimeMillis));
        }
        if (username == null || password == null) {
            return false;
        }
        try {
            URL url = new URL(location);
            String host = url.getHost();
            String path = url.getPath();
            String protocol = url.getProtocol();
            boolean z = false;
            if (protocol != null && HTTP_PROTOCOL.equalsIgnoreCase(protocol)) {
                z = false;
            } else if (protocol != null && HTTPS_PROTOCOL.equalsIgnoreCase(protocol)) {
                z = true;
            }
            int defaultPort = url.getPort() == -1 ? url.getDefaultPort() : url.getPort();
            boolean basicAuthEx = browser.setBasicAuthEx(host, defaultPort, path, z, username, password);
            if (basicAuthEx) {
                BrowserProxySSOEntry proxySSOEntry = BrowserSSOManager.getInstance().getProxySSOEntry();
                if (proxySSOEntry != null) {
                    if (browser.enabledJava2Applet()) {
                        proxySSOEntry.setSSOedIEOOPService(true);
                    } else {
                        proxySSOEntry.setSSOedIEService(true);
                    }
                }
            } else {
                browser.setBasicAuthEx(host, defaultPort, path, z, username, new char[1]);
            }
            _logger.exiting(CLASS_NAME, "ssoForProxyInThread", Boolean.toString(basicAuthEx));
        } catch (Throwable th2) {
            _logger.logp(Level.SEVERE, CLASS_NAME, "ssoForProxyInThread", PROXY_SSO_THREAD, th2);
        }
        boolean z2 = false;
        BrowserProxySSOEntry proxySSOEntry2 = BrowserSSOManager.getInstance().getProxySSOEntry();
        if (proxySSOEntry2 != null) {
            if (browser.enabledJava2Applet()) {
                proxySSOEntry2.IEOOPServiceSSOAttemptedCount++;
                z2 = proxySSOEntry2.isSSOedIEOOPService();
            } else {
                proxySSOEntry2.IEServiceSSOAttemptedCount++;
                z2 = proxySSOEntry2.isSSOedIEService();
            }
        }
        _logger.exiting(CLASS_NAME, "ssoForProxyInThread", String.valueOf(z2));
        return z2;
    }

    public static List getAccountListForUrl(String str) {
        _logger.entering(CLASS_NAME, "getAccountListForUrl", str);
        if (!validateUrl(str)) {
            _logger.exiting(CLASS_NAME, "getAccountListForUrl", Boolean.toString(false));
            return null;
        }
        AccountsManager accountsManager = AccountsManagerFactory.getAccountsManager();
        if (accountsManager == null) {
            _logger.exiting(CLASS_NAME, "getAccountListForUrl", Boolean.toString(false));
            return null;
        }
        List accountsByServer = accountsManager.getAccountsByServer(str);
        _logger.exiting(CLASS_NAME, "getAccountListForUrl", "Accounts found: " + accountsByServer.size());
        return accountsByServer;
    }

    public static synchronized boolean ssoForUrl(DOMBrowser dOMBrowser, List list, String str) {
        _logger.entering(CLASS_NAME, "ssoForUrl", str);
        if (_logger.isLoggable(Level.FINER)) {
            StringBuffer stringBuffer = new StringBuffer(DOMBrowser.DISPID_FRAMEBEFORENAVIGATE);
            stringBuffer.append("Accounts provided:\n");
            for (int i = 0; i < list.size(); i++) {
                stringBuffer.append(i).append(") ").append(((Account) list.get(i)).getProperties(true).toString()).append('\n');
            }
            _logger.logp(Level.FINER, CLASS_NAME, "ssoForUrl", stringBuffer.toString());
        }
        final ArrayList arrayList = new ArrayList();
        location = str;
        browser = dOMBrowser;
        if (!validateUrl(str)) {
            _logger.exiting(CLASS_NAME, "ssoForUrl", "false");
            return false;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.add((Account) it.next());
        }
        if (arrayList.size() == 0) {
            _logger.exiting(CLASS_NAME, "ssoForUrl", "false");
            return false;
        }
        Thread thread = new Thread(SSO_THREAD) { // from class: com.ibm.rcp.dombrowser.sso.BrowserSSOUtil.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                URL url;
                String host;
                PBEKeyCredential pBEKeyCredential;
                try {
                    try {
                        try {
                            url = new URL(BrowserSSOUtil.location);
                            host = url.getHost();
                        } catch (Throwable th) {
                            BrowserSSOUtil.isLocked(2);
                            BrowserSSOUtil._logger.logp(Level.SEVERE, BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD, NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, BrowserSSOUtil.location), th);
                            BrowserSSOUtil.isLocked(2);
                            BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                            return;
                        }
                    } catch (MalformedURLException e) {
                        BrowserSSOUtil._logger.logp(Level.SEVERE, BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD, NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, BrowserSSOUtil.location), (Throwable) e);
                        BrowserSSOUtil.isLocked(2);
                    }
                    for (Account account : arrayList) {
                        AccountsLoginContextService loginContext = account.getLoginContext();
                        Subject subject = loginContext.getSubject();
                        if (subject == null) {
                            try {
                                long currentTimeMillis = System.currentTimeMillis();
                                loginContext.login();
                                if (BrowserSSOUtil._logger.isLoggable(Level.FINEST)) {
                                    BrowserSSOUtil._logger.logp(Level.FINEST, BrowserSSOUtil.CLASS_NAME, "ssoForUrl", "Account: context.login() cost: " + (System.currentTimeMillis() - currentTimeMillis));
                                }
                                subject = loginContext.getSubject();
                            } catch (LoginException e2) {
                                BrowserSSOUtil._logger.logp(Level.SEVERE, BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD, NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, BrowserSSOUtil.location), (Throwable) e2);
                            }
                        }
                        if (subject == null) {
                            BrowserSSOUtil._logger.logp(Level.WARNING, BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD, NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, BrowserSSOUtil.location));
                            BrowserSSOUtil.isLocked(2);
                        } else {
                            Set publicCredentials = subject.getPublicCredentials(Account.class);
                            if (BrowserSSOUtil.HTTP_PROTOCOL.equalsIgnoreCase((publicCredentials.size() > 0 ? (Account) publicCredentials.toArray()[0] : account).getAuthType())) {
                                Set<PBEKeyCredential> privateCredentials = subject.getPrivateCredentials(PBEKeyCredential.class);
                                if (privateCredentials == null || privateCredentials.isEmpty()) {
                                    loginContext.login();
                                    privateCredentials = loginContext.getSubject().getPrivateCredentials(PBEKeyCredential.class);
                                }
                                String property = account.getProperty("masterprops");
                                if (account.getProperty("masterprops") != null) {
                                    account = AccountsManagerFactory.getAccountsManager().getAccount(property);
                                    loginContext = account.getLoginContext();
                                    privateCredentials = loginContext.getSubject().getPrivateCredentials(PBEKeyCredential.class);
                                }
                                String property2 = account.getProperty("username");
                                for (PBEKeyCredential pBEKeyCredential2 : privateCredentials) {
                                    if (account.getProperty("credentialid").equalsIgnoreCase(pBEKeyCredential2.getAlias())) {
                                        PBEKeySpec keySpec = pBEKeyCredential2.getKeySpec();
                                        if (keySpec == null) {
                                            loginContext.login();
                                            Set privateCredentials2 = loginContext.getSubject().getPrivateCredentials(PBEKeyCredential.class);
                                            if (privateCredentials2 != null && (pBEKeyCredential = (PBEKeyCredential) privateCredentials2.iterator().next()) != null) {
                                                keySpec = pBEKeyCredential.getKeySpec();
                                            }
                                        }
                                        if (keySpec != null) {
                                            char[] password2 = keySpec.getPassword();
                                            boolean z = false;
                                            String substring = BrowserSSOUtil.location.substring(BrowserSSOUtil.location.indexOf(url.getPath()));
                                            String protocol = url.getProtocol();
                                            if (protocol != null && protocol.equalsIgnoreCase(BrowserSSOUtil.HTTP_PROTOCOL)) {
                                                z = false;
                                            } else if (protocol != null && protocol.equalsIgnoreCase(BrowserSSOUtil.HTTPS_PROTOCOL)) {
                                                z = true;
                                            }
                                            int defaultPort = url.getPort() == -1 ? url.getDefaultPort() : url.getPort();
                                            long currentTimeMillis2 = System.currentTimeMillis();
                                            boolean basicAuth = BrowserSSOUtil.browser.setBasicAuth(host, defaultPort, substring, z, property2, password2);
                                            if (BrowserSSOUtil._logger.isLoggable(Level.FINEST)) {
                                                BrowserSSOUtil._logger.logp(Level.FINEST, BrowserSSOUtil.CLASS_NAME, "ssoForUrl", "browser.setBasicAuth() cost: " + (System.currentTimeMillis() - currentTimeMillis2));
                                            }
                                            BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD, Boolean.toString(basicAuth));
                                            BrowserSSOManager.getInstance().setBrowserMark(BrowserSSOUtil.browser, account, basicAuth);
                                            BrowserSSOUtil.isLocked(2);
                                        }
                                    }
                                }
                            } else {
                                Set privateCredentials3 = subject.getPrivateCredentials(SingleSignonToken.class);
                                if (privateCredentials3 == null || privateCredentials3.isEmpty()) {
                                    loginContext.login();
                                    privateCredentials3 = loginContext.getSubject().getPrivateCredentials(SingleSignonToken.class);
                                }
                                Iterator it2 = privateCredentials3.iterator();
                                while (it2.hasNext()) {
                                    SingleSignonToken singleSignonToken = (SingleSignonToken) it2.next();
                                    if (!singleSignonToken.isCurrent()) {
                                        try {
                                            singleSignonToken.refresh();
                                        } catch (RefreshFailedException unused) {
                                            loginContext.login();
                                            it2 = loginContext.getSubject().getPrivateCredentials(SingleSignonToken.class).iterator();
                                        }
                                    }
                                    final Cookie[] ssoTokens = singleSignonToken.getSsoTokens();
                                    if (ssoTokens != null && ssoTokens.length > 0) {
                                        Display.getDefault().syncExec(new Runnable() { // from class: com.ibm.rcp.dombrowser.sso.BrowserSSOUtil.2.1
                                            @Override // java.lang.Runnable
                                            public void run() {
                                                for (int i2 = 0; i2 < ssoTokens.length; i2++) {
                                                    String name = ssoTokens[i2].getName();
                                                    String value = ssoTokens[i2].getValue();
                                                    String path = ssoTokens[i2].getPath();
                                                    if (path == null || path.length() == 0) {
                                                        path = "/";
                                                    }
                                                    BrowserSSOUtil.browser.setCookie(BrowserSSOUtil.location, String.valueOf(name) + "=" + value + "; path=" + path);
                                                }
                                            }
                                        });
                                        BrowserSSOManager.getInstance().setBrowserMark(BrowserSSOUtil.browser, account, true);
                                    }
                                }
                            }
                            BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                            BrowserSSOUtil.isLocked(2);
                        }
                        BrowserSSOUtil.isLocked(2);
                        BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                    }
                    BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                    BrowserSSOUtil.isLocked(2);
                    BrowserSSOUtil.isLocked(2);
                    BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                } catch (Throwable th2) {
                    BrowserSSOUtil.isLocked(2);
                    BrowserSSOUtil._logger.exiting(BrowserSSOUtil.CLASS_NAME, BrowserSSOUtil.SSO_THREAD);
                    throw th2;
                }
            }
        };
        long currentTimeMillis = System.currentTimeMillis();
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForUrl", "SSO Thread Start time: " + currentTimeMillis);
        }
        isLocked(1);
        long currentTimeMillis2 = System.currentTimeMillis();
        thread.start();
        Display current = Display.getCurrent();
        while (isLocked(0) && !current.isDisposed()) {
            try {
            } catch (Throwable th) {
                _logger.logp(Level.SEVERE, CLASS_NAME, "ssoForUrl", SSO_THREAD, th);
            }
            if (System.currentTimeMillis() - currentTimeMillis2 >= 6000) {
                isLocked(2);
                _logger.logp(Level.WARNING, CLASS_NAME, "Browser SSO Thread TimeOut", NLS.bind(DOMBrowserNLS.Error_Fail_To_SSO, location));
                break;
            }
            if (!current.readAndDispatch()) {
                current.sleep();
            }
        }
        if (_logger.isLoggable(Level.FINEST)) {
            long currentTimeMillis3 = System.currentTimeMillis();
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForUrl", "SSO Thread End time: " + currentTimeMillis3);
            _logger.logp(Level.FINEST, CLASS_NAME, "ssoForUrl", "SSO Thread costs(ms): " + (currentTimeMillis3 - currentTimeMillis));
        }
        if (arrayList.size() > 0) {
            arrayList.clear();
        }
        _logger.exiting(CLASS_NAME, "ssoForUrl", "true");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isLocked(int i) {
        switch (i) {
            case 0:
                return locked;
            case 1:
                locked = true;
                return false;
            case 2:
                locked = false;
                return false;
            default:
                return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean validateUrl(String str) {
        if (str == null || str.length() == 0 || BLANK_URL.equalsIgnoreCase(str)) {
            return false;
        }
        try {
            String protocol = new URL(str).getProtocol();
            if (protocol == null || protocol.length() <= 0) {
                return false;
            }
            if (HTTP_PROTOCOL.equalsIgnoreCase(protocol)) {
                return true;
            }
            return HTTPS_PROTOCOL.equalsIgnoreCase(protocol);
        } catch (MalformedURLException unused) {
            return false;
        }
    }
}
