package com.sun.security.auth.module;

import com.sun.security.auth.UnixNumericGroupPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixPrincipal;
import com.sun.tools.doclets.TagletManager;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.LinkedList;
import java.util.Map;
import java.util.ResourceBundle;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* JADX WARN: Classes with same name are omitted:
  input_file:efixes/PQ87578_solaris/components/prereq.jdk/update.jar:/java/jre/lib/backup/rt.jar:com/sun/security/auth/module/JndiLoginModule.class
 */
/* loaded from: input_file:efixes/PQ87578_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:com/sun/security/auth/module/JndiLoginModule.class */
public class JndiLoginModule implements LoginModule {
    static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.util.AuthResources");
    private String userProvider;
    private String groupProvider;
    private String username;
    private char[] password;
    DirContext ctx;
    private UnixPrincipal userPrincipal;
    private UnixNumericUserPrincipal UIDPrincipal;
    private UnixNumericGroupPrincipal GIDPrincipal;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private static final String CRYPT = "{crypt}";
    private static final String USER_PWD = "userPassword";
    private static final String USER_UID = "uidNumber";
    private static final String USER_GID = "gidNumber";
    private static final String GROUP_ID = "gidNumber";
    private static final String NAME = "javax.security.auth.login.name";
    private static final String PWD = "javax.security.auth.login.password";
    public final String USER_PROVIDER = "user.provider.url";
    public final String GROUP_PROVIDER = "group.provider.url";
    private boolean debug = false;
    private boolean strongDebug = false;
    private boolean useFirstPass = false;
    private boolean tryFirstPass = false;
    private boolean storePass = false;
    private boolean clearPass = false;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private LinkedList supplementaryGroups = new LinkedList();

    private void cleanState() {
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.ctx = null;
        if (this.clearPass) {
            this.sharedState.remove(NAME);
            this.sharedState.remove(PWD);
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean abort() throws LoginException {
        if (this.debug) {
            System.out.println("\t\t[JndiLoginModule]: aborted authentication failed");
        }
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        cleanState();
        this.userPrincipal = null;
        this.UIDPrincipal = null;
        this.GIDPrincipal = null;
        this.supplementaryGroups = new LinkedList();
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (this.subject.isReadOnly()) {
            cleanState();
            throw new LoginException("Subject is Readonly");
        }
        if (!this.subject.getPrincipals().contains(this.userPrincipal)) {
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        if (!this.subject.getPrincipals().contains(this.UIDPrincipal)) {
            this.subject.getPrincipals().add(this.UIDPrincipal);
        }
        if (!this.subject.getPrincipals().contains(this.GIDPrincipal)) {
            this.subject.getPrincipals().add(this.GIDPrincipal);
        }
        for (int i = 0; i < this.supplementaryGroups.size(); i++) {
            if (!this.subject.getPrincipals().contains((UnixNumericGroupPrincipal) this.supplementaryGroups.get(i))) {
                this.subject.getPrincipals().add((UnixNumericGroupPrincipal) this.supplementaryGroups.get(i));
            }
        }
        if (this.debug) {
            System.out.println("\t\t[JndiLoginModule]: added UnixPrincipal,");
            System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
            System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
            System.out.println("\t\t\t to Subject");
        }
        cleanState();
        this.commitSucceeded = true;
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean login() throws LoginException {
        if (this.userProvider == null) {
            throw new LoginException("Error: Unable to locate JNDI user provider");
        }
        if (this.groupProvider == null) {
            throw new LoginException("Error: Unable to locate JNDI group provider");
        }
        if (this.debug) {
            System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] user provider: ").append(this.userProvider).toString());
            System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] group provider: ").append(this.groupProvider).toString());
        }
        if (this.tryFirstPass) {
            try {
                attemptAuthentication(true);
                this.succeeded = true;
                if (!this.debug) {
                    return true;
                }
                System.out.println("\t\t[JndiLoginModule] tryFirstPass succeeded");
                return true;
            } catch (LoginException e) {
                cleanState();
                if (this.debug) {
                    System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] tryFirstPass failed with:").append(e.toString()).toString());
                }
            }
        } else if (this.useFirstPass) {
            try {
                attemptAuthentication(true);
                this.succeeded = true;
                if (!this.debug) {
                    return true;
                }
                System.out.println("\t\t[JndiLoginModule] useFirstPass succeeded");
                return true;
            } catch (LoginException e2) {
                cleanState();
                if (this.debug) {
                    System.out.println("\t\t[JndiLoginModule] useFirstPass failed");
                }
                throw e2;
            }
        }
        try {
            attemptAuthentication(false);
            this.succeeded = true;
            if (!this.debug) {
                return true;
            }
            System.out.println("\t\t[JndiLoginModule] regular authentication succeeded");
            return true;
        } catch (LoginException e3) {
            cleanState();
            if (this.debug) {
                System.out.println("\t\t[JndiLoginModule] regular authentication failed");
            }
            throw e3;
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean logout() throws LoginException {
        if (this.subject.isReadOnly()) {
            cleanState();
            throw new LoginException("Subject is Readonly");
        }
        this.subject.getPrincipals().remove(this.userPrincipal);
        this.subject.getPrincipals().remove(this.UIDPrincipal);
        this.subject.getPrincipals().remove(this.GIDPrincipal);
        for (int i = 0; i < this.supplementaryGroups.size(); i++) {
            this.subject.getPrincipals().remove((UnixNumericGroupPrincipal) this.supplementaryGroups.get(i));
        }
        cleanState();
        this.succeeded = false;
        this.commitSucceeded = false;
        this.userPrincipal = null;
        this.UIDPrincipal = null;
        this.GIDPrincipal = null;
        this.supplementaryGroups = new LinkedList();
        if (!this.debug) {
            return true;
        }
        System.out.println("\t\t[JndiLoginModule]: logged out Subject");
        return true;
    }

    private void attemptAuthentication(boolean z) throws LoginException {
        getUsernamePassword(z);
        try {
            InitialContext initialContext = new InitialContext();
            this.ctx = (DirContext) initialContext.lookup(this.userProvider);
            NamingEnumeration search = this.ctx.search("", new StringBuffer().append("(uid=").append(this.username).append(")").toString(), new SearchControls());
            if (!search.hasMore()) {
                if (this.debug) {
                    System.out.println("\t\t[JndiLoginModule]: User not found");
                }
                throw new FailedLoginException("User not found");
            }
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (!verifyPassword(new String((byte[]) attributes.get(USER_PWD).get(), "UTF8").substring(CRYPT.length()), new String(this.password))) {
                if (this.debug) {
                    System.out.println("\t\t[JndiLoginModule] attemptAuthentication() failed");
                }
                throw new FailedLoginException("Login incorrect");
            }
            if (this.debug) {
                System.out.println("\t\t[JndiLoginModule] attemptAuthentication() succeeded");
            }
            if (this.storePass && !this.sharedState.containsKey(NAME) && !this.sharedState.containsKey(PWD)) {
                this.sharedState.put(NAME, this.username);
                this.sharedState.put(PWD, this.password);
            }
            this.userPrincipal = new UnixPrincipal(this.username);
            String str = (String) attributes.get(USER_UID).get();
            this.UIDPrincipal = new UnixNumericUserPrincipal(str);
            if (this.debug && str != null) {
                System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] user: '").append(this.username).append("' has UID: ").append(str).toString());
            }
            String str2 = (String) attributes.get("gidNumber").get();
            this.GIDPrincipal = new UnixNumericGroupPrincipal(str2, true);
            if (this.debug && str2 != null) {
                System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] user: '").append(this.username).append("' has GID: ").append(str2).toString());
            }
            this.ctx = (DirContext) initialContext.lookup(this.groupProvider);
            NamingEnumeration search2 = this.ctx.search("", new BasicAttributes("memberUid", this.username));
            while (search2.hasMore()) {
                String str3 = (String) ((SearchResult) search2.next()).getAttributes().get("gidNumber").get();
                if (!str2.equals(str3)) {
                    this.supplementaryGroups.add(new UnixNumericGroupPrincipal(str3, false));
                    if (this.debug && str3 != null) {
                        System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] user: '").append(this.username).append("' has Supplementary Group: ").append(str3).toString());
                    }
                }
            }
        } catch (UnsupportedEncodingException e) {
            if (this.debug) {
                System.out.println("\t\t[JndiLoginModule]:  password incorrectly encoded");
                e.printStackTrace();
            }
            throw new LoginException("Login failure due to incorrect password encoding in the password database");
        } catch (NamingException e2) {
            if (this.debug) {
                System.out.println("\t\t[JndiLoginModule]:  User not found");
                e2.printStackTrace();
            }
            throw new FailedLoginException("User not found");
        }
    }

    private void getUsernamePassword(boolean z) throws LoginException {
        if (z) {
            this.username = (String) this.sharedState.get(NAME);
            this.password = (char[]) this.sharedState.get(PWD);
            return;
        }
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        String substring = this.userProvider.substring(0, this.userProvider.indexOf(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR));
        Callback[] callbackArr = {new NameCallback(new StringBuffer().append(substring).append(" ").append(rb.getString("username: ")).toString()), new PasswordCallback(new StringBuffer().append(substring).append(" ").append(rb.getString("password: ")).toString(), false)};
        try {
            this.callbackHandler.handle(callbackArr);
            this.username = ((NameCallback) callbackArr[0]).getName();
            char[] password = ((PasswordCallback) callbackArr[1]).getPassword();
            this.password = new char[password.length];
            System.arraycopy(password, 0, this.password, 0, password.length);
            ((PasswordCallback) callbackArr[1]).clearPassword();
            if (this.strongDebug) {
                System.out.println(new StringBuffer().append("\t\t[JndiLoginModule] user entered username: ").append(this.username).toString());
                System.out.print("\t\t[JndiLoginModule] user entered password: ");
                for (int i = 0; i < this.password.length; i++) {
                    System.out.print(this.password[i]);
                }
                System.out.println();
            }
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(new StringBuffer().append("Error: ").append(e2.getCallback().toString()).append(" not available to garner authentication information ").append("from the user").toString());
        }
    }

    private boolean verifyPassword(String str, String str2) {
        if (str == null) {
            return false;
        }
        Crypt crypt = new Crypt();
        byte[] bytes = str.getBytes();
        byte[] crypt2 = crypt.crypt(str2.getBytes(), bytes);
        if (crypt2.length != bytes.length) {
            return false;
        }
        for (int i = 0; i < crypt2.length; i++) {
            if (bytes[i] != crypt2[i]) {
                return false;
            }
        }
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get(TransformerFactoryImpl.DEBUG));
        this.strongDebug = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("strongDebug"));
        this.userProvider = (String) map2.get("user.provider.url");
        this.groupProvider = (String) map2.get("group.provider.url");
        this.tryFirstPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("tryFirstPass"));
        this.useFirstPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("useFirstPass"));
        this.storePass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("storePass"));
        this.clearPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("clearPass"));
    }
}
