package com.sonicsw.mf.framework.directory.impl;

import com.sonicsw.mf.common.config.ConfigException;
import com.sonicsw.mf.common.config.IAttributeList;
import com.sonicsw.mf.common.config.IAttributeSet;
import com.sonicsw.mf.common.config.IBasicElement;
import com.sonicsw.mf.common.config.IElement;
import com.sonicsw.mf.common.config.IElementIdentity;
import com.sonicsw.mf.common.config.Reference;
import com.sonicsw.mf.common.config.impl.EntityName;
import com.sonicsw.mf.common.dirconfig.DirectoryServiceException;
import com.sonicsw.mf.common.dirconfig.ElementFactory;
import com.sonicsw.mf.common.dirconfig.IDirElement;
import com.sonicsw.mf.common.dirconfig.IDirIdentity;
import com.sonicsw.mf.common.dirconfig.VersionOutofSyncException;
import com.sonicsw.mf.framework.IContainer;
import com.sonicsw.mf.framework.IPermissionsManager;
import com.sonicsw.mf.framework.directory.DSComponent;
import com.sonicsw.mf.framework.directory.IDebuggingMasks;
import com.sonicsw.mf.framework.directory.IDirectoryMFService;
import com.sonicsw.mf.framework.directory.ILogger;
import com.sonicsw.mx.util.ServiceMaintainer;
import com.sonicsw.mx.util.ServiceMaintenance;
import com.sonicsw.security.pass.client.IPasswordUser;
import com.sonicsw.security.pass.mf.IGroup;
import com.sonicsw.security.pass.mf.IManagement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager.class */
public final class AuthenticationConfigManager implements ILogger, IDebuggingMasks {
    public static final String MF_REFRESH_ELEMENT = "_MFRefreshTime";
    public static final char[] USER_RESTRICTED_CHARS = {'*', '#', '$', '/', '\\'};
    public static final char[] GROUP_RESTRICTED_CHARS = {'*', '#', '$', '/', '\\', '.', '=', ','};
    private static final long INITIALIZE_DOMAIN_TIMEOUT = 30000;
    private static final long ASYNC_UPDATE_TIMEOUT = 60000;
    private static final int DEFAULT_UPDATE_FREQUENCY_SECS = 600;
    private static final int DEFAULT_REFRESH_FREQUENCY_SECS = 2400;
    static final String DOMAINS_DIRECTORY = "/authentication/domains";
    static final String DOMAIN_DESCRIPTOR = "_MFDomainDescriptor";
    static final String DOMAIN_DESC_TYPE = "MF_AUTHENTICATION_DOMAIN";
    private static final String EXTERNAL_USER_TYPE = "MF_AUTHENTICATION_USER";
    private static final String EXTERNAL_GROUP_TYPE = "MF_AUTHENTICATION_GROUP";
    private static final String REFRESH_TYPE = "MF_REFRESH_TIME";
    private static final String SPI_DESC_TYPE = "MF_MANAGEMENT_SPI";
    private static final String USER_GROUP_MEMBER_TYPE = "user";
    private static final String MEMBER_TYPE = "MEMBER_TYPE";
    private static final String MEMBER_NAME = "MEMBER_NAME";
    private static final String DOMAIN_NAME_ATT = "DOMAIN_NAME";
    static final String DOMAIN_MGMT_SPI_ATT = "MGMT_SPI";
    static final String DOMAIN_EXTERNAL_ATT = "EXTERNAL";
    private static final String DOMAIN_CONNECTION_PARAM_ATT = "MGMT_SPI_CONNECTION_PARAMETERS";
    private static final String EXTERNAL_USER_NAME_ATT = "USER_NAME";
    private static final String EXTERNAL_USER_PASSWORD_ATT = "PASSWORD";
    private static final String EXTERNAL_GROUP_NAME_ATT = "GROUP_NAME";
    private static final String EXTERNAL_GROUP_MEMBERS_ATT = "GROUP_MEMBERS";
    private static final String SPI_SOURCE_TYPE_ATT = "MGMT_SPI_NAME";
    private static final String SPI_CLASS_NAME_ATT = "CLASS_NAME";
    private static final String SPI_CLASSPATH_ATT = "CLASSPATH";
    private static final String REFRESH_TIME_ATT = "RECENT_REFRESH_TIME";
    static final String EXTERNAL_DIR = "external";
    static final String EXTERNAL_USERS_DIR = "external/_MFUsers";
    static final String EXTERNAL_GROUPS_DIR = "external/_MFGroups";
    private DirectoryService m_ds;
    private HashMap m_domains;
    private HashMap m_spis;
    private ILogger m_logger;
    private IDirIdentity[] m_domainIDs;
    private HashMap m_forbiddenDirs;
    private ServiceMaintainer m_DSManagedUpdateThread;
    private long m_updateFrequency;
    private long m_refreshFrequency;
    private boolean m_isStopped = true;
    private boolean m_isClosing = false;
    private DSUpdater m_dsUpdater = new DSUpdater();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager$DSUpdater.class */
    public final class DSUpdater {
        Hashtable m_authrizedThreads;

        private DSUpdater() {
            this.m_authrizedThreads = new Hashtable();
        }

        boolean isAuthorized(Thread thread) {
            return this.m_authrizedThreads.containsKey(thread);
        }

        void registerThread() {
            this.m_authrizedThreads.put(Thread.currentThread(), Boolean.TRUE);
        }

        void unregisterThread() {
            this.m_authrizedThreads.remove(Thread.currentThread());
        }

        void importFromList(IDirElement[] iDirElementArr, String[] strArr) throws DirectoryServiceException {
            try {
                registerThread();
                AuthenticationConfigManager.this.m_ds.importFromList(iDirElementArr, strArr);
                unregisterThread();
            } catch (Throwable th) {
                unregisterThread();
                throw th;
            }
        }

        void deleteElements(String[] strArr) throws DirectoryServiceException {
            try {
                registerThread();
                AuthenticationConfigManager.this.m_ds.deleteElements(strArr);
                unregisterThread();
            } catch (Throwable th) {
                unregisterThread();
                throw th;
            }
        }

        void setElement(IBasicElement iBasicElement) throws DirectoryServiceException {
            try {
                registerThread();
                AuthenticationConfigManager.this.m_ds.setElement(iBasicElement, null);
                unregisterThread();
            } catch (Throwable th) {
                unregisterThread();
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager$DomainConfiguration.class */
    public final class DomainConfiguration {
        String m_name;
        String m_domainID;
        String m_mgmtSpiRef;
        boolean m_external;
        IManagement m_managementInstance;
        HashMap m_connectionParameters;
        AuthSource m_externalSource;
        ServiceMaintainer m_externalUpdateThread;
        EventListener m_eventListener;
        long m_lastUpdateThreadRefresh;

        private DomainConfiguration() {
            this.m_managementInstance = null;
            this.m_connectionParameters = null;
            this.m_externalSource = null;
            this.m_externalUpdateThread = null;
            this.m_eventListener = null;
            this.m_lastUpdateThreadRefresh = 0L;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager$EventListener.class */
    public final class EventListener implements IAuthListener {
        private DomainConfiguration m_domainConfig;
        final short UPDATE_USERS = 1;
        final short UPDATE_GROUPS = 2;
        final short DELETE_USERS = 3;
        final short DELETE_GROUPS = 4;
        final short CONNECTION_RECOVERED = 5;
        private boolean m_delayMode = true;
        private ArrayList m_events = new ArrayList();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager$EventListener$Event.class */
        public final class Event {
            Object m_data;
            short m_type;

            Event(Object obj, short s) {
                this.m_data = obj;
                this.m_type = s;
            }

            Event(short s) {
                this.m_data = null;
                this.m_type = s;
            }
        }

        EventListener(DomainConfiguration domainConfiguration) {
            this.m_domainConfig = domainConfiguration;
        }

        synchronized void stopDelay() {
            this.m_delayMode = false;
            applyDelayedEvents();
        }

        synchronized void startDelay() {
            this.m_delayMode = true;
        }

        @Override // com.sonicsw.mf.framework.directory.impl.IAuthListener
        public synchronized void connectionRecovered() {
            if (this.m_delayMode) {
                this.m_events.add(new Event((short) 5));
                return;
            }
            startDelay();
            try {
                AuthenticationConfigManager.this.updateAll(this.m_domainConfig, 60000L, true);
            } catch (Exception e) {
                if (!(e instanceof TimeoutException)) {
                    AuthenticationConfigManager.this.m_ds.logMessage("Failed to update domain \"" + this.m_domainConfig.m_name + "\" from external source, trace follows...", e, 2);
                }
            }
            stopDelay();
        }

        @Override // com.sonicsw.mf.framework.directory.impl.IAuthListener
        public synchronized void updateUsers(IPasswordUser[] iPasswordUserArr) {
            if (this.m_delayMode) {
                this.m_events.add(new Event(iPasswordUserArr, (short) 1));
            } else {
                AuthenticationConfigManager.this.appendExternalUsers(iPasswordUserArr, this.m_domainConfig);
                AuthenticationConfigManager.this.updateRefreshElement(this.m_domainConfig);
            }
        }

        @Override // com.sonicsw.mf.framework.directory.impl.IAuthListener
        public synchronized void updateGroups(IGroup[] iGroupArr) {
            if (this.m_delayMode) {
                this.m_events.add(new Event(iGroupArr, (short) 2));
            } else {
                AuthenticationConfigManager.this.appendExternalGroups(iGroupArr, this.m_domainConfig);
                AuthenticationConfigManager.this.updateRefreshElement(this.m_domainConfig);
            }
        }

        @Override // com.sonicsw.mf.framework.directory.impl.IAuthListener
        public synchronized void deletePrincipals(String[] strArr, boolean z) {
            if (this.m_delayMode) {
                this.m_events.add(new Event(strArr, z ? (short) 3 : (short) 4));
            } else {
                AuthenticationConfigManager.this.deleteExternalPrincipals(strArr, this.m_domainConfig, z ? AuthenticationConfigManager.EXTERNAL_USERS_DIR : AuthenticationConfigManager.EXTERNAL_GROUPS_DIR);
                AuthenticationConfigManager.this.updateRefreshElement(this.m_domainConfig);
            }
        }

        private void applyDelayedEvents() {
            for (int i = 0; i < this.m_events.size(); i++) {
                Event event = (Event) this.m_events.get(i);
                switch (event.m_type) {
                    case 1:
                        AuthenticationConfigManager.this.appendExternalUsers((IPasswordUser[]) event.m_data, this.m_domainConfig);
                        break;
                    case 2:
                        AuthenticationConfigManager.this.appendExternalGroups((IGroup[]) event.m_data, this.m_domainConfig);
                        break;
                    case 3:
                        AuthenticationConfigManager.this.deleteExternalPrincipals((String[]) event.m_data, this.m_domainConfig, AuthenticationConfigManager.EXTERNAL_USERS_DIR);
                        break;
                    case 4:
                        AuthenticationConfigManager.this.deleteExternalPrincipals((String[]) event.m_data, this.m_domainConfig, AuthenticationConfigManager.EXTERNAL_GROUPS_DIR);
                        break;
                    case 5:
                        connectionRecovered();
                        break;
                }
            }
            if (this.m_events.isEmpty()) {
                return;
            }
            this.m_events = new ArrayList();
            AuthenticationConfigManager.this.updateRefreshElement(this.m_domainConfig);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/mf/framework/directory/impl/AuthenticationConfigManager$MgmtSPIConfiguration.class */
    public final class MgmtSPIConfiguration {
        String m_sourceType;
        String m_className;
        IAttributeList m_classpath;
        Class m_spiClass;

        private MgmtSPIConfiguration() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationConfigManager(DirectoryService directoryService, ILogger iLogger, boolean z) throws DirectoryServiceException {
        this.m_ds = directoryService;
        this.m_logger = iLogger;
        int intValue = Integer.getInteger(IDirectoryMFService.AUTH_UPDATE_FREQUENCY_PROPERTY, DEFAULT_UPDATE_FREQUENCY_SECS).intValue();
        int intValue2 = Integer.getInteger(IDirectoryMFService.AUTH_REFRESH_FREQUENCY_PROPERTY, DEFAULT_REFRESH_FREQUENCY_SECS).intValue();
        this.m_ds.logMessage("Setting external security domain update frequency to " + intValue + " seconds", 3);
        this.m_ds.logMessage("Setting external security domain refresh frequency to " + intValue2 + " seconds", 3);
        this.m_updateFrequency = intValue * 1000;
        this.m_refreshFrequency = intValue2 * 1000;
        getDomainsFromDS();
        initDomains(INITIALIZE_DOMAIN_TIMEOUT, getNeedUpdateDomains());
        if (z) {
            return;
        }
        createAsyncUpdates(this.m_updateFrequency);
    }

    public void logMessage(String str, int i) {
        this.m_ds.logMessage(str, i);
    }

    public void logMessage(String str, Throwable th, int i) {
        this.m_ds.logMessage(str, th, i);
    }

    @Override // com.sonicsw.mf.framework.directory.ILogger
    public void trace(int i, String str) {
        this.m_ds.trace(i, str);
    }

    @Override // com.sonicsw.mf.framework.directory.ILogger
    public void trace(int i, String str, Throwable th) {
        this.m_ds.trace(i, str, th);
    }

    public synchronized void modifyDomainConnectionParameters(IElement iElement) {
        if (this.m_isClosing) {
            return;
        }
        try {
            String parent = new EntityName(iElement.getIdentity().getName()).getParent();
            DomainConfiguration domainConfiguration = (DomainConfiguration) this.m_domains.get(parent);
            if (domainConfiguration != null && domainConfiguration.m_external) {
                if (this.m_isStopped) {
                    this.m_ds.logMessage("Ignoring new connection parameters of security domain \"" + domainConfiguration.m_name + "\", with configuration id \"" + domainConfiguration.m_domainID + "\" since the Directory Service is in a read-only state.", 2);
                    return;
                }
                IAttributeSet iAttributeSet = (IAttributeSet) iElement.getAttributes().getAttribute(DOMAIN_CONNECTION_PARAM_ATT);
                HashMap attributes = iAttributeSet == null ? null : iAttributeSet.getAttributes();
                if (!validConnectionParameters(attributes)) {
                    this.m_ds.logMessage("The new connection parameters of security domain \"" + domainConfiguration.m_name + "\", with configuration id \"" + domainConfiguration.m_domainID + "\" are invalid; the new parameters are ignored.", 2);
                    return;
                }
                stopAsyncUpdate(domainConfiguration);
                close(domainConfiguration);
                domainConfiguration.m_connectionParameters = attributes;
                createAuthSource(domainConfiguration, this.m_logger);
                if (domainConfiguration.m_externalSource == null) {
                    this.m_ds.logMessage("Failed to connect with new connection parameters of security domain \"" + domainConfiguration.m_name + "\", with configuration id \"" + domainConfiguration.m_domainID + "\"", 2);
                    this.m_ds.logMessage("Security domain \"" + domainConfiguration.m_name + "\" is not being updated from the external source", 2);
                    this.m_domains.remove(parent);
                    return;
                }
                if (domainConfiguration.m_eventListener != null) {
                    try {
                        updateAll(domainConfiguration, 60000L, true);
                    } catch (Exception e) {
                        if (!(e instanceof TimeoutException)) {
                            this.m_ds.logMessage("Failed to update security domain \"" + domainConfiguration.m_name + "\", trace follows...", e, 2);
                            close(domainConfiguration);
                            this.m_domains.remove(parent);
                        }
                    }
                }
                startExternalAsyncUpdate(domainConfiguration, this.m_updateFrequency);
            }
        } catch (ConfigException e2) {
            this.m_ds.logMessage("Failure to get security domain configuration identity, trace follows...", e2, 1);
        }
    }

    private static boolean containsChar(String str, char[] cArr) {
        if (str == null) {
            return false;
        }
        for (char c : cArr) {
            if (str.indexOf(c) != -1) {
                return true;
            }
        }
        return false;
    }

    private boolean equalConnectionParam(HashMap hashMap, HashMap hashMap2) {
        if (hashMap == null && hashMap2 == null) {
            return true;
        }
        if (hashMap == null || hashMap2 == null || hashMap.size() != hashMap2.size()) {
            return false;
        }
        for (String str : hashMap.keySet()) {
            String str2 = (String) hashMap.get(str);
            String str3 = (String) hashMap2.get(str);
            if (str3 == null || !str2.equals(str3)) {
                return false;
            }
        }
        return true;
    }

    private boolean validConnectionParameters(HashMap hashMap) {
        if (hashMap == null) {
            return true;
        }
        Iterator it = hashMap.values().iterator();
        while (it.hasNext()) {
            if (!(it.next() instanceof String)) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateAll(DomainConfiguration domainConfiguration, long j, boolean z) throws DirectoryServiceException, TimeoutException {
        updateExternalUsers(domainConfiguration, j);
        updateExternalGroups(domainConfiguration, j);
        if (z) {
            updateRefreshElement(domainConfiguration);
        }
    }

    private void updateExternalUsers(DomainConfiguration domainConfiguration, long j) throws TimeoutException {
        IPasswordUser[] users = domainConfiguration.m_externalSource.getUsers(j);
        if (users == null) {
            users = new IPasswordUser[0];
        }
        String str = domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + EXTERNAL_USERS_DIR;
        try {
            this.m_dsUpdater.importFromList(externalUsersToElements(users, str, domainConfiguration.m_name), new String[]{str});
        } catch (Throwable th) {
            this.m_ds.logMessage("Failed to update external users for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void appendExternalUsers(IPasswordUser[] iPasswordUserArr, DomainConfiguration domainConfiguration) {
        if (iPasswordUserArr == null) {
            iPasswordUserArr = new IPasswordUser[0];
        }
        try {
            this.m_dsUpdater.importFromList(externalUsersToElements(iPasswordUserArr, domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + EXTERNAL_USERS_DIR, domainConfiguration.m_name), null);
        } catch (Throwable th) {
            this.m_ds.logMessage("Failed to append external users for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    private void updateExternalGroups(DomainConfiguration domainConfiguration, long j) throws TimeoutException {
        IGroup[] groups = domainConfiguration.m_externalSource.getGroups(j);
        if (groups == null) {
            groups = new IGroup[0];
        }
        String str = domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + EXTERNAL_GROUPS_DIR;
        try {
            this.m_dsUpdater.importFromList(externalGroupsToElements(groups, str, domainConfiguration.m_name), new String[]{str});
        } catch (Throwable th) {
            this.m_ds.logMessage("Failed to update external groups for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void appendExternalGroups(IGroup[] iGroupArr, DomainConfiguration domainConfiguration) {
        if (iGroupArr == null) {
            iGroupArr = new IGroup[0];
        }
        try {
            this.m_dsUpdater.importFromList(externalGroupsToElements(iGroupArr, domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + EXTERNAL_GROUPS_DIR, domainConfiguration.m_name), null);
        } catch (Throwable th) {
            this.m_ds.logMessage("Failed to append external groups for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteExternalPrincipals(String[] strArr, DomainConfiguration domainConfiguration, String str) {
        try {
            this.m_dsUpdater.deleteElements(externalPrincipalToElementNames(strArr, domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + str));
        } catch (Throwable th) {
            this.m_ds.logMessage("Failed to delete external principals for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    private String[] externalPrincipalToElementNames(String[] strArr, String str) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = str + IPermissionsManager.PATH_DELIMITER + strArr[i];
        }
        return strArr2;
    }

    private IDirElement[] externalGroupsToElements(IGroup[] iGroupArr, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < iGroupArr.length; i++) {
            IPasswordUser[] groupUsers = iGroupArr[i].getGroupUsers();
            if (groupUsers == null) {
                groupUsers = new IPasswordUser[0];
            }
            String name = iGroupArr[i].getName();
            if (name == null || name.trim().length() == 0) {
                this.m_ds.logMessage("An empty group name was received from external source of domain \"" + str2 + "\" - ignoring this group (name \"" + name + "\", idx " + i + ")", 2);
            } else if (hashMap.put(name, Boolean.TRUE) != null) {
                this.m_ds.logMessage("A duplicate group \"" + name + "\"  was received from external source of domain \"" + str2 + "\" - ignoring the second one", 2);
            } else if (containsChar(name, GROUP_RESTRICTED_CHARS)) {
                this.m_ds.logMessage("Group name \"" + name + "\"  contains one of the following restricted characters \"" + new String(GROUP_RESTRICTED_CHARS) + "\" - ignoring this group", 2);
            } else {
                IDirElement createElement = ElementFactory.createElement(str + IPermissionsManager.PATH_DELIMITER + name, EXTERNAL_GROUP_TYPE, "107");
                IAttributeSet attributes = createElement.getAttributes();
                try {
                    attributes.setStringAttribute(EXTERNAL_GROUP_NAME_ATT, name);
                    IAttributeSet createAttributeSet = attributes.createAttributeSet(EXTERNAL_GROUP_MEMBERS_ATT);
                    for (IPasswordUser iPasswordUser : groupUsers) {
                        String name2 = iPasswordUser.getName();
                        IAttributeSet createAttributeSet2 = createAttributeSet.createAttributeSet(name2);
                        createAttributeSet2.setStringAttribute(MEMBER_NAME, name2);
                        createAttributeSet2.setStringAttribute(MEMBER_TYPE, USER_GROUP_MEMBER_TYPE);
                    }
                    arrayList.add(createElement.doneUpdate());
                } catch (Throwable th) {
                    throwError(th);
                }
            }
        }
        IDirElement[] iDirElementArr = new IDirElement[arrayList.size()];
        arrayList.toArray(iDirElementArr);
        return iDirElementArr;
    }

    private IDirElement[] externalUsersToElements(IPasswordUser[] iPasswordUserArr, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < iPasswordUserArr.length; i++) {
            String name = iPasswordUserArr[i].getName();
            if (hashMap.put(name, Boolean.TRUE) != null) {
                this.m_ds.logMessage("A duplicate User \"" + name + "\"  was received from external source of domain \"" + str2 + "\" - ignoring the second one", 2);
            } else if (containsChar(name, USER_RESTRICTED_CHARS)) {
                this.m_ds.logMessage("User name \"" + name + "\"  contains one of the following restricted characters \"" + new String(USER_RESTRICTED_CHARS) + "\" - ignoring this user", 2);
            } else {
                byte[] password = iPasswordUserArr[i].getPassword();
                IDirElement createElement = ElementFactory.createElement(str + IPermissionsManager.PATH_DELIMITER + name, EXTERNAL_USER_TYPE, "107");
                IAttributeSet attributes = createElement.getAttributes();
                try {
                    attributes.setStringAttribute(EXTERNAL_USER_NAME_ATT, name);
                    attributes.setBytesAttribute("PASSWORD", password);
                    arrayList.add(createElement.doneUpdate());
                } catch (Throwable th) {
                    throwError(th);
                }
            }
        }
        IDirElement[] iDirElementArr = new IDirElement[arrayList.size()];
        arrayList.toArray(iDirElementArr);
        return iDirElementArr;
    }

    private IBasicElement createRefreshElement(String str) {
        IDirElement createElement = ElementFactory.createElement(str, REFRESH_TYPE, "107");
        try {
            createElement.getAttributes().setLongAttribute(REFRESH_TIME_ATT, new Long(0L));
            return createElement.doneUpdate();
        } catch (Throwable th) {
            throwError(th);
            return null;
        }
    }

    private long getRefreshTime(IElement iElement) {
        return ((Long) iElement.getAttributes().getAttribute(REFRESH_TIME_ATT)).longValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateRefreshElement(DomainConfiguration domainConfiguration) {
        try {
            IDirElement element = this.m_ds.getElement(domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + MF_REFRESH_ELEMENT, true);
            element.getAttributes().setLongAttribute(REFRESH_TIME_ATT, new Long(System.currentTimeMillis()));
            this.m_dsUpdater.setElement(element.doneUpdate());
        } catch (Throwable th) {
            if (th instanceof VersionOutofSyncException) {
                return;
            }
            this.m_ds.logMessage("Failed to update refresh element for security domain \"" + domainConfiguration.m_name + "\", trace follows...", th, 2);
        }
    }

    private void throwError(Throwable th) {
        this.m_ds.logMessage("Security domain management failure, trace follows...", th, 2);
        Error error = new Error("Security domain management failure, see cause");
        error.initCause(th);
        throw error;
    }

    private void getDomainsFromDS() throws DirectoryServiceException {
        this.m_domains = new HashMap();
        this.m_spis = new HashMap();
        this.m_domainIDs = new IDirIdentity[0];
        try {
            this.m_domainIDs = this.m_ds.listDirectories(DOMAINS_DIRECTORY);
            for (int i = 0; i < this.m_domainIDs.length; i++) {
                getDomainsFromDS(this.m_domainIDs[i].getName());
            }
        } catch (DirectoryServiceException e) {
            this.m_ds.trace(64, "AuthenticationConfigManager: No \"/authentication/domains\" directory.");
        }
    }

    private void getDomainsFromDS(String str) throws DirectoryServiceException {
        IDirElement element = this.m_ds.getElement(str + IPermissionsManager.PATH_DELIMITER + DOMAIN_DESCRIPTOR, false);
        if (element == null) {
            this.m_ds.logMessage("Could not find the domain decriptor for the \"" + str + "\" domain", 2);
            return;
        }
        DomainConfiguration domainConfFromElement = getDomainConfFromElement(element, str);
        if (domainConfFromElement == null) {
            return;
        }
        MgmtSPIConfiguration mgmtSPIConfiguration = (MgmtSPIConfiguration) this.m_spis.get(domainConfFromElement.m_mgmtSpiRef);
        if (domainConfFromElement.m_external && mgmtSPIConfiguration == null) {
            IDirElement element2 = this.m_ds.getElement(domainConfFromElement.m_mgmtSpiRef, false);
            if (element2 == null) {
                this.m_ds.logMessage("Could not find the \"" + domainConfFromElement.m_mgmtSpiRef + "\" configuration", 2);
                logDomainFailure(domainConfFromElement.m_name);
                return;
            }
            mgmtSPIConfiguration = getSPIConfFromElement(element2);
            if (mgmtSPIConfiguration == null) {
                logDomainFailure(domainConfFromElement.m_name);
                return;
            }
            mgmtSPIConfiguration.m_spiClass = getSPIClass(mgmtSPIConfiguration.m_className, mgmtSPIConfiguration.m_classpath);
            if (mgmtSPIConfiguration.m_spiClass == null) {
                logDomainFailure(domainConfFromElement.m_name);
                return;
            }
            this.m_spis.put(domainConfFromElement.m_mgmtSpiRef, mgmtSPIConfiguration);
        }
        if (domainConfFromElement.m_external) {
            domainConfFromElement.m_managementInstance = getSPIInstance(mgmtSPIConfiguration.m_spiClass);
            if (domainConfFromElement.m_managementInstance == null) {
                logDomainFailure(domainConfFromElement.m_name);
                return;
            }
            createAuthSource(domainConfFromElement, this.m_logger);
            if (domainConfFromElement.m_externalSource == null) {
                logDomainFailure(domainConfFromElement.m_name);
                return;
            }
        }
        this.m_domains.put(str, domainConfFromElement);
    }

    ArrayList getNeedUpdateDomains() throws DirectoryServiceException {
        this.m_forbiddenDirs = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.m_domainIDs.length; i++) {
            String needUpdateDomains = getNeedUpdateDomains(this.m_domainIDs[i].getName(), false);
            if (needUpdateDomains != null) {
                arrayList.add(needUpdateDomains);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createExternalDirectories(String str) throws DirectoryServiceException {
        String str2 = str + IPermissionsManager.PATH_DELIMITER + EXTERNAL_DIR;
        String str3 = str + IPermissionsManager.PATH_DELIMITER + EXTERNAL_USERS_DIR;
        String str4 = str + IPermissionsManager.PATH_DELIMITER + EXTERNAL_GROUPS_DIR;
        this.m_forbiddenDirs.put(str3, Boolean.TRUE);
        this.m_forbiddenDirs.put(str4, Boolean.TRUE);
        if (!this.m_ds.directoryExists(str2)) {
            this.m_ds.createDirectory(str2);
        }
        if (!this.m_ds.directoryExists(str3)) {
            this.m_ds.createDirectory(str3);
        }
        if (this.m_ds.directoryExists(str4)) {
            return;
        }
        this.m_ds.createDirectory(str4);
    }

    private String getNeedUpdateDomains(String str, boolean z) throws DirectoryServiceException {
        DomainConfiguration domainConfiguration = (DomainConfiguration) this.m_domains.get(str);
        if (domainConfiguration == null || !domainConfiguration.m_external) {
            return null;
        }
        if (domainConfiguration.m_external) {
            createExternalDirectories(str);
        }
        String str2 = str + IPermissionsManager.PATH_DELIMITER + MF_REFRESH_ELEMENT;
        IDirElement element = this.m_ds.getElement(str2, false);
        if (element == null) {
            if (z) {
                this.m_dsUpdater.setElement(createRefreshElement(str2));
            } else {
                this.m_ds.setElement(createRefreshElement(str2), null);
            }
            return str;
        }
        if (getRefreshTime(element) != 0 && domainConfiguration.m_eventListener == null) {
            return null;
        }
        return str;
    }

    void initDomains(long j, ArrayList arrayList) {
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < arrayList.size(); i++) {
            String str = (String) arrayList.get(i);
            DomainConfiguration domainConfiguration = (DomainConfiguration) this.m_domains.get(str);
            if (domainConfiguration != null && domainConfiguration.m_external) {
                try {
                    updateAll(domainConfiguration, j, true);
                } catch (Exception e) {
                    if (e instanceof TimeoutException) {
                        this.m_ds.logMessage("Failed to initialize security domain \"" + domainConfiguration.m_name + "\" due to timeout", 2);
                    } else {
                        this.m_ds.logMessage("Failed to initialize security domain \"" + domainConfiguration.m_name + "\", trace follows...", e, 2);
                    }
                    arrayList2.add(str);
                }
            }
        }
        for (int i2 = 0; i2 < arrayList2.size(); i2++) {
            close((DomainConfiguration) this.m_domains.remove(arrayList2.get(i2)));
        }
    }

    private void createAuthSource(DomainConfiguration domainConfiguration, ILogger iLogger) {
        try {
            domainConfiguration.m_externalSource = new AuthSource(domainConfiguration.m_managementInstance, domainConfiguration.m_name, domainConfiguration.m_connectionParameters, this);
            EventListener eventListener = new EventListener(domainConfiguration);
            if (domainConfiguration.m_externalSource.registerListener(eventListener)) {
                domainConfiguration.m_eventListener = eventListener;
            } else {
                domainConfiguration.m_eventListener = null;
            }
            domainConfiguration.m_externalSource.connect();
        } catch (Throwable th) {
            this.m_ds.trace(64, "SPI failure, trace follows...", th);
            domainConfiguration.m_externalSource = null;
            domainConfiguration.m_eventListener = null;
        }
    }

    private void logDomainFailure(String str) {
        this.m_ds.logMessage("Could not load the \"" + str + "\" domain", 2);
    }

    private Class getSPIClass(String str, IAttributeList iAttributeList) {
        try {
            return this.m_ds.loadClass(str, DirectoryService.listToClasspath(iAttributeList));
        } catch (Throwable th) {
            this.m_ds.logMessage("Could not load SPI authentication management class \"" + str + "\", trace follows...", th, 1);
            return null;
        }
    }

    private IManagement getSPIInstance(Class cls) {
        try {
            Object newInstance = cls.newInstance();
            if (newInstance instanceof IManagement) {
                return (IManagement) newInstance;
            }
            this.m_ds.logMessage(cls.getName() + " does not implement the authentication management SPI interface", 1);
            return null;
        } catch (Throwable th) {
            this.m_ds.logMessage("Could not create an instance of an authentication management class \"" + cls.getName() + "\", trace follows...", th, 1);
            return null;
        }
    }

    private ServiceMaintainer startRefreshElementThread() {
        return new ServiceMaintainer("Element Refresher", new ServiceMaintenance() { // from class: com.sonicsw.mf.framework.directory.impl.AuthenticationConfigManager.1
            public Exception doMaintenance() {
                AuthenticationConfigManager.this.updateRefreshElements();
                return null;
            }

            public void onAccessibilityChange(boolean z) {
            }
        }, this.m_refreshFrequency, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateRefreshElements() {
        for (DomainConfiguration domainConfiguration : this.m_domains.values()) {
            if (domainConfiguration.m_eventListener != null && domainConfiguration.m_externalSource.isConnected()) {
                updateRefreshElement(domainConfiguration);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getExternalDomainsDescriptors() {
        ArrayList arrayList = new ArrayList();
        for (DomainConfiguration domainConfiguration : this.m_domains.values()) {
            if (domainConfiguration.m_external) {
                arrayList.add(domainConfiguration.m_domainID + IPermissionsManager.PATH_DELIMITER + DOMAIN_DESCRIPTOR);
            }
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startClosingDomain(String str) {
        this.m_dsUpdater.registerThread();
        DomainConfiguration domainConfiguration = (DomainConfiguration) this.m_domains.get(str);
        if (domainConfiguration == null || !domainConfiguration.m_external) {
            return;
        }
        stopAsyncUpdate(domainConfiguration);
        close(domainConfiguration);
        this.m_domains.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void endClosingDomain() {
        this.m_dsUpdater.unregisterThread();
    }

    private void startExternalAsyncUpdate(DomainConfiguration domainConfiguration, long j) {
        if (domainConfiguration.m_eventListener != null) {
            domainConfiguration.m_eventListener.stopDelay();
        } else {
            domainConfiguration.m_externalUpdateThread = new ServiceMaintainer(new ServiceMaintenance() { // from class: com.sonicsw.mf.framework.directory.impl.AuthenticationConfigManager.2
                public Exception doMaintenance(String str) {
                    return AuthenticationConfigManager.this.updateExternalDomain((DomainConfiguration) AuthenticationConfigManager.this.m_domains.get(str));
                }

                public Exception doMaintenance() {
                    AuthenticationConfigManager.this.m_ds.logMessage("startExternalAsyncUpdate.doMaintenance() shold never be called", 1);
                    return null;
                }

                public void onAccessibilityChange(boolean z) {
                    if (z) {
                        AuthenticationConfigManager.this.m_ds.trace(64, "External authentication information update started");
                    } else {
                        AuthenticationConfigManager.this.m_ds.trace(64, "External authentication information update failed - retrying...");
                    }
                }
            }, j, false, domainConfiguration.m_domainID);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Exception updateExternalDomain(DomainConfiguration domainConfiguration) {
        try {
            long currentTimeMillis = System.currentTimeMillis();
            boolean z = currentTimeMillis - domainConfiguration.m_lastUpdateThreadRefresh >= this.m_refreshFrequency;
            updateAll(domainConfiguration, 60000L, z);
            if (z) {
                domainConfiguration.m_lastUpdateThreadRefresh = currentTimeMillis;
            }
            return null;
        } catch (Exception e) {
            return e;
        }
    }

    synchronized void stopAsyncUpdates() {
        this.m_isStopped = true;
        if (this.m_DSManagedUpdateThread != null) {
            this.m_DSManagedUpdateThread.close();
            try {
                this.m_DSManagedUpdateThread.join();
            } catch (InterruptedException e) {
            }
            this.m_DSManagedUpdateThread = null;
        }
        Iterator it = this.m_domains.values().iterator();
        while (it.hasNext()) {
            stopAsyncUpdate((DomainConfiguration) it.next());
        }
    }

    synchronized void stopAsyncUpdate(DomainConfiguration domainConfiguration) {
        if (domainConfiguration.m_externalUpdateThread != null) {
            domainConfiguration.m_externalUpdateThread.close();
            try {
                domainConfiguration.m_externalUpdateThread.join();
            } catch (InterruptedException e) {
            }
            domainConfiguration.m_externalUpdateThread = null;
        } else if (domainConfiguration.m_eventListener != null) {
            domainConfiguration.m_eventListener.startDelay();
        }
    }

    void createAsyncUpdates() {
        createAsyncUpdates(this.m_updateFrequency);
    }

    private synchronized void createAsyncUpdates(long j) {
        this.m_isStopped = false;
        boolean z = false;
        for (DomainConfiguration domainConfiguration : this.m_domains.values()) {
            if (domainConfiguration.m_external) {
                startExternalAsyncUpdate(domainConfiguration, j);
                if (domainConfiguration.m_eventListener != null) {
                    z = true;
                }
            }
        }
        if (z) {
            this.m_DSManagedUpdateThread = startRefreshElementThread();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void close() {
        this.m_isClosing = true;
        stopAsyncUpdates();
        Iterator it = this.m_domains.values().iterator();
        while (it.hasNext()) {
            close((DomainConfiguration) it.next());
        }
    }

    private void close(DomainConfiguration domainConfiguration) {
        if (domainConfiguration.m_external) {
            if (domainConfiguration.m_externalSource != null) {
                domainConfiguration.m_externalSource.disconnect();
            }
            domainConfiguration.m_externalSource = null;
        }
    }

    public String toString() {
        String str = DSComponent.FAULT_TOLERANCE_ROLE_DEFAULT;
        if (!this.m_spis.isEmpty()) {
            str = str + "Management SPIs:" + IContainer.NEWLINE;
        }
        for (MgmtSPIConfiguration mgmtSPIConfiguration : this.m_spis.values()) {
            str = str + mgmtSPIConfiguration.m_sourceType + " " + mgmtSPIConfiguration.m_className + IContainer.NEWLINE;
        }
        if (!this.m_domains.isEmpty()) {
            str = str + IContainer.NEWLINE + "Domains:" + IContainer.NEWLINE;
        }
        for (DomainConfiguration domainConfiguration : this.m_domains.values()) {
            str = str + domainConfiguration.m_name + (domainConfiguration.m_external ? " 'external' " : " 'DS managed' ") + (domainConfiguration.m_mgmtSpiRef != null ? domainConfiguration.m_mgmtSpiRef : DSComponent.FAULT_TOLERANCE_ROLE_DEFAULT) + " " + IContainer.NEWLINE;
        }
        if (!this.m_forbiddenDirs.isEmpty()) {
            str = str + IContainer.NEWLINE + "Restricted Directories:" + IContainer.NEWLINE;
        }
        Iterator it = this.m_forbiddenDirs.keySet().iterator();
        while (it.hasNext()) {
            str = str + ((String) it.next()) + IContainer.NEWLINE;
        }
        return str;
    }

    private DomainConfiguration getDomainConfFromElement(IElement iElement, String str) {
        IElementIdentity identity = iElement.getIdentity();
        if (!identity.getType().equals(DOMAIN_DESC_TYPE)) {
            this.m_ds.logMessage("\"" + identity.getName() + "\" has the wrong type. Should be \"" + DOMAIN_DESC_TYPE + "\"", 2);
            return null;
        }
        IAttributeSet attributes = iElement.getAttributes();
        DomainConfiguration domainConfiguration = new DomainConfiguration();
        domainConfiguration.m_domainID = str;
        String str2 = (String) attributes.getAttribute(DOMAIN_NAME_ATT);
        domainConfiguration.m_name = str2 == null ? "?" : str2;
        Reference reference = (Reference) attributes.getAttribute(DOMAIN_MGMT_SPI_ATT);
        domainConfiguration.m_mgmtSpiRef = reference == null ? null : reference.getElementName();
        Boolean bool = (Boolean) attributes.getAttribute(DOMAIN_EXTERNAL_ATT);
        domainConfiguration.m_external = bool == null ? false : bool.booleanValue();
        IAttributeSet iAttributeSet = (IAttributeSet) attributes.getAttribute(DOMAIN_CONNECTION_PARAM_ATT);
        domainConfiguration.m_connectionParameters = iAttributeSet == null ? null : iAttributeSet.getAttributes();
        if (!validConnectionParameters(domainConfiguration.m_connectionParameters)) {
            this.m_ds.logMessage("The connection parameters of domain \"" + domainConfiguration.m_name + "\", with configuration id \"" + identity.getName() + "\" are not valid - must be of type String", 2);
            return null;
        }
        if (!domainConfiguration.m_external || domainConfiguration.m_mgmtSpiRef != null) {
            return domainConfiguration;
        }
        this.m_ds.logMessage("Domain \"" + domainConfiguration.m_name + "\", with configuration id \"" + identity.getName() + "\" is external. It does not contain reference to Management SPI class", 2);
        return null;
    }

    private MgmtSPIConfiguration getSPIConfFromElement(IElement iElement) {
        IElementIdentity identity = iElement.getIdentity();
        if (!identity.getType().equals(SPI_DESC_TYPE)) {
            this.m_ds.logMessage("\"" + identity.getName() + "\" has the wrong type. Should be \"" + SPI_DESC_TYPE + "\"", 2);
            return null;
        }
        IAttributeSet attributes = iElement.getAttributes();
        MgmtSPIConfiguration mgmtSPIConfiguration = new MgmtSPIConfiguration();
        String str = (String) attributes.getAttribute(SPI_SOURCE_TYPE_ATT);
        mgmtSPIConfiguration.m_sourceType = str == null ? "?" : str;
        mgmtSPIConfiguration.m_className = (String) attributes.getAttribute(SPI_CLASS_NAME_ATT);
        mgmtSPIConfiguration.m_classpath = (IAttributeList) attributes.getAttribute(SPI_CLASSPATH_ATT);
        return mgmtSPIConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void okToModify(EntityName entityName) throws DirectoryServiceException {
        String name = entityName.getParentEntity().getName();
        Thread currentThread = Thread.currentThread();
        if ((currentThread instanceof ServiceMaintainer) || this.m_dsUpdater.isAuthorized(currentThread)) {
            return;
        }
        if (this.m_forbiddenDirs.get(name) != null) {
            throw new DirectoryServiceException("Elements under the \"" + name + "\" directory cannot be modified.");
        }
        if (entityName.getBaseName().equals(MF_REFRESH_ELEMENT)) {
            throw new DirectoryServiceException("\"_MFRefreshTime\" cannot be modified.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void okToDeleteDir(EntityName entityName) throws DirectoryServiceException {
        String name = entityName.getName();
        if (name.equals(IPermissionsManager.PATH_DELIMITER) || name.equals(DirectoryService.SYSTEM_DIRECTORY_PATH)) {
            throw new DirectoryServiceException("\"" + name + "\" cannot be deleted.");
        }
        if (this.m_forbiddenDirs.get(name) != null && !this.m_dsUpdater.isAuthorized(Thread.currentThread())) {
            throw new DirectoryServiceException("The \"" + name + "\" directory cannot be modified.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void okToModify(String str) throws DirectoryServiceException {
        try {
            okToModify(new EntityName(str));
        } catch (ConfigException e) {
            throw new DirectoryServiceException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean reloadExternalAuthenticationDomain(String str) throws DirectoryServiceException {
        getDomainsFromDS(str);
        ArrayList arrayList = new ArrayList();
        String needUpdateDomains = getNeedUpdateDomains(str, true);
        if (needUpdateDomains != null) {
            arrayList.add(needUpdateDomains);
        }
        initDomains(INITIALIZE_DOMAIN_TIMEOUT, arrayList);
        return Boolean.TRUE;
    }
}
