package com.nitix.domino;

import com.ibm.foundations.sdk.core.FoundationsCoreUtils;
import com.nitix.logging.SingleLineFormatter;
import com.nitix.uniconf.UniConfPasswordDecoder;
import com.nitix.utils.Convert;
import com.nitix.utils.FileUtils;
import com.nitix.utils.PasswordCache;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.Properties;
import java.util.TreeSet;
import java.util.Vector;
import java.util.logging.FileHandler;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:lfstart.jar:com/nitix/domino/PasswordAndIDManager.class */
public class PasswordAndIDManager {
    private static FileHandler changelogFileHandler;
    private static String canonicalServerName;
    private static PasswordCache pwCache;
    private static final String certifierPasswordKey = "!~Certifier~!";
    private static final File certifierIDMainFile;
    private static final File certifierIDSavedFile;
    private static boolean loggedVersionInfo;
    private static long passwordCacheChecksum;
    private static Vector checksumFiles;
    private static Logger logger = Logger.getLogger("com.nitix.domino.PasswordAndIDManager");
    private static Logger changelog = Logger.getLogger("com.nitix.domino.PasswordAndIDManager.changelog");
    private static final File userIDFilesDir = new File("/home/" + DominoTeamNames.getBackupTeam() + "/notesid");
    private static final File serverIDFilesDir = new File("/home/" + DominoTeamNames.getBackupTeam() + "/notesid/server");
    private static final File changelogFile = new File(userIDFilesDir, ".changelog");

    private PasswordAndIDManager() {
    }

    public static synchronized void setServerCanonicalName(String str) {
        canonicalServerName = str;
    }

    public static synchronized String getServerCanonicalName() {
        if (canonicalServerName == null) {
            canonicalServerName = DominoUtils.getServerInfoFromDominoEnv().getCanonicalServerName();
        }
        return canonicalServerName;
    }

    public static synchronized boolean saveUserPassword(String str, String str2) {
        return saveUserPassword(str, str2, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static synchronized boolean saveUserPassword(String str, String str2, boolean z) {
        startUsingChangelog();
        String str3 = "PasswordAndIDManager: saveUserPassword(" + str + "): ";
        String password = pwCache.getPassword(str);
        File userIDFile = str == null ? null : getUserIDFile(str);
        boolean z2 = false;
        changelog.info(str3 + "Begin...");
        changelog.info(str3 + "ID file: " + userIDFile);
        changelog.info(str3 + "Old password: " + obfu(password));
        changelog.info(str3 + "New Password: " + obfu(str2));
        boolean z3 = false;
        if (str == null) {
            logger.info(str3 + "WARNING: Username is null! ID file unchanged.");
        } else if (str2 == null) {
            logger.info(str3 + "WARNING: Password is null! ID file unchanged.");
        } else if (!userIDFile.exists()) {
            logger.info(str3 + "WARNING: User ID file does not exist (missing from save area)! ID file unchanged.");
        } else if (z) {
            logger.info(str3 + "User ID file is guaranteed to use the given password - no changes required.");
            cachePassword(str3, userIDFile, str, str2);
        } else if (testIDFilePassword(userIDFile, str2)) {
            if (testIDFilePassword(userIDFile, str2 + "x")) {
                logger.info(str3 + "User ID file has NO password.  Changing to new one.");
                password = null;
                z3 = true;
            } else {
                logger.info(str3 + "User ID file uses the given password - no changes required.");
                cachePassword(str3, userIDFile, str, str2);
            }
        } else if (password == null) {
            logger.info(str3 + "WARNING: Old password of user ID file is unknown!  ID file unchanged.");
        } else if (testIDFilePassword(userIDFile, password)) {
            z3 = true;
        } else {
            logger.info(str3 + "WARNING: Old password fails to open user ID file!  ID file unchanged.");
        }
        if (z3) {
            if (password != null) {
                logger.info(str3 + "Refreshing user's ID file...");
                new DominoNative().refreshIdFile(logger, userIDFile.getAbsolutePath(), password, getServerCanonicalName());
                logger.info(str3 + "Refreshed user's ID file.");
            }
            logger.info(str3 + "Changing password in user's ID file...");
            DominoNative dominoNative = new DominoNative();
            String str4 = password;
            int changePassword = dominoNative.changePassword(logger, userIDFile.getAbsolutePath(), str4, str2);
            if (changePassword == 6649) {
                int i = 0;
                long currentTimeMillis = System.currentTimeMillis();
                logger.info("Flushing old passwords (starting suffix: " + currentTimeMillis + ")...");
                while (true) {
                    if (i >= 55) {
                        break;
                    }
                    new StringBuilder().append(str2);
                    long j = currentTimeMillis;
                    currentTimeMillis = j + 1;
                    String sb = str4.append(j).toString();
                    str4 = password;
                    changePassword = dominoNative.changePassword(logger, userIDFile.getAbsolutePath(), str4, sb, false);
                    if (changePassword == 0) {
                        i++;
                        password = sb;
                        str4 = password;
                        changePassword = dominoNative.changePassword(logger, userIDFile.getAbsolutePath(), str4, str2, false);
                        if (changePassword == 0) {
                            logger.info("Old passwords flushed after " + i + " changes.");
                            break;
                        }
                    }
                }
            }
            if (changePassword != 0) {
                logger.info(str3 + "SEVERE: Failed to change password in user's ID file! (status: " + changePassword + ")");
            } else {
                z2 = true;
                logger.info(str3 + "Changed password in user's ID file.");
                cachePassword(str3, userIDFile, str, str2);
            }
        }
        stopUsingChangelog();
        return z2;
    }

    public static synchronized void removeUserPassword(String str) {
        startUsingChangelog();
        String str2 = "PasswordAndIDManager: removeUserPassword(" + str + "): ";
        logger.info(str2 + "Removing user's password...");
        changelog.info(str2 + "Old password was: " + obfu(pwCache.getPassword(str)));
        cachePassword(str2, null, str, null);
        stopUsingChangelog();
    }

    public static synchronized String getUserPassword(String str) {
        return pwCache.getPassword(str);
    }

    public static synchronized File getUserIDFile(String str) {
        if (!userIDFilesDir.exists() && !userIDFilesDir.mkdirs()) {
            startUsingChangelog();
            logger.severe("PasswordAndIDManager: Cannot create directory for users' ID files! (" + userIDFilesDir + ")");
            stopUsingChangelog();
        }
        return new File(userIDFilesDir, str + ".id");
    }

    public static synchronized boolean saveCertifierPassword(String str) {
        startUsingChangelog();
        String password = pwCache.getPassword(certifierPasswordKey);
        File file = certifierIDMainFile;
        boolean z = false;
        changelog.info("PasswordAndIDManager: saveCertifierPassword(): Begin...");
        changelog.info("PasswordAndIDManager: saveCertifierPassword(): ID file: " + file);
        changelog.info("PasswordAndIDManager: saveCertifierPassword(): Old password: " + obfu(password));
        changelog.info("PasswordAndIDManager: saveCertifierPassword(): New Password: " + obfu(str));
        if (str == null) {
            logger.info("PasswordAndIDManager: saveCertifierPassword(): WARNING: Password is null! ID file unchanged.");
        } else if (!file.exists()) {
            logger.info("PasswordAndIDManager: saveCertifierPassword(): WARNING: Certifier ID file does not exist (missing from save area)! ID file unchanged.");
        } else if (testIDFilePassword(file, str)) {
            logger.info("PasswordAndIDManager: saveCertifierPassword(): Certifier ID file uses the given password - no changes required.");
            cachePassword("PasswordAndIDManager: saveCertifierPassword(): ", file, certifierPasswordKey, str);
        } else if (testIDFilePassword(file, password)) {
            logger.info("PasswordAndIDManager: saveCertifierPassword(): Changing password in certifier's ID file...");
            if (new DominoNative().changePassword(logger, file.getAbsolutePath(), password, str) != 0) {
                logger.info("PasswordAndIDManager: saveCertifierPassword(): SEVERE: Failed to change password in certifier's ID file!");
            } else {
                z = true;
                logger.info("PasswordAndIDManager: saveCertifierPassword(): Changed password in certifier's ID file.");
                cachePassword("PasswordAndIDManager: saveCertifierPassword(): ", file, certifierPasswordKey, str);
            }
        } else {
            logger.info("PasswordAndIDManager: saveCertifierPassword(): WARNING: Old password fails to open certifier ID file!  ID file unchanged.");
        }
        if (file.exists() && (z || !certifierIDSavedFile.exists())) {
            if (FileUtils.copyFile(file, certifierIDSavedFile)) {
                logger.info("PasswordAndIDManager: saveCertifierPassword(): Latest certifier ID file saved to backup area.");
                changelog.info("Copied " + file + " -> " + certifierIDSavedFile);
            } else {
                logger.warning("PasswordAndIDManager: saveCertifierPassword(): Latest certifier ID file not saved to backup area!");
            }
        }
        stopUsingChangelog();
        return z;
    }

    public static synchronized void saveServerIDFile() {
        startUsingChangelog();
        logger.info("PasswordAndIDManager: saveServerIDFile(): Attempting to save server id file(s)...");
        Properties notesIniProps = DominoUtils.getNotesIniProps();
        String property = notesIniProps.getProperty(FoundationsCoreUtils.KEY_FILE_NAME_KEY, "");
        String property2 = notesIniProps.getProperty(FoundationsCoreUtils.SERVER_KEY_FILE_NAME_KEY, "");
        changelog.info("PasswordAndIDManager: saveServerIDFile(): Storing server id file(s)...");
        changelog.info("PasswordAndIDManager: saveServerIDFile(): KeyFileName=" + property);
        changelog.info("PasswordAndIDManager: saveServerIDFile(): ServerKeyFileName=" + property2);
        File serverIDFile = getServerIDFile(property);
        File serverIDFile2 = getServerIDFile(property2);
        File file = new File(serverIDFilesDir, "KeyFile.id");
        File file2 = new File(serverIDFilesDir, "ServerKeyFile.id");
        copyServerIDFile(serverIDFile, file);
        if (serverIDFile != null && serverIDFile2 != null && !serverIDFile.equals(serverIDFile2)) {
            copyServerIDFile(serverIDFile2, file2);
        }
        stopUsingChangelog();
    }

    private static void copyServerIDFile(File file, File file2) {
        if (file == null || !file.exists() || file2 == null) {
            logger.warning("PasswordAndIDManager: copyServerIDFile(): There was an error copying the server id file.");
        } else if (FileUtils.copyFile(file, file2)) {
            changelog.info("PasswordAndIDManager: copyServerIDFile(): Copied " + file + " -> " + file2);
        } else {
            logger.warning("PasswordAndIDManager: copyServerIDFile(): " + file + " could not be copied to " + file2);
        }
    }

    private static File getServerIDFile(String str) {
        File file = null;
        if (str != null && !str.equals("")) {
            file = str.indexOf(47) < 0 ? new File("/TWISTER/notesdata/" + str) : new File(str);
        }
        return file;
    }

    public static synchronized String getCertifierPassword() {
        return pwCache.getPassword(certifierPasswordKey);
    }

    public static File getValidatedCertifierIDFile() {
        for (int i = 0; i < 2; i++) {
            String certifierPassword = getCertifierPassword();
            if (testIDFilePassword(certifierIDMainFile, certifierPassword)) {
                return certifierIDMainFile;
            }
            if (testIDFilePassword(certifierIDSavedFile, certifierPassword)) {
                return certifierIDSavedFile;
            }
            if (i == 0) {
                logger.warning("PasswordAndIDManager.getValidatedCertifierIDFile: Repairing ID cache.");
                repairCache(false, false);
            }
        }
        return null;
    }

    private static boolean testIDFilePassword(File file, String str) {
        if (file == null || !file.exists() || str == null) {
            return false;
        }
        return new DominoNative().testIDFilePassword(logger, file.getAbsolutePath(), str);
    }

    private static String findIDFilePassword(File file, Vector vector) {
        String absolutePath = file.getAbsolutePath();
        DominoNative dominoNative = new DominoNative();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (dominoNative.testIDFilePassword(logger, absolutePath, str)) {
                return str;
            }
        }
        return null;
    }

    private static boolean cachePassword(String str, File file, String str2, String str3) {
        if (str3 == null || testIDFilePassword(file, str3)) {
            if (!pwCache.modifyPassword(str2, str3)) {
                logger.warning(str + "Password cacheing failed!");
                return false;
            }
            logger.info(str + "Password cached.");
            changelog.info(str + "Password: " + obfu(str3));
            return true;
        }
        String password = pwCache.getPassword(str2);
        boolean z = false;
        if (password != null && !password.equals(str3)) {
            z = testIDFilePassword(file, password);
        }
        if (z) {
            logger.warning(str + "Cannot cache new password: new password doesn't work, but the OLD (cached one) works.");
            return false;
        }
        if (password == null) {
            logger.severe(str + "Cannot cache new password: new password doesn't work, and there is no OLD one.");
            return false;
        }
        logger.severe(str + "Cannot cache new password: new password doesn't work, and the OLD (cached one) doesn't work either!");
        return false;
    }

    private static void startUsingChangelog() {
        try {
            changelogFileHandler = new FileHandler(changelogFile.getAbsolutePath(), true);
            changelogFileHandler.setFormatter(new SingleLineFormatter());
            changelog.setUseParentHandlers(false);
            changelog.addHandler(changelogFileHandler);
            logger.addHandler(changelogFileHandler);
        } catch (IOException e) {
            logger.log(Level.SEVERE, "PasswordAndIDManager: Error opening changelog (" + changelogFile + ")", (Throwable) e);
        }
        if (loggedVersionInfo) {
            return;
        }
        changelog.info("---- PasswordAndIDManager (lanark-7455) ----");
        loggedVersionInfo = true;
    }

    private static void stopUsingChangelog() {
        if (changelogFileHandler != null) {
            changelog.removeHandler(changelogFileHandler);
            logger.removeHandler(changelogFileHandler);
            changelogFileHandler.close();
            changelogFileHandler = null;
        }
    }

    private static String obfu(String str) {
        return "" + UniConfPasswordDecoder.encodePassword(str);
    }

    public static synchronized void validateCache() {
        logger.info("PasswordAndIDManager: Validating cache...");
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        Iterator it = new TreeSet(pwCache.getUsernames()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            String password = pwCache.getPassword(str);
            File[] fileArr = new File[2];
            if (str.equals(certifierPasswordKey)) {
                fileArr[0] = certifierIDMainFile;
                fileArr[1] = certifierIDSavedFile;
            } else {
                fileArr[0] = getUserIDFile(str);
                fileArr[1] = null;
            }
            for (File file : fileArr) {
                if (file != null) {
                    if (!file.exists()) {
                        logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") does not exist!");
                        i++;
                    } else if (testIDFilePassword(file, password)) {
                        logger.info("PasswordAndIDManager: ID file for " + str + " (" + file + ") can be opened OK with cached password.");
                        i3++;
                    } else {
                        logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") cannot be opened with cached password!");
                        i2++;
                    }
                }
            }
        }
        logger.info("PasswordAndIDManager: Cache validation results:");
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("missing ID file", i));
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("unopenable ID file", i2));
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("openable ID file", i3));
        logger.info("PasswordAndIDManager: Cache is " + (i + i2 == 0 ? "Valid" : "Invalid!"));
    }

    private static void savePasswordCacheChecksum() {
        if (checksumFiles == null) {
            checksumFiles = new Vector();
            checksumFiles.add(new File(userIDFilesDir, ".pwcache"));
            checksumFiles.add(new File(userIDFilesDir, "root.id"));
            checksumFiles.add(certifierIDMainFile);
            checksumFiles.add(certifierIDSavedFile);
        }
        passwordCacheChecksum = FileUtils.checksumCollectionOfFiles(checksumFiles, null);
    }

    private static boolean isPasswordCacheChecksumChanged() {
        if (checksumFiles == null) {
            savePasswordCacheChecksum();
            return true;
        }
        long j = passwordCacheChecksum;
        savePasswordCacheChecksum();
        return passwordCacheChecksum != j;
    }

    public static synchronized void repairCacheForced() {
        repairCache(false, true);
    }

    public static synchronized void repairCache(boolean z, boolean z2) {
        if (!z2 && !isPasswordCacheChecksumChanged()) {
            logger.info("PasswordAndIDManager: Cache unchanged - skipping repair.");
            return;
        }
        startUsingChangelog();
        logger.info("PasswordAndIDManager: Repairing cache...");
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        boolean z3 = false;
        boolean z4 = false;
        Vector vector = new Vector();
        Iterator it = pwCache.getUsernames().iterator();
        while (it.hasNext()) {
            vector.add(pwCache.getPassword((String) it.next()));
        }
        Iterator it2 = new TreeSet(pwCache.getUsernames()).iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            String password = pwCache.getPassword(str);
            File[] fileArr = new File[2];
            if (str.equals(certifierPasswordKey)) {
                fileArr[0] = certifierIDMainFile;
                fileArr[1] = certifierIDSavedFile;
            } else {
                fileArr[0] = getUserIDFile(str);
                fileArr[1] = null;
            }
            for (File file : fileArr) {
                if (file != null) {
                    if (!file.exists()) {
                        logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") does not exist!");
                        i++;
                        z3 = file.equals(certifierIDMainFile);
                        z4 = file.equals(certifierIDSavedFile);
                    } else if (testIDFilePassword(file, password)) {
                        logger.info("PasswordAndIDManager: ID file for " + str + " (" + file + ") OK - no repair required.");
                        i3++;
                    } else if (z) {
                        logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") cannot be opened with cached password: looking for another...");
                        String findIDFilePassword = findIDFilePassword(file, vector);
                        if (findIDFilePassword == null) {
                            logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") cannot be opened with cached password or any other!");
                            i2++;
                        } else {
                            logger.info("PasswordAndIDManager: REPAIR: ID file for " + str + " (" + file + ") cannot be opened with cached password, but another was found!");
                            cachePassword("PasswordAndIDManager: ", file, str, findIDFilePassword);
                            i4++;
                        }
                    } else {
                        logger.info("PasswordAndIDManager: WARNING: ID file for " + str + " (" + file + ") cannot be opened with cached password!");
                        i2++;
                    }
                }
            }
        }
        String userPassword = getUserPassword("root");
        String certifierPassword = getCertifierPassword();
        File userIDFile = getUserIDFile("root");
        if (testIDFilePassword(userIDFile, userPassword)) {
            logger.info("PasswordAndIDManager: Root's ID file (" + userIDFile + ") can be opened with the cached password (no problem).");
        } else if (testIDFilePassword(userIDFile, certifierPassword)) {
            logger.info("PasswordAndIDManager: REPAIR: Root's ID file (" + userIDFile + ") cannot be opened with cached password, but can with the certifier's!");
            cachePassword("PasswordAndIDManager: ", userIDFile, "root", certifierPassword);
            i4++;
        } else {
            logger.info("PasswordAndIDManager: CRITICAL: Root's ID file cannot be opened with the cached password!");
            logger.info("PasswordAndIDManager: CRITICAL: Lotus Foundations Support will need to repair the cache, with the known 'root' ID password (probably a former 'root' password).");
        }
        boolean testIDFilePassword = testIDFilePassword(certifierIDMainFile, certifierPassword);
        boolean testIDFilePassword2 = testIDFilePassword(certifierIDSavedFile, certifierPassword);
        if (!testIDFilePassword && testIDFilePassword(certifierIDMainFile, userPassword)) {
            logger.info("PasswordAndIDManager: REPAIR: Certifier ID file (" + certifierIDMainFile + ") cannot be opened with cached password, but can with 'root's!");
            cachePassword("PasswordAndIDManager: ", certifierIDMainFile, certifierPasswordKey, userPassword);
            i4++;
            testIDFilePassword = true;
        }
        if (!testIDFilePassword2 && testIDFilePassword(certifierIDSavedFile, userPassword)) {
            logger.info("PasswordAndIDManager: REPAIR: Certifier ID file (" + certifierIDSavedFile + ") cannot be opened with cached password, but can with 'root's!");
            cachePassword("PasswordAndIDManager: ", certifierIDSavedFile, certifierPasswordKey, userPassword);
            i4++;
            testIDFilePassword2 = true;
        }
        if (testIDFilePassword && testIDFilePassword2) {
            logger.info("PasswordAndIDManager: Both copies of the certifier ID file can be opened with the cached password (no problem).");
        } else if (testIDFilePassword && !testIDFilePassword2) {
            logger.info("PasswordAndIDManager: REPAIR: Fixing cert ID by copying " + certifierIDMainFile + " to " + certifierIDSavedFile);
            if (FileUtils.copyFile(certifierIDMainFile, certifierIDSavedFile)) {
                logger.info("PasswordAndIDManager: Latest certifier ID file saved to backup area.");
                changelog.info("PasswordAndIDManager: Copied " + certifierIDMainFile + " -> " + certifierIDSavedFile);
                if (z4) {
                    i--;
                }
                i4++;
            } else {
                logger.info("PasswordAndIDManager: WARNING: Latest certifier ID file not saved to backup area!");
            }
        } else if (testIDFilePassword || !testIDFilePassword2) {
            logger.info("PasswordAndIDManager: CRITICAL: Neither copy of the certifier ID file can be opened with the cached password!");
            logger.info("PasswordAndIDManager: CRITICAL: Lotus Foundations Support will need to repair the cache, with the known certified ID password (probably a former 'root' password)!");
        } else {
            logger.info("PasswordAndIDManager: REPAIR: Fixing cert ID by copying " + certifierIDSavedFile + " to " + certifierIDMainFile);
            if (FileUtils.copyFile(certifierIDSavedFile, certifierIDMainFile)) {
                logger.info("PasswordAndIDManager: Certifier ID file restored from backup area.");
                changelog.info("PasswordAndIDManager: Copied " + certifierIDSavedFile + " -> " + certifierIDMainFile);
                if (z3) {
                    i--;
                }
                i4++;
            } else {
                logger.info("PasswordAndIDManager: WARNING: Certifier ID file not restored from backup area!");
            }
        }
        logger.info("PasswordAndIDManager: Cache repair results:");
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("missing ID file", i));
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("unopenable ID file", i2));
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("openable ID file", i3));
        logger.info("PasswordAndIDManager:   " + Convert.numberOf("repaired ID file", i4));
        logger.info("PasswordAndIDManager: Cache is " + (i + i2 == 0 ? "Valid" : "Invalid!"));
        stopUsingChangelog();
        savePasswordCacheChecksum();
    }

    static {
        pwCache = null;
        userIDFilesDir.mkdirs();
        serverIDFilesDir.mkdirs();
        pwCache = new PasswordCache(new File(userIDFilesDir, ".pwcache"));
        certifierIDMainFile = new File(FoundationsCoreUtils.FOUNDATIONS_START_DOMINO_DATA_DIR, "cert.id");
        certifierIDSavedFile = new File(userIDFilesDir, "!~Certifier~!.id");
    }
}
