package com.instaclustr.cassandra.ldap.auth;

import com.instaclustr.cassandra.ldap.User;
import com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration;
import com.instaclustr.cassandra.ldap.exception.LDAPAuthFailedException;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.ExceptionCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/instaclustr/cassandra/ldap/auth/DefaultLDAPServer.class */
public class DefaultLDAPServer extends LDAPPasswordRetriever {
    private static final Logger logger = LoggerFactory.getLogger(DefaultLDAPServer.class);
    private DirContext serviceContext;
    private Properties properties;
    private int rounds;

    @Override // com.instaclustr.cassandra.ldap.auth.LDAPPasswordRetriever
    public void close() {
        if (this.serviceContext != null) {
            try {
                this.serviceContext.close();
            } catch (Exception e) {
                logger.error("Unable to close service context.", e);
            } finally {
                this.serviceContext = null;
            }
        }
        this.properties = null;
    }

    @Override // com.instaclustr.cassandra.ldap.auth.LDAPPasswordRetriever
    public void setup() throws ConfigurationException {
        if (this.serviceContext != null) {
            try {
                this.serviceContext.close();
            } catch (Exception e) {
                logger.warn("Error while closing LDAP service context.", e);
            }
        }
        if (this.properties == null) {
            this.properties = new LdapAuthenticatorConfiguration().parseProperties();
            this.rounds = LdapAuthenticatorConfiguration.getGensaltLog2Rounds(this.properties);
        }
        try {
            String property = this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_DN);
            String property2 = this.properties.getProperty(LdapAuthenticatorConfiguration.PASSWORD_KEY);
            this.properties.put("java.naming.security.principal", property);
            this.properties.put("java.naming.security.credentials", property2);
            this.serviceContext = new InitialDirContext(this.properties);
        } catch (NamingException e2) {
            Object[] objArr = new Object[2];
            objArr[0] = e2.getMessage();
            objArr[1] = e2.getExplanation() == null ? "uknown" : e2.getExplanation();
            throw new ConfigurationException(String.format("Failed to connect to LDAP server: %s, explanation: %s", objArr), e2);
        }
    }

    @Override // com.instaclustr.cassandra.ldap.auth.PasswordRetriever
    public String retrieveHashedPassword(User user) throws LDAPAuthFailedException {
        DirContext dirContext = null;
        try {
            try {
                String ldapDN = getLdapDN(user.getUsername());
                if (ldapDN == null) {
                    throw new AuthenticationException(String.format("Could not authenticate to directory server using naming attribute %s and username %s. User likely does not exist or connection to LDAP server is invalid.", this.properties.getProperty(LdapAuthenticatorConfiguration.NAMING_ATTRIBUTE_PROP), user.getUsername()));
                }
                user.setLdapDN(ldapDN);
                InitialDirContext initialDirContext = new InitialDirContext(getUserEnv(user.getLdapDN(), user.getPassword()));
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e) {
                        logger.debug("Exception occured while trying to close DirContext.", e);
                    }
                }
                return this.hasher.hashPassword(user.getPassword(), this.rounds);
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                        logger.debug("Exception occured while trying to close DirContext.", e2);
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new LDAPAuthFailedException(ExceptionCode.BAD_CREDENTIALS, e3.getMessage(), e3);
        }
    }

    private String searchLdapDN(String str) throws NamingException {
        String format = String.format("(%s=%s)", this.properties.getProperty(LdapAuthenticatorConfiguration.NAMING_ATTRIBUTE_PROP), str);
        String str2 = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration namingEnumeration = null;
        try {
            namingEnumeration = this.serviceContext.search("", format, searchControls);
            if (namingEnumeration.hasMore()) {
                str2 = ((SearchResult) namingEnumeration.next()).getNameInNamespace();
            }
            return str2;
        } catch (NamingException e) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e2) {
                    logger.debug("Failing to close connection to LDAP server.");
                }
            }
            throw e;
        }
    }

    private String getLdapDN(String str) throws NamingException {
        if (this.serviceContext == null) {
            setup();
        }
        try {
            return searchLdapDN(str);
        } catch (NamingException e) {
            logger.info(e.getExplanation());
            setup();
            return searchLdapDN(str);
        }
    }

    private Hashtable<String, String> getUserEnv(String str, String str2) {
        Hashtable<String, String> hashtable = new Hashtable<>(11);
        hashtable.put("java.naming.factory.initial", this.properties.getProperty("java.naming.factory.initial"));
        hashtable.put("java.naming.provider.url", this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_URI_PROP));
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        return hashtable;
    }
}
