package blended.security;

import blended.container.context.api.ContainerContext;
import blended.security.internal.LDAPLoginConfig;
import blended.security.internal.LDAPLoginConfig$;
import blended.security.internal.LdapSearchResult;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import com.sun.jndi.ldap.LdapCtxFactory;
import java.text.MessageFormat;
import java.util.Hashtable;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;
import org.apache.logging.log4j.core.pattern.NotANumber;
import org.slf4j.Marker;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.immutable.C$colon$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.Map;
import scala.collection.mutable.Map$;
import scala.jdk.CollectionConverters$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.ScalaRunTime$;
import scala.util.control.NonFatal$;

/* compiled from: LDAPLoginModule.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005Mb\u0001\u0002\b\u0010\u0001QAQ!\u0007\u0001\u0005\u0002iAa\u0001\b\u0001!\u0002\u0013i\u0002bB\u0013\u0001\u0005\u0004%\tF\n\u0005\u0007i\u0001\u0001\u000b\u0011B\u0014\t\u0011U\u0002\u0001R1A\u0005\u0002YB\u0001\"\u0010\u0001\t\u0006\u0004&IA\u0010\u0005\u0006\u0013\u0002!\tE\u0013\u0005\u0006m\u0002!\tf\u001e\u0005\u0006w\u0002!\tf\u001e\u0005\u0006y\u0002!\tf\u001e\u0005\u0007{\u0002\u0001K\u0011\u0002@\t\u000f\u0005-\u0001\u0001\"\u0011\u0002\u000e!A\u00111\u0006\u0001!\n\u0013\tiCA\bM\t\u0006\u0003Fj\\4j]6{G-\u001e7f\u0015\t\u0001\u0012#\u0001\u0005tK\u000e,(/\u001b;z\u0015\u0005\u0011\u0012a\u00022mK:$W\rZ\u0002\u0001'\t\u0001Q\u0003\u0005\u0002\u0017/5\tq\"\u0003\u0002\u0019\u001f\t\u0019\u0012IY:ue\u0006\u001cG\u000fT8hS:lu\u000eZ;mK\u00061A(\u001b8jiz\"\u0012a\u0007\t\u0003-\u0001\t1\u0001\\8h!\tq2%D\u0001 \u0015\t\u0001\u0013%A\u0004m_\u001e<\u0017N\\4\u000b\u0005\t\n\u0012\u0001B;uS2L!\u0001J\u0010\u0003\r1{wmZ3s\u0003)iw\u000eZ;mK:\u000bW.Z\u000b\u0002OA\u0011\u0001&\r\b\u0003S=\u0002\"AK\u0017\u000e\u0003-R!\u0001L\n\u0002\rq\u0012xn\u001c;?\u0015\u0005q\u0013!B:dC2\f\u0017B\u0001\u0019.\u0003\u0019\u0001&/\u001a3fM&\u0011!g\r\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005Aj\u0013aC7pIVdWMT1nK\u0002\nq\u0001\u001c3ba\u000e3w-F\u00018!\tA4(D\u0001:\u0015\tQt\"\u0001\u0005j]R,'O\\1m\u0013\ta\u0014HA\bM\t\u0006\u0003Fj\\4j]\u000e{gNZ5h\u0003)!\u0017N]\"p]R,\u0007\u0010^\u000b\u0002\u007fA\u0011\u0001iR\u0007\u0002\u0003*\u0011!iQ\u0001\nI&\u0014Xm\u0019;pefT!\u0001R#\u0002\r9\fW.\u001b8h\u0015\u00051\u0015!\u00026bm\u0006D\u0018B\u0001%B\u0005)!\u0015N]\"p]R,\u0007\u0010^\u0001\bI>dunZ5o)\u0005Y\u0005C\u0001'N\u001b\u0005i\u0013B\u0001(.\u0005\u001d\u0011un\u001c7fC:D3a\u0002)]!\ra\u0015kU\u0005\u0003%6\u0012a\u0001\u001e5s_^\u001c\bC\u0001+[\u001b\u0005)&B\u0001,X\u0003\u0015awnZ5o\u0015\tA\u0016,\u0001\u0003bkRD'B\u0001\tF\u0013\tYVK\u0001\bM_\u001eLg.\u0012=dKB$\u0018n\u001c82\ty9S,^\u0019\u0006Gy\u000b\u0007OY\u000b\u0003M}#Q\u0001Y\nC\u0002\u0015\u0014\u0011\u0001V\u0005\u0003E\u000e\f1\u0004\n7fgNLg.\u001b;%OJ,\u0017\r^3sI\u0011,g-Y;mi\u0012\n$B\u00013.\u0003\u0019!\bN]8xgF\u0011a-\u001b\t\u0003\u0019\u001eL!\u0001[\u0017\u0003\u000f9{G\u000f[5oOB\u0011!.\u001c\b\u0003\u0019.L!\u0001\\\u0017\u0002\u000fA\f7m[1hK&\u0011an\u001c\u0002\n)\"\u0014xn^1cY\u0016T!\u0001\\\u00172\u000b\r\n(o\u001d3\u000f\u00051\u0013\u0018B\u00013.c\u0011\u0011C*\f;\u0003\u000bM\u001c\u0017\r\\12\u0005\u0019\u001a\u0016A\u00039pgR\u001cu.\\7jiR\t\u0001\u0010\u0005\u0002Ms&\u0011!0\f\u0002\u0005+:LG/A\u0005q_N$\u0018IY8si\u0006Q\u0001o\\:u\u0019><w.\u001e;\u0002\u0019Y\fG.\u001b3bi\u0016,6/\u001a:\u0015\u0003\u001dBCa\u0003)\u0002\u0002E2adJA\u0002\u0003\u0013\tda\t0b\u0003\u000b\u0011\u0017GB\u0012re\u0006\u001dA-\r\u0003#\u00196\"\u0018G\u0001\u0014T\u0003%9W\r^$s_V\u00048\u000f\u0006\u0003\u0002\u0010\u0005m\u0001#BA\t\u0003/9cbAA\nW:\u0019!&!\u0006\n\u00039J1!!\u0007p\u0005\u0011a\u0015n\u001d;\t\r\u0005uA\u00021\u0001(\u0003\u0019iW-\u001c2fe\"\"A\u0002UA\u0011c\u0019qr%a\t\u0002*E21EX1\u0002&\t\fdaI9s\u0003O!\u0017\u0007\u0002\u0012M[Q\f$AJ*\u0002#\u0011|'KR\"3eU\"TI\\2pI&tw\rF\u0002(\u0003_Aa!!\r\u000e\u0001\u00049\u0013aC5oaV$8\u000b\u001e:j]\u001e\u0004")
/* loaded from: input_file:lib/blended.security_2.13-3.2.3.jar:blended/security/LDAPLoginModule.class */
public class LDAPLoginModule extends AbstractLoginModule {
    private LDAPLoginConfig ldapCfg;
    private DirContext dirContext;
    private final Logger log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(LDAPLoginModule.class));
    private final String moduleName = "ldap";
    private volatile byte bitmap$0;

    @Override // blended.security.AbstractLoginModule
    public String moduleName() {
        return this.moduleName;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private LDAPLoginConfig ldapCfg$lzycompute() {
        synchronized (this) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                Option<ContainerContext> ctCtxt = ctCtxt();
                if (!(ctCtxt instanceof Some)) {
                    if (None$.MODULE$.equals(ctCtxt)) {
                        throw new Exception(new StringBuilder(59).append("LDAP Login module must be configured with an instance of [").append(ContainerContext.class).append("]").toString());
                    }
                    throw new MatchError(ctCtxt);
                }
                this.ldapCfg = LDAPLoginConfig$.MODULE$.fromConfig(loginConfig(), (ContainerContext) ((Some) ctCtxt).value());
                this.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.ldapCfg;
    }

    public LDAPLoginConfig ldapCfg() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? ldapCfg$lzycompute() : this.ldapCfg;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.LDAPLoginModule] */
    private DirContext dirContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.dirContext = liftedTree1$1();
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.dirContext;
    }

    private DirContext dirContext() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? dirContext$lzycompute() : this.dirContext;
    }

    @Override // blended.security.AbstractLoginModule
    public boolean doLogin() throws LoginException {
        try {
            dirContext();
            this.log.debug(() -> {
                return new StringBuilder(48).append("Successfully connected to LDAP server [").append(this.ldapCfg().url()).append("] user [").append(this.ldapCfg().systemUser()).append("]").toString();
            });
            loggedInUser_$eq(new Some(validateUser()));
            return true;
        } catch (Throwable th) {
            if (th != null) {
                Option<Throwable> unapply = NonFatal$.MODULE$.unapply(th);
                if (!unapply.isEmpty()) {
                    Throwable th2 = unapply.get();
                    this.log.error(th2, this.log.error$default$2(), () -> {
                        return th2.getMessage();
                    });
                    throw new LoginException(th2.getMessage());
                }
            }
            throw th;
        }
    }

    @Override // blended.security.AbstractLoginModule
    public void postCommit() {
        dirContext().close();
    }

    @Override // blended.security.AbstractLoginModule
    public void postAbort() {
        dirContext().close();
    }

    @Override // blended.security.AbstractLoginModule
    public void postLogout() {
        dirContext().close();
    }

    private String validateUser() throws LoginException {
        Object addToEnvironment;
        Object addToEnvironment2;
        try {
            try {
                Tuple2<String, String> extractCredentials = extractCredentials();
                if (extractCredentials == null) {
                    throw new MatchError(extractCredentials);
                }
                Tuple2 tuple2 = new Tuple2(extractCredentials.mo905_1(), extractCredentials.mo904_2());
                String str = (String) tuple2.mo905_1();
                String str2 = (String) tuple2.mo904_2();
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                List<SearchResult> result = new LdapSearchResult(dirContext().search(ldapCfg().userBase(), new MessageFormat(new StringBuilder(6).append("(").append(ldapCfg().userAttribute()).append("={0})").toString()).format(new String[]{doRFC2254Encoding(str)}), searchControls)).result();
                if (Nil$.MODULE$.equals(result)) {
                    throw new LoginException(new StringBuilder(26).append("User [").append(str).append("] not found in LDAP.").toString());
                }
                if (!(result instanceof C$colon$colon)) {
                    throw new MatchError(result);
                }
                C$colon$colon c$colon$colon = (C$colon$colon) result;
                SearchResult searchResult = (SearchResult) c$colon$colon.mo1108head();
                List next$access$1 = c$colon$colon.next$access$1();
                if (next$access$1.nonEmpty()) {
                    this.log.warn(() -> {
                        return new StringBuilder(64).append("Search for user [").append(str).append("] returned [").append(1 + next$access$1.length()).append("] records, using first record only.").toString();
                    });
                }
                String nameInNamespace = searchResult.getNameInNamespace();
                dirContext().addToEnvironment("java.naming.security.principal", nameInNamespace);
                dirContext().addToEnvironment("java.naming.security.credentials", str2);
                dirContext().getAttributes(nameInNamespace, new String[]{ldapCfg().userAttribute()});
                this.log.info(() -> {
                    return new StringBuilder(39).append("User [").append(str).append("] authenticated with LDAP name [").append(nameInNamespace).append("]").toString();
                });
                Option<String> systemUser = ldapCfg().systemUser();
                if (None$.MODULE$.equals(systemUser)) {
                    addToEnvironment2 = dirContext().removeFromEnvironment("java.naming.security.principal");
                } else {
                    if (!(systemUser instanceof Some)) {
                        throw new MatchError(systemUser);
                    }
                    addToEnvironment2 = dirContext().addToEnvironment("java.naming.security.principal", (String) ((Some) systemUser).value());
                }
                Option<String> systemPassword = ldapCfg().systemPassword();
                if (None$.MODULE$.equals(systemPassword)) {
                    dirContext().removeFromEnvironment("java.naming.security.credentials");
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    if (!(systemPassword instanceof Some)) {
                        throw new MatchError(systemPassword);
                    }
                    dirContext().addToEnvironment("java.naming.security.credentials", (String) ((Some) systemPassword).value());
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
                return nameInNamespace;
            } catch (Throwable th) {
                this.log.error(th, this.log.error$default$2(), () -> {
                    return th.getMessage();
                });
                throw new LoginException(th.getMessage());
            }
        } catch (Throwable th2) {
            Option<String> systemUser2 = ldapCfg().systemUser();
            if (None$.MODULE$.equals(systemUser2)) {
                addToEnvironment = dirContext().removeFromEnvironment("java.naming.security.principal");
            } else {
                if (!(systemUser2 instanceof Some)) {
                    throw new MatchError(systemUser2);
                }
                addToEnvironment = dirContext().addToEnvironment("java.naming.security.principal", (String) ((Some) systemUser2).value());
            }
            Option<String> systemPassword2 = ldapCfg().systemPassword();
            if (None$.MODULE$.equals(systemPassword2)) {
                dirContext().removeFromEnvironment("java.naming.security.credentials");
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                if (!(systemPassword2 instanceof Some)) {
                    throw new MatchError(systemPassword2);
                }
                dirContext().addToEnvironment("java.naming.security.credentials", (String) ((Some) systemPassword2).value());
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            throw th2;
        }
    }

    @Override // blended.security.AbstractLoginModule
    public List<String> getGroups(String str) throws LoginException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return new LdapSearchResult(dirContext().search(ldapCfg().groupBase(), new MessageFormat(ldapCfg().groupSearch()).format(new String[]{doRFC2254Encoding(str)}), searchControls)).result().map(searchResult -> {
            return searchResult.getAttributes().get(this.ldapCfg().groupAttribute()).get().toString();
        });
    }

    private String doRFC2254Encoding(String str) {
        switch (str == null ? 0 : str.hashCode()) {
            default:
                return str.isEmpty() ? "" : str.startsWith("\\") ? new StringBuilder(3).append("\\5c").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith(Marker.ANY_MARKER) ? new StringBuilder(3).append("\\2a").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith("(") ? new StringBuilder(3).append("\\28").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith(")") ? new StringBuilder(3).append("\\29").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith(NotANumber.VALUE) ? new StringBuilder(3).append("\\00").append(doRFC2254Encoding(str.substring(1))).toString() : new StringBuilder(0).append(str.substring(0, 1)).append(doRFC2254Encoding(str.substring(1))).toString();
        }
    }

    private final DirContext liftedTree1$1() {
        try {
            Map apply = Map$.MODULE$.apply2(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.factory.initial"), LdapCtxFactory.class.getName()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.provider.url"), ldapCfg().url()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.authentication"), "simple")}));
            apply.$plus$plus$eq(ldapCfg().systemUser().map(str -> {
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.principal"), str);
            }));
            apply.$plus$plus$eq(ldapCfg().systemPassword().map(str2 -> {
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.credentials"), str2);
            }));
            return new InitialDirContext(new Hashtable(CollectionConverters$.MODULE$.MutableMapHasAsJava(apply).asJava()));
        } catch (Throwable th) {
            if (th != null) {
                Option<Throwable> unapply = NonFatal$.MODULE$.unapply(th);
                if (!unapply.isEmpty()) {
                    Throwable th2 = unapply.get();
                    this.log.error(th2, this.log.error$default$2(), () -> {
                        return th2.getMessage();
                    });
                    throw new LoginException(th2.getMessage());
                }
            }
            throw th;
        }
    }
}
