package edu.internet2.middleware.grouper.ws.security;

import edu.internet2.middleware.grouper.cache.GrouperCache;
import edu.internet2.middleware.grouper.j2ee.Authentication;
import edu.internet2.middleware.grouper.ldap.LdapEntry;
import edu.internet2.middleware.grouper.ldap.LdapSearchScope;
import edu.internet2.middleware.grouper.ldap.LdapSessionUtils;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouper.ws.GrouperWsConfig;
import java.io.File;
import java.util.LinkedHashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ldaptive.SearchFilter;

/* loaded from: input_file:edu/internet2/middleware/grouper/ws/security/WsGrouperLdapAuthentication.class */
public class WsGrouperLdapAuthentication implements WsCustomAuthentication {
    private static final Log LOG = LogFactory.getLog(WsGrouperLdapAuthentication.class);
    private static GrouperCache<String, String> loginCache = new GrouperCache<>(WsGrouperLdapAuthentication.class.getName() + ".userCache", 10000, false, 60, 60, false);

    public static void main(String[] strArr) throws Exception {
        System.out.println("Correct? " + authenticateLdap(GrouperUtil.readFileIntoString(new File("r:/temp/ldapUser.txt")), StringUtils.trimToNull(GrouperUtil.readFileIntoString(new File("r:/temp/ldapPass.txt")))));
    }

    @Override // edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication
    public String retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest) throws RuntimeException {
        LinkedHashMap linkedHashMap = LOG.isDebugEnabled() ? new LinkedHashMap() : null;
        try {
            String header = httpServletRequest.getHeader("Authorization");
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("method", "retrieveLoggedInSubjectId()");
            }
            if (StringUtils.isBlank(header)) {
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("errorAuthz", "No authorization header in HTTP");
                }
                LOG.error("No authorization header in HTTP");
                if (LOG.isDebugEnabled()) {
                    LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                }
                return null;
            }
            String encryptSha = GrouperUtil.encryptSha(header);
            boolean propertyBoolean = GrouperWsConfig.getPropertyBoolean("ws.authn.ldap.cacheResults", true);
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("isCaching", Boolean.valueOf(propertyBoolean));
            }
            if (propertyBoolean) {
                String str = (String) loginCache.get(encryptSha);
                if (!StringUtils.isBlank(str)) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("Retrieved cached login", true);
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                    }
                    return str;
                }
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("Login not in cache", true);
                }
            }
            String retrieveUsername = Authentication.retrieveUsername(header);
            String retrievePassword = Authentication.retrievePassword(header);
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("user", retrieveUsername);
            }
            if (authenticateLdap(retrieveUsername, retrievePassword)) {
                if (propertyBoolean) {
                    loginCache.put(encryptSha, retrieveUsername);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                }
                return retrieveUsername;
            }
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("Error authenticating user", true);
            }
            LOG.warn("Error authenticating user: " + retrieveUsername);
            if (LOG.isDebugEnabled()) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            return null;
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            throw th;
        }
    }

    public static boolean authenticateLdap(String str, String str2) {
        String str3;
        LinkedHashMap linkedHashMap = LOG.isDebugEnabled() ? new LinkedHashMap() : null;
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("method", "authenticateLdap()");
                }
                String trimToEmpty = StringUtils.trimToEmpty(GrouperWsConfig.getPropertyString("ws.authn.ldap.loginDnPrefix"));
                String trimToEmpty2 = StringUtils.trimToEmpty(GrouperWsConfig.getPropertyString("ws.authn.ldap.loginDnSuffix"));
                String trimToEmpty3 = StringUtils.trimToEmpty(GrouperWsConfig.getPropertyString("ws.authn.ldap.findUserBase"));
                String trimToEmpty4 = StringUtils.trimToEmpty(GrouperWsConfig.getPropertyString("ws.authn.ldap.findUserFilter"));
                String propertyString = GrouperWsConfig.getPropertyString("ws.authn.ldap.grouperLoaderLdapConfigId");
                if (StringUtils.isBlank(propertyString)) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("ws.authn.ldap.grouperLoaderLdapConfigName not configured", "true");
                    }
                    throw new RuntimeException("ws.authn.ldap.grouperLoaderLdapConfigName must be configured in the grouper-ws.properties");
                }
                if (StringUtils.isEmpty(trimToEmpty4)) {
                    str3 = trimToEmpty + str + trimToEmpty2;
                } else {
                    String replace = trimToEmpty4.replace("{username}", SearchFilter.encodeValue(str));
                    List list = LdapSessionUtils.ldapSession().list(propertyString, trimToEmpty3, LdapSearchScope.SUBTREE_SCOPE, replace, new String[]{"1.1"}, (Long) null);
                    if (list.size() != 1) {
                        LOG.warn("error for principal: " + str + ", filter " + replace + " returned " + list.size() + " results");
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                        }
                        return false;
                    }
                    str3 = ((LdapEntry) list.get(0)).getDn();
                }
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("findUserBase", trimToEmpty3);
                    linkedHashMap.put("findUserFilter", trimToEmpty4);
                    linkedHashMap.put("loginDnPrefix", trimToEmpty);
                    linkedHashMap.put("principal", str);
                    linkedHashMap.put("loginDnSuffix", trimToEmpty2);
                    linkedHashMap.put("userDn", str3);
                }
                LdapSessionUtils.ldapSession().authenticate(propertyString, str3, str2);
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("authenticated", "true");
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                }
                return true;
            } catch (Exception e) {
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("authenticated", "false");
                    linkedHashMap.put("error", ExceptionUtils.getFullStackTrace(e));
                }
                LOG.warn("error for principal: " + str + ", dn: " + ((String) null), e);
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                return false;
            }
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            throw th;
        }
    }
}
