package net.sf.jkniv.jaas;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:net/sf/jkniv/jaas/LdapAdapter.class */
public class LdapAdapter {
    public static final String PROP_DIRURL = "directories";
    public static final String PROP_REQDIRURL = "requisite-dirs";
    public static final String PROP_SECURITY_AUTHENTICATION = "auth-level";
    public static final String PROP_DEFAULT_DOMAIN = "default-domain";
    public static final String PROP_ATTR_GROUP_MEMBER = "group-member-attr";
    public static final String DEFAULT_AUTH = "simple";
    public static final String DEFAULT_FETCH_ATTR = "memberOf";
    private static final String DEFAULT_REFERRAL = "follow";
    private static final String PROP_BRUTE_AUTH = "brute-auth";
    private static final String DEFAULT_POOL_PROTOCOL = "plain ssl";
    private static final String SSL = "SSL";
    public static final String PROP_SEARCH_FILTER = "search-filter";
    public static final String PROP_JNDICF = "jndiCtxFactory";
    public static final String PROP_READ_TIMEOUT = "read.timeout";
    public static final String SUBST_SUBJECT_NAME = "%s";
    public static final String SUBST_SUBJECT_DN = "%d";
    private static final String DEFAULT_SEARCH_FILTER = "mail=%s";
    private static final String DEFAULT_JNDICF = "com.sun.jndi.ldap.LdapCtxFactory";
    private Properties propsLdap;
    private String defaultBaseDn;
    private Map<String, URI> urlDc;
    private String bruteAuth;
    private Map<String, Vector<String>> cacheGroup;
    private Map<String, URI> mandatoriesDirectories;
    private LdapConnection ldapConn;
    private static final Logger LOG = MyLoggerFactory.getLogger(LdapAdapter.class);
    private static final String REGEX_COMMON_NAME = "CN=[\\w\\.?]+";
    public static final Pattern PATTERN_CN = Pattern.compile(REGEX_COMMON_NAME, 2);
    private static final LdapEntryParser LDAP_PARSER = new LdapEntryParser();

    public LdapAdapter(Properties properties) throws BadRealmException {
        this(properties, new LdapConnectionImpl());
    }

    public LdapAdapter(Properties properties, LdapConnection ldapConnection) throws BadRealmException {
        this.propsLdap = new Properties();
        this.ldapConn = ldapConnection;
        this.urlDc = new HashMap();
        this.cacheGroup = new HashMap();
        this.mandatoriesDirectories = new HashMap();
        setPropertyValue(PROP_DIRURL, "", properties);
        setPropertyValue(PROP_REQDIRURL, "", properties);
        setPropertyValue(PROP_DEFAULT_DOMAIN, "", properties);
        this.propsLdap.setProperty("java.naming.factory.initial", setPropertyValue(PROP_JNDICF, DEFAULT_JNDICF, properties));
        this.propsLdap.setProperty("java.naming.security.authentication", setPropertyValue(PROP_SECURITY_AUTHENTICATION, DEFAULT_AUTH, properties));
        this.bruteAuth = properties.getProperty(PROP_BRUTE_AUTH);
        setPropertyValue("java.naming.referral", DEFAULT_REFERRAL, properties);
        settingLdapProperties(properties);
        String property = properties.getProperty(PROP_SEARCH_FILTER);
        setPropertyValue(PROP_SEARCH_FILTER, property == null ? DEFAULT_SEARCH_FILTER : property + "=" + SUBST_SUBJECT_NAME);
        setPropertyValue(PROP_ATTR_GROUP_MEMBER, DEFAULT_FETCH_ATTR, properties);
        buildDomainComponent();
        LOG.info("LDAP Adapter Properties");
        for (Map.Entry entry : this.propsLdap.entrySet()) {
            LOG.info(entry.getKey() + "=" + entry.getValue());
        }
    }

    public boolean authenticate(String str, String str2, boolean z) throws LoginException {
        URI providerUrl;
        DirContext dirContext = null;
        String appendDomain = LDAP_PARSER.appendDomain(str, getDefaultDomain());
        boolean z2 = false;
        if (this.bruteAuth != null && str2 != null && str2.equals(this.bruteAuth)) {
            LOG.log(Level.WARNING, I18nManager.getString("hybrid.ldap.forcelogin", appendDomain));
            return true;
        }
        try {
            providerUrl = getProviderUrl(appendDomain);
        } catch (NamingException e) {
            LOG.log(Level.WARNING, I18nManager.getString("hybrid.realm.invaliduser", str, appendDomain) + " cause: " + e.getMessage());
            LOG.log(Level.FINE, I18nManager.getString("hybrid.realm.invaliduserpass", str, "***"), e);
        }
        if (providerUrl == null) {
            throw new NamingException("User domain [" + appendDomain + "] doesn't have URL provider configuration");
        }
        String str3 = LDAP_PARSER.stripUser(appendDomain) + "@" + providerUrl.getHost();
        Properties ldapBindProps = getLdapBindProps();
        ldapBindProps.put("java.naming.security.principal", str3);
        ldapBindProps.put("java.naming.security.credentials", str2);
        ldapBindProps.put("java.naming.provider.url", providerUrl.toString());
        dirContext = this.ldapConn.openDir(ldapBindProps);
        z2 = true;
        if (z && dirContext != null) {
            List<String> groupNames = getGroupNames(dirContext, appendDomain);
            Vector<String> vector = this.cacheGroup.get(appendDomain);
            if (vector == null) {
                vector = new Vector<>();
            }
            for (String str4 : groupNames) {
                if (!vector.contains(str4)) {
                    vector.add(str4);
                }
            }
            synchronized (this) {
                this.cacheGroup.put(appendDomain, vector);
            }
        }
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e2) {
                LOG.log(Level.WARNING, "cannot close ldap context");
            }
        }
        return z2;
    }

    public List<String> getGroupNames(String str) {
        Vector<String> vector = this.cacheGroup.get(LDAP_PARSER.appendDomain(str, getDefaultDomain()));
        return vector != null ? vector : new Vector();
    }

    private List<String> getGroupNames(DirContext dirContext, String str) {
        String defaultDomain = getDefaultDomain();
        List<String> emptyList = Collections.emptyList();
        String format = String.format(this.propsLdap.getProperty(PROP_SEARCH_FILTER), str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(1L);
        String dcFrom = LDAP_PARSER.dcFrom(this.urlDc.get(LDAP_PARSER.stripDomain(str, defaultDomain)).getHost());
        LOG.info("base dn -> " + dcFrom);
        try {
            try {
                NamingEnumeration search = dirContext.search(dcFrom, format, searchControls);
                if (search.hasMore()) {
                    emptyList = extractGroups(((SearchResult) search.next()).getAttributes());
                }
            } catch (NamingException e) {
                LOG.log(Level.SEVERE, I18nManager.getString("hybrid.ldap.groupsearcherror", str) + ", cause: " + e.getMessage());
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                    }
                }
            }
            return emptyList;
        } finally {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                }
            }
        }
    }

    private void buildDomainComponent() throws BadRealmException {
        String property = this.propsLdap.getProperty(PROP_DIRURL);
        String property2 = this.propsLdap.getProperty(PROP_REQDIRURL);
        String defaultDomain = getDefaultDomain();
        this.urlDc = LDAP_PARSER.splitUri(property);
        this.mandatoriesDirectories = LDAP_PARSER.splitUri(property2);
        try {
            if (this.urlDc.isEmpty() && defaultDomain != null && defaultDomain.length() > 1) {
                this.urlDc.put(defaultDomain, new URI("ldap://" + defaultDomain));
            }
            LOG.log(Level.FINE, "build domain=" + this.urlDc);
        } catch (URISyntaxException e) {
            throw new BadRealmException(e.getMessage());
        }
    }

    public boolean isMandatory(String str) {
        return this.mandatoriesDirectories.get(LDAP_PARSER.stripDomain(str, getDefaultDomain())) != null;
    }

    public boolean hasMandatoryDir() {
        return !this.mandatoriesDirectories.isEmpty();
    }

    private URI getProviderUrl(String str) {
        URI uri = this.urlDc.get(LDAP_PARSER.stripDomain(str, getDefaultDomain()));
        LOG.log(Level.FINE, "provider url=" + uri);
        return uri;
    }

    private List<String> extractGroups(Attributes attributes) throws NamingException {
        ArrayList arrayList = new ArrayList();
        List asList = Arrays.asList(this.propsLdap.get(PROP_ATTR_GROUP_MEMBER).toString().split(","));
        NamingEnumeration all = attributes.getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            if (asList.contains(attribute.getID())) {
                LOG.log(Level.FINE, "attribute: " + attribute.getID());
                NamingEnumeration all2 = attribute.getAll();
                while (all2.hasMore()) {
                    String str = null;
                    String valueOf = String.valueOf(all2.next());
                    Matcher matcher = PATTERN_CN.matcher(valueOf);
                    if (matcher.find()) {
                        str = matcher.group().substring(3);
                        arrayList.add(str);
                    }
                    LOG.log(Level.FINE, "attr: " + valueOf + ", extract common name as group: " + str);
                }
            }
        }
        return arrayList;
    }

    private String getDefaultDomain() {
        return this.propsLdap.getProperty(PROP_DEFAULT_DOMAIN);
    }

    private synchronized String setPropertyValue(String str, String str2, Properties properties) {
        String property = properties.getProperty(str, str2);
        this.propsLdap.setProperty(str, property);
        return property;
    }

    private synchronized void setPropertyValue(String str, String str2) {
        this.propsLdap.setProperty(str, str2);
    }

    private void settingLdapProperties(Properties properties) {
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith("com.sun.jndi.")) {
                setPropertyValue(str, (String) entry.getValue());
            }
        }
    }

    private Properties getLdapBindProps() {
        return (Properties) this.propsLdap.clone();
    }
}
