package com.predic8.membrane.core.interceptor.authentication.session;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.Required;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.config.security.SSLParser;
import com.predic8.membrane.core.transport.ssl.SSLContext;
import com.predic8.membrane.core.transport.ssl.StaticSSLContext;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.net.SocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

@MCElement(name = "ldapUserDataProvider", topLevel = false)
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LDAPUserDataProvider.class */
public class LDAPUserDataProvider implements UserDataProvider {
    private static Logger log = LoggerFactory.getLogger(LDAPUserDataProvider.class.getName());
    String url;
    String base;
    String binddn;
    String bindpw;
    String searchPattern;
    String passwordAttribute;
    AttributeMap map;
    SSLParser sslParser;
    int searchScope = 2;
    String timeout = "1000";
    String connectTimeout = "1000";
    boolean readAttributesAsSelf = true;
    HashMap<String, String> attributeMap = new HashMap<>();

    @MCElement(name = BeanDefinitionParserDelegate.MAP_ELEMENT, topLevel = false, id = "ldapUserDataProvider-map")
    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LDAPUserDataProvider$AttributeMap.class */
    public static class AttributeMap {
        private List<Attribute> attributes = new ArrayList();

        @MCElement(name = BeanDefinitionParserDelegate.QUALIFIER_ATTRIBUTE_ELEMENT, topLevel = false)
        /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LDAPUserDataProvider$AttributeMap$Attribute.class */
        public static class Attribute {
            String from;
            String to;

            public String getFrom() {
                return this.from;
            }

            @MCAttribute
            @Required
            public void setFrom(String str) {
                this.from = str;
            }

            public String getTo() {
                return this.to;
            }

            @MCAttribute
            @Required
            public void setTo(String str) {
                this.to = str;
            }
        }

        public List<Attribute> getAttributes() {
            return this.attributes;
        }

        @MCChildElement
        public void setAttributes(List<Attribute> list) {
            this.attributes = list;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LDAPUserDataProvider$CustomSocketFactory.class */
    public static class CustomSocketFactory extends SocketFactory {
        public static SSLContext sslContext;
        public static int connectTimeout = 60000;
        private static CustomSocketFactory instance;

        public static CustomSocketFactory getDefault() {
            synchronized (CustomSocketFactory.class) {
                if (instance == null) {
                    instance = new CustomSocketFactory();
                }
            }
            return instance;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return sslContext.createSocket(str, i, connectTimeout, str, null);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return sslContext.createSocket(str, i, inetAddress, i2, connectTimeout, str, null);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            throw new RuntimeException("not implemented");
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            throw new RuntimeException("not implemented");
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            return sslContext.createSocket();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LDAPUserDataProvider$SearchScope.class */
    public enum SearchScope {
        OBJECT,
        ONELEVEL,
        SUBTREE
    }

    private HashMap<String, String> auth(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.url);
        hashtable.put("com.sun.jndi.ldap.read.timeout", this.timeout);
        hashtable.put("com.sun.jndi.ldap.connect.timeout", this.connectTimeout);
        if (this.binddn != null) {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", this.binddn);
            hashtable.put("java.naming.security.credentials", this.bindpw);
        }
        if (this.sslParser != null) {
            hashtable.put("java.naming.ldap.factory.socket", CustomSocketFactory.class.getName());
        }
        HashMap<String, String> hashMap = new HashMap<>();
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(CustomSocketFactory.class.getClassLoader());
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            try {
                String searchUser = searchUser(str, hashMap, initialDirContext);
                initialDirContext.close();
                if (this.passwordAttribute == null) {
                    hashtable.put("java.naming.security.authentication", "simple");
                    hashtable.put("java.naming.security.principal", searchUser + "," + this.base);
                    hashtable.put("java.naming.security.credentials", str2);
                    ClassLoader contextClassLoader2 = Thread.currentThread().getContextClassLoader();
                    try {
                        Thread.currentThread().setContextClassLoader(CustomSocketFactory.class.getClassLoader());
                        InitialDirContext initialDirContext2 = new InitialDirContext(hashtable);
                        Thread.currentThread().setContextClassLoader(contextClassLoader2);
                        try {
                            if (this.readAttributesAsSelf) {
                                searchUser(str, hashMap, initialDirContext2);
                            }
                            initialDirContext2.close();
                        } catch (Throwable th) {
                            initialDirContext2.close();
                            throw th;
                        }
                    } catch (Throwable th2) {
                        Thread.currentThread().setContextClassLoader(contextClassLoader2);
                        throw th2;
                    }
                } else {
                    if (!hashMap.containsKey("_pass")) {
                        throw new NoSuchElementException();
                    }
                    String str3 = hashMap.get("_pass");
                    if (str3 == null || !str3.startsWith("{x-plain}")) {
                        throw new NoSuchElementException();
                    }
                    log.debug("found password");
                    if (!str3.substring(9).equals(str2)) {
                        throw new NoSuchElementException();
                    }
                    hashMap.remove("_pass");
                }
                return hashMap;
            } catch (Throwable th3) {
                initialDirContext.close();
                throw th3;
            }
        } catch (Throwable th4) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th4;
        }
    }

    private String searchUser(String str, HashMap<String, String> hashMap, DirContext dirContext) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningObjFlag(true);
        searchControls.setSearchScope(this.searchScope);
        String replaceAll = this.searchPattern.replaceAll(Pattern.quote("%LOGIN%"), escapeLDAPSearchFilter(str));
        log.debug("Searching LDAP for " + replaceAll);
        NamingEnumeration search = dirContext.search(this.base, replaceAll, searchControls);
        try {
            if (!search.hasMore()) {
                throw new NoSuchElementException();
            }
            log.debug("LDAP returned >=1 record.");
            SearchResult searchResult = (SearchResult) search.next();
            String name = searchResult.getName();
            for (Map.Entry<String, String> entry : this.attributeMap.entrySet()) {
                log.debug("found LDAP attribute: " + entry.getKey());
                Attribute attribute = searchResult.getAttributes().get(entry.getKey());
                if (attribute != null) {
                    hashMap.put(entry.getValue(), attribute.get().toString());
                }
            }
            return name;
        } finally {
            search.close();
        }
    }

    private static final String escapeLDAPSearchFilter(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.UserDataProvider
    public Map<String, String> verify(Map<String, String> map) {
        String str = map.get("username");
        String str2 = map.get("password");
        if (str == null || str2 == null) {
            throw new NoSuchElementException();
        }
        try {
            return auth(str, str2);
        } catch (NoSuchElementException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        } catch (AuthenticationException e3) {
            log.debug("", e3);
            throw new NoSuchElementException();
        }
    }

    public String getUrl() {
        return this.url;
    }

    @MCAttribute
    @Required
    public void setUrl(String str) {
        this.url = str;
    }

    public String getBase() {
        return this.base;
    }

    @MCAttribute
    @Required
    public void setBase(String str) {
        this.base = str;
    }

    public String getBinddn() {
        return this.binddn;
    }

    @MCAttribute
    public void setBinddn(String str) {
        this.binddn = str;
    }

    public String getBindpw() {
        return this.bindpw;
    }

    @MCAttribute
    public void setBindpw(String str) {
        this.bindpw = str;
    }

    public String getSearchPattern() {
        return this.searchPattern;
    }

    @MCAttribute
    @Required
    public void setSearchPattern(String str) {
        this.searchPattern = str;
    }

    public SearchScope getSearchScope() {
        return SearchScope.values()[this.searchScope];
    }

    @MCAttribute
    public void setSearchScope(SearchScope searchScope) {
        this.searchScope = searchScope.ordinal();
    }

    public String getPasswordAttribute() {
        return this.passwordAttribute;
    }

    @MCAttribute
    public void setPasswordAttribute(String str) {
        this.passwordAttribute = str;
        if (str != null) {
            this.attributeMap.put(str, "_pass");
        }
    }

    public String getTimeout() {
        return this.timeout;
    }

    @MCAttribute
    public void setTimeout(String str) {
        this.timeout = str;
    }

    public String getConnectTimeout() {
        return this.connectTimeout;
    }

    @MCAttribute
    public void setConnectTimeout(String str) {
        this.connectTimeout = str;
    }

    public boolean isReadAttributesAsSelf() {
        return this.readAttributesAsSelf;
    }

    @MCAttribute
    public void setReadAttributesAsSelf(boolean z) {
        this.readAttributesAsSelf = z;
    }

    public HashMap<String, String> getAttributeMap() {
        return this.attributeMap;
    }

    public void setAttributeMap(HashMap<String, String> hashMap) {
        this.attributeMap = hashMap;
        if (this.passwordAttribute != null) {
            hashMap.put(this.passwordAttribute, "_pass");
        }
    }

    public SSLParser getSslParser() {
        return this.sslParser;
    }

    @MCChildElement(order = 100, allowForeign = true)
    public void setSslParser(SSLParser sSLParser) {
        this.sslParser = sSLParser;
    }

    @Override // com.predic8.membrane.core.interceptor.authentication.session.UserDataProvider
    public void init(Router router) {
        if (this.passwordAttribute != null && this.readAttributesAsSelf) {
            throw new RuntimeException("@passwordAttribute is not compatible with @readAttributesAsSelf.");
        }
        if (this.map != null) {
            for (AttributeMap.Attribute attribute : this.map.getAttributes()) {
                this.attributeMap.put(attribute.getFrom(), attribute.getTo());
            }
        }
        if (this.passwordAttribute != null) {
            this.attributeMap.put(this.passwordAttribute, "_pass");
        }
        if (this.sslParser != null) {
            CustomSocketFactory.sslContext = new StaticSSLContext(this.sslParser, router.getResolverMap(), router.getBaseLocation());
        }
    }

    public AttributeMap getMap() {
        return this.map;
    }

    @MCChildElement(order = 200)
    public void setMap(AttributeMap attributeMap) {
        this.map = attributeMap;
    }
}
