package com.urbancode.anthill3.domain.authorization.ldap;

import com.urbancode.anthill3.domain.authorization.AuthorizationRealm;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.security.AuthorizationException;
import com.urbancode.anthill3.domain.security.Role;
import com.urbancode.anthill3.domain.security.RoleFactory;
import com.urbancode.anthill3.domain.security.User;
import com.urbancode.commons.util.ObjectUtil;
import com.urbancode.commons.util.xml.annotation.XMLBasicElement;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.security.auth.callback.Callback;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/urbancode/anthill3/domain/authorization/ldap/LDAPAuthorizationRealm.class */
public class LDAPAuthorizationRealm extends AuthorizationRealm {
    private static final long serialVersionUID = 1;
    private static Logger log = Logger.getLogger(LDAPAuthorizationRealm.class);

    @XMLBasicElement(name = "roleAttribute")
    String roleAttribute;

    @XMLBasicElement(name = "roleAttributeRecursion")
    boolean roleAttributeRecursion;

    @XMLBasicElement(name = "roleBase")
    String roleBase;

    @XMLBasicElement(name = "roleSearchSubtree")
    boolean roleSearchSubtree;

    @XMLBasicElement(name = "roleSearch")
    String roleSearch;

    @XMLBasicElement(name = "roleName")
    String roleName;

    @XMLBasicElement(name = "isRecursiveGroupSearch")
    boolean isRecursiveGroupSearch;
    Collection<LDAPRoleMapping> roleMappings;

    public LDAPAuthorizationRealm() {
        this.roleMappings = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPAuthorizationRealm(boolean z) {
        super(z);
        this.roleMappings = new ArrayList();
    }

    public boolean isRecursiveGroupSearch() {
        return this.isRecursiveGroupSearch;
    }

    public String getRoleAttribute() {
        return this.roleAttribute;
    }

    public void setIsRecursiveGroupSearch(boolean z) {
        if (this.isRecursiveGroupSearch != z) {
            setDirty(true);
            this.isRecursiveGroupSearch = z;
        }
    }

    public void setRoleAttribute(String str) {
        if (ObjectUtil.isEqual(this.roleAttribute, str)) {
            return;
        }
        setDirty(true);
        this.roleAttribute = str;
    }

    public boolean isUsingRoleAttributeRecursion() {
        return this.roleAttributeRecursion;
    }

    public void setUsingRoleAttributeRecursion(boolean z) {
        if (this.roleAttributeRecursion != z) {
            setDirty();
            this.roleAttributeRecursion = z;
        }
    }

    public String getRoleBase() {
        return this.roleBase;
    }

    public void setRoleBase(String str) {
        if (ObjectUtil.isEqual(this.roleBase, str)) {
            return;
        }
        setDirty(true);
        this.roleBase = str;
    }

    public boolean getRoleSearchSubtree() {
        return this.roleSearchSubtree;
    }

    public void setRoleSearchSubtree(boolean z) {
        if (this.roleSearchSubtree != z) {
            setDirty(true);
            this.roleSearchSubtree = z;
        }
    }

    public String getRoleSearch() {
        return this.roleSearch;
    }

    public void setRoleSearch(String str) {
        if (ObjectUtil.isEqual(this.roleSearch, str)) {
            return;
        }
        setDirty(true);
        this.roleSearch = str;
    }

    public String getRoleName() {
        return this.roleName;
    }

    public void setRoleName(String str) {
        if (ObjectUtil.isEqual(this.roleName, str)) {
            return;
        }
        setDirty(true);
        this.roleName = str;
    }

    public Collection<LDAPRoleMapping> getRoleMappings() {
        return this.roleMappings;
    }

    public void addRoleMapping(LDAPRoleMapping lDAPRoleMapping) {
        synchronized (this.roleMappings) {
            boolean z = true;
            Iterator<LDAPRoleMapping> it = getRoleMappings().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                LDAPRoleMapping next = it.next();
                if (next.getAnthillRole() != null && next.getAnthillRole().equals(lDAPRoleMapping.getAnthillRole()) && next.getLDAPRoleName().equals(lDAPRoleMapping.getLDAPRoleName())) {
                    z = false;
                    break;
                }
            }
            if (z) {
                setDirty(true);
                this.roleMappings.add(lDAPRoleMapping);
            }
        }
    }

    public boolean removeRoleMapping(LDAPRoleMapping lDAPRoleMapping) {
        boolean remove;
        synchronized (this.roleMappings) {
            remove = this.roleMappings.remove(lDAPRoleMapping);
        }
        if (remove) {
            setDirty(true);
        }
        return remove;
    }

    public Role[] getLDAPMappedRoles(String str) throws PersistenceException {
        HashSet hashSet = new HashSet();
        synchronized (this.roleMappings) {
            for (LDAPRoleMapping lDAPRoleMapping : getRoleMappings()) {
                if (lDAPRoleMapping.getLDAPRoleName().equals(str)) {
                    hashSet.add(lDAPRoleMapping.getAnthillRole());
                }
            }
        }
        return (Role[]) hashSet.toArray(new Role[hashSet.size()]);
    }

    public boolean hasLDAPMappedRoles() {
        return !this.roleMappings.isEmpty();
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public boolean allowsRoleManagement() {
        return false;
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Callback[] getCallbacks() {
        return null;
    }

    @Override // com.urbancode.anthill3.domain.authorization.AuthorizationRealm
    public Role[] getUserRoles(User user, Callback[] callbackArr) throws AuthorizationException {
        try {
            return RoleFactory.getInstance().restoreAllForUser(user);
        } catch (PersistenceException e) {
            throw new AuthorizationException(e);
        }
    }

    private void searchRolesRecursive(InitialDirContext initialDirContext, String str, String str2, Set<Role> set, Set<String> set2) throws NamingException, PersistenceException {
        String format = new MessageFormat(getRoleSearch()).format(new String[]{escapeSearch(str), escapeSearch(str2)});
        log.debug("LDAP Role Search: " + format);
        SearchControls searchControls = new SearchControls();
        if (getRoleSearchSubtree()) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        searchControls.setReturningAttributes(new String[]{getRoleName()});
        NamingEnumeration search = initialDirContext.search(getRoleBase(), format, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            String nameInNamespace = searchResult.getNameInNamespace();
            NamingEnumeration all = searchResult.getAttributes().get(getRoleName()).getAll();
            while (all.hasMore()) {
                String str3 = (String) all.next();
                log.debug("Found LDAP Role for User: " + str3);
                for (Role role : getLDAPMappedRoles(str3)) {
                    log.debug("Mapped LDAP Role to Anthill Role for User: " + role.getName());
                    set.add(role);
                }
            }
            if (set2.add(nameInNamespace) && this.isRecursiveGroupSearch) {
                log.debug("Searching for groups containing: " + nameInNamespace);
                searchRolesRecursive(initialDirContext, nameInNamespace, nameInNamespace, set, set2);
            }
        }
    }

    public Role[] getUserRoles(InitialDirContext initialDirContext, String str, String str2) throws AuthorizationException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        try {
            if (hasLDAPMappedRoles()) {
                log.debug("LDAP Role Mapping configured");
                if (getRoleAttribute() != null && getRoleAttribute().length() > 0) {
                    log.debug("LDAP Role Mapping Method: Attribute");
                    try {
                        addRolesToCollectionFromLDAPAttributes(hashSet, new HashSet(), initialDirContext, str);
                    } catch (NamingException e) {
                        throw new AuthorizationException((Throwable) e);
                    }
                } else if (getRoleName() != null && getRoleName().length() > 0) {
                    log.debug("LDAP Role Mapping Method: Search");
                    searchRolesRecursive(initialDirContext, str, str2, hashSet, hashSet2);
                }
                if (hashSet.size() == 0) {
                    throw new AuthorizationException("User does not have sufficient priviledges to login");
                }
            } else {
                log.debug("Did not find LDAP Role Mappings");
            }
            return (Role[]) hashSet.toArray(new Role[hashSet.size()]);
        } catch (NamingException e2) {
            log.debug("Error occurred during LDAP Authorization: " + e2.getMessage(), e2);
            throw new AuthorizationException((Throwable) e2);
        } catch (PersistenceException e3) {
            log.debug("Error occurred during LDAP Authorization: " + e3.getMessage(), e3);
            throw new AuthorizationException(e3);
        } catch (Exception e4) {
            log.debug("Error occurred during LDAP Authorization: " + e4.getMessage(), e4);
            throw new AuthorizationException(e4);
        }
    }

    protected void addRolesToCollectionFromLDAPAttributes(Set<Role> set, Set<String> set2, InitialDirContext initialDirContext, String str) throws NamingException, PersistenceException {
        Attribute attribute = initialDirContext.getAttributes(new LdapName(str), new String[]{getRoleAttribute()}).get(getRoleAttribute());
        if (attribute != null) {
            NamingEnumeration all = attribute.getAll();
            while (all.hasMore()) {
                String str2 = (String) all.next();
                for (Role role : getLDAPMappedRoles(str2)) {
                    set.add(role);
                }
                if (isUsingRoleAttributeRecursion() && !set2.contains(str2)) {
                    set2.add(str2);
                    addRolesToCollectionFromLDAPAttributes(set, set2, initialDirContext, str2);
                }
            }
        }
    }

    private String escapeSearch(String str) {
        return StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "\\", "\\5c"), "(", "\\28"), ")", "\\29"), "*", "\\2A");
    }
}
