package com.urbancode.anthill3.domain.authentication.ldap;

import com.urbancode.anthill3.domain.authentication.BaseLoginModule;
import com.urbancode.anthill3.domain.authorization.AuthorizationRealm;
import com.urbancode.anthill3.domain.authorization.ldap.LDAPAuthorizationRealm;
import com.urbancode.anthill3.domain.security.AuthorizationException;
import com.urbancode.anthill3.domain.security.Role;
import com.urbancode.anthill3.domain.security.User;
import com.urbancode.anthill3.domain.userprofile.UserProfile;
import com.urbancode.commons.util.StringUtil;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.CompositeName;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/urbancode/anthill3/domain/authentication/ldap/LDAPLoginModule.class */
public class LDAPLoginModule extends BaseLoginModule {
    private static final Logger log = Logger.getLogger(LDAPLoginModule.class);
    private static final String LDAP_AUTH_TYPE = "simple";
    private static final String REFERRAL_FOLLOW = "follow";
    private String password;
    private String firstName;
    private String lastName;
    private String email;
    private String yahooIm;
    private String xmppIm;
    private String msnIm;
    private InitialDirContext context;
    private String userDN;

    public LDAPLoginModule() {
        this.password = null;
        this.firstName = null;
        this.lastName = null;
        this.email = null;
        this.context = null;
        this.userDN = null;
    }

    public LDAPLoginModule(String str, LDAPAuthenticationRealm lDAPAuthenticationRealm) {
        this.password = null;
        this.firstName = null;
        this.lastName = null;
        this.email = null;
        this.context = null;
        this.userDN = null;
        this.userName = str;
        this.realm = lDAPAuthenticationRealm;
        this.password = "";
    }

    public User copyUserFromLdap() throws LoginException {
        try {
            if (!isUserAuthentic(true)) {
                throw new IllegalStateException("User " + this.userName + " could not be found in ldap");
            }
            getOrCreateUser(this.userName);
            return this.user;
        } finally {
            cleanup();
        }
    }

    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public boolean abort() throws LoginException {
        try {
            return super.abort();
        } finally {
            cleanup();
        }
    }

    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public boolean commit() throws LoginException {
        try {
            return super.commit();
        } finally {
            cleanup();
        }
    }

    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public boolean login() throws LoginException {
        ArrayList arrayList = new ArrayList();
        NameCallback nameCallback = new NameCallback("username: ");
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        arrayList.add(nameCallback);
        arrayList.add(passwordCallback);
        if (this.authorizationCallbacks != null) {
            Collections.addAll(arrayList, this.authorizationCallbacks);
        }
        try {
            this.callbackHandler.handle((Callback[]) arrayList.toArray(new Callback[0]));
            this.userName = nameCallback.getName();
            if (StringUtils.isBlank(this.userName)) {
                return false;
            }
            if (!getRealm().isAllowed(this.userName)) {
                throw new LoginException("Username not allowed by " + getRealm().getName() + " filters");
            }
            char[] password = passwordCallback.getPassword();
            if (password == null) {
                password = new char[0];
            }
            this.password = new String(password);
            if (StringUtils.isNotEmpty(this.userName) && StringUtils.isNotEmpty(this.password)) {
                this.succeeded = isUserAuthentic(false);
            }
            if (!this.succeeded) {
                addToFailedUsers(this.userName);
            }
            return this.succeeded;
        } catch (IOException e) {
            throw newLoginException("Error while authorizing user login.", e);
        } catch (UnsupportedCallbackException e2) {
            throw newLoginException("Error while authorizing user login.", e2);
        }
    }

    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public boolean logout() throws LoginException {
        cleanup();
        this.userDN = null;
        this.password = null;
        return super.logout();
    }

    protected void cleanup() {
        if (this.context != null) {
            try {
                this.context.close();
            } catch (NamingException e) {
                log.warn("Exception during ldap disconnect for authentication", e);
            }
            this.context = null;
        }
    }

    protected boolean isUserAuthentic(boolean z) throws LoginException {
        boolean z2 = false;
        if (StringUtil.isEmpty(this.password) && !z) {
            throw newLoginException("Can not use empty password with LDAP", null);
        }
        try {
        } catch (AuthenticationException e) {
            z2 = false;
        } catch (NamingException e2) {
            log.debug("Error occurred during LDAP Authentication: " + e2.getMessage(), e2);
            throw newLoginException("Error while authorizing user login.", e2);
        }
        if (this.context != null) {
            throw new IllegalStateException("LDAP context is already open, can not open again");
        }
        LDAPAuthenticationRealm realm = getRealm();
        try {
            this.context = createLdapContext(realm);
            if (realm.getUserPattern() != null && realm.getUserPattern().length() > 0) {
                this.userDN = new MessageFormat(realm.getUserPattern()).format(new String[]{this.userName});
                log.debug("User DN: " + this.userDN);
                try {
                    readAttributesFromLdap(createLdapContext(realm, this.userDN, this.password), realm);
                    z2 = true;
                    return z2;
                } finally {
                }
            }
            String str = null;
            try {
                str = new MessageFormat(realm.getUserSearch()).format(new String[]{this.userName});
                SearchControls searchControls = new SearchControls();
                if (realm.getUserSearchSubtree()) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                NamingEnumeration search = this.context.search(realm.getUserBase(), str, searchControls);
                if (!search.hasMore()) {
                    log.error("User entry not found in the search: " + realm.getUserBase());
                    z2 = false;
                }
                while (!z2 && search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    String str2 = null;
                    try {
                        str2 = searchResult.getName();
                        NameParser nameParser = this.context.getNameParser("");
                        this.userDN = nameParser.parse(this.context.getNameInNamespace()).addAll(nameParser.parse(realm.getUserBase())).addAll(nameParser.parse(new CompositeName(searchResult.getName()).get(0))).toString();
                        log.debug("Result DN: " + this.userDN);
                        log.debug("Ldap password NOT located, attempting to bind to LDAP!");
                        if (z) {
                            readAttributesFromLdap(this.context, realm);
                            z2 = true;
                        } else {
                            try {
                                readAttributesFromLdap(createLdapContext(realm, this.userDN, this.password), realm);
                                z2 = true;
                            } finally {
                            }
                        }
                    } catch (NamingException e3) {
                        log.error("Error occurred while constructing the UserDN on a search result. User Base is: " + realm.getUserBase() + ", Result Name is: " + str2 + ", User DN is: " + this.userDN, e3);
                        throw newLoginException("Error while authorizing user login.", e3);
                    }
                }
                return z2;
            } catch (NamingException e4) {
                log.error("Error occurred while performing user search. User Base is: " + realm.getUserBase() + ", User Search is: " + realm.getUserSearch() + ", Username is: " + this.userName + ", Search is: " + str, e4);
                throw newLoginException("Error while authorizing user login.", e4);
            }
        } catch (NamingException e5) {
            throw newLoginException("Error while authorizing user login.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public Role[] getUserRoles() throws AuthorizationException {
        Role[] userRoles;
        AuthorizationRealm authorizationRealm = getAuthorizationRealm();
        if (authorizationRealm instanceof LDAPAuthorizationRealm) {
            log.debug("Locating user roles for user " + this.userDN);
            log.debug("Using ldap realm");
            userRoles = ((LDAPAuthorizationRealm) authorizationRealm).getUserRoles(this.context, this.userDN, this.userName);
        } else {
            userRoles = super.getUserRoles();
        }
        return userRoles;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public void setUserAttributes(User user, UserProfile userProfile) {
        super.setUserAttributes(user, userProfile);
        if (this.userProfile.getFirstName() == null && this.firstName != null) {
            this.userProfile.setFirstName(this.firstName);
        }
        if (this.userProfile.getLastName() == null && this.lastName != null) {
            this.userProfile.setLastName(this.lastName);
        }
        if (this.userProfile.getEmailAddress() == null && this.email != null) {
            this.userProfile.setEmailAddress(this.email);
        }
        if (this.userProfile.getYahooId() == null && this.yahooIm != null) {
            this.userProfile.setYahooId(this.yahooIm);
        }
        if (this.userProfile.getJabberId() == null && this.xmppIm != null) {
            this.userProfile.setJabberId(this.xmppIm);
        }
        if (this.userProfile.getMsnId() != null || this.msnIm == null) {
            return;
        }
        this.userProfile.setMsnId(this.msnIm);
    }

    protected InitialDirContext createLdapContext(LDAPAuthenticationRealm lDAPAuthenticationRealm) throws NamingException {
        return createLdapContext(lDAPAuthenticationRealm, lDAPAuthenticationRealm.getConnectionName(), lDAPAuthenticationRealm.getConnectionPwd());
    }

    protected InitialDirContext createLdapContext(LDAPAuthenticationRealm lDAPAuthenticationRealm, String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("com.sun.jndi.ldap.connect.pool", "true");
        hashtable.put("java.naming.factory.initial", lDAPAuthenticationRealm.getContextFactory());
        hashtable.put("java.naming.provider.url", lDAPAuthenticationRealm.getUrl());
        if (StringUtils.isNotEmpty(str)) {
            hashtable.put("java.naming.security.principal", str);
            hashtable.put("java.naming.security.credentials", str2);
            hashtable.put("java.naming.security.authentication", LDAP_AUTH_TYPE);
        }
        hashtable.put("java.naming.referral", REFERRAL_FOLLOW);
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = new InitialDirContext(hashtable);
            if (StringUtils.isNotEmpty(str)) {
                initialDirContext.list(str);
            }
            return initialDirContext;
        } catch (NamingException e) {
            if (initialDirContext != null) {
                try {
                    initialDirContext.close();
                } catch (Exception e2) {
                    log.debug("Could not close context while handling exception " + e2, e2);
                }
            }
            String str3 = "Error occurred while attempting to bind to LDAP. LDAP URL is: " + lDAPAuthenticationRealm.getUrl();
            if (StringUtils.isNotEmpty(str)) {
                str3 = str3 + ", User Name is: " + str;
            }
            log.error(str3);
            throw newNamingException(str3, e);
        }
    }

    private String getAttribute(InitialDirContext initialDirContext, String str) {
        String str2 = null;
        if (str != null) {
            try {
                Attribute attribute = initialDirContext.getAttributes(this.userDN).get(str);
                if (attribute != null) {
                    str2 = (String) attribute.get();
                }
            } catch (NamingException e) {
                log.debug("Error retrieved LDAP attribute " + str + " - " + e.getMessage());
            }
        }
        return str2;
    }

    protected void readAttributesFromLdap(InitialDirContext initialDirContext, LDAPAuthenticationRealm lDAPAuthenticationRealm) throws NamingException {
        initialDirContext.list(this.userDN);
        this.firstName = getAttribute(initialDirContext, lDAPAuthenticationRealm.getFirstNameAttribute());
        this.lastName = getAttribute(initialDirContext, lDAPAuthenticationRealm.getLastNameAttribute());
        this.email = getAttribute(initialDirContext, lDAPAuthenticationRealm.getEmailAttribute());
        this.yahooIm = getAttribute(initialDirContext, lDAPAuthenticationRealm.getYahooImAttribute());
        this.xmppIm = getAttribute(initialDirContext, lDAPAuthenticationRealm.getXmppImAttribute());
        this.msnIm = getAttribute(initialDirContext, lDAPAuthenticationRealm.getMsnImAttribute());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.urbancode.anthill3.domain.authentication.BaseLoginModule
    public LDAPAuthenticationRealm getRealm() {
        return (LDAPAuthenticationRealm) this.realm;
    }

    protected NamingException newNamingException(String str, Throwable th) {
        NamingException namingException = new NamingException(str);
        if (th != null) {
            namingException.initCause(th);
        }
        return namingException;
    }
}
