package org.clazzes.login.ldap;

import java.net.PasswordAuthentication;
import java.net.URI;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.clazzes.util.sec.DomainGroup;
import org.clazzes.util.sec.DomainPasswordLoginService;
import org.clazzes.util.sec.DomainPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/ldap/LdapDomainPasswordLoginService.class */
public class LdapDomainPasswordLoginService implements DomainPasswordLoginService {
    private static final Logger log = LoggerFactory.getLogger(LdapDomainPasswordLoginService.class);
    private ConfigurationService configurationService;
    private GroupInfoCache groupInfoCache;

    public DomainPrincipal tryLogin(String str, String str2, String str3) {
        String absoluteDn;
        AdsPrincipal createPrincipal;
        LdapContext ldapContext = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            try {
                Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader());
                DomainConfig domainController = this.configurationService.getDomainController(str);
                if (domainController == null) {
                    throw new SecurityException("Invalid domain [" + str + "] specified.");
                }
                if (str3.isEmpty() && !domainController.isAllowEmptyPasswords()) {
                    throw new SecurityException("Domain [" + str + "] does not allow empty passwords to be specified.");
                }
                URI resolveServerURI = AdsHelper.resolveServerURI(domainController.getControllerUri());
                if (log.isDebugEnabled()) {
                    log.debug("Connecting to LDAP server [{}] for domain [{}]...", resolveServerURI, str);
                }
                if (ConfigurationService.AUTHMETHOD_BINDADS.equals(domainController.getAuthMethod())) {
                    absoluteDn = str2 + "@" + str;
                    createPrincipal = new AdsPrincipal(str2, str, str2, null);
                } else {
                    if (!ConfigurationService.AUTHMETHOD_SEARCH_AND_BIND.equals(domainController.getAuthMethod())) {
                        throw new SecurityException("Invalid authentication method [" + domainController.getAuthMethod() + "] specified.");
                    }
                    LdapContext connectToADS = AdsHelper.connectToADS(resolveServerURI, domainController.getBindCredentials(), domainController.getAuthMechanism());
                    if (log.isDebugEnabled()) {
                        log.debug("Sucessfully connected to LDAP server [{}] for domain [{}].", resolveServerURI, str);
                    }
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(2);
                    if (log.isDebugEnabled()) {
                        log.debug("Searching [{}={}]...", domainController.getUserAttribute(), str2);
                    }
                    NamingEnumeration search = connectToADS.search(domainController.getBaseDnToUsers(), "{0}={1}", new Object[]{domainController.getUserAttribute(), str2}, searchControls);
                    if (!search.hasMoreElements()) {
                        throw new SecurityException("User [" + str2 + "] not found in domain [" + str + "].");
                    }
                    SearchResult searchResult = (SearchResult) search.next();
                    absoluteDn = AdsHelper.getAbsoluteDn(resolveServerURI, domainController.getBaseDnToUsers(), searchResult);
                    log.info("User [{}] in domain [{}] resolved to DN [{}].", new Object[]{str2, str, absoluteDn});
                    createPrincipal = AdsHelper.createPrincipal(domainController, searchResult);
                    connectToADS.close();
                }
                PasswordAuthentication passwordAuthentication = new PasswordAuthentication(absoluteDn, str3.toCharArray());
                if (log.isDebugEnabled()) {
                    log.debug("Binding as [{}] to domain [{}]...", absoluteDn, str);
                }
                LdapContext connectToADS2 = AdsHelper.connectToADS(resolveServerURI, passwordAuthentication, domainController.getAuthMechanism());
                AdsPrincipal adsPrincipal = createPrincipal;
                if (connectToADS2 != null) {
                    try {
                        connectToADS2.close();
                    } catch (NamingException e) {
                        log.warn("Error closing LDAP context", e);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return adsPrincipal;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e2) {
                        log.warn("Error closing LDAP context", e2);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                throw th;
            }
        } catch (Exception e3) {
            if (log.isDebugEnabled()) {
                log.debug("Caught exception during LDAP authentication", e3);
            }
            log.error("Invalid initial login of user [{}] to domain [{}].", str2, str);
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    log.warn("Error closing LDAP context", e4);
                }
            }
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            return null;
        }
    }

    public String getDefaultDomain() {
        return this.configurationService.getDefaultDomain();
    }

    public List<String> getDomains() {
        return this.configurationService.getDomains();
    }

    public void changePassword(String str, String str2, String str3, String str4) {
        throw new UnsupportedOperationException();
    }

    public void deactivateUser(String str, String str2, String str3) {
        throw new UnsupportedOperationException();
    }

    public List<DomainGroup> getGroups(String str, String str2) {
        Vector<DomainGroup> domainGroups;
        LdapContext ldapContext = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        GroupInfo groupInfo = null;
        try {
            try {
                Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader());
                DomainConfig correctDomainConfig = getCorrectDomainConfig(str);
                long groupCacheSeconds = correctDomainConfig.getGroupCacheSeconds();
                long groupTimeoutSeconds = correctDomainConfig.getGroupTimeoutSeconds();
                long currentTimeMillis = System.currentTimeMillis();
                if (groupCacheSeconds > 0) {
                    GroupInfo groupInfo2 = this.groupInfoCache.getGroupInfo(str, str2, currentTimeMillis + (1000 * groupCacheSeconds));
                    List<DomainGroup> waitForResult = groupInfo2.waitForResult(groupTimeoutSeconds * 1000);
                    if (waitForResult != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Returning cached groups [{}] for user [{}/{}].", new Object[]{waitForResult, str, str2});
                        }
                        if (0 != 0) {
                            try {
                                ldapContext.close();
                            } catch (NamingException e) {
                                log.warn("Error closing LDAP context", e);
                            }
                        }
                        if (contextClassLoader != null) {
                            Thread.currentThread().setContextClassLoader(contextClassLoader);
                        }
                        return waitForResult;
                    }
                    groupInfo = groupInfo2;
                }
                URI resolveServerURI = AdsHelper.resolveServerURI(correctDomainConfig.getControllerUri());
                LdapContext connectToADS = AdsHelper.connectToADS(resolveServerURI, correctDomainConfig.getBindCredentials(), correctDomainConfig.getAuthMechanism());
                if (log.isDebugEnabled()) {
                    log.debug("Sucessfully connected to LDAP server [{}] for domain [{}].", resolveServerURI, str);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Searching [{}={}]...", correctDomainConfig.getUserAttribute(), str2);
                }
                SearchResult searchForUser = searchForUser(str, str2, connectToADS, correctDomainConfig);
                String absoluteDn = AdsHelper.getAbsoluteDn(resolveServerURI, correctDomainConfig.getBaseDnToUsers(), searchForUser);
                log.info("User [{}] found in domain [{}] resolved to DN [{}].", new Object[]{str2, str, absoluteDn});
                Attributes attributes = searchForUser.getAttributes();
                if (attributes == null) {
                    log.warn("Search result with DN [" + absoluteDn + "] has no attributes");
                    domainGroups = new Vector<>();
                } else {
                    if (!correctDomainConfig.isAllowGroupsForDisabledUser() && AdsHelper.isDisabledAdUser(attributes)) {
                        throw new SecurityException("User account " + str + "\\" + str2 + " was disabled.");
                    }
                    domainGroups = getDomainGroups(connectToADS, correctDomainConfig, resolveServerURI, getMemberOfDns(attributes));
                }
                if (groupInfo != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Caching groups [{}] for user [{}/{}].", new Object[]{domainGroups, str, str2});
                    }
                    groupInfo.setResult(domainGroups);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Returning groups [{}] for user [{}/{}].", new Object[]{domainGroups, str, str2});
                }
                Vector<DomainGroup> vector = domainGroups;
                if (connectToADS != null) {
                    try {
                        connectToADS.close();
                    } catch (NamingException e2) {
                        log.warn("Error closing LDAP context", e2);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return vector;
            } catch (Throwable th) {
                if (log.isDebugEnabled()) {
                    log.debug("Caught exception during LDAP authentication", th);
                }
                if (0 != 0) {
                    groupInfo.setError(th.getMessage(), System.currentTimeMillis() + (30 * 1000 * 2));
                }
                log.error("Error querying groups of user [" + str + "/" + str2 + "].", th);
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e3) {
                        log.warn("Error closing LDAP context", e3);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return null;
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    log.warn("Error closing LDAP context", e4);
                }
            }
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th2;
        }
    }

    private SearchResult searchForUser(String str, String str2, LdapContext ldapContext, DomainConfig domainConfig) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(domainConfig.getBaseDnToUsers(), "{0}={1}", new Object[]{domainConfig.getUserAttribute(), str2}, searchControls);
        if (search.hasMoreElements()) {
            return (SearchResult) search.next();
        }
        throw new SecurityException("User [" + str2 + "] not found in domain [" + str + "].");
    }

    private Vector<String> getMemberOfDns(Attributes attributes) throws NamingException {
        Vector<String> vector = new Vector<>();
        Attribute attribute = attributes.get("memberOf");
        if (attribute != null) {
            NamingEnumeration all = attribute.getAll();
            while (all.hasMoreElements()) {
                String obj = all.nextElement().toString();
                if (log.isTraceEnabled()) {
                    log.trace("Found memberOf element with groupDn [" + obj + "] and CN [" + getGroupNameOffCn(obj) + "]");
                }
                vector.add(obj);
            }
        }
        return vector;
    }

    private Vector<DomainGroup> getDomainGroups(LdapContext ldapContext, DomainConfig domainConfig, URI uri, Vector<String> vector) throws NamingException {
        SearchResult searchResult;
        Vector<DomainGroup> vector2 = new Vector<>();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        if (vector.size() > 0) {
            Iterator<String> it = vector.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (log.isDebugEnabled()) {
                    log.debug("Searching [{}] with args {}", new Object[]{"distinguishedName={0}", next});
                }
                NamingEnumeration search = ldapContext.search(AdsHelper.getRelativeDn(uri, "", next), "distinguishedName={0}", new Object[]{next}, searchControls);
                while (search.hasMoreElements() && (searchResult = (SearchResult) search.next()) != null) {
                    AdsGroup createGroup = AdsHelper.createGroup(domainConfig, searchResult);
                    if (log.isTraceEnabled()) {
                        log.trace("Found group object: [{}]", createGroup.toString());
                    }
                    vector2.add(createGroup);
                }
            }
            debugLogFoundGroups(vector2);
        }
        return vector2;
    }

    private void debugLogFoundGroups(Vector<DomainGroup> vector) {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            Iterator<DomainGroup> it = vector.iterator();
            while (it.hasNext()) {
                DomainGroup next = it.next();
                if (sb.length() != 0) {
                    sb.append(", ");
                }
                sb.append(next.getDomain()).append("\\").append(next.getGroupName());
            }
            log.debug("Found user groups: [" + ((Object) sb) + "]");
        }
    }

    private String getGroupNameOffCn(String str) throws InvalidNameException {
        for (Rdn rdn : new LdapName(str).getRdns()) {
            if ("CN".equals(rdn.getType())) {
                Object value = rdn.getValue();
                if (value == null) {
                    return null;
                }
                return value.toString();
            }
        }
        return null;
    }

    private DomainConfig getCorrectDomainConfig(String str) {
        DomainConfig domainController = this.configurationService.getDomainController(str);
        if (domainController == null) {
            throw new SecurityException("Invalid domain [" + str + "] specified.");
        }
        if (domainController.getBindCredentials() == null || domainController.getBindCredentials().getUserName() == null || domainController.getBindCredentials().getUserName().length() == 0) {
            throw new SecurityException("Domain [" + str + "] has no bind dn.");
        }
        return domainController;
    }

    public List<DomainPrincipal> getGroupMembers(String str, String str2) {
        SearchResult searchResult;
        LdapContext ldapContext = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            try {
                Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader());
                DomainConfig correctDomainConfig = getCorrectDomainConfig(str);
                URI resolveServerURI = AdsHelper.resolveServerURI(correctDomainConfig.getControllerUri());
                LdapContext connectToADS = AdsHelper.connectToADS(resolveServerURI, correctDomainConfig.getBindCredentials(), correctDomainConfig.getAuthMechanism());
                if (log.isDebugEnabled()) {
                    log.debug("Sucessfully connected to LDAP server [{}] for domain [{}].", resolveServerURI, str);
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                if (log.isDebugEnabled()) {
                    log.debug("Searching group [{}] in domain [{}]", new Object[]{str2, str});
                }
                NamingEnumeration search = connectToADS.search(correctDomainConfig.getBaseDnToGroups(), "{0}={1}", new Object[]{correctDomainConfig.getGroupAttribute(), str2}, searchControls);
                if (!search.hasMoreElements()) {
                    throw new SecurityException("Group [" + str2 + "] not found in domain [" + str + "].");
                }
                String absoluteDn = AdsHelper.getAbsoluteDn(resolveServerURI, correctDomainConfig.getBaseDnToGroups(), (SearchResult) search.next());
                log.debug("Group [" + str2 + "] has full DN [" + absoluteDn + "].");
                if (log.isDebugEnabled()) {
                    log.debug("Searching [{}] with args {}", new Object[]{"memberOf={0}", absoluteDn});
                }
                NamingEnumeration search2 = connectToADS.search(correctDomainConfig.getBaseDnToUsers(), "memberOf={0}", new Object[]{absoluteDn}, searchControls);
                Vector vector = new Vector();
                while (search2.hasMoreElements() && (searchResult = (SearchResult) search2.next()) != null) {
                    AdsPrincipal createPrincipal = AdsHelper.createPrincipal(correctDomainConfig, searchResult);
                    log.debug("Found group member: [{}]", createPrincipal.toString());
                    vector.add(createPrincipal);
                }
                if (vector.size() == 0) {
                    log.warn("Group [" + str2 + "] found in domain [" + str + "] does not exist or has no members.");
                } else {
                    log.debug("Group [" + str2 + "] found in domain [" + str + "] has " + vector.size() + " members.");
                }
                connectToADS.close();
                LdapContext ldapContext2 = null;
                if (0 != 0) {
                    try {
                        ldapContext2.close();
                    } catch (NamingException e) {
                        log.warn("Error closing LDAP context", e);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return vector;
            } catch (Exception e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Caught exception during LDAP authentication", e2);
                }
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e3) {
                        log.warn("Error closing LDAP context", e3);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    log.warn("Error closing LDAP context", e4);
                }
            }
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th;
        }
    }

    public int getSupportedFeatures(String str) {
        return 52;
    }

    public DomainPrincipal searchUser(String str, String str2) {
        LdapContext ldapContext = null;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            try {
                Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader());
                DomainConfig correctDomainConfig = getCorrectDomainConfig(str);
                URI resolveServerURI = AdsHelper.resolveServerURI(correctDomainConfig.getControllerUri());
                LdapContext connectToADS = AdsHelper.connectToADS(resolveServerURI, correctDomainConfig.getBindCredentials(), correctDomainConfig.getAuthMechanism());
                if (log.isDebugEnabled()) {
                    log.debug("Sucessfully connected to LDAP server [{}] for domain [{}].", resolveServerURI, str);
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                if (log.isDebugEnabled()) {
                    log.debug("Searching [{}={}]...", correctDomainConfig.getUserAttribute(), str2);
                }
                NamingEnumeration search = connectToADS.search(correctDomainConfig.getBaseDnToUsers(), "{0}={1}", new Object[]{correctDomainConfig.getUserAttribute(), str2}, searchControls);
                if (!search.hasMoreElements()) {
                    throw new SecurityException("User [" + str2 + "] not found in domain [" + str + "].");
                }
                SearchResult searchResult = (SearchResult) search.next();
                log.info("User [{}] found in domain [{}] resolved to DN [{}].", new Object[]{str2, str, AdsHelper.getAbsoluteDn(resolveServerURI, correctDomainConfig.getBaseDnToUsers(), searchResult)});
                AdsPrincipal createPrincipal = AdsHelper.createPrincipal(correctDomainConfig, searchResult);
                connectToADS.close();
                LdapContext ldapContext2 = null;
                if (0 != 0) {
                    try {
                        ldapContext2.close();
                    } catch (NamingException e) {
                        log.warn("Error closing LDAP context", e);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return createPrincipal;
            } catch (Exception e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Caught exception during LDAP authentication", e2);
                }
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e3) {
                        log.warn("Error closing LDAP context", e3);
                    }
                }
                if (contextClassLoader != null) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    log.warn("Error closing LDAP context", e4);
                }
            }
            if (contextClassLoader != null) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            throw th;
        }
    }

    public void sendPassword(String str, String str2) {
        throw new UnsupportedOperationException();
    }

    public ConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public synchronized void setGroupInfoCache(GroupInfoCache groupInfoCache) {
        this.groupInfoCache = groupInfoCache;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
