package org.clazzes.login.ldap;

import java.net.PasswordAuthentication;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Hashtable;
import java.util.StringTokenizer;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/ldap/AdsHelper.class */
public abstract class AdsHelper {
    private static final Logger log = LoggerFactory.getLogger(AdsHelper.class);
    public static int USER_ACCOUNT_DISABLED = 2;

    public static URI querySRV(String str, String str2) throws NamingException {
        String[] strArr = {"SRV"};
        String[] strArr2 = {"TXT"};
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            if (log.isDebugEnabled()) {
                log.debug("Starting DNS query for [SRV " + str2 + "]...");
            }
            Attributes attributes = initialDirContext.getAttributes(str2 + "." + str, strArr);
            if (attributes == null) {
                throw new NamingException("SRV record [" + str2 + "] could not be found.");
            }
            if (log.isDebugEnabled()) {
                log.debug("Parsing DNS query result for [SRV " + str2 + "].");
            }
            long j = Long.MAX_VALUE;
            long j2 = Long.MIN_VALUE;
            String str3 = null;
            int i = -1;
            NamingEnumeration all = attributes.getAll();
            while (all.hasMoreElements()) {
                NamingEnumeration all2 = ((Attribute) all.next()).getAll();
                while (all2.hasMoreElements()) {
                    String obj = all2.nextElement().toString();
                    if (log.isDebugEnabled()) {
                        log.debug("Found record [SRV " + obj + "].");
                    }
                    StringTokenizer stringTokenizer = new StringTokenizer(obj);
                    long parseLong = Long.parseLong(stringTokenizer.nextToken());
                    long parseLong2 = Long.parseLong(stringTokenizer.nextToken());
                    if (parseLong < j || (parseLong == j && parseLong2 > j2)) {
                        if (log.isDebugEnabled()) {
                            log.debug("Select record [SRV " + obj + "].");
                        }
                        j = parseLong;
                        j2 = parseLong2;
                        i = Integer.parseInt(stringTokenizer.nextToken());
                        str3 = stringTokenizer.nextToken();
                    }
                }
            }
            if (str3 == null) {
                throw new NamingException("Query for SRV [" + str2 + "] returned an empty result set.");
            }
            String substring = str3.endsWith(".") ? str3.substring(0, str3.length() - 1) : str3 + "." + str;
            log.info("Resolved SRV record [" + str2 + "] to [" + substring + "].");
            if (log.isDebugEnabled()) {
                log.debug("Starting DNS query for [TXT " + substring + "]...");
            }
            Attributes attributes2 = initialDirContext.getAttributes(substring, strArr2);
            if (attributes2 == null) {
                throw new NamingException("TXT record [" + substring + "] could not be found.");
            }
            if (log.isDebugEnabled()) {
                log.debug("Parsing DNS query result for [TXT " + substring + "].");
            }
            URI uri = null;
            NamingEnumeration all3 = attributes2.getAll();
            while (all3.hasMoreElements()) {
                NamingEnumeration all4 = ((Attribute) all3.next()).getAll();
                while (all4.hasMoreElements()) {
                    String obj2 = all4.nextElement().toString();
                    if (log.isDebugEnabled()) {
                        log.debug("Found record [TXT " + obj2 + "].");
                    }
                    if (obj2.startsWith("service:ldap://") || obj2.startsWith("service:ldaps://")) {
                        try {
                            uri = new URI(obj2.substring(8));
                            log.info("Resolved TXT record [" + substring + "] to [" + uri + "].");
                        } catch (URISyntaxException e) {
                            log.warn("Record [TXT " + obj2 + "] does not contain a well-formatted ldap-URI.");
                        }
                    }
                }
            }
            if (uri == null) {
                try {
                    uri = new URI("ldap", null, substring, i, convertDomainToDN(str), null, null);
                    if (log.isDebugEnabled()) {
                        log.debug("Record [TXT " + substring + "] was not of type service:ldap(s), final URI from SRV record is [" + uri + "].");
                    }
                } catch (URISyntaxException e2) {
                    throw new NamingException("Unable to build a valid URI from SRV record [" + substring + "].");
                }
            }
            return uri;
        } finally {
            initialDirContext.close();
        }
    }

    public static URI findAds(String str) throws NamingException {
        return querySRV(str, "_ldap._tcp");
    }

    public static URI findGCServer(String str) throws NamingException {
        return querySRV(str, "_ldap._tcp.gc._msdcs");
    }

    public static String convertDomainToDN(String str) {
        int i;
        StringBuffer stringBuffer = new StringBuffer();
        int i2 = 0;
        while (true) {
            i = i2;
            int indexOf = str.indexOf(46, i);
            if (indexOf < i) {
                break;
            }
            stringBuffer.append(i > 0 ? ',' : '/');
            stringBuffer.append("dc=");
            stringBuffer.append(str.substring(i, indexOf));
            i2 = indexOf + 1;
        }
        if (str.length() > i) {
            stringBuffer.append(i > 0 ? ',' : '/');
            stringBuffer.append("dc=");
            stringBuffer.append(str.substring(i));
        }
        return stringBuffer.toString();
    }

    public static URI resolveServerURI(String str) throws NamingException, URISyntaxException {
        return resolveServerURI(new URI(str));
    }

    private static URI addSubContext(URI uri, String str) throws NamingException {
        if (str == null || !str.startsWith("/")) {
            return uri;
        }
        String str2 = (uri.getPath() == null || !uri.getPath().startsWith("/")) ? str : str + "," + uri.getPath().substring(1);
        try {
            if (log.isDebugEnabled()) {
                log.debug("Resolved ADS subContext [{}] to absolute path [{}].", str, str2);
            }
            return new URI(uri.getScheme(), uri.getHost(), str2, uri.getQuery(), null);
        } catch (URISyntaxException e) {
            throw new NamingException("Cannot append subcontext [" + str + "] to URI [" + uri + "]: " + e.getMessage());
        }
    }

    private static URI changeLDAPToLDAPS(URI uri) throws URISyntaxException {
        return (uri == null || !"ldap".equals(uri.getScheme())) ? uri : new URI("ldaps", uri.getHost(), uri.getPath(), uri.getQuery(), null);
    }

    public static URI resolveServerURI(URI uri) throws NamingException, URISyntaxException {
        URI uri2;
        if ("ldap".equals(uri.getScheme()) || "ldaps".equals(uri.getScheme())) {
            uri2 = uri;
        } else if ("ads".equals(uri.getScheme())) {
            uri2 = addSubContext(findAds(uri.getHost()), uri.getPath());
        } else if ("adss".equals(uri.getScheme())) {
            uri2 = changeLDAPToLDAPS(addSubContext(findAds(uri.getHost()), uri.getPath()));
        } else if ("gc".equals(uri.getScheme())) {
            uri2 = addSubContext(findGCServer(uri.getHost()), uri.getPath());
        } else {
            if (!"gcs".equals(uri.getScheme())) {
                throw new NamingException("Unsupported URI scheme [" + uri.getScheme() + "] given.");
            }
            uri2 = changeLDAPToLDAPS(addSubContext(findGCServer(uri.getHost()), uri.getPath()));
        }
        return uri2;
    }

    public static LdapContext connectToADS(URI uri, PasswordAuthentication passwordAuthentication, String str) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", uri.toString());
        hashtable.put("java.naming.referral", "follow");
        if (passwordAuthentication == null) {
            if (log.isDebugEnabled()) {
                log.debug("Binding anonymously to URL [" + uri + "].");
            }
            hashtable.put("java.naming.security.authentication", "none");
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Binding as user [" + passwordAuthentication.getUserName() + "] to URL [" + uri + "] with mechanism [" + str + "].");
            }
            hashtable.put("java.naming.security.authentication", str);
            hashtable.put("java.naming.security.principal", passwordAuthentication.getUserName());
            hashtable.put("java.naming.security.credentials", new String(passwordAuthentication.getPassword()));
        }
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    public static AdsPrincipal createPrincipal(DomainConfig domainConfig, SearchResult searchResult) throws NamingException {
        if (domainConfig == null || searchResult == null) {
            return null;
        }
        String name = searchResult.getName();
        Attributes attributes = searchResult.getAttributes();
        String str = name;
        String str2 = name;
        String str3 = null;
        if (attributes == null) {
            log.warn("Search result with DN [" + name + "] has no attributes");
        } else {
            Attribute attribute = attributes.get(domainConfig.getUserAttribute());
            if (attribute == null || attribute.get() == null) {
                log.warn("Search result with DN [" + name + "] without userName attribute " + domainConfig.getUserAttribute());
            } else {
                str = attribute.get().toString();
                log.debug("Search result with DN [" + name + "] has userName attribute " + domainConfig.getUserAttribute() + " with value " + str);
            }
            Attribute attribute2 = attributes.get(domainConfig.getPrettyNameAttribute());
            if (attribute2 == null || attribute2.get() == null) {
                log.warn("Search result with DN [" + name + "] without prettyName attribute " + domainConfig.getPrettyNameAttribute());
            } else {
                str2 = attribute2.get().toString();
                log.debug("Search result with DN [" + name + "] has prettyName attribute " + domainConfig.getPrettyNameAttribute() + " with value " + str2);
            }
            Attribute attribute3 = attributes.get(domainConfig.getEMailAddressAttribute());
            if (attribute3 == null || attribute3.get() == null) {
                log.warn("Search result with DN [" + name + "] without eMailAddress attribute " + domainConfig.getEMailAddressAttribute());
            } else {
                str3 = attribute3.get().toString();
                log.debug("Search result with DN [" + name + "] has eMailAddress attribute " + domainConfig.getEMailAddressAttribute() + " with value " + attribute3);
            }
        }
        String mobileAttribute = domainConfig.getMobileAttribute();
        String tokenIdsAttribute = domainConfig.getTokenIdsAttribute();
        if (mobileAttribute == null && tokenIdsAttribute == null) {
            return new AdsPrincipal(str, domainConfig.getDomain(), str2, str3);
        }
        String str4 = null;
        String[] strArr = null;
        Attribute attribute4 = attributes.get(mobileAttribute);
        if (attribute4 == null || attribute4.get() == null) {
            log.warn("Search result with DN [" + name + "] without mobile attribute " + mobileAttribute);
        } else {
            str4 = attribute4.get().toString();
            log.debug("Search result with DN [" + name + "] has mobile attribute " + mobileAttribute + " with value " + attribute4);
        }
        Attribute attribute5 = attributes.get(tokenIdsAttribute);
        if (attribute5 == null || attribute5.get() == null) {
            log.warn("Search result with DN [" + name + "] without tokenIds attribute " + mobileAttribute);
        } else {
            String obj = attribute5.get().toString();
            log.debug("Search result with DN [" + name + "] has tokenIds attribute " + mobileAttribute + " with value " + attribute5);
            strArr = obj.trim().split("\\s+");
        }
        return new MFAAdsPrincipal(str, domainConfig.getDomain(), str2, str3, str4, strArr);
    }

    public static AdsGroup createGroup(DomainConfig domainConfig, SearchResult searchResult) throws NamingException {
        if (domainConfig == null || searchResult == null) {
            return null;
        }
        String name = searchResult.getName();
        Attributes attributes = searchResult.getAttributes();
        String str = name;
        String str2 = name;
        if (attributes == null) {
            log.warn("Search result with DN [" + name + "] has no attributes");
        } else {
            Attribute attribute = attributes.get(domainConfig.getGroupAttribute());
            if (attribute == null || attribute.get() == null) {
                log.warn("Search result with DN [" + name + "] without attribute " + domainConfig.getGroupAttribute());
            } else {
                str = attribute.get().toString();
                log.debug("Search result with DN [" + name + "] has groupName attribute " + domainConfig.getGroupAttribute() + " with value " + str);
            }
            Attribute attribute2 = attributes.get(domainConfig.getPrettyNameAttribute());
            if (attribute2 == null || attribute2.get() == null) {
                log.warn("Search result with DN [" + name + "] without attribute " + domainConfig.getPrettyNameAttribute());
            } else {
                str2 = attribute2.get().toString();
                log.debug("Search result with DN [" + name + "] has prettyName attribute " + domainConfig.getPrettyNameAttribute() + " with value " + str2);
            }
        }
        return new AdsGroup(str, domainConfig.getDomain(), str2);
    }

    public static String getAbsoluteDn(URI uri, String str, SearchResult searchResult) throws InvalidNameException {
        if (searchResult.isRelative()) {
            return new LdapName(uri.getPath() == null ? "" : uri.getPath().startsWith("/") ? uri.getPath().substring(1) : uri.getPath()).addAll(new LdapName(str)).addAll(new LdapName(searchResult.getName())).toString();
        }
        return searchResult.getName();
    }

    public static String getRelativeDn(URI uri, String str, String str2) throws InvalidNameException {
        Name addAll = new LdapName(uri.getPath() == null ? "" : uri.getPath().startsWith("/") ? uri.getPath().substring(1) : uri.getPath()).addAll(new LdapName(str));
        LdapName ldapName = new LdapName(str2);
        if (ldapName.equals(addAll)) {
            return "";
        }
        if (ldapName.size() > addAll.size() && ldapName.startsWith(addAll)) {
            return ldapName.getSuffix(addAll.size()).toString();
        }
        return null;
    }

    public static boolean isDisabledAdUser(Attributes attributes) throws NamingException {
        Attribute attribute = attributes.get("userAccountControl");
        if (attribute != null && attribute.get() != null) {
            return (Integer.parseInt(attribute.get().toString()) & USER_ACCOUNT_DISABLED) > 0;
        }
        log.trace("userAccountControl was null");
        return false;
    }
}
