package com.networknt.oauth.ldap;

import com.networknt.config.Config;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/ldap/LdapUtil.class */
public class LdapUtil {
    private static final String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final Logger logger = LoggerFactory.getLogger(LdapUtil.class);
    private static final String CONFIG_LDAP = "ldap";
    private static final LdapConfig config = (LdapConfig) Config.getInstance().getJsonObjectConfig(CONFIG_LDAP, LdapConfig.class);
    private static final String CONFIG_SECRET = "secret";
    private static final Map<String, Object> secret = Config.getInstance().getJsonMapConfig(CONFIG_SECRET);
    private static final String LDAP_CREDENTIAL = "ladpCredential";
    private static final String ldapCredential = (String) secret.get(LDAP_CREDENTIAL);

    public static boolean authenticate(String str, String str2) {
        try {
            String uid = getUid(str);
            if (uid == null) {
                if (!logger.isDebugEnabled()) {
                    return false;
                }
                logger.debug("user '" + str + "' not found");
                return false;
            }
            if (testBind(uid, str2)) {
                if (!logger.isDebugEnabled()) {
                    return true;
                }
                logger.debug("user '" + str + "' authentication succeeded");
                return true;
            }
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("user '" + str + "' authentication failed");
            return false;
        } catch (Exception e) {
            logger.error("Exception:", e);
            return false;
        }
    }

    public static Set<String> authorize(String str) {
        HashSet hashSet = new HashSet();
        DirContext dirContext = null;
        try {
            try {
                DirContext ldapContext = ldapContext();
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = ldapContext.search(config.searchBase, String.format(config.searchFilter, str), searchControls);
                if (!search.hasMore()) {
                    logger.error("Principal name '" + str + "' not found");
                    if (ldapContext != null) {
                        try {
                            ldapContext.close();
                        } catch (Exception e) {
                        }
                    }
                    return null;
                }
                SearchResult searchResult = (SearchResult) search.next();
                if (logger.isDebugEnabled()) {
                    logger.debug("distinguisedName: " + searchResult.getNameInNamespace());
                }
                Attribute attribute = searchResult.getAttributes().get("memberOf");
                if (attribute != null) {
                    for (int i = 0; i < attribute.size(); i++) {
                        hashSet.add(attribute.get(i).toString());
                    }
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (Exception e2) {
                    }
                }
                return hashSet;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        dirContext.close();
                    } catch (Exception e3) {
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            logger.error("Failed to authorize user " + str, e4);
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (Exception e5) {
                    return null;
                }
            }
            return null;
        }
    }

    public static Set<String> auth(String str, String str2) {
        return null;
    }

    private static DirContext ldapContext() throws Exception {
        return ldapContext(new Hashtable());
    }

    private static DirContext ldapContext(Hashtable<String, String> hashtable) throws Exception {
        hashtable.put("java.naming.factory.initial", contextFactory);
        hashtable.put("java.naming.provider.url", config.getUri());
        if (config.getUri().toUpperCase().startsWith("LDAPS://")) {
            hashtable.put("java.naming.security.protocol", "ssl");
            hashtable.put("java.naming.ldap.factory.socket", "com.networknt.oauth.ldap.LdapSSLSocketFactory");
        }
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", config.ldapPrincipal);
        hashtable.put("java.naming.security.credentials", ldapCredential);
        return new InitialDirContext(hashtable);
    }

    private static String getUid(String str) throws Exception {
        DirContext ldapContext = ldapContext();
        String format = String.format(config.searchFilter, str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(config.searchBase, format, searchControls);
        String nameInNamespace = search.hasMore() ? ((SearchResult) search.next()).getNameInNamespace() : null;
        search.close();
        return nameInNamespace;
    }

    private static boolean testBind(String str, String str2) throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", contextFactory);
        hashtable.put("java.naming.provider.url", config.getUri());
        if (config.getUri().toUpperCase().startsWith("LDAPS://")) {
            hashtable.put("java.naming.security.protocol", "ssl");
            hashtable.put("java.naming.ldap.factory.socket", "com.networknt.oauth.ldap.LdapSSLSocketFactory");
        }
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        DirContext dirContext = null;
        try {
            dirContext = new InitialDirContext(hashtable);
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e) {
                    return true;
                }
            }
            return true;
        } catch (AuthenticationException e2) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e3) {
                    return false;
                }
            }
            return false;
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }
}
