package de.acosix.alfresco.mtsupport.repo.auth.ldap;

import de.acosix.alfresco.utility.common.security.ThreadSafeSSLSocketFactory;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.CommunicationException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.security.authentication.AuthenticationDiagnostic;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactory;
import org.alfresco.util.PropertyCheck;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:de/acosix/alfresco/mtsupport/repo/auth/ldap/LDAPInitialDirContextFactoryImpl.class */
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory, InitializingBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(LDAPInitialDirContextFactoryImpl.class);
    public static final String PROTOCOL_SSL = "ssl";
    protected Map<String, String> defaultEnvironment = Collections.emptyMap();
    protected Map<String, String> authenticatedEnvironment = Collections.emptyMap();
    protected Map<String, String> poolSystemProperties = Collections.emptyMap();
    protected String trustStorePath;
    protected String trustStoreType;
    protected String trustStorePassPhrase;

    /* JADX WARN: Removed duplicated region for block: B:29:0x01c9  */
    /* JADX WARN: Removed duplicated region for block: B:43:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void afterPropertiesSet() throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 574
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.acosix.alfresco.mtsupport.repo.auth.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet():void");
    }

    public void setDefaultEnvironment(Map<String, String> map) {
        this.defaultEnvironment = map;
        if (this.defaultEnvironment != null) {
            this.defaultEnvironment.values().removeAll(Arrays.asList(null, ""));
        }
    }

    public void setAuthenticatedEnvironment(Map<String, String> map) {
        this.authenticatedEnvironment = map;
        if (this.authenticatedEnvironment != null) {
            this.authenticatedEnvironment.values().removeAll(Arrays.asList(null, ""));
        }
    }

    public void setPoolSystemProperties(Map<String, String> map) {
        this.poolSystemProperties = map;
        if (this.poolSystemProperties != null) {
            this.poolSystemProperties.values().removeAll(Arrays.asList(null, ""));
        }
    }

    public void setTrustStorePath(String str) {
        if (PropertyCheck.isValidPropertyString(str)) {
            this.trustStorePath = str;
        }
    }

    public void setTrustStoreType(String str) {
        if (PropertyCheck.isValidPropertyString(str)) {
            this.trustStoreType = str;
        }
    }

    public void setTrustStorePassPhrase(String str) {
        if (PropertyCheck.isValidPropertyString(str)) {
            this.trustStorePassPhrase = str;
        }
    }

    public void setInitialDirContextEnvironment(Map<String, String> map) {
        setAuthenticatedEnvironment(map);
    }

    public InitialDirContext getDefaultIntialDirContext(int i, AuthenticationDiagnostic authenticationDiagnostic) throws AuthenticationException {
        HashMap hashMap = new HashMap(this.defaultEnvironment.size());
        hashMap.putAll(this.defaultEnvironment);
        return buildInitialDirContext(hashMap, i, authenticationDiagnostic);
    }

    public InitialDirContext getDefaultIntialDirContext(int i) throws AuthenticationException {
        return getDefaultIntialDirContext(i, new AuthenticationDiagnostic());
    }

    public InitialDirContext getDefaultIntialDirContext() throws AuthenticationException {
        return getDefaultIntialDirContext(0, new AuthenticationDiagnostic());
    }

    public InitialDirContext getDefaultIntialDirContext(AuthenticationDiagnostic authenticationDiagnostic) throws AuthenticationException {
        return getDefaultIntialDirContext(0, authenticationDiagnostic);
    }

    public boolean hasNextPage(DirContext dirContext, int i) {
        byte[] cookie;
        if (i <= 0) {
            return false;
        }
        try {
            LdapContext ldapContext = (LdapContext) dirContext;
            PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
            if (responseControls != null) {
                for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                    if ((pagedResultsResponseControl instanceof PagedResultsResponseControl) && (cookie = pagedResultsResponseControl.getCookie()) != null) {
                        ldapContext.setRequestControls(new Control[]{new PagedResultsControl(i, cookie, true)});
                        return true;
                    }
                }
            }
            return false;
        } catch (IOException e) {
            throw new AuthenticationException("Unable to encode LDAP v3 request controls; check LDAP configuration", e);
        } catch (NamingException e2) {
            throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", e2);
        }
    }

    public InitialDirContext getInitialDirContext(String str, String str2) throws AuthenticationException {
        return getInitialDirContext(str, str2, null);
    }

    public InitialDirContext getInitialDirContext(String str, String str2, AuthenticationDiagnostic authenticationDiagnostic) throws AuthenticationException {
        AuthenticationDiagnostic authenticationDiagnostic2 = authenticationDiagnostic != null ? authenticationDiagnostic : new AuthenticationDiagnostic();
        if (str == null) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.validation", false, (Object[]) null);
            throw new AuthenticationException("Null user name provided.", authenticationDiagnostic2);
        }
        if (str.length() == 0) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.validation", false, (Object[]) null);
            throw new AuthenticationException("Empty user name provided.", authenticationDiagnostic2);
        }
        if (str2 == null) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.validation", false, (Object[]) null);
            throw new AuthenticationException("No credentials provided.", authenticationDiagnostic2);
        }
        if (str2.length() == 0) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.validation", false, (Object[]) null);
            throw new AuthenticationException("Empty credentials provided.", authenticationDiagnostic2);
        }
        authenticationDiagnostic2.addStep("authentication.step.ldap.validation", true, (Object[]) null);
        HashMap hashMap = new HashMap(this.authenticatedEnvironment.size());
        hashMap.putAll(this.authenticatedEnvironment);
        hashMap.put("java.naming.security.principal", str);
        hashMap.put("java.naming.security.credentials", str2);
        return buildInitialDirContext(hashMap, 0, authenticationDiagnostic2);
    }

    protected InitialDirContext buildInitialDirContext(Map<String, String> map, int i, AuthenticationDiagnostic authenticationDiagnostic) throws AuthenticationException {
        AuthenticationDiagnostic authenticationDiagnostic2 = authenticationDiagnostic != null ? authenticationDiagnostic : new AuthenticationDiagnostic();
        String str = map.get("java.naming.security.principal");
        String str2 = map.get("java.naming.provider.url");
        if (isSSLSocketFactoryRequired(map)) {
            ThreadSafeSSLSocketFactory.initTrustedSSLSocketFactory(initTrustStore());
            map.put("java.naming.ldap.factory.socket", ThreadSafeSSLSocketFactory.class.getName());
        }
        try {
            if (i > 0) {
                InitialLdapContext initialLdapContext = new InitialLdapContext(new Hashtable(map), (Control[]) null);
                initialLdapContext.setRequestControls(new Control[]{new PagedResultsControl(i, true)});
                return initialLdapContext;
            }
            InitialDirContext initialDirContext = new InitialDirContext(new Hashtable(map));
            authenticationDiagnostic2.addStep("authentication.step.ldap.connected", true, new Object[]{str2, str});
            return initialDirContext;
        } catch (javax.naming.AuthenticationException e) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.connected", true, new Object[]{str2, str});
            authenticationDiagnostic2.addStep("authentication.step.ldap.authentication", false, new Object[]{str});
            throw new AuthenticationException("authentication.err.authentication", authenticationDiagnostic2, new Object[]{str, e.getLocalizedMessage()}, e);
        } catch (CommunicationException e2) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.connecting", false, new Object[]{str2});
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(e2.getClass().getName() + ", " + e2.getMessage());
            Throwable cause = e2.getCause();
            while (true) {
                Throwable th = cause;
                if (th == null) {
                    break;
                }
                stringBuffer.append(", ");
                stringBuffer.append(th.getClass().getName() + ", " + th.getMessage());
                cause = th.getCause();
            }
            throw new AuthenticationException("authentication.err.communication", authenticationDiagnostic2, new Object[]{str2, stringBuffer.toString()}, e2);
        } catch (IOException e3) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.connected", true, new Object[]{str2, str});
            throw new AuthenticationException("Unable to encode LDAP v3 request controls", e3);
        } catch (NamingException e4) {
            authenticationDiagnostic2.addStep("authentication.step.ldap.connecting", false, new Object[]{str2});
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(e4.getClass().getName() + ", " + e4.getMessage());
            Throwable cause2 = e4.getCause();
            while (true) {
                Throwable th2 = cause2;
                if (th2 == null) {
                    break;
                }
                stringBuffer2.append(", ");
                stringBuffer2.append(th2.getClass().getName() + ", " + th2.getMessage());
                cause2 = th2.getCause();
            }
            throw new AuthenticationException("authentication.err.connection", authenticationDiagnostic2, new Object[]{str2, stringBuffer2.toString()}, e4);
        }
    }

    protected boolean isSSLSocketFactoryRequired(Map<String, String> map) {
        boolean z = false;
        String str = map.get("java.naming.security.protocol");
        if (str != null && str.equals(PROTOCOL_SSL)) {
            if (this.trustStoreType == null || this.trustStorePath == null || this.trustStorePassPhrase == null) {
                LOGGER.warn("The SSL configuration for LDAPS is not full, the default configuration will be used.");
            } else {
                z = true;
            }
        }
        return z;
    }

    protected KeyStore initTrustStore() {
        String str = this.trustStoreType;
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            try {
                FileInputStream fileInputStream = new FileInputStream(this.trustStorePath);
                try {
                    keyStore.load(fileInputStream, this.trustStorePassPhrase.toCharArray());
                    return keyStore;
                } finally {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (FileNotFoundException e2) {
                throw new AlfrescoRuntimeException("The truststore file is not found.", e2);
            } catch (IOException e3) {
                throw new AlfrescoRuntimeException("The truststore file cannot be read.", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new AlfrescoRuntimeException("Algorithm used to check the integrity of the truststore cannot be found.", e4);
            } catch (CertificateException e5) {
                throw new AlfrescoRuntimeException("The certificates cannot be loaded from truststore.", e5);
            }
        } catch (KeyStoreException e6) {
            throw new AlfrescoRuntimeException("No provider supports " + str, e6);
        }
    }
}
