package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.loader.LDAPConfiguration;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.loader.LDAPConfigurationUtil;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.server.UnsupportedScopeException;
import edu.uiuc.ncsa.security.util.ssl.SSLConfigurationUtil;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.logging.log4j.message.ParameterizedMessage;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-3.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/LDAPScopeHandler.class */
public class LDAPScopeHandler extends BasicScopeHandler {
    LdapContext context;

    public String getSearchName(UserInfo userInfo, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) {
        return serviceTransaction.getUsername();
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicScopeHandler, edu.uiuc.ncsa.security.oauth_2_0.server.ScopeHandler
    public synchronized UserInfo process(UserInfo userInfo, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) throws UnsupportedScopeException {
        if (!isLoggedOn()) {
            logon();
        }
        try {
            try {
                String searchName = getSearchName(userInfo, httpServletRequest, serviceTransaction);
                if (searchName != null) {
                    userInfo.getMap().putAll(simpleSearch(this.context, searchName, getCfg().getSearchAttributes()));
                } else {
                    getOa2SE().getMyLogger().warn("Null search name encountered for LDAP query. No search performed.");
                }
                this.context.close();
                closeConnection();
            } catch (CommunicationException e) {
                getOa2SE().warn("Communication exception talking to LDAP.");
                closeConnection();
            } catch (Throwable th) {
                th.printStackTrace();
                if (getOa2SE().getMyLogger().isDebugOn()) {
                    th.printStackTrace();
                }
                getOa2SE().getMyLogger().error("Error: Could not retrieve information from LDAP. Processing will continue.", th);
                closeConnection();
            }
            return userInfo;
        } catch (Throwable th2) {
            closeConnection();
            throw th2;
        }
    }

    protected boolean isLoggedOn() {
        return this.context != null;
    }

    protected LDAPConfiguration getCfg() {
        return getOa2SE().getLdapConfiguration();
    }

    protected boolean logon() {
        try {
            System.setProperty("javax.net.ssl.trustStore", getCfg().getSslConfiguration().getTrustrootPath());
            System.setProperty("javax.net.ssl.trustStorePassword", getCfg().getSslConfiguration().getTrustRootPassword());
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            String str = "ldaps://" + getCfg().getServer();
            if (getCfg().getPort() != null) {
                str = str + ParameterizedMessage.ERROR_MSG_SEPARATOR + getCfg().getPort();
            }
            hashtable.put("java.naming.provider.url", str);
            switch (getCfg().getAuthType()) {
                case 1:
                    hashtable.put("java.naming.security.authentication", "none");
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
                case 10:
                    hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_SIMPLE);
                    hashtable.put("java.naming.security.principal", getCfg().getSecurityPrincipal());
                    hashtable.put("java.naming.security.credentials", getCfg().getPassword());
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
                case 100:
                    hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_STRONG);
                    hashtable.put("java.naming.security.principal", getCfg().getSecurityPrincipal());
                    hashtable.put("java.naming.security.credentials", getCfg().getPassword());
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
            }
            this.context = (LdapContext) new InitialDirContext(hashtable).lookup(getCfg().getSearchBase());
            return this.context != null;
        } catch (Exception e) {
            if (getOa2SE().getMyLogger().isDebugOn()) {
                e.printStackTrace();
            }
            getOa2SE().getMyLogger().error("Error logging into LDAP server", e);
            return false;
        }
    }

    protected JSONObject simpleSearch(LdapContext ldapContext, String str, Map<String, LDAPConfigurationUtil.AttributeEntry> map) throws NamingException {
        if (ldapContext == null) {
            throw new IllegalStateException("Error: No LDAP context");
        }
        SearchControls searchControls = new SearchControls();
        if (map == null || map.isEmpty()) {
            searchControls.setReturningAttributes((String[]) null);
        } else {
            searchControls.setReturningAttributes((String[]) map.keySet().toArray(new String[0]));
        }
        return toJSON(map, ldapContext.search(getCfg().getContextName(), "(&(uid=" + str + "))", searchControls));
    }

    protected JSONObject toJSON(Map<String, LDAPConfigurationUtil.AttributeEntry> map, NamingEnumeration namingEnumeration) throws NamingException {
        JSONObject jSONObject = new JSONObject();
        while (namingEnumeration.hasMore()) {
            SearchResult searchResult = (SearchResult) namingEnumeration.next();
            Attributes attributes = searchResult.getAttributes();
            System.out.println(searchResult.getName());
            for (String str : map.keySet()) {
                Attribute attribute = attributes.get(str);
                if (attribute != null) {
                    if (attribute.size() != 1) {
                        JSONArray jSONArray = new JSONArray();
                        for (int i = 0; i < attribute.size(); i++) {
                            jSONArray.add(attribute.get(i));
                        }
                        jSONObject.put(map.get(str).targetName, jSONArray);
                    } else if (map.get(str).isList) {
                        JSONArray jSONArray2 = new JSONArray();
                        jSONArray2.add(attribute.get(0));
                        jSONObject.put(map.get(str).targetName, jSONArray2);
                    } else {
                        jSONObject.put(map.get(str).targetName, attribute.get(0));
                    }
                }
            }
        }
        return jSONObject;
    }

    protected void closeConnection() {
        if (this.context != null) {
            try {
                this.context.close();
            } catch (Throwable th) {
                if (getOa2SE().getMyLogger().isDebugOn()) {
                    th.printStackTrace();
                }
                getOa2SE().getMyLogger().info("Exception trying to close LDAP connection: " + th.getMessage());
            }
        }
    }
}
