package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.NCSAGroupHandler;
import edu.uiuc.ncsa.security.core.Logable;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.NFWException;
import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.oauth_2_0.server.UnsupportedScopeException;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
import edu.uiuc.ncsa.security.util.ssl.SSLConfigurationUtil;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.util.JSONUtils;
import org.apache.logging.log4j.message.ParameterizedMessage;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/LDAPClaimsSource.class */
public class LDAPClaimsSource extends BasicClaimsSourceImpl implements Logable {
    protected boolean loggingEnabled;
    MyLoggingFacade myLogger;
    public LdapContext context;
    String currentServerAddress;
    boolean debug;

    public LDAPClaimsSource() {
        this.loggingEnabled = false;
        this.myLogger = null;
        this.currentServerAddress = null;
        this.debug = false;
    }

    public LDAPClaimsSource(LDAPConfiguration lDAPConfiguration, MyLoggingFacade myLoggingFacade) {
        this.loggingEnabled = false;
        this.myLogger = null;
        this.currentServerAddress = null;
        this.debug = false;
        if (lDAPConfiguration == null) {
            throw new IllegalArgumentException("Error: null ldap config");
        }
        setConfiguration(lDAPConfiguration);
        this.myLogger = myLoggingFacade;
        if (myLoggingFacade != null) {
            this.loggingEnabled = true;
        }
    }

    public LDAPClaimsSource(OA2SE oa2se) {
        super(oa2se);
        this.loggingEnabled = false;
        this.myLogger = null;
        this.currentServerAddress = null;
        this.debug = false;
        if (oa2se == null) {
            throw new IllegalArgumentException("Error: null service env");
        }
        this.myLogger = oa2se.getMyLogger();
        this.loggingEnabled = this.myLogger != null;
    }

    public String getSearchName(JSONObject jSONObject, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) {
        String str = ".getSearchName(id=" + getLDAPCfg().getId() + "):";
        DebugUtil.trace(this, str);
        new LDAPConfigurationUtil().toJSON(getLDAPCfg()).getJSONObject("ldap").getJSONObject(SSLConfigurationUtil.SSL_TAG).put(SSLConfigurationUtil.SSL_KEYSTORE_TAG, "");
        if (getLDAPCfg().getSearchNameKey() == null) {
            warn(str + "No search name given for LDAP query. Using default of username");
            return serviceTransaction.getUsername();
        }
        if (getLDAPCfg().getSearchNameKey().equals("username")) {
            DebugUtil.trace(this, str + " searching using the username");
            return serviceTransaction.getUsername();
        }
        if (!jSONObject.containsKey(getLDAPCfg().getSearchNameKey()) || jSONObject.get(getLDAPCfg().getSearchNameKey()) == null) {
            String str2 = "Error: no recognized search name key was found in the claims for config with id=" + getLDAPCfg().getId() + ". Requested was \"" + getLDAPCfg().getSearchNameKey() + JSONUtils.DOUBLE_QUOTE;
            getMyLogger().warn(str2);
            throw new IllegalStateException(str2);
        }
        String str3 = (String) jSONObject.get(getLDAPCfg().getSearchNameKey());
        if (str3 != null && !str3.isEmpty()) {
            return str3;
        }
        ServletDebugUtil.error(this, "Error: no search name found for LDAP query.");
        throw new IllegalArgumentException("Error: no search name found for LDAP query.");
    }

    protected boolean isNCSA() {
        ServletDebugUtil.trace(this, "checking if is NCSA LDAP claims source for \"" + this.currentServerAddress + JSONUtils.DOUBLE_QUOTE);
        return this.currentServerAddress.endsWith(".ncsa.illinois.edu");
    }

    protected MyLoggingFacade getMyLogger() {
        return this.myLogger;
    }

    public void handleException(Throwable th) {
        ServletDebugUtil.error(this, "Error accessiong LDAP", th);
        if (th instanceof CommunicationException) {
            warn("Communication exception talking to LDAP.");
            return;
        }
        if (getLDAPCfg().isFailOnError()) {
            HashMap hashMap = new HashMap();
            URI serviceAddress = getOa2SE().getServiceAddress();
            hashMap.put("host", serviceAddress != null ? serviceAddress.getHost() : "localhost");
            hashMap.put("ldap_host", getLDAPCfg().getServer());
            hashMap.put("message", th.getMessage());
            if (getLDAPCfg().isNotifyOnFail()) {
                getOa2SE().getMailUtil().sendMessage("Error on ${host} contacting LDAP server", "The following error message was received attempting to contact the LDAP server at ${ldap_host}:\n\n${message}\n\n. The operation did not complete.", hashMap);
            }
            throw new GeneralException("Error: Could not communicate with LDAP server. \"" + (th.getMessage() == null ? "(no message)" : th.getMessage()) + JSONUtils.DOUBLE_QUOTE);
        }
    }

    protected Groups processNCSAGroups() {
        return new Groups();
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl, edu.uiuc.ncsa.security.oauth_2_0.server.claims.ClaimSource
    public boolean isEnabled() {
        if (getConfiguration() == null) {
            return false;
        }
        return super.isEnabled();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl
    public JSONObject realProcessing(JSONObject jSONObject, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) throws UnsupportedScopeException {
        String str = "realProcessing(id=" + getLDAPCfg().getId() + "):";
        DebugUtil.trace(this, str + " preparing to do processing.");
        DebugUtil.trace(this, str + " initial claims = " + jSONObject);
        if (!isEnabled()) {
            DebugUtil.trace(this, str + " Claims source not enabled.");
            return jSONObject;
        }
        if (!isLoggedOn()) {
            logon();
        }
        try {
            try {
                String searchName = getSearchName(jSONObject, httpServletRequest, serviceTransaction);
                DebugUtil.trace(this, str + " search name=" + searchName);
                if (searchName != null) {
                    jSONObject.putAll(simpleSearch(this.context, searchName, getLDAPCfg().getSearchAttributes()));
                } else {
                    info("No search name encountered for LDAP query. No search performed.");
                }
                this.context.close();
                closeConnection();
            } catch (Throwable th) {
                DebugUtil.dbg(this, str + " Error getting search name \"" + th.getMessage() + JSONUtils.DOUBLE_QUOTE, th);
                handleException(th);
                closeConnection();
            }
            ServletDebugUtil.trace(this, str + " claims=" + jSONObject);
            return jSONObject;
        } catch (Throwable th2) {
            closeConnection();
            throw th2;
        }
    }

    protected boolean isLoggedOn() {
        return this.context != null;
    }

    public LDAPConfiguration getLDAPCfg() {
        return (LDAPConfiguration) getConfiguration();
    }

    public boolean logon() {
        this.context = createConnection();
        return this.context != null;
    }

    public Hashtable<String, String> createEnv(String str, LDAPConfiguration lDAPConfiguration) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        String str2 = "ldaps://" + str.trim();
        if (0 <= lDAPConfiguration.getPort()) {
            str2 = str2 + ParameterizedMessage.ERROR_MSG_SEPARATOR + lDAPConfiguration.getPort();
        }
        hashtable.put("java.naming.provider.url", str2);
        switch (lDAPConfiguration.getAuthType()) {
            case 1:
                hashtable.put("java.naming.security.authentication", "none");
                hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                break;
            case 10:
                hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_SIMPLE);
                hashtable.put("java.naming.security.principal", lDAPConfiguration.getSecurityPrincipal());
                hashtable.put("java.naming.security.credentials", lDAPConfiguration.getPassword());
                hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                break;
            case 100:
                hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_STRONG);
                hashtable.put("java.naming.security.principal", lDAPConfiguration.getSecurityPrincipal());
                hashtable.put("java.naming.security.credentials", lDAPConfiguration.getPassword());
                hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                break;
        }
        return hashtable;
    }

    public LdapContext createConnection() {
        StringTokenizer stringTokenizer = new StringTokenizer(getLDAPCfg().getServer(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            try {
                this.currentServerAddress = stringTokenizer.nextToken();
                InitialDirContext initialDirContext = new InitialDirContext(createEnv(this.currentServerAddress, getLDAPCfg()));
                ServletDebugUtil.trace(this, "Found LDAP server for address=\"" + this.currentServerAddress + JSONUtils.DOUBLE_QUOTE);
                return (LdapContext) initialDirContext.lookup(getLDAPCfg().getSearchBase());
            } catch (Throwable th) {
                ServletDebugUtil.dbg(this, "failed to get any LDAP directory context", th);
            }
        }
        return null;
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl, edu.uiuc.ncsa.security.oauth_2_0.server.claims.ClaimSource
    public Collection<String> getClaims() {
        Collection<String> claims = super.getClaims();
        Iterator<String> it = getLDAPCfg().getSearchAttributes().keySet().iterator();
        while (it.hasNext()) {
            claims.add(getLDAPCfg().getSearchAttributes().get(it.next()).targetName);
        }
        return claims;
    }

    protected String getSearchFilterAttribute() {
        ServletDebugUtil.dbg(this, "search attribute in LDAP is " + getLDAPCfg().getSearchFilterAttribute());
        return getLDAPCfg().getSearchFilterAttribute() == null ? LDAPConfigurationUtil.SEARCH_FILTER_ATTRIBUTE_DEFAULT : getLDAPCfg().getSearchFilterAttribute();
    }

    public JSONObject simpleSearch(LdapContext ldapContext, String str, Map<String, LDAPConfigurationUtil.AttributeEntry> map) throws NamingException {
        if (ldapContext == null) {
            throw new IllegalStateException("Error: Could not create the LDAP context");
        }
        SearchControls searchControls = new SearchControls();
        if (map == null || map.isEmpty()) {
            searchControls.setReturningAttributes((String[]) null);
        } else {
            searchControls.setReturningAttributes((String[]) map.keySet().toArray(new String[0]));
        }
        return toJSON(map, ldapContext.search(getLDAPCfg().getContextName(), "(&(" + getSearchFilterAttribute() + "=" + str + "))", searchControls), str);
    }

    protected JSONObject toJSON(Map<String, LDAPConfigurationUtil.AttributeEntry> map, NamingEnumeration namingEnumeration, String str) throws NamingException {
        JSONObject jSONObject = new JSONObject();
        if (!namingEnumeration.hasMoreElements()) {
            DebugUtil.dbg(this, "LDAP SEARCH RESULT IS EMPTY");
        }
        while (namingEnumeration.hasMoreElements()) {
            Attributes attributes = ((SearchResult) namingEnumeration.next()).getAttributes();
            for (String str2 : map.keySet()) {
                Attribute attribute = attributes.get(str2);
                if (attribute != null) {
                    if (map.get(str2).isGroup) {
                        JSONArray jSONArray = new JSONArray();
                        for (int i = 0; i < attribute.size(); i++) {
                            jSONArray.add(attribute.get(i));
                        }
                        jSONObject.put(map.get(str2).targetName, (isNCSA() ? new NCSAGroupHandler(this, str) : getGroupHandler()).parse(jSONArray).toJSON());
                    } else if (attribute.size() != 1) {
                        JSONArray jSONArray2 = new JSONArray();
                        for (int i2 = 0; i2 < attribute.size(); i2++) {
                            jSONArray2.add(attribute.get(i2));
                        }
                        jSONObject.put(map.get(str2).targetName, jSONArray2);
                    } else if (map.get(str2).isList) {
                        JSONArray jSONArray3 = new JSONArray();
                        jSONArray3.add(attribute.get(0));
                        jSONObject.put(map.get(str2).targetName, jSONArray3);
                    } else {
                        jSONObject.put(map.get(str2).targetName, attribute.get(0));
                    }
                }
            }
        }
        return jSONObject;
    }

    protected void closeConnection() {
        if (this.context != null) {
            try {
                this.context.close();
            } catch (Throwable th) {
                if (isDebugOn()) {
                    th.printStackTrace();
                }
                info("Exception trying to close LDAP connection: " + th.getMessage());
            }
        }
    }

    protected void sayit(String str) {
        System.err.println(str);
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void debug(String str) {
        if (this.loggingEnabled) {
            getMyLogger().debug(str);
        } else {
            sayit(str);
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public boolean isDebugOn() {
        return this.loggingEnabled ? getMyLogger().isDebugOn() : this.debug;
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void setDebugOn(boolean z) {
        if (this.loggingEnabled) {
            getMyLogger().setDebugOn(z);
        }
        this.debug = z;
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void info(String str) {
        if (this.loggingEnabled) {
            getMyLogger().info(str);
        } else {
            sayit(str);
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void warn(String str) {
        if (this.loggingEnabled) {
            getMyLogger().warn(str);
        } else {
            sayit(str);
        }
    }

    public void error(String str, Throwable th) {
        if (this.loggingEnabled) {
            getMyLogger().error(str, th);
        } else {
            sayit(str);
            th.printStackTrace();
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void error(String str) {
        if (this.loggingEnabled) {
            getMyLogger().error(str);
        } else {
            sayit(str);
        }
    }

    public String toString() {
        return "LDAPClaimsSource{" + (this.configuration == null ? "(no config)" : this.configuration.getName()) + "}";
    }

    public static Groups get_NEW_Gid(LDAPConfiguration lDAPConfiguration, String str) throws Throwable {
        boolean hasMoreTokens;
        LDAPConfiguration m319clone = lDAPConfiguration.m319clone();
        m319clone.setSearchBase("ou=Groups,dc=ncsa,dc=illinois,dc=edu");
        LDAPClaimsSource lDAPClaimsSource = new LDAPClaimsSource(m319clone, null);
        StringTokenizer stringTokenizer = new StringTokenizer(m319clone.getServer(), ",");
        InitialDirContext initialDirContext = null;
        while (stringTokenizer.hasMoreTokens()) {
            try {
                initialDirContext = new InitialDirContext(lDAPClaimsSource.createEnv(stringTokenizer.nextToken(), m319clone));
            } finally {
                if (!hasMoreTokens) {
                }
            }
        }
        LdapContext ldapContext = (LdapContext) initialDirContext.lookup(m319clone.getSearchBase());
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{"cn", "gidNumber"});
        NamingEnumeration search = ldapContext.search(m319clone.getContextName(), "(&(uniqueMember=" + m319clone.getSearchFilterAttribute() + "=" + str + ",ou=People,dc=ncsa,dc=illinois,dc=edu))", searchControls);
        Groups groups = new Groups();
        while (search.hasMoreElements()) {
            groups.put(convertToEntry(((SearchResult) search.next()).getAttributes()));
        }
        ldapContext.close();
        return groups;
    }

    protected static GroupElement convertToEntry(Attributes attributes) throws NamingException {
        String valueOf;
        JSONObject jSONObject = new JSONObject();
        Attribute attribute = attributes.get("gidNumber");
        int i = -1;
        if (attribute != null && (valueOf = String.valueOf(attribute.get(0))) != null && !valueOf.isEmpty()) {
            i = Integer.parseInt(valueOf);
        }
        if (-1 < i) {
            jSONObject.put("id", Integer.valueOf(i));
        }
        Attribute attribute2 = attributes.get("cn");
        String trim = attribute2.toString().substring((attribute2.getID() + ParameterizedMessage.ERROR_MSG_SEPARATOR).length()).trim();
        if (trim.isEmpty()) {
            throw new NFWException("Error: The group name somehow was empty. This implies the LDAP entry has changed or is incorrect");
        }
        return i == -1 ? new GroupElement(trim) : new GroupElement(trim, i);
    }
}
