package fish.focus.uvms.usm.authentication.service.impl;

import fish.focus.uvms.usm.authentication.domain.AuthenticationResponse;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/Authentication-Service-2.2.14.jar:fish/focus/uvms/usm/authentication/service/impl/LDAP.class */
public class LDAP {
    private static final Logger LOGGER = LoggerFactory.getLogger(LDAP.class);
    private static final String LOCKED = "Bind failed: account was permanently locked]";
    private static final String INVALID_CREDENTIALS = "[LDAP: error code 49";
    public static final String STATUS_CODE = "statusCode";
    public static final String LDAP_QUERY_ATTRIBUTES = "ldap.query.attributes";
    private String serverURL;
    private String contextRoot;
    private String bindDN;
    private String bindPassword;
    private String queryFilter;
    private String queryAttributes;

    public LDAP(Properties properties) {
        init(properties);
    }

    public Map<String, Object> authenticate(String str, String str2) {
        LOGGER.debug("authenticate(" + str + ") - (ENTER)");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        if (this.queryAttributes != null && !this.queryAttributes.trim().isEmpty()) {
            searchControls.setReturningAttributes(this.queryAttributes.split(","));
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.serverURL);
        if (this.bindDN == null || this.bindDN.trim().isEmpty() || this.bindPassword == null) {
            LOGGER.debug("LDAP anonymous search");
        } else {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", this.bindDN.trim());
            hashtable.put("java.naming.security.credentials", this.bindPassword.trim());
            LOGGER.debug("LDAP search by techdn: " + this.bindDN);
        }
        HashMap hashMap = null;
        NamingEnumeration<? extends Attribute> namingEnumeration = null;
        try {
            try {
                LdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                String format = MessageFormat.format(this.queryFilter, str);
                LOGGER.info("LDAP search for " + format + " under root " + this.contextRoot);
                NamingEnumeration<SearchResult> search = initialLdapContext.search(this.contextRoot, format, searchControls);
                LOGGER.info("LDAP search for " + format + " got answer");
                while (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    String nameInNamespace = searchResult.getNameInNamespace();
                    if (nameInNamespace == null || search.hasMoreElements()) {
                        search.close();
                        initialLdapContext.close();
                        cleanUp(initialLdapContext, search, namingEnumeration);
                        return null;
                    }
                    Attributes attributes = searchResult.getAttributes();
                    if (attributes != null) {
                        hashMap = new HashMap();
                        namingEnumeration = attributes.getAll();
                        while (namingEnumeration.hasMore()) {
                            Attribute attribute = (Attribute) namingEnumeration.next();
                            hashMap.put(attribute.getID(), attribute.get());
                        }
                        hashMap.put(LDAP_QUERY_ATTRIBUTES, this.queryAttributes);
                        namingEnumeration.close();
                    }
                    search.close();
                    LOGGER.info("LDAP search for " + format + " answer closed");
                    initialLdapContext.close();
                    LOGGER.info("LDAP search for " + format + " initial context closed");
                    hashtable.put("java.naming.security.authentication", "simple");
                    hashtable.put("java.naming.security.principal", nameInNamespace);
                    hashtable.put("java.naming.security.credentials", str2);
                    LOGGER.info("LDAP bind for " + nameInNamespace);
                    initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                    initialLdapContext.close();
                }
                LOGGER.info("LDAP operations ended.");
                cleanUp(initialLdapContext, search, namingEnumeration);
            } catch (NamingException e) {
                LOGGER.info("LDAP operations failed: " + e.getMessage());
                hashMap = new HashMap();
                String str3 = null;
                if (e.getCause() instanceof AuthenticationException) {
                    str3 = e.getCause().getExplanation();
                } else if (e instanceof AuthenticationException) {
                    str3 = e.getExplanation();
                }
                LOGGER.info("LDAP authentication exception explanation: " + str3);
                if (str3 == null) {
                    LOGGER.error("LDAP internal error. " + e.getMessage(), e);
                    hashMap.put(STATUS_CODE, 1);
                } else if (str3.startsWith(INVALID_CREDENTIALS)) {
                    hashMap.put(STATUS_CODE, 49);
                } else if (str3.endsWith(LOCKED)) {
                    hashMap.put(STATUS_CODE, Integer.valueOf(AuthenticationResponse.ACCOUNT_LOCKED));
                }
                cleanUp(null, null, null);
            }
            LOGGER.debug("authenticate() - (LEAVE): " + hashMap);
            return hashMap;
        } catch (Throwable th) {
            cleanUp(null, null, null);
            throw th;
        }
    }

    private void cleanUp(LdapContext ldapContext, NamingEnumeration<SearchResult> namingEnumeration, NamingEnumeration<? extends Attribute> namingEnumeration2) {
        if (namingEnumeration2 != null) {
            try {
                namingEnumeration2.close();
            } catch (NamingException e) {
                LOGGER.warn("Fail to close attribute enumeration: " + e.getMessage(), e);
            }
        }
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e2) {
                LOGGER.warn("Fail to close answer: " + e2.getMessage(), e2);
            }
        }
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e3) {
                LOGGER.warn("Failed to close context: " + e3.getMessage(), e3);
            }
        }
    }

    private void init(Properties properties) {
        this.serverURL = properties.getProperty("ldap.server.url");
        this.contextRoot = properties.getProperty("ldap.context.root");
        this.bindDN = properties.getProperty("ldap.bind.dn");
        this.bindPassword = properties.getProperty("ldap.bind.password");
        this.queryFilter = properties.getProperty("ldap.query.filter");
        this.queryAttributes = properties.getProperty(LDAP_QUERY_ATTRIBUTES);
    }

    public static String[] getQueryAttributes(Map<String, Object> map) {
        String str;
        String[] strArr = null;
        if (map != null && (str = (String) map.get(LDAP_QUERY_ATTRIBUTES)) != null) {
            String trim = str.trim();
            if (!trim.isEmpty()) {
                strArr = trim.split(",");
                LOGGER.debug("LDAP Query attributes: " + Arrays.toString(strArr));
            }
        }
        return strArr;
    }
}
