package io.vertigo.account.plugins.authentication.ldap;

import io.vertigo.account.authentication.AuthenticationToken;
import io.vertigo.account.impl.authentication.AuthenticationPlugin;
import io.vertigo.account.impl.authentication.UsernamePasswordAuthenticationToken;
import io.vertigo.lang.Assertion;
import io.vertigo.lang.WrappedException;
import java.util.Hashtable;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.CommunicationException;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:io/vertigo/account/plugins/authentication/ldap/LdapAuthenticationPlugin.class */
public final class LdapAuthenticationPlugin implements AuthenticationPlugin {
    private static final Logger LOGGER = LogManager.getLogger(LdapAuthenticationPlugin.class);
    private static final String DEFAULT_CONTEXT_FACTORY_CLASS_NAME = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String SIMPLE_AUTHENTICATION_MECHANISM_NAME = "simple";
    private static final String DEFAULT_REFERRAL = "follow";
    private static final String USERDN_SUBSTITUTION_TOKEN = "{0}";
    private String userLoginPrefix;
    private String userLoginSuffix;
    private final String ldapServer;

    @Inject
    public LdapAuthenticationPlugin(@Named("userLoginTemplate") String str, @Named("ldapServerHost") String str2, @Named("ldapServerPort") String str3) {
        parseUserLoginTemplate(str);
        this.ldapServer = str2 + ":" + str3;
    }

    @Override // io.vertigo.account.impl.authentication.AuthenticationPlugin
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof UsernamePasswordAuthenticationToken;
    }

    @Override // io.vertigo.account.impl.authentication.AuthenticationPlugin
    public Optional<String> authenticateAccount(AuthenticationToken authenticationToken) {
        Assertion.checkNotNull(authenticationToken);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authenticationToken;
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = createLdapContext(this.userLoginPrefix + protectLdap(usernamePasswordAuthenticationToken.getPrincipal()) + this.userLoginSuffix, usernamePasswordAuthenticationToken.getPassword());
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Ouverture de connexion LDAP  '" + ldapContext + "'");
                }
                Optional<String> of = Optional.of(authenticationToken.getPrincipal());
                if (ldapContext != null) {
                    closeLdapContext(ldapContext);
                }
                return of;
            } catch (NamingException e) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.info("Can't authenticate user '" + authenticationToken.getPrincipal() + "'", e);
                } else {
                    LOGGER.info("Can't authenticate user '" + authenticationToken.getPrincipal() + "'");
                }
                Optional<String> empty = Optional.empty();
                if (ldapContext != null) {
                    closeLdapContext(ldapContext);
                }
                return empty;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                closeLdapContext(ldapContext);
            }
            throw th;
        }
    }

    private void parseUserLoginTemplate(String str) {
        Assertion.checkArgNotEmpty(str, "User DN template cannot be null or empty.", new Object[0]);
        int indexOf = str.indexOf(USERDN_SUBSTITUTION_TOKEN);
        if (indexOf < 0) {
            throw new IllegalArgumentException("User Login template must contain the '{0}' replacement token to understand where to insert the runtime authentication principal.");
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(substring.length() + USERDN_SUBSTITUTION_TOKEN.length());
        this.userLoginPrefix = substring;
        this.userLoginSuffix = substring2;
    }

    private LdapContext createLdapContext(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", DEFAULT_CONTEXT_FACTORY_CLASS_NAME);
        hashtable.put("java.naming.referral", DEFAULT_REFERRAL);
        hashtable.put("java.naming.security.authentication", SIMPLE_AUTHENTICATION_MECHANISM_NAME);
        hashtable.put("java.naming.provider.url", "ldap://" + this.ldapServer);
        if (str2 != null) {
            hashtable.put("java.naming.security.principal", str);
            hashtable.put("java.naming.security.credentials", str2);
        } else {
            hashtable.put("java.naming.security.authentication", "none");
        }
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (CommunicationException e) {
            throw WrappedException.wrap(e, "Can't connect to LDAP : {0} ", new Object[]{this.ldapServer});
        }
    }

    private static String protectLdap(String str) {
        return EsapiLdapEncoder.encodeForDN(str);
    }

    private static void closeLdapContext(LdapContext ldapContext) {
        try {
            ldapContext.close();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Fermeture connexion Ldap  \"" + ldapContext.toString() + "\" ");
            }
        } catch (NamingException e) {
            throw WrappedException.wrap(e, "Erreur lors de la fermeture de l'objet LdapContext", new Object[0]);
        }
    }
}
