package net.sf.jguard.ext.authentication.loginmodules;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.CompositeName;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.ext.SecurityConstants;
import net.sf.jguard.ext.util.FastBindConnectionControl;
import net.sf.jguard.ext.util.JNDIUtils;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: input_file:WEB-INF/lib/jguard-ext-1.0.4.jar:net/sf/jguard/ext/authentication/loginmodules/JNDILoginModule.class */
public class JNDILoginModule extends UserLoginModule implements LoginModule {
    private static final String USER_DN = "userDN";
    private static final String CONTEXTFORCOMMIT = "contextforcommit";
    private static final String JNDI = "jndi";
    private static final String TIMELIMIT = "timelimit";
    private static final String SEARCHSCOPE = "searchscope";
    private static final String RETURNINGOBJFLAG = "returningobjflag";
    private static final String RETURNINGATTRIBUTES = "returningattributes";
    private static final String DEREFLINKFLAG = "dereflinkflag";
    private static final String COUNTLIMIT = "countlimit";
    private static final String SEARCHCONTROLS = "searchcontrols.";
    private static final String PREAUTH = "preauth.";
    private static final String AUTH = "auth.";
    private static final String FAST_BIND_CONNECTION = "fastBindConnection";
    private static final String SEARCH_FILTER = "search.filter";
    private static final String SEARCH_BASE_DN = "search.base.dn";
    private static final Logger logger;
    private DirContext preAuthContext = null;
    private DirContext authContext = null;
    private SearchControls preAuthSearchControls = null;
    private Map authOpts = null;
    private Map preAuthOpts = null;
    private Map preAuthSearchControlsOpts = null;
    private Set credentials = null;
    static Class class$net$sf$jguard$ext$authentication$loginmodules$JNDILoginModule;

    @Override // net.sf.jguard.ext.authentication.loginmodules.UserLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.preAuthOpts = new HashMap();
        this.preAuthSearchControlsOpts = new HashMap();
        this.authOpts = new HashMap();
        fillOptions();
    }

    private DirContext getContext(Map map) throws LoginException {
        InitialLdapContext initialLdapContext;
        if (map.containsKey(JNDI)) {
            try {
                initialLdapContext = (DirContext) new InitialContext().lookup((String) map.get(JNDI));
            } catch (NamingException e) {
                throw new LoginException(" we cannot grab the default initial context ");
            }
        } else {
            try {
                initialLdapContext = new InitialLdapContext(new Hashtable(map), getLDAPControls(map));
            } catch (NamingException e2) {
                throw new LoginException(e2.getMessage());
            }
        }
        if (initialLdapContext == null) {
            throw new LoginException(" we cannot grab the default initial context ");
        }
        return initialLdapContext;
    }

    private void fillOptions() {
        for (Map.Entry entry : this.options.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (str.startsWith(PREAUTH)) {
                String substring = str.substring(8, str.length());
                if (substring.startsWith(SEARCHCONTROLS)) {
                    this.preAuthSearchControlsOpts.put(substring.substring(15, substring.length()), str2);
                } else {
                    this.preAuthOpts.put(substring, str2);
                }
            } else if (str.startsWith(AUTH)) {
                this.authOpts.put(str.substring(5, str.length()), str2);
            }
        }
    }

    @Override // net.sf.jguard.ext.authentication.loginmodules.UserLoginModule
    public boolean login() throws LoginException {
        super.login();
        if (SecurityConstants.GUEST.equals(this.login)) {
            this.loginOK = false;
            return false;
        }
        String str = (String) this.authOpts.get(USER_DN);
        if (this.preAuthOpts.size() == 0 && (str == null || str.equals(""))) {
            throw new IllegalArgumentException(" you've configured the JNDILoginmodule in 'auth' mode (options starting by 'preauth.' are not present).\n 'auth.userDN' option used to find the user LDAP Entry is lacking or is empty ");
        }
        String str2 = getuserDN(str, this.login);
        if (str2 == null || equals("")) {
            this.loginOK = false;
            throw new LoginException(" Distinguished name is null or empty ");
        }
        this.authOpts.put(SecurityConstants.SECURITY_PRINCIPAL, str2);
        this.authOpts.put(SecurityConstants.SECURITY_CREDENTIALS, new String(this.password));
        try {
            this.authContext = getContext(this.authOpts);
            try {
                if (this.authContext != null) {
                    this.authContext.close();
                }
                this.sharedState.put(SecurityConstants.SKIP_PASSWORD_CHECK, "true");
                logger.log(Level.INFO, new StringBuffer().append(" JNDI login phase succeed for user ").append(this.login).toString());
                return true;
            } catch (NamingException e) {
                throw new FailedLoginException(e.getMessage());
            }
        } catch (Throwable th) {
            try {
                if (this.authContext != null) {
                    this.authContext.close();
                }
                throw th;
            } catch (NamingException e2) {
                throw new FailedLoginException(e2.getMessage());
            }
        }
    }

    private String getuserDN(String str, String str2) throws LoginException {
        String preAuthSearch;
        Object[] objArr = {JNDIUtils.escapeDn(str2)};
        if (this.preAuthOpts.size() > 0) {
            try {
                this.preAuthContext = getContext(this.preAuthOpts);
                this.preAuthSearchControlsOpts.put(COUNTLIMIT, SchemaSymbols.ATTVAL_TRUE_1);
                this.preAuthSearchControls = getSearchControls(this.preAuthSearchControlsOpts);
                try {
                    try {
                        preAuthSearch = preAuthSearch(this.preAuthContext, this.preAuthSearchControls);
                    } catch (LoginException e) {
                        this.loginOK = false;
                        throw e;
                    }
                } finally {
                    try {
                        this.preAuthContext.close();
                    } catch (NamingException e2) {
                        logger.severe(e2.getMessage());
                    }
                }
            } catch (LoginException e3) {
                this.loginOK = false;
                throw new IllegalArgumentException(e3.getMessage());
            }
        } else {
            preAuthSearch = JNDIUtils.escapeDn(MessageFormat.format(str, objArr));
        }
        return preAuthSearch;
    }

    public boolean commit() throws LoginException {
        if (!this.loginOK) {
            return false;
        }
        if (this.options.containsKey(CONTEXTFORCOMMIT) && this.options.get(CONTEXTFORCOMMIT).equals("true")) {
            this.credentials = grabAttributes(getContext(this.authOpts), (String) this.authOpts.get(USER_DN));
        }
        if (this.credentials == null) {
            return true;
        }
        this.subject.getPrivateCredentials().addAll(this.credentials);
        return true;
    }

    private Set grabAttributes(DirContext dirContext, String str) throws LoginException {
        DirContext dirContext2 = null;
        new HashSet();
        try {
            try {
                DirContext dirContext3 = (DirContext) dirContext.lookup(getuserDN(str, this.login));
                if (dirContext3 == null) {
                    throw new FailedLoginException("login.user.does.not.exist");
                }
                Set grabCredentials = grabCredentials(dirContext3.getAttributes(""));
                if (dirContext3 != null) {
                    try {
                        dirContext3.close();
                    } catch (NamingException e) {
                        throw new LoginException(e.getMessage());
                    }
                }
                return grabCredentials;
            } catch (NamingException e2) {
                throw new LoginException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext2.close();
                } catch (NamingException e3) {
                    throw new LoginException(e3.getMessage());
                }
            }
            throw th;
        }
    }

    private Set grabCredentials(Attributes attributes) throws NamingException {
        HashSet hashSet = new HashSet();
        NamingEnumeration all = attributes.getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            String id = attribute.getID();
            String attributeValue = JNDIUtils.getAttributeValue(attribute);
            JGuardCredential jGuardCredential = new JGuardCredential();
            jGuardCredential.setId(id);
            jGuardCredential.setValue(attributeValue);
            hashSet.add(jGuardCredential);
        }
        return hashSet;
    }

    private String preAuthSearch(DirContext dirContext, SearchControls searchControls) throws LoginException {
        String str = null;
        try {
            try {
                String[] strArr = {this.login};
                Hashtable environment = dirContext.getEnvironment();
                NamingEnumeration search = dirContext.search((String) environment.get(SEARCH_BASE_DN), (String) environment.get(SEARCH_FILTER), strArr, searchControls);
                int i = 0;
                boolean z = false;
                String str2 = (String) this.options.get(CONTEXTFORCOMMIT);
                if (str2 != null && "preauth".equals(str2)) {
                    z = true;
                }
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    searchResult.getName();
                    str = dirContext.getNameParser("").parse(new CompositeName(searchResult.getName()).get(0)).toString();
                    if (z) {
                        this.credentials = grabCredentials(searchResult.getAttributes());
                    }
                    i++;
                }
                if (i > 1) {
                    logger.warning(new StringBuffer().append("more than one Distinguished Name has been found in the Directory for the user=").append(this.login).toString());
                    throw new FailedLoginException("login.error");
                }
                try {
                    dirContext.close();
                    if (str == null) {
                        throw new FailedLoginException("login.error");
                    }
                    return str;
                } catch (NamingException e) {
                    throw new LoginException(e.getMessage());
                }
            } catch (Throwable th) {
                try {
                    dirContext.close();
                    throw th;
                } catch (NamingException e2) {
                    throw new LoginException(e2.getMessage());
                }
            }
        } catch (NamingException e3) {
            throw new LoginException(new StringBuffer().append(" a naming exception has been raised when we are looking for the user Distinguished Name ").append(e3.getMessage()).toString());
        }
    }

    private SearchControls getSearchControls(Map map) {
        SearchControls searchControls = new SearchControls();
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            if (COUNTLIMIT.equals(str)) {
                searchControls.setCountLimit(Long.parseLong(str2));
            } else if (DEREFLINKFLAG.equals(str)) {
                searchControls.setDerefLinkFlag(Boolean.valueOf(str2).booleanValue());
            } else if (RETURNINGATTRIBUTES.equals(str)) {
                searchControls.setReturningAttributes(str2.split("#"));
            } else if (RETURNINGOBJFLAG.equals(str)) {
                searchControls.setReturningObjFlag(Boolean.valueOf(str2).booleanValue());
            } else if (SEARCHSCOPE.equals(str)) {
                searchControls.setSearchScope(Integer.parseInt(str2));
            } else if (TIMELIMIT.equals(str)) {
                searchControls.setTimeLimit(Integer.parseInt(str2));
            }
        }
        return searchControls;
    }

    private Control[] getLDAPControls(Map map) {
        ArrayList arrayList = new ArrayList();
        if (map.containsKey(FAST_BIND_CONNECTION) && "true".equalsIgnoreCase((String) map.get(FAST_BIND_CONNECTION))) {
            arrayList.add(new FastBindConnectionControl());
        }
        return (Control[]) arrayList.toArray(new Control[arrayList.size()]);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$ext$authentication$loginmodules$JNDILoginModule == null) {
            cls = class$("net.sf.jguard.ext.authentication.loginmodules.JNDILoginModule");
            class$net$sf$jguard$ext$authentication$loginmodules$JNDILoginModule = cls;
        } else {
            cls = class$net$sf$jguard$ext$authentication$loginmodules$JNDILoginModule;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
