package org.codehaus.plexus.redback.authentication.ldap;

import javax.annotation.Resource;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang.StringUtils;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.common.ldap.UserMapper;
import org.codehaus.plexus.redback.common.ldap.connection.LdapConnection;
import org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory;
import org.codehaus.plexus.redback.common.ldap.connection.LdapException;
import org.codehaus.plexus.redback.configuration.UserConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#ldap")
/* loaded from: input_file:org/codehaus/plexus/redback/authentication/ldap/LdapBindAuthenticator.class */
public class LdapBindAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Resource(name = "userMapper#ldap")
    private UserMapper mapper;

    @Resource(name = "ldapConnectionFactory#configurable")
    private LdapConnectionFactory connectionFactory;

    @Resource(name = "userConfiguration")
    private UserConfiguration config;

    public String getId() {
        return "LdapBindAuthenticator";
    }

    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        if (!this.config.getBoolean("ldap.bind.authenticator.enabled") || (!this.config.getBoolean("ldap.bind.authenticator.allowEmptyPasswords", false) && StringUtils.isEmpty(passwordBasedAuthenticationDataSource.getPassword()))) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), (Exception) null);
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        String str = "(&(objectClass=" + this.mapper.getUserObjectClass() + ")" + (this.mapper.getUserFilter() != null ? this.mapper.getUserFilter() : "") + "(" + this.mapper.getUserIdAttribute() + "=" + passwordBasedAuthenticationDataSource.getPrincipal() + "))";
        this.log.info("Searching for users with filter: '" + str + "' from base dn: " + this.mapper.getUserBaseDn());
        LdapConnection ldapConnection = getLdapConnection();
        try {
            try {
                try {
                    NamingEnumeration<SearchResult> search = ldapConnection.getDirContext().search(this.mapper.getUserBaseDn(), str, searchControls);
                    this.log.info("Found user?: " + search.hasMoreElements());
                    if (!search.hasMoreElements()) {
                        AuthenticationResult authenticationResult = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), (Exception) null);
                        closeNamingEnumeration(search);
                        closeLdapConnection(ldapConnection);
                        if (0 != 0) {
                            closeLdapConnection(null);
                        }
                        return authenticationResult;
                    }
                    String nameInNamespace = ((SearchResult) search.nextElement()).getNameInNamespace();
                    this.log.info("Attempting Authenication: + " + nameInNamespace);
                    LdapConnection connection = this.connectionFactory.getConnection(nameInNamespace, passwordBasedAuthenticationDataSource.getPassword());
                    AuthenticationResult authenticationResult2 = new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getPrincipal(), (Exception) null);
                    closeNamingEnumeration(search);
                    closeLdapConnection(ldapConnection);
                    if (connection != null) {
                        closeLdapConnection(connection);
                    }
                    return authenticationResult2;
                } catch (NamingException e) {
                    AuthenticationResult authenticationResult3 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e);
                    closeNamingEnumeration(null);
                    closeLdapConnection(ldapConnection);
                    if (0 != 0) {
                        closeLdapConnection(null);
                    }
                    return authenticationResult3;
                }
            } catch (LdapException e2) {
                AuthenticationResult authenticationResult4 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e2);
                closeNamingEnumeration(null);
                closeLdapConnection(ldapConnection);
                if (0 != 0) {
                    closeLdapConnection(null);
                }
                return authenticationResult4;
            }
        } catch (Throwable th) {
            closeNamingEnumeration(null);
            closeLdapConnection(ldapConnection);
            if (0 != 0) {
                closeLdapConnection(null);
            }
            throw th;
        }
    }

    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }

    private LdapConnection getLdapConnection() {
        try {
            return this.connectionFactory.getConnection();
        } catch (LdapException e) {
            this.log.warn("failed to get a ldap connection " + e.getMessage(), e);
            throw new RuntimeException("failed to get a ldap connection " + e.getMessage(), e);
        }
    }

    private void closeLdapConnection(LdapConnection ldapConnection) {
        if (ldapConnection != null) {
            ldapConnection.close();
        }
    }

    private void closeNamingEnumeration(NamingEnumeration<SearchResult> namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                this.log.warn("skip exception closing naming search result " + e.getMessage());
            }
        }
    }
}
