package org.codehaus.plexus.redback.authentication.ldap;

import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.common.ldap.UserMapper;
import org.codehaus.plexus.redback.common.ldap.connection.LdapConnection;
import org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory;
import org.codehaus.plexus.redback.common.ldap.connection.LdapException;
import org.codehaus.plexus.redback.configuration.UserConfiguration;
import org.codehaus.plexus.redback.users.ldap.service.LdapCacheService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#ldap")
/* loaded from: input_file:WEB-INF/lib/redback-authentication-ldap-1.4.jar:org/codehaus/plexus/redback/authentication/ldap/LdapBindAuthenticator.class */
public class LdapBindAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    @Named("userMapper#ldap")
    private UserMapper mapper;

    @Inject
    @Named("ldapConnectionFactory#configurable")
    private LdapConnectionFactory connectionFactory;

    @Inject
    @Named("userConfiguration")
    private UserConfiguration config;

    @Inject
    private LdapCacheService ldapCacheService;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "LdapBindAuthenticator";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        if (!this.config.getBoolean("ldap.bind.authenticator.enabled") || (!this.config.getBoolean("ldap.bind.authenticator.allowEmptyPasswords", false) && StringUtils.isEmpty(passwordBasedAuthenticationDataSource.getPassword()))) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null);
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        String str = "(&(objectClass=" + this.mapper.getUserObjectClass() + DefaultExpressionEngine.DEFAULT_INDEX_END + (this.mapper.getUserFilter() != null ? this.mapper.getUserFilter() : "") + DefaultExpressionEngine.DEFAULT_INDEX_START + this.mapper.getUserIdAttribute() + "=" + passwordBasedAuthenticationDataSource.getPrincipal() + "))";
        this.log.info("Searching for users with filter: '{}' from base dn: {}", str, this.mapper.getUserBaseDn());
        LdapConnection ldapConnection = getLdapConnection();
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                String ldapUserDn = this.ldapCacheService.getLdapUserDn(passwordBasedAuthenticationDataSource.getPrincipal());
                if (ldapUserDn == null) {
                    this.log.debug("userDn for user {} not found in cache. Retrieving from ldap server..", passwordBasedAuthenticationDataSource.getPrincipal());
                    namingEnumeration = ldapConnection.getDirContext().search(this.mapper.getUserBaseDn(), str, searchControls);
                    this.log.info("Found user?: {}", Boolean.valueOf(namingEnumeration.hasMoreElements()));
                    if (!namingEnumeration.hasMoreElements()) {
                        AuthenticationResult authenticationResult = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null);
                        closeNamingEnumeration(namingEnumeration);
                        closeLdapConnection(ldapConnection);
                        if (0 != 0) {
                            closeLdapConnection(null);
                        }
                        return authenticationResult;
                    }
                    ldapUserDn = ((SearchResult) namingEnumeration.nextElement()).getNameInNamespace();
                    this.log.debug("Adding userDn {} for user {} to the cache..", ldapUserDn, passwordBasedAuthenticationDataSource.getPrincipal());
                    this.ldapCacheService.addLdapUserDn(passwordBasedAuthenticationDataSource.getPrincipal(), ldapUserDn);
                }
                this.log.info("Attempting Authenication: + {}", ldapUserDn);
                LdapConnection connection = this.connectionFactory.getConnection(ldapUserDn, passwordBasedAuthenticationDataSource.getPassword());
                AuthenticationResult authenticationResult2 = new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getPrincipal(), null);
                closeNamingEnumeration(namingEnumeration);
                closeLdapConnection(ldapConnection);
                if (connection != null) {
                    closeLdapConnection(connection);
                }
                return authenticationResult2;
            } catch (LdapException e) {
                AuthenticationResult authenticationResult3 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e);
                closeNamingEnumeration(null);
                closeLdapConnection(ldapConnection);
                if (0 != 0) {
                    closeLdapConnection(null);
                }
                return authenticationResult3;
            } catch (NamingException e2) {
                AuthenticationResult authenticationResult4 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e2);
                closeNamingEnumeration(null);
                closeLdapConnection(ldapConnection);
                if (0 != 0) {
                    closeLdapConnection(null);
                }
                return authenticationResult4;
            }
        } catch (Throwable th) {
            closeNamingEnumeration(null);
            closeLdapConnection(ldapConnection);
            if (0 != 0) {
                closeLdapConnection(null);
            }
            throw th;
        }
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable, org.codehaus.plexus.redback.common.ldap.connection.LdapException] */
    private LdapConnection getLdapConnection() {
        try {
            return this.connectionFactory.getConnection();
        } catch (LdapException e) {
            this.log.warn("failed to get a ldap connection " + e.getMessage(), (Throwable) e);
            throw new RuntimeException("failed to get a ldap connection " + e.getMessage(), e);
        }
    }

    private void closeLdapConnection(LdapConnection ldapConnection) {
        if (ldapConnection != null) {
            ldapConnection.close();
        }
    }

    private void closeNamingEnumeration(NamingEnumeration<SearchResult> namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                this.log.warn("skip exception closing naming search result " + e.getMessage());
            }
        }
    }
}
