package org.dspace.app.webui.servlet;

import java.io.IOException;
import java.sql.SQLException;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.dspace.app.webui.util.Authenticate;
import org.dspace.app.webui.util.JSPManager;
import org.dspace.authenticate.AuthenticationManager;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;

/* loaded from: input_file:org/dspace/app/webui/servlet/LDAPServlet.class */
public class LDAPServlet extends DSpaceServlet {
    private static Logger log = Logger.getLogger(LDAPServlet.class);

    @Override // org.dspace.app.webui.servlet.DSpaceServlet
    protected void doDSGet(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, SQLException, AuthorizeException {
        if (ConfigurationManager.getBooleanProperty("ldap.enable")) {
            JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/ldap.jsp");
        } else {
            JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/password.jsp");
        }
    }

    @Override // org.dspace.app.webui.servlet.DSpaceServlet
    protected void doDSPost(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, SQLException, AuthorizeException {
        String parameter = httpServletRequest.getParameter("login_netid");
        String parameter2 = httpServletRequest.getParameter("login_password");
        EPerson findByNetid = EPerson.findByNetid(context, parameter.toLowerCase());
        EPerson findByEmail = EPerson.findByEmail(context, parameter.toLowerCase());
        LDAPResult lDAPResult = new LDAPResult();
        lDAPResult.givenName = null;
        lDAPResult.surname = null;
        lDAPResult.email = null;
        lDAPResult.phone = null;
        if (findByNetid != null && findByNetid.canLogIn()) {
            if (findByNetid.getRequireCertificate()) {
                JSPManager.showJSP(httpServletRequest, httpServletResponse, "/error/require-certificate.jsp");
                return;
            } else {
                if (!ldapAuthenticate(parameter, parameter2, context, lDAPResult)) {
                    JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/ldap-incorrect.jsp");
                    return;
                }
                Authenticate.loggedIn(context, httpServletRequest, findByNetid);
                log.info(LogManager.getHeader(context, "login", "type=ldap"));
                Authenticate.resumeInterruptedRequest(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (findByEmail != null && findByEmail.canLogIn()) {
            if (findByEmail.getRequireCertificate()) {
                JSPManager.showJSP(httpServletRequest, httpServletResponse, "/error/require-certificate.jsp");
                return;
            } else {
                if (!findByEmail.checkPassword(parameter2)) {
                    JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/ldap-incorrect.jsp");
                    return;
                }
                Authenticate.loggedIn(context, httpServletRequest, findByEmail);
                log.info(LogManager.getHeader(context, "login", "type=password"));
                Authenticate.resumeInterruptedRequest(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (!ldapAuthenticate(parameter, parameter2, context, lDAPResult)) {
            log.info(LogManager.getHeader(context, "failed_login", "netid=" + parameter));
            JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/ldap-incorrect.jsp");
            return;
        }
        if (!ConfigurationManager.getBooleanProperty("webui.ldap.autoregister")) {
            log.info(LogManager.getHeader(context, "failed_login", "type=ldap_but_no_record"));
            JSPManager.showJSP(httpServletRequest, httpServletResponse, "/login/not-in-records.jsp");
            return;
        }
        log.info(LogManager.getHeader(context, "autoregister", "netid=" + parameter));
        if (lDAPResult.email != null && !lDAPResult.email.equals("") && EPerson.findByEmail(context, lDAPResult.email) != null) {
            log.info(LogManager.getHeader(context, "failed_autoregister", "type=ldap_but_already_email"));
            JSPManager.showJSP(httpServletRequest, httpServletResponse, "/register/already-registered.jsp");
            return;
        }
        context.setIgnoreAuthorization(true);
        EPerson create = EPerson.create(context);
        if (lDAPResult.email == null || lDAPResult.email.equals("")) {
            create.setEmail(parameter);
        } else {
            create.setEmail(lDAPResult.email);
        }
        if (lDAPResult.givenName != null && !lDAPResult.givenName.equals("")) {
            create.setFirstName(lDAPResult.givenName);
        }
        if (lDAPResult.surname != null && !lDAPResult.surname.equals("")) {
            create.setLastName(lDAPResult.surname);
        }
        if (lDAPResult.phone != null && !lDAPResult.phone.equals("")) {
            create.setMetadata("phone", lDAPResult.phone);
        }
        create.setNetid(parameter);
        create.setCanLogIn(true);
        AuthenticationManager.initEPerson(context, httpServletRequest, create);
        create.update();
        context.commit();
        context.setIgnoreAuthorization(false);
        Authenticate.loggedIn(context, httpServletRequest, create);
        log.info(LogManager.getHeader(context, "login", "type=ldap-login"));
        Authenticate.resumeInterruptedRequest(httpServletRequest, httpServletResponse);
    }

    protected boolean ldapAuthenticate(String str, String str2, Context context, LDAPResult lDAPResult) {
        Attribute attribute;
        Attribute attribute2;
        Attribute attribute3;
        Attribute attribute4;
        if (str2.equals("")) {
            return false;
        }
        String property = ConfigurationManager.getProperty("ldap.provider_url");
        String property2 = ConfigurationManager.getProperty("ldap.id_field");
        String property3 = ConfigurationManager.getProperty("ldap.search_context");
        String property4 = ConfigurationManager.getProperty("ldap.object_context");
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", property);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", property2 + "=" + str + "," + property4);
        hashtable.put("java.naming.security.credentials", str2);
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            String property5 = ConfigurationManager.getProperty("ldap.email_field");
            String property6 = ConfigurationManager.getProperty("ldap.givenname_field");
            String property7 = ConfigurationManager.getProperty("ldap.surname_field");
            String property8 = ConfigurationManager.getProperty("ldap.phone_field");
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(property2, str));
            String[] strArr = {property5, property6, property7, property8};
            try {
                NamingEnumeration search = initialDirContext.search(property3, basicAttributes, strArr);
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (strArr[0] != null && (attribute4 = attributes.get(strArr[0])) != null) {
                        lDAPResult.email = (String) attribute4.get();
                    }
                    if (strArr[1] != null && (attribute3 = attributes.get(strArr[1])) != null) {
                        lDAPResult.givenName = (String) attribute3.get();
                    }
                    if (strArr[2] != null && (attribute2 = attributes.get(strArr[2])) != null) {
                        lDAPResult.surname = (String) attribute2.get();
                    }
                    if (strArr[3] != null && (attribute = attributes.get(strArr[3])) != null) {
                        lDAPResult.phone = (String) attribute.get();
                    }
                }
                initialDirContext.close();
                return true;
            } catch (NamingException e) {
                log.warn(LogManager.getHeader(context, "ldap_attribute_lookup", "type=failed_search " + e));
                return true;
            }
        } catch (NamingException e2) {
            log.warn(LogManager.getHeader(context, "ldap_authentication", "type=failed_auth " + e2));
            return false;
        }
    }
}
