package org.exist.security.realm.activedirectory;

import java.util.HashMap;
import java.util.Optional;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.config.Configuration;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsAttribute;
import org.exist.security.AbstractAccount;
import org.exist.security.AuthenticationException;
import org.exist.security.Subject;
import org.exist.security.internal.SecurityManagerImpl;
import org.exist.security.internal.SubjectAccreditedImpl;
import org.exist.security.internal.aider.UserAider;
import org.exist.security.realm.ldap.LDAPRealm;
import org.exist.security.realm.ldap.LdapContextFactory;
import org.exist.storage.DBBroker;

@ConfigurationClass("realm")
/* loaded from: input_file:org/exist/security/realm/activedirectory/ActiveDirectoryRealm.class */
public class ActiveDirectoryRealm extends LDAPRealm {
    private static final Logger LOG = LogManager.getLogger(LDAPRealm.class);

    @ConfigurationFieldAsAttribute("id")
    public static String ID = "ActiveDirectory";

    @ConfigurationFieldAsAttribute("version")
    public static final String version = "1.0";

    public ActiveDirectoryRealm(SecurityManagerImpl securityManagerImpl, Configuration configuration) {
        super(securityManagerImpl, configuration);
    }

    protected LdapContextFactory ensureContextFactory() {
        if (this.ldapContextFactory == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No LdapContextFactory specified - creating a default instance.");
            }
            this.ldapContextFactory = new ContextFactory(this.configuration);
        }
        return this.ldapContextFactory;
    }

    public String getId() {
        return ID;
    }

    public Subject authenticate(String str, Object obj) throws AuthenticationException {
        String str2 = "(&(objectClass=user)(sAMAccountName=" + str + "))";
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{"sn", "givenName", "mail"});
        searchControls.setSearchScope(2);
        boolean z = false;
        try {
            LdapContext ldapContext = ensureContextFactory().getLdapContext(str, String.valueOf(obj));
            NamingEnumeration search = ldapContext.search(((ContextFactory) ensureContextFactory()).getSearchBase(), str2, searchControls);
            while (search.hasMoreElements()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                if (attributes != null) {
                    HashMap hashMap = new HashMap();
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMore()) {
                        Attribute attribute = (Attribute) all.next();
                        hashMap.put(attribute.getID(), attribute.get());
                        z = true;
                    }
                    all.close();
                }
            }
            if (!z) {
                return null;
            }
            AbstractAccount account = getAccount(str);
            if (account == null) {
                try {
                    DBBroker dBBroker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()));
                    Throwable th = null;
                    try {
                        try {
                            account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, str));
                            if (dBBroker != null) {
                                if (0 != 0) {
                                    try {
                                        dBBroker.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    dBBroker.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    throw new AuthenticationException(-1, e.getMessage(), e);
                }
            }
            return new SubjectAccreditedImpl(account, ldapContext);
        } catch (NamingException e2) {
            e2.printStackTrace();
            throw new AuthenticationException(-1, e2.getMessage());
        }
    }
}
