package org.geomajas.plugin.staticsecurity.ldap;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.validation.constraints.NotNull;
import org.geomajas.plugin.staticsecurity.configuration.AuthorizationInfo;
import org.geomajas.plugin.staticsecurity.configuration.UserInfo;
import org.geomajas.plugin.staticsecurity.security.AuthenticationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/geomajas/plugin/staticsecurity/ldap/LdapAuthenticationService.class */
public class LdapAuthenticationService implements AuthenticationService {

    @NotNull
    private String serverHost;
    private boolean allowAllSocketFactory;

    @NotNull
    private String userDnTemplate;
    private String givenNameAttribute;
    private String surNameAttribute;
    private String localeAttribute;
    private String organizationAttribute;
    private String divisionAttribute;
    private String rolesAttribute;
    private List<AuthorizationInfo> defaultRole;
    private Map<String, List<AuthorizationInfo>> roles;
    private final Logger log = LoggerFactory.getLogger(LdapAuthenticationService.class);
    private int serverPort = 636;

    public void setServerHost(String str) {
        this.serverHost = str;
    }

    public void setServerPort(int i) {
        this.serverPort = i;
    }

    public void setAllowAllSocketFactory(boolean z) {
        this.allowAllSocketFactory = z;
    }

    public void setUserDnTemplate(String str) {
        this.userDnTemplate = str;
    }

    public void setGivenNameAttribute(String str) {
        this.givenNameAttribute = str;
    }

    public void setSurNameAttribute(String str) {
        this.surNameAttribute = str;
    }

    public void setLocaleAttribute(String str) {
        this.localeAttribute = str;
    }

    public void setOrganizationAttribute(String str) {
        this.organizationAttribute = str;
    }

    public void setDivisionAttribute(String str) {
        this.divisionAttribute = str;
    }

    public void setRolesAttribute(String str) {
        this.rolesAttribute = str;
    }

    public List<AuthorizationInfo> getDefaultRole() {
        return this.defaultRole;
    }

    public void setDefaultRole(List<AuthorizationInfo> list) {
        this.defaultRole = list;
    }

    public void setRoles(Map<String, List<AuthorizationInfo>> map) {
        this.roles = map;
    }

    public String convertPassword(String str, String str2) {
        return str2;
    }

    public UserInfo isAuthenticated(String str, String str2) {
        String replace = this.userDnTemplate.replace("{}", str);
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = this.allowAllSocketFactory ? new LDAPConnection(new SSLUtil(new TrustAllTrustManager()).createSSLSocketFactory(), this.serverHost, this.serverPort) : new LDAPConnection(this.serverHost, this.serverPort);
                if (!lDAPConnection.bind(replace, str2).getResultCode().isConnectionUsable()) {
                    if (null == lDAPConnection) {
                        return null;
                    }
                    lDAPConnection.close();
                    return null;
                }
                ArrayList arrayList = new ArrayList();
                arrayList.add("cn");
                addAttribute(arrayList, this.givenNameAttribute);
                addAttribute(arrayList, this.surNameAttribute);
                addAttribute(arrayList, this.localeAttribute);
                addAttribute(arrayList, this.organizationAttribute);
                addAttribute(arrayList, this.divisionAttribute);
                addAttribute(arrayList, this.rolesAttribute);
                UserInfo userInfo = getUserInfo(str, lDAPConnection.search(new SearchRequest(replace, SearchScope.SUB, Filter.createEqualityFilter("objectclass", "person"), (String[]) arrayList.toArray(new String[arrayList.size()]))));
                if (null != lDAPConnection) {
                    lDAPConnection.close();
                }
                return userInfo;
            } catch (GeneralSecurityException e) {
                this.log.error(e.getMessage(), e);
                if (null == lDAPConnection) {
                    return null;
                }
                lDAPConnection.close();
                return null;
            } catch (LDAPException e2) {
                if (!e2.getMessage().startsWith("Unable to bind as user ")) {
                    this.log.error(e2.getMessage(), e2);
                }
                if (null == lDAPConnection) {
                    return null;
                }
                lDAPConnection.close();
                return null;
            }
        } catch (Throwable th) {
            if (null != lDAPConnection) {
                lDAPConnection.close();
            }
            throw th;
        }
    }

    private UserInfo getUserInfo(String str, SearchResult searchResult) {
        if (searchResult.getEntryCount() <= 0) {
            return null;
        }
        SearchResultEntry searchResultEntry = (SearchResultEntry) searchResult.getSearchEntries().get(0);
        UserInfo userInfo = new UserInfo();
        userInfo.setUserId(str);
        String attributeValue = searchResultEntry.getAttributeValue(this.givenNameAttribute);
        String attributeValue2 = searchResultEntry.getAttributeValue(this.surNameAttribute);
        if (null == attributeValue) {
            attributeValue = attributeValue2;
        } else if (null != attributeValue2) {
            attributeValue = attributeValue + " " + attributeValue2;
        }
        userInfo.setUserName(attributeValue);
        userInfo.setUserLocale(searchResultEntry.getAttributeValue(this.localeAttribute));
        userInfo.setUserOrganization(searchResultEntry.getAttributeValue(this.organizationAttribute));
        userInfo.setUserDivision(searchResultEntry.getAttributeValue(this.divisionAttribute));
        userInfo.setAuthorizations(getAuthorizations(searchResultEntry));
        return userInfo;
    }

    private List<AuthorizationInfo> getAuthorizations(SearchResultEntry searchResultEntry) {
        ArrayList arrayList = new ArrayList();
        if (null != this.defaultRole) {
            arrayList.addAll(this.defaultRole);
        }
        String[] attributeValues = searchResultEntry.getAttributeValues(this.rolesAttribute);
        if (null != attributeValues) {
            for (String str : attributeValues) {
                List<AuthorizationInfo> list = this.roles.get(str);
                if (null != list) {
                    arrayList.addAll(list);
                }
            }
        }
        return arrayList;
    }

    private void addAttribute(List<String> list, String str) {
        if (null != str) {
            list.add(str);
        }
    }
}
