package org.neo4j.server.security.enterprise.auth.plugin;

import java.util.Hashtable;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.neo4j.server.security.enterprise.auth.plugin.api.AuthToken;
import org.neo4j.server.security.enterprise.auth.plugin.api.AuthenticationException;
import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthInfo;
import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/plugin/LdapGroupHasUsersAuthPlugin.class */
public class LdapGroupHasUsersAuthPlugin extends AuthPlugin.Adapter {
    private static final String GROUP_SEARCH_BASE = "ou=groups,dc=example,dc=com";
    private static final String GROUP_SEARCH_FILTER = "(&(objectClass=posixGroup)(memberUid={0}))";
    public static final String GROUP_ID = "gidNumber";

    public String name() {
        return "ldap-alternative-groups";
    }

    public AuthInfo authenticateAndAuthorize(AuthToken authToken) throws AuthenticationException {
        try {
            String principal = authToken.principal();
            return AuthInfo.of(principal, authorize(authenticate(principal, authToken.credentials()), principal));
        } catch (NamingException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }

    private LdapContext authenticate(String str, char[] cArr) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://0.0.0.0:10389");
        hashtable.put("java.naming.security.principal", String.format("cn=%s,ou=users,dc=example,dc=com", str));
        hashtable.put("java.naming.security.credentials", cArr);
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    private Set<String> authorize(LdapContext ldapContext, String str) throws NamingException {
        Attributes attributes;
        String neo4jRoleForGroupId;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{GROUP_ID});
        NamingEnumeration search = ldapContext.search(GROUP_SEARCH_BASE, GROUP_SEARCH_FILTER, new Object[]{str}, searchControls);
        if (search.hasMoreElements() && (attributes = ((SearchResult) search.next()).getAttributes()) != null) {
            NamingEnumeration all = attributes.getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                if (attribute.getID().equalsIgnoreCase(GROUP_ID) && (neo4jRoleForGroupId = getNeo4jRoleForGroupId((String) attribute.get())) != null) {
                    linkedHashSet.add(neo4jRoleForGroupId);
                }
            }
        }
        return linkedHashSet;
    }

    private String getNeo4jRoleForGroupId(String str) {
        if ("500".equals(str)) {
            return "reader";
        }
        if ("501".equals(str)) {
            return "publisher";
        }
        if ("502".equals(str)) {
            return "architect";
        }
        if ("503".equals(str)) {
            return "admin";
        }
        return null;
    }
}
