package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.security.core.Logable;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.server.UnsupportedScopeException;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil;
import edu.uiuc.ncsa.security.util.ssl.SSLConfigurationUtil;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.util.JSONUtils;
import org.apache.logging.log4j.message.ParameterizedMessage;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-3.5-SNAPSHOT.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/LDAPScopeHandler.class */
public class LDAPScopeHandler extends BasicScopeHandler implements Logable {
    protected boolean loggingEnabled;
    MyLoggingFacade myLogger;
    LdapContext context;
    LDAPConfiguration ldapConfiguration;
    boolean debug;

    public LDAPScopeHandler(LDAPConfiguration lDAPConfiguration, MyLoggingFacade myLoggingFacade) {
        this.loggingEnabled = false;
        this.myLogger = null;
        this.ldapConfiguration = null;
        this.debug = false;
        this.ldapConfiguration = lDAPConfiguration;
        this.myLogger = myLoggingFacade;
        if (myLoggingFacade != null) {
            this.loggingEnabled = true;
        }
    }

    public LDAPScopeHandler(OA2SE oa2se) {
        super(oa2se);
        this.loggingEnabled = false;
        this.myLogger = null;
        this.ldapConfiguration = null;
        this.debug = false;
        this.myLogger = oa2se.getMyLogger();
        this.loggingEnabled = this.myLogger != null;
    }

    public String getSearchName(UserInfo userInfo, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) {
        LDAPConfigurationUtil.toJSON(getCfg()).getJSONObject("ldap").getJSONObject(SSLConfigurationUtil.SSL_TAG).put(SSLConfigurationUtil.SSL_KEYSTORE_TAG, "");
        if (getCfg().getSearchNameKey() == null) {
            warn("No search name given for LDAP query. Using default of username");
            return serviceTransaction.getUsername();
        }
        if (getCfg().getSearchNameKey().equals("username")) {
            return serviceTransaction.getUsername();
        }
        if (!userInfo.getMap().containsKey(getCfg().getSearchNameKey()) || userInfo.getMap().get(getCfg().getSearchNameKey()) == null) {
            throw new IllegalStateException("Error: no recognized search name key was found. Requested was \"" + getCfg().getSearchNameKey() + JSONUtils.DOUBLE_QUOTE);
        }
        String str = (String) userInfo.getMap().get(getCfg().getSearchNameKey());
        if (getCfg().getServer().equals("ldap.ncsa.illinois.edu")) {
            DebugUtil.dbg(this, "Getting search name for NCSA LDAP");
            String str2 = (String) userInfo.getMap().get(getCfg().getSearchNameKey());
            str = str2.substring(0, str2.indexOf("@"));
        }
        return str;
    }

    protected MyLoggingFacade getMyLogger() {
        return this.myLogger;
    }

    public void handleException(Throwable th) {
        if (th instanceof CommunicationException) {
            warn("Communication exception talking to LDAP.");
            return;
        }
        if (getCfg().isFailOnError()) {
            HashMap hashMap = new HashMap();
            URI serviceAddress = getOa2SE().getServiceAddress();
            hashMap.put("host", serviceAddress != null ? serviceAddress.getHost() : "localhost");
            hashMap.put("ldap_host", getCfg().getServer());
            hashMap.put("message", th.getMessage());
            if (getCfg().isNotifyOnFail()) {
                getOa2SE().getMailUtil().sendMessage("Error on ${host} contacting LDAP server", "The following error message was received attempting to contact the LDAP server at ${ldap_host}:\n\n${message}\n\n. The operation did not complete.", hashMap);
            }
            throw new GeneralException("Error: Could not communicate with LDAP server. \"" + th.getMessage() + JSONUtils.DOUBLE_QUOTE);
        }
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicScopeHandler, edu.uiuc.ncsa.security.oauth_2_0.server.ScopeHandler
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicScopeHandler, edu.uiuc.ncsa.security.oauth_2_0.server.ScopeHandler
    public synchronized UserInfo process(UserInfo userInfo, HttpServletRequest httpServletRequest, ServiceTransaction serviceTransaction) throws UnsupportedScopeException {
        if (!isEnabled()) {
            DebugUtil.dbg(this, "server=" + getCfg().getServer() + ", is NOT enabled.");
            return userInfo;
        }
        DebugUtil.dbg(this, "Starting LDAP query");
        DebugUtil.dbg(this, "target host =" + getCfg().getServer());
        if (!isLoggedOn()) {
            logon();
        }
        DebugUtil.dbg(this, "   logged on");
        DebugUtil.dbg(this, "Claims=" + getClaims());
        try {
            try {
                String searchName = getSearchName(userInfo, httpServletRequest, serviceTransaction);
                DebugUtil.dbg(this, "  search name=" + searchName);
                if (searchName != null) {
                    JSONObject simpleSearch = simpleSearch(this.context, searchName, getCfg().getSearchAttributes());
                    DebugUtil.dbg(this, "returned from search:" + simpleSearch);
                    userInfo.getMap().putAll(simpleSearch);
                } else {
                    info("No search name encountered for LDAP query. No search performed.");
                }
                DebugUtil.dbg(this, "user info =" + userInfo.getMap());
                this.context.close();
                closeConnection();
            } catch (Throwable th) {
                handleException(th);
                closeConnection();
            }
            return userInfo;
        } catch (Throwable th2) {
            closeConnection();
            throw th2;
        }
    }

    protected boolean isLoggedOn() {
        return this.context != null;
    }

    protected LDAPConfiguration getCfg() {
        if (this.ldapConfiguration == null) {
            this.ldapConfiguration = getOa2SE().getLdapConfiguration();
        }
        return this.ldapConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean logon() {
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            String str = "ldaps://" + getCfg().getServer();
            if (0 <= getCfg().getPort()) {
                str = str + ParameterizedMessage.ERROR_MSG_SEPARATOR + getCfg().getPort();
            }
            hashtable.put("java.naming.provider.url", str);
            switch (getCfg().getAuthType()) {
                case 1:
                    hashtable.put("java.naming.security.authentication", "none");
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
                case 10:
                    hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_SIMPLE);
                    hashtable.put("java.naming.security.principal", getCfg().getSecurityPrincipal());
                    hashtable.put("java.naming.security.credentials", getCfg().getPassword());
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
                case 100:
                    hashtable.put("java.naming.security.authentication", LDAPConfigurationUtil.LDAP_AUTH_STRONG);
                    hashtable.put("java.naming.security.principal", getCfg().getSecurityPrincipal());
                    hashtable.put("java.naming.security.credentials", getCfg().getPassword());
                    hashtable.put("java.naming.security.protocol", SSLConfigurationUtil.SSL_TAG);
                    break;
            }
            DebugUtil.dbg(this, "LDAP environment is " + hashtable);
            this.context = (LdapContext) new InitialDirContext(hashtable).lookup(getCfg().getSearchBase());
            return this.context != null;
        } catch (Exception e) {
            if (isDebugOn()) {
                e.printStackTrace();
            }
            error("Error logging into LDAP server", e);
            return false;
        }
    }

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicScopeHandler, edu.uiuc.ncsa.security.oauth_2_0.server.ScopeHandler
    public Collection<String> getClaims() {
        Collection<String> claims = super.getClaims();
        Iterator<String> it = getCfg().getSearchAttributes().keySet().iterator();
        while (it.hasNext()) {
            claims.add(getCfg().getSearchAttributes().get(it.next()).targetName);
        }
        return claims;
    }

    protected String getSearchFilterAttribute() {
        return "uid";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JSONObject simpleSearch(LdapContext ldapContext, String str, Map<String, LDAPConfigurationUtil.AttributeEntry> map) throws NamingException {
        if (ldapContext == null) {
            throw new IllegalStateException("Error: Could not create the LDAP context");
        }
        DebugUtil.dbg(this, "starting simple LDAP search");
        SearchControls searchControls = new SearchControls();
        if (map == null || map.isEmpty()) {
            searchControls.setReturningAttributes((String[]) null);
        } else {
            searchControls.setReturningAttributes((String[]) map.keySet().toArray(new String[0]));
        }
        String str2 = "(&(" + getSearchFilterAttribute() + "=" + str + "))";
        DebugUtil.dbg(this, "filter=" + str2);
        return toJSON(map, ldapContext.search(getCfg().getContextName(), str2, searchControls));
    }

    protected JSONObject toJSON(Map<String, LDAPConfigurationUtil.AttributeEntry> map, NamingEnumeration namingEnumeration) throws NamingException {
        DebugUtil.dbg(this, "starting to convert search results to JSON. " + map.size() + " results found.");
        JSONObject jSONObject = new JSONObject();
        while (namingEnumeration.hasMore()) {
            SearchResult searchResult = (SearchResult) namingEnumeration.next();
            Attributes attributes = searchResult.getAttributes();
            System.out.println(searchResult.getName());
            for (String str : map.keySet()) {
                Attribute attribute = attributes.get(str);
                DebugUtil.dbg(this, "returned LDAP attribute=" + attribute);
                if (attribute != null) {
                    if (attribute.size() != 1) {
                        JSONArray jSONArray = new JSONArray();
                        for (int i = 0; i < attribute.size(); i++) {
                            jSONArray.add(attribute.get(i));
                        }
                        jSONObject.put(map.get(str).targetName, jSONArray);
                    } else if (map.get(str).isList) {
                        JSONArray jSONArray2 = new JSONArray();
                        jSONArray2.add(attribute.get(0));
                        jSONObject.put(map.get(str).targetName, jSONArray2);
                    } else {
                        jSONObject.put(map.get(str).targetName, attribute.get(0));
                    }
                }
            }
        }
        DebugUtil.dbg(this, "LDAP search results=" + jSONObject);
        return jSONObject;
    }

    protected void closeConnection() {
        if (this.context != null) {
            try {
                this.context.close();
            } catch (Throwable th) {
                if (isDebugOn()) {
                    th.printStackTrace();
                }
                info("Exception trying to close LDAP connection: " + th.getMessage());
            }
        }
    }

    protected void sayit(String str) {
        System.out.println(str);
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void debug(String str) {
        if (this.loggingEnabled) {
            getMyLogger().debug(str);
        } else {
            sayit(str);
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public boolean isDebugOn() {
        return this.loggingEnabled ? getMyLogger().isDebugOn() : this.debug;
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void setDebugOn(boolean z) {
        if (this.loggingEnabled) {
            getMyLogger().setDebugOn(z);
        }
        this.debug = z;
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void info(String str) {
        if (this.loggingEnabled) {
            getMyLogger().info(str);
        } else {
            sayit(str);
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void warn(String str) {
        if (this.loggingEnabled) {
            getMyLogger().warn(str);
        } else {
            sayit(str);
        }
    }

    public void error(String str, Throwable th) {
        if (this.loggingEnabled) {
            getMyLogger().error(str, th);
        } else {
            sayit(str);
            th.printStackTrace();
        }
    }

    @Override // edu.uiuc.ncsa.security.core.Logable
    public void error(String str) {
        if (this.loggingEnabled) {
            getMyLogger().error(str);
        } else {
            sayit(str);
        }
    }

    public String toString() {
        return "LDAPScopeHandler{" + (this.ldapConfiguration == null ? "(no config)" : this.ldapConfiguration.getServer()) + "}";
    }
}
