package org.sonar.plugins.ldap.windows;

import com.google.common.base.Preconditions;
import com.sun.jna.platform.win32.Win32Exception;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.security.UserDetails;
import org.sonar.api.server.ServerSide;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.plugins.ldap.windows.auth.WindowsAuthSettings;
import waffle.servlet.NegotiateSecurityFilter;
import waffle.servlet.WindowsPrincipal;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.WindowsAccount;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

@ServerSide
/* loaded from: input_file:org/sonar/plugins/ldap/windows/WindowsAuthenticationHelper.class */
public class WindowsAuthenticationHelper {
    public static final String BASIC_AUTH_PRINCIPAL_KEY = "ldap.windows.Principal";
    private final AdConnectionHelper adConnectionHelper;
    private final IWindowsAuthProvider windowsAuthProvider;
    private final WindowsAuthSettings settings;
    public static final String SSO_PRINCIPAL_KEY = NegotiateSecurityFilter.class.getName() + ".PRINCIPAL";
    private static final Logger LOG = Loggers.get(WindowsAuthenticationHelper.class);

    public WindowsAuthenticationHelper(WindowsAuthSettings windowsAuthSettings) {
        this(windowsAuthSettings, new WindowsAuthProviderImpl(), new AdConnectionHelper());
    }

    WindowsAuthenticationHelper(WindowsAuthSettings windowsAuthSettings, IWindowsAuthProvider iWindowsAuthProvider, AdConnectionHelper adConnectionHelper) {
        this.settings = windowsAuthSettings;
        this.windowsAuthProvider = iWindowsAuthProvider;
        this.adConnectionHelper = adConnectionHelper;
    }

    public boolean isUserSsoAuthenticated(HttpServletRequest httpServletRequest) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        return getWindowsPrincipal(httpServletRequest, SSO_PRINCIPAL_KEY) != null;
    }

    public WindowsPrincipal getWindowsPrincipal(HttpServletRequest httpServletRequest, String str) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        Preconditions.checkNotNull(str, "windowsPrincipalKey is null");
        WindowsPrincipal windowsPrincipal = null;
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            Object attribute = session.getAttribute(str);
            if (attribute instanceof WindowsPrincipal) {
                windowsPrincipal = (WindowsPrincipal) attribute;
            }
        }
        return windowsPrincipal;
    }

    public void setWindowsPrincipalForBasicAuth(HttpServletRequest httpServletRequest, WindowsPrincipal windowsPrincipal) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        Preconditions.checkNotNull(windowsPrincipal, "windowsPrincipal is null");
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            session.setAttribute(BASIC_AUTH_PRINCIPAL_KEY, windowsPrincipal);
        }
    }

    public void removeWindowsPrincipalForBasicAuth(HttpServletRequest httpServletRequest) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            session.removeAttribute(BASIC_AUTH_PRINCIPAL_KEY);
        }
    }

    public void removeWindowsPrincipalForSso(HttpServletRequest httpServletRequest) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            session.removeAttribute(SSO_PRINCIPAL_KEY);
        }
    }

    @CheckForNull
    public WindowsPrincipal logonUser(String str, String str2) {
        Preconditions.checkArgument(StringUtils.isNotEmpty(str), "userName is null or empty.");
        Preconditions.checkArgument(StringUtils.isNotEmpty(str2), "password is null or empty.");
        LOG.debug("Authenticating user: {}", str);
        WindowsPrincipal windowsPrincipal = null;
        IWindowsIdentity iWindowsIdentity = null;
        try {
            try {
                iWindowsIdentity = this.windowsAuthProvider.logonUser(str, str2);
                if (iWindowsIdentity != null) {
                    windowsPrincipal = new WindowsPrincipal(iWindowsIdentity);
                }
                if (iWindowsIdentity != null) {
                    iWindowsIdentity.dispose();
                }
            } catch (Win32Exception e) {
                LOG.debug("User {} is not authenticated : {}", str, e.getMessage());
                if (iWindowsIdentity != null) {
                    iWindowsIdentity.dispose();
                }
            }
            return windowsPrincipal;
        } catch (Throwable th) {
            if (iWindowsIdentity != null) {
                iWindowsIdentity.dispose();
            }
            throw th;
        }
    }

    @CheckForNull
    public UserDetails getSsoUserDetails(HttpServletRequest httpServletRequest) {
        Preconditions.checkNotNull(httpServletRequest, "request is null");
        WindowsPrincipal windowsPrincipal = getWindowsPrincipal(httpServletRequest, SSO_PRINCIPAL_KEY);
        if (windowsPrincipal != null) {
            return getUserDetails(windowsPrincipal.getName());
        }
        return null;
    }

    @CheckForNull
    public UserDetails getUserDetails(String str) {
        Preconditions.checkArgument(StringUtils.isNotEmpty(str), "userName is null or empty.");
        LOG.debug("Getting details for user: {}", str);
        UserDetails userDetails = null;
        IWindowsAccount windowsAccount = getWindowsAccount(str);
        if (windowsAccount != null) {
            userDetails = getUserDetails(windowsAccount);
        }
        if (userDetails == null) {
            LOG.debug("Unable to get details for user {}", str);
        } else {
            LOG.debug("Details for user {}: {}", str, userDetails);
        }
        return userDetails;
    }

    public Collection<String> getUserGroups(WindowsPrincipal windowsPrincipal) {
        Preconditions.checkNotNull(windowsPrincipal, "windowsPrincipal is null");
        LOG.debug("Getting groups for user: {}", windowsPrincipal.getName());
        HashSet hashSet = new HashSet();
        if (this.settings.getIsLdapWindowsCompatibilityModeEnabled()) {
            IWindowsAccount windowsAccount = getWindowsAccount(windowsPrincipal.getName());
            if (windowsAccount != null) {
                hashSet.addAll(getCompatibilityModeAdUserGroups(windowsAccount));
            }
        } else {
            Iterator<WindowsAccount> it = windowsPrincipal.getGroups().values().iterator();
            while (it.hasNext()) {
                hashSet.add(getWindowsAccountName(it.next(), this.settings.getIsSonarAuthenticatorGroupDownCase()));
            }
        }
        LOG.debug("Groups for the user {} : {}", windowsPrincipal.getName(), hashSet);
        return hashSet;
    }

    UserDetails getUserDetails(IWindowsAccount iWindowsAccount) {
        UserDetails userDetails = new UserDetails();
        userDetails.setUserId(getWindowsAccountName(new WindowsAccount(iWindowsAccount), this.settings.getIsSonarAuthenticatorLoginDownCase()));
        Map<String, String> adUserDetails = getAdUserDetails(iWindowsAccount.getDomain(), iWindowsAccount.getName());
        if (adUserDetails.isEmpty()) {
            LOG.debug("Unable to get name and email for user: {}", iWindowsAccount.getFqn());
        } else {
            userDetails.setName(adUserDetails.get(this.settings.getLdapUserRealNameAttribute()));
            userDetails.setEmail(adUserDetails.get(AdConnectionHelper.MAIL_ATTRIBUTE));
        }
        return userDetails;
    }

    private Collection<String> getCompatibilityModeAdUserGroups(IWindowsAccount iWindowsAccount) {
        ArrayList arrayList = new ArrayList();
        Collection<String> userGroupsInDomain = this.adConnectionHelper.getUserGroupsInDomain(iWindowsAccount.getDomain(), iWindowsAccount.getName(), this.settings.getGroupIdAttribute());
        if (userGroupsInDomain != null) {
            arrayList.addAll(userGroupsInDomain);
        } else {
            LOG.debug("Unable to get groups for the user: {}", iWindowsAccount.getFqn());
        }
        return arrayList;
    }

    @CheckForNull
    private IWindowsAccount getWindowsAccount(String str) {
        IWindowsAccount iWindowsAccount = null;
        try {
            iWindowsAccount = this.windowsAuthProvider.lookupAccount(str);
        } catch (Win32Exception e) {
            LOG.debug("User {} is not found: {}", str, e.getMessage());
        }
        return iWindowsAccount;
    }

    private Map<String, String> getAdUserDetails(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.settings.getLdapUserRealNameAttribute());
        arrayList.add(AdConnectionHelper.MAIL_ATTRIBUTE);
        return this.adConnectionHelper.getUserDetails(str, str2, arrayList);
    }

    private String getWindowsAccountName(WindowsAccount windowsAccount, boolean z) {
        String name = this.settings.getIsLdapWindowsCompatibilityModeEnabled() ? windowsAccount.getName() : windowsAccount.getName() + "@" + windowsAccount.getDomain();
        if (z) {
            name = name.toLowerCase();
        }
        return name;
    }
}
