package org.sonar.plugins.ldap;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import java.util.Properties;
import javax.annotation.Nullable;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.config.Settings;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;

/* loaded from: input_file:org/sonar/plugins/ldap/LdapContextFactory.class */
public class LdapContextFactory {
    private static final Logger LOG = Loggers.get(LdapContextFactory.class);
    private static final String DEFAULT_AUTHENTICATION = "simple";
    private static final String DEFAULT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String DEFAULT_REFERRAL = "follow";

    @VisibleForTesting
    static final String GSSAPI_METHOD = "GSSAPI";

    @VisibleForTesting
    static final String DIGEST_MD5_METHOD = "DIGEST-MD5";

    @VisibleForTesting
    static final String CRAM_MD5_METHOD = "CRAM-MD5";
    private static final String SUN_CONNECTION_POOLING_PROPERTY = "com.sun.jndi.ldap.connect.pool";
    private static final String SASL_REALM_PROPERTY = "java.naming.security.sasl.realm";
    private final String providerUrl;
    private final String authentication;
    private final String factory;
    private final String username;
    private final String password;
    private final String realm;

    public LdapContextFactory(Settings settings, String str, String str2) {
        this.authentication = StringUtils.defaultString(settings.getString(str + ".authentication"), DEFAULT_AUTHENTICATION);
        this.factory = StringUtils.defaultString(settings.getString(str + ".contextFactoryClass"), DEFAULT_FACTORY);
        this.realm = settings.getString(str + ".realm");
        this.providerUrl = str2;
        this.username = settings.getString(str + ".bindDn");
        this.password = settings.getString(str + ".bindPassword");
    }

    public InitialDirContext createBindContext() throws NamingException {
        return createInitialDirContext(this.username, this.password, true);
    }

    public InitialDirContext createUserContext(String str, String str2) throws NamingException {
        return createInitialDirContext(str, str2, false);
    }

    private InitialDirContext createInitialDirContext(String str, String str2, boolean z) throws NamingException {
        return new InitialLdapContext(getEnvironment(str, str2, z), (Control[]) null);
    }

    private Properties getEnvironment(@Nullable String str, @Nullable String str2, boolean z) {
        Properties properties = new Properties();
        properties.put("java.naming.security.authentication", this.authentication);
        if (this.realm != null) {
            properties.put(SASL_REALM_PROPERTY, this.realm);
        }
        if (z) {
            properties.put(SUN_CONNECTION_POOLING_PROPERTY, "true");
        }
        properties.put("java.naming.factory.initial", this.factory);
        properties.put("java.naming.provider.url", this.providerUrl);
        properties.put("java.naming.referral", DEFAULT_REFERRAL);
        if (str != null) {
            properties.put("java.naming.security.principal", str);
        }
        LOG.debug("Initializing LDAP context {}", properties);
        if (str2 != null) {
            properties.put("java.naming.security.credentials", str2);
        }
        return properties;
    }

    public boolean isSasl() {
        return DIGEST_MD5_METHOD.equals(this.authentication) || CRAM_MD5_METHOD.equals(this.authentication) || GSSAPI_METHOD.equals(this.authentication);
    }

    public boolean isGssapi() {
        return GSSAPI_METHOD.equals(this.authentication);
    }

    public void testConnection() {
        if (StringUtils.isBlank(this.username) && isSasl()) {
            throw new IllegalArgumentException("When using SASL - property ldap.bindDn is required");
        }
        try {
            createBindContext();
            LOG.info("Test LDAP connection on {}: OK", this.providerUrl);
        } catch (NamingException e) {
            LOG.info("Test LDAP connection: FAIL");
            throw new IllegalStateException("Unable to open LDAP connection", e);
        }
    }

    public String getProviderUrl() {
        return this.providerUrl;
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("url", this.providerUrl).add("authentication", this.authentication).add("factory", this.factory).add("bindDn", this.username).add("realm", this.realm).toString();
    }
}
