package org.sonar.plugins.ldap;

import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.security.Authenticator;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;

/* loaded from: input_file:org/sonar/plugins/ldap/LdapAuthenticator.class */
public class LdapAuthenticator extends Authenticator {
    private static final Logger LOG = Loggers.get(LdapAuthenticator.class);
    private final Map<String, LdapContextFactory> contextFactories;
    private final Map<String, LdapUserMapping> userMappings;

    public LdapAuthenticator(Map<String, LdapContextFactory> map, Map<String, LdapUserMapping> map2) {
        this.contextFactories = map;
        this.userMappings = map2;
    }

    public boolean doAuthenticate(Authenticator.Context context) {
        return authenticate(context.getUsername(), context.getPassword());
    }

    public boolean authenticate(String str, String str2) {
        String str3;
        SearchResult findUnique;
        for (String str4 : this.userMappings.keySet()) {
            if (this.contextFactories.get(str4).isSasl()) {
                str3 = str;
            } else {
                try {
                    findUnique = this.userMappings.get(str4).createSearch(this.contextFactories.get(str4), str).findUnique();
                } catch (NamingException e) {
                    LOG.debug("User {} not found in server {}: {}", new Object[]{str, str4, e.getMessage()});
                }
                if (findUnique == null) {
                    LOG.debug("User {} not found in {}", str, str4);
                } else {
                    str3 = findUnique.getNameInNamespace();
                }
            }
            if (this.contextFactories.get(str4).isGssapi() ? checkPasswordUsingGssapi(str3, str2, str4) : checkPasswordUsingBind(str3, str2, str4)) {
                return true;
            }
        }
        LOG.debug("User {} not found", str);
        return false;
    }

    private boolean checkPasswordUsingBind(String str, String str2, String str3) {
        if (StringUtils.isEmpty(str2)) {
            LOG.debug("Password is blank.");
            return false;
        }
        Context context = null;
        try {
            try {
                context = this.contextFactories.get(str3).createUserContext(str, str2);
                ContextHelper.closeQuietly(context);
                return true;
            } catch (NamingException e) {
                LOG.debug("Password not valid for user {} in server {}: {}", new Object[]{str, str3, e.getMessage()});
                ContextHelper.closeQuietly(context);
                return false;
            }
        } catch (Throwable th) {
            ContextHelper.closeQuietly(context);
            throw th;
        }
    }

    private boolean checkPasswordUsingGssapi(String str, String str2, String str3) {
        Configuration.setConfiguration(new Krb5LoginConfiguration());
        try {
            LoginContext loginContext = new LoginContext(getClass().getName(), new CallbackHandlerImpl(str, str2));
            loginContext.login();
            try {
                loginContext.logout();
                return true;
            } catch (LoginException e) {
                LOG.warn("Logout fails", e);
                return true;
            }
        } catch (LoginException e2) {
            LOG.debug("Password not valid for {} in server {}: {}", new Object[]{str, str3, e2.getMessage()});
            return false;
        }
    }
}
