package org.yamcs.security;

import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yamcs.ConfigurationException;
import org.yamcs.YConfiguration;

/* loaded from: input_file:org/yamcs/security/LdapAuthModule.class */
public class LdapAuthModule implements AuthModule {
    private String tmParaPrivPath;
    private String tmParaSetPrivPath;
    private String tmPacketPrivPath;
    private String tcPrivPath;
    private String systemPrivPath;
    private String streamPrivPath;
    private String cmdHistoryPrivPath;
    private String rolePath;
    private String userPath;
    private static final Hashtable<String, String> contextEnv = new Hashtable<>();
    private static final Logger log = LoggerFactory.getLogger(LdapAuthModule.class);

    public LdapAuthModule(Map<String, Object> map) {
        String string = YConfiguration.getString(map, "host");
        this.userPath = YConfiguration.getString(map, "userPath");
        this.rolePath = YConfiguration.getString(map, "rolePath");
        if (map.containsKey("systemPath")) {
            this.systemPrivPath = YConfiguration.getString(map, "systemPath");
        }
        if (map.containsKey("tmParameterPath")) {
            this.tmParaPrivPath = YConfiguration.getString(map, "tmParameterPath");
        }
        if (map.containsKey("tmParameterSetPath")) {
            this.tmParaSetPrivPath = YConfiguration.getString(map, "tmParameterSetPath");
        }
        if (map.containsKey("tmPacketPath")) {
            this.tmPacketPrivPath = YConfiguration.getString(map, "tmPacketPath");
        }
        if (map.containsKey("tcPath")) {
            this.tcPrivPath = YConfiguration.getString(map, "tcPath");
        }
        if (map.containsKey("streamPath")) {
            this.streamPrivPath = YConfiguration.getString(map, "streamPath");
        }
        if (map.containsKey("cmdHistoryPath")) {
            this.cmdHistoryPrivPath = YConfiguration.getString(map, "cmdHistoryPath");
        }
        contextEnv.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        contextEnv.put("java.naming.provider.url", "ldap://" + string);
        contextEnv.put("com.sun.jndi.ldap.connect.pool", "true");
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (!(authenticationToken instanceof UsernamePasswordToken)) {
            return null;
        }
        String principal = ((UsernamePasswordToken) authenticationToken).getPrincipal();
        char[] password = ((UsernamePasswordToken) authenticationToken).getPassword();
        try {
            String str = "uid=" + principal + "," + this.userPath;
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", contextEnv.get("java.naming.factory.initial"));
            hashtable.put("java.naming.provider.url", contextEnv.get("java.naming.provider.url"));
            hashtable.put("com.sun.jndi.ldap.connect.pool", "true");
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", str);
            if (password != null) {
                hashtable.put("java.naming.security.credentials", new String(password));
            }
            new InitialDirContext(hashtable).close();
            return new AuthenticationInfo(this, principal);
        } catch (javax.naming.AuthenticationException e) {
            log.debug("User cannot bind", e);
            return null;
        } catch (NamingException e2) {
            throw new AuthenticationException((Throwable) e2);
        }
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) {
        String principal = authenticationInfo.getPrincipal();
        AuthorizationInfo authorizationInfo = new AuthorizationInfo();
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(contextEnv);
                Set<String> loadRoles = loadRoles(dirContext, "uid=" + principal + "," + this.userPath);
                if (this.systemPrivPath != null) {
                    Iterator<String> it = loadPrivileges(dirContext, loadRoles, this.systemPrivPath).iterator();
                    while (it.hasNext()) {
                        authorizationInfo.addSystemPrivilege(new SystemPrivilege(it.next()));
                    }
                }
                if (this.tmParaPrivPath != null) {
                    Iterator<String> it2 = loadPrivileges(dirContext, loadRoles, this.tmParaPrivPath).iterator();
                    while (it2.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.ReadParameter, it2.next()));
                    }
                }
                if (this.tmPacketPrivPath != null) {
                    Iterator<String> it3 = loadPrivileges(dirContext, loadRoles, this.tmPacketPrivPath).iterator();
                    while (it3.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.ReadPacket, it3.next()));
                    }
                }
                if (this.tcPrivPath != null) {
                    Iterator<String> it4 = loadPrivileges(dirContext, loadRoles, this.tcPrivPath).iterator();
                    while (it4.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.Command, it4.next()));
                    }
                }
                if (this.tmParaSetPrivPath != null) {
                    Iterator<String> it5 = loadPrivileges(dirContext, loadRoles, this.tmParaSetPrivPath).iterator();
                    while (it5.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.WriteParameter, it5.next()));
                    }
                }
                if (this.streamPrivPath != null) {
                    Iterator<String> it6 = loadPrivileges(dirContext, loadRoles, this.streamPrivPath).iterator();
                    while (it6.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.Stream, it6.next()));
                    }
                }
                if (this.cmdHistoryPrivPath != null) {
                    Iterator<String> it7 = loadPrivileges(dirContext, loadRoles, this.cmdHistoryPrivPath).iterator();
                    while (it7.hasNext()) {
                        authorizationInfo.addObjectPrivilege(new ObjectPrivilege(ObjectPrivilegeType.CommandHistory, it7.next()));
                    }
                }
                try {
                    dirContext.close();
                } catch (NamingException e) {
                    log.error("Failed to close LDAP context", e);
                }
                return authorizationInfo;
            } catch (NamingException e2) {
                throw new ConfigurationException(e2);
            }
        } catch (Throwable th) {
            try {
                dirContext.close();
            } catch (NamingException e3) {
                log.error("Failed to close LDAP context", e3);
            }
            throw th;
        }
    }

    private Set<String> loadRoles(DirContext dirContext, String str) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"cn"});
        NamingEnumeration search = dirContext.search(this.rolePath, "member={0}", new String[]{str}, searchControls);
        if (!search.hasMore()) {
            return null;
        }
        HashSet hashSet = new HashSet();
        while (search.hasMore()) {
            hashSet.add(((SearchResult) search.next()).getNameInNamespace());
        }
        return hashSet;
    }

    private Set<String> loadPrivileges(DirContext dirContext, Set<String> set, String str) throws NamingException {
        HashSet hashSet = new HashSet();
        StringBuilder sb = new StringBuilder();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"cn"});
        sb.append("(&(objectClass=groupOfNames)(|");
        for (int i = 0; i < set.size(); i++) {
            sb.append("(member={" + i + "})");
        }
        sb.append("))");
        NamingEnumeration search = dirContext.search(str, sb.toString(), set.toArray(), searchControls);
        while (search.hasMore()) {
            hashSet.add((String) ((SearchResult) search.next()).getAttributes().get("cn").get());
        }
        return hashSet;
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(User user) {
        return true;
    }
}
