package com.orientechnologies.security.ldap;

import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.server.OServer;
import com.orientechnologies.security.kerberos.OKerberosAuthenticator;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;

/* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPLibrary.class */
public class OLDAPLibrary {
    public static DirContext openContext(OServer oServer, String str, List<OLDAPServer> list, boolean z) {
        DirContext dirContext = null;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("com.sun.jndi.ldap.connect.timeout", "30000");
        for (OLDAPServer oLDAPServer : list) {
            try {
                String url = oLDAPServer.getURL();
                if (oLDAPServer.isAlias()) {
                    url = getRealURL(oLDAPServer, z);
                }
                hashtable.put("java.naming.provider.url", url);
                if (z) {
                    OLogManager.instance().info((Object) null, "OLDAPLibrary.openContext() Trying ProviderURL: " + url, new Object[0]);
                }
                if (str.equalsIgnoreCase("GSSAPI") || str.equalsIgnoreCase("Kerberos")) {
                    dirContext = openKerberosContext(oServer, hashtable);
                } else if (str.equalsIgnoreCase("Simple")) {
                    dirContext = openSimpleContext(hashtable, oLDAPServer);
                }
            } catch (Exception e) {
                OLogManager.instance().error((Object) null, "OLDAPLibrary.openContext() Exception: ", e, new Object[0]);
            }
            if (dirContext != null) {
                break;
            }
        }
        return dirContext;
    }

    private static DirContext openSimpleContext(Hashtable<String, String> hashtable, OLDAPServer oLDAPServer) {
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", oLDAPServer.getPrincipal());
        hashtable.put("java.naming.security.credentials", oLDAPServer.getCredentials());
        try {
            return new InitialDirContext(hashtable);
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.openSimpleContext() Exception: ", e, new Object[0]);
            return null;
        }
    }

    private static DirContext openKerberosContext(OServer oServer, final Hashtable<String, String> hashtable) {
        hashtable.put("java.naming.security.authentication", "GSSAPI");
        OKerberosAuthenticator authenticator = oServer.getSecurity().getAuthenticator("Kerberos");
        if (authenticator != null && (authenticator instanceof OKerberosAuthenticator)) {
            return (DirContext) Subject.doAs(authenticator.getClientSubject(), new PrivilegedAction<DirContext>() { // from class: com.orientechnologies.security.ldap.OLDAPLibrary.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public DirContext run() {
                    try {
                        return new InitialDirContext(hashtable);
                    } catch (Exception e) {
                        OLogManager.instance().error((Object) null, "OLDAPLibrary.openKerberosContext() Exception: ", e, new Object[0]);
                        return null;
                    }
                }
            });
        }
        OLogManager.instance().error((Object) null, "OLDAPLibrary.openKerberosContext() Invalid OSecurityAuthenticator", (Throwable) null, new Object[0]);
        return null;
    }

    private static String getRealURL(OLDAPServer oLDAPServer, boolean z) throws UnknownHostException {
        String url = oLDAPServer.getURL();
        if (oLDAPServer.isAlias()) {
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.getRealURL() Alias hostname = " + oLDAPServer.getHostname(), new Object[0]);
            }
            InetAddress byName = InetAddress.getByName(oLDAPServer.getHostname());
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.getRealURL() IP Address = " + byName.getHostAddress(), new Object[0]);
            }
            InetAddress byName2 = InetAddress.getByName(byName.getHostAddress());
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.getRealURL() Real hostname = " + byName2.getHostName(), new Object[0]);
            }
            url = oLDAPServer.getURL(byName2.getHostName());
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.getRealURL() Real URL = " + url, new Object[0]);
            }
        }
        return url;
    }

    public static void retrieveUsers(DirContext dirContext, String str, String str2, List<String> list, boolean z) {
        try {
            if (dirContext != null) {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{"userPrincipalName", "altSecurityIdentities"});
                NamingEnumeration search = dirContext.search(str, str2, searchControls);
                while (search.hasMore()) {
                    addPrincipal((SearchResult) search.next(), list, z);
                }
            } else if (z) {
                OLogManager.instance().error((Object) null, "OLDAPLibrary.retrieveUsers() DirContext is null", (Throwable) null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.retrieveUsers() Exception: ", e, new Object[0]);
        }
    }

    private static void addPrincipal(SearchResult searchResult, List<String> list, boolean z) {
        try {
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                fillAttributeList(attributes, "userPrincipalName", list, z);
                fillAttributeList(attributes, "altSecurityIdentities", list, z);
            }
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.addPrincipal() Exception: ", e, new Object[0]);
        }
    }

    private static void traverse(DirContext dirContext, String str, String str2, List<String> list, boolean z) {
        if (z) {
            try {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.traverse() startingDN: %s, memberOfFilter: %s", new Object[]{str, str2});
            } catch (Exception e) {
                OLogManager.instance().error((Object) null, "OLDAPLibrary.traverse() Exception: ", e, new Object[0]);
                return;
            }
        }
        Attributes attributes = dirContext.getAttributes(str);
        if (attributes != null) {
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.traverse() Found attributes for startingDN: %s", new Object[]{str});
            }
            Attribute attribute = attributes.get("member");
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore()) {
                    findMembers(dirContext, (String) all.next(), str2, list, z);
                }
            } else if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.traverse() startingDN: %s has no \"member\" attributes.", new Object[]{str});
            }
        } else if (z) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.traverse() Unable to find attributes for startingDN: %s", (Throwable) null, new Object[]{str});
        }
    }

    private static void findMembers(DirContext dirContext, String str, String str2, List<String> list, boolean z) {
        try {
            Attributes attributes = dirContext.getAttributes(str);
            if (attributes != null) {
                if (z) {
                    OLogManager.instance().info((Object) null, "OLDAPLibrary.findMembers() Found attributes for startingDN: %s", new Object[]{str});
                }
                if (isGroup(attributes)) {
                    if (z) {
                        OLogManager.instance().info((Object) null, "OLDAPLibrary.findMembers() Found group for startingDN: %s", new Object[]{str});
                    }
                    Attribute attribute = attributes.get("member");
                    if (attribute != null) {
                        NamingEnumeration all = attribute.getAll();
                        while (all.hasMore()) {
                            findMembers(dirContext, (String) all.next(), str2, list, z);
                        }
                    }
                } else if (isUser(attributes)) {
                    if (z) {
                        OLogManager.instance().info((Object) null, "OLDAPLibrary.findMembers() Found user for startingDN: %s", new Object[]{str});
                    }
                    if (isMemberOf(attributes, str2)) {
                        String userPrincipalName = getUserPrincipalName(attributes);
                        if (z) {
                            OLogManager.instance().info((Object) null, "OLDAPLibrary.findMembers() StartingDN: " + str + ", userPrincipalName: " + userPrincipalName, new Object[0]);
                        }
                        if (userPrincipalName != null) {
                            list.add(removeKerberos(userPrincipalName, z));
                        }
                        fillAttributeList(attributes, "altSecurityIdentities", list, z);
                    }
                }
            } else {
                OLogManager.instance().error((Object) null, "OLDAPLibrary.findMembers() Unable to find attributes for startingDN: %s", (Throwable) null, new Object[]{str});
            }
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.findMembers() Exception: ", e, new Object[0]);
        }
    }

    private static String getName(String str) {
        String str2 = null;
        String[] split = str.split(",");
        if (split.length >= 1 && split[0].length() >= 4) {
            str2 = split[0].substring(3);
        }
        return str2;
    }

    private static void fillAttributeList(Attributes attributes, String str, List<String> list, boolean z) {
        try {
            Attribute attribute = attributes.get(str);
            if (attribute != null && attribute.size() > 0) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore()) {
                    list.add(removeKerberos((String) all.next(), z));
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary fillAttributeList(" + str + ")", e, new Object[0]);
        }
    }

    private static String getFirstValue(Attributes attributes, String str) {
        try {
            Attribute attribute = attributes.get(str);
            if (attribute == null || attribute.size() <= 0) {
                return null;
            }
            return (String) attribute.get(0);
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.getFirstValue(" + str + ") ", e, new Object[0]);
            return null;
        }
    }

    private static String getUserPrincipalName(Attributes attributes) {
        return getFirstValue(attributes, "userPrincipalName");
    }

    private static boolean isGroup(Attributes attributes) {
        String firstValue = getFirstValue(attributes, "objectCategory");
        return firstValue != null && getName(firstValue).equalsIgnoreCase("Group");
    }

    private static boolean isUser(Attributes attributes) {
        String firstValue = getFirstValue(attributes, "objectCategory");
        if (firstValue == null) {
            return false;
        }
        String name = getName(firstValue);
        return name.equalsIgnoreCase("User") || name.equalsIgnoreCase("Person");
    }

    private static boolean isMemberOf(Attributes attributes, String str) {
        try {
            Attribute attribute = attributes.get("memberOf");
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore()) {
                    if (((String) all.next()).equalsIgnoreCase(str)) {
                        return true;
                    }
                }
            } else {
                OLogManager.instance().error((Object) null, "OLDAPLibrary.isMemberOf() Has no 'memberOf' attribute.", (Throwable) null, new Object[0]);
            }
            return false;
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OLDAPLibrary.isMemberOf()", e, new Object[0]);
            return false;
        }
    }

    private static String removeKerberos(String str, boolean z) {
        if ((str.startsWith("kerberos:") || str.startsWith("Kerberos:")) && str.length() > 9) {
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.removeKerberos() upn before: %s", new Object[]{str});
            }
            str = str.substring(9);
            str.trim();
            if (z) {
                OLogManager.instance().info((Object) null, "OLDAPLibrary.removeKerberos() upn after: %s", new Object[]{str});
            }
        }
        return str;
    }
}
