package com.yammer.dropwizard.authenticator;

import com.codahale.metrics.annotation.Timed;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.basic.BasicCredentials;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yammer/dropwizard/authenticator/LdapAuthenticator.class */
public class LdapAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticator.class);
    protected final LdapConfiguration configuration;

    public LdapAuthenticator(LdapConfiguration ldapConfiguration) {
        this.configuration = (LdapConfiguration) Preconditions.checkNotNull(ldapConfiguration);
    }

    private static String sanitizeEntity(String str) {
        return str.replaceAll("[^A-Za-z0-9-_.]", "");
    }

    public boolean canAuthenticate() {
        try {
            new InitialDirContext(contextConfiguration()).close();
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean filterByGroup(InitialDirContext initialDirContext, String str) throws NamingException {
        Set<String> restrictToGroups = this.configuration.getRestrictToGroups();
        if (restrictToGroups.isEmpty()) {
            return true;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = restrictToGroups.iterator();
        while (it.hasNext()) {
            sb.append(String.format("(%s=%s)", this.configuration.getGroupNameAttribute(), sanitizeEntity(it.next())));
        }
        NamingEnumeration search = initialDirContext.search(this.configuration.getGroupFilter(), String.format("(&(%s=%s)(|%s))", this.configuration.getGroupMembershipAttribute(), str, sb.toString()), new SearchControls());
        try {
            boolean hasMore = search.hasMore();
            search.close();
            return hasMore;
        } catch (Throwable th) {
            search.close();
            throw th;
        }
    }

    private Set<String> getGroupMembershipsIntersectingWithRestrictedGroups(InitialDirContext initialDirContext, String str) throws NamingException {
        NamingEnumeration search = initialDirContext.search(this.configuration.getGroupFilter(), String.format("(&(%s=%s)(objectClass=%s))", this.configuration.getGroupMembershipAttribute(), str, this.configuration.getGroupClassName()), new SearchControls());
        ImmutableSet.Builder builder = ImmutableSet.builder();
        while (search.hasMore()) {
            try {
                SearchResult searchResult = (SearchResult) search.next();
                if (searchResult.getAttributes() != null && searchResult.getAttributes().get(this.configuration.getGroupNameAttribute()) != null) {
                    String str2 = (String) searchResult.getAttributes().get(this.configuration.getGroupNameAttribute()).get(0);
                    if (this.configuration.getRestrictToGroups().contains(str2)) {
                        builder.add(str2);
                    }
                }
            } catch (Throwable th) {
                search.close();
                throw th;
            }
        }
        ImmutableSet build = builder.build();
        search.close();
        return build;
    }

    @Timed
    public boolean authenticate(BasicCredentials basicCredentials) throws AuthenticationException {
        String sanitizeEntity = sanitizeEntity(basicCredentials.getUsername());
        try {
            AutoclosingDirContext buildContext = buildContext(sanitizeEntity, basicCredentials.getPassword());
            Throwable th = null;
            try {
                try {
                    boolean filterByGroup = filterByGroup(buildContext, sanitizeEntity);
                    if (buildContext != null) {
                        if (0 != 0) {
                            try {
                                buildContext.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            buildContext.close();
                        }
                    }
                    return filterByGroup;
                } finally {
                }
            } catch (Throwable th3) {
                if (buildContext != null) {
                    if (th != null) {
                        try {
                            buildContext.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        buildContext.close();
                    }
                }
                throw th3;
            }
        } catch (NamingException e) {
            throw new AuthenticationException(String.format("LDAP Authentication failure (username: %s)", sanitizeEntity), e);
        } catch (javax.naming.AuthenticationException e2) {
            LOG.debug("{} failed to authenticate. {}", sanitizeEntity, e2);
            return false;
        }
    }

    private AutoclosingDirContext buildContext(String str, String str2) throws NamingException {
        String format = String.format("%s=%s,%s", this.configuration.getUserNameAttribute(), str, this.configuration.getUserFilter());
        Hashtable<String, String> contextConfiguration = contextConfiguration();
        contextConfiguration.put("java.naming.security.principal", format);
        contextConfiguration.put("java.naming.security.credentials", str2);
        return new AutoclosingDirContext(contextConfiguration);
    }

    @Timed
    public Optional<User> authenticateAndReturnPermittedGroups(BasicCredentials basicCredentials) throws AuthenticationException {
        AutoclosingDirContext buildContext;
        Throwable th;
        Set<String> groupMembershipsIntersectingWithRestrictedGroups;
        String sanitizeEntity = sanitizeEntity(basicCredentials.getUsername());
        try {
            buildContext = buildContext(sanitizeEntity, basicCredentials.getPassword());
            th = null;
            try {
                try {
                    groupMembershipsIntersectingWithRestrictedGroups = getGroupMembershipsIntersectingWithRestrictedGroups(buildContext, sanitizeEntity);
                } finally {
                }
            } catch (Throwable th2) {
                if (buildContext != null) {
                    if (th != null) {
                        try {
                            buildContext.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        buildContext.close();
                    }
                }
                throw th2;
            }
        } catch (NamingException e) {
            throw new AuthenticationException(String.format("LDAP Authentication failure (username: %s)", sanitizeEntity), e);
        } catch (javax.naming.AuthenticationException e2) {
            LOG.debug("{} failed to authenticate. {}", sanitizeEntity, e2);
        }
        if (groupMembershipsIntersectingWithRestrictedGroups.isEmpty()) {
            if (buildContext != null) {
                if (0 != 0) {
                    try {
                        buildContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    buildContext.close();
                }
            }
            return Optional.absent();
        }
        Optional<User> of = Optional.of(new User(sanitizeEntity, groupMembershipsIntersectingWithRestrictedGroups));
        if (buildContext != null) {
            if (0 != 0) {
                try {
                    buildContext.close();
                } catch (Throwable th5) {
                    th.addSuppressed(th5);
                }
            } else {
                buildContext.close();
            }
        }
        return of;
    }

    private Hashtable<String, String> contextConfiguration() {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.configuration.getUri().toString());
        hashtable.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(this.configuration.getConnectTimeout().toMilliseconds()));
        hashtable.put("com.sun.jndi.ldap.read.timeout", String.valueOf(this.configuration.getReadTimeout().toMilliseconds()));
        hashtable.put("com.sun.jndi.ldap.connect.pool", "true");
        return hashtable;
    }
}
