package net.dataforte.doorkeeper.account.provider.ldap;

import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.StartTlsRequest;
import net.dataforte.commons.slf4j.LoggerFactory;
import net.dataforte.doorkeeper.User;
import net.dataforte.doorkeeper.account.provider.AbstractAccountProvider;
import net.dataforte.doorkeeper.annotations.Property;
import net.dataforte.doorkeeper.annotations.Required;
import net.dataforte.doorkeeper.authenticator.AuthenticatorException;
import net.dataforte.doorkeeper.authenticator.AuthenticatorToken;
import net.dataforte.doorkeeper.authenticator.AuthenticatorUser;
import net.dataforte.doorkeeper.authenticator.PasswordAuthenticatorToken;
import org.slf4j.Logger;

@Property(name = "name", value = "ldap")
/* loaded from: input_file:WEB-INF/lib/doorkeeper-core-0.3.14.jar:net/dataforte/doorkeeper/account/provider/ldap/LdapAccountProvider.class */
public class LdapAccountProvider extends AbstractAccountProvider {
    private static final String COM_SUN_JNDI_LDAP_CONNECT_POOL = "com.sun.jndi.ldap.connect.pool";
    private ConcurrentMap<String, Object> cache;
    private Hashtable<String, String> env;
    private String searchBase;
    private String userBase;
    private String groupBase;
    private String url;
    private String principal;
    private String credentials;
    private String attributeFilter;
    private boolean useTls;
    private boolean paging;
    private int pageSize;
    private String memberOfAttribute;
    List<String> staticGroups;
    private String[] userReturnedAttributes;
    private DateFormat serverDateFormat;
    private static final Logger log = LoggerFactory.make();
    static final Pattern MAPPING_REGEX = Pattern.compile("([\\w_\\-]+)(?:[\\s]*=[\\s]*)((?:['\"]).+?(?:['\"]))");
    static final DateFormat df = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
    static final LdapEntry NULL_USER = new LdapEntry(null);
    private String uidAttribute = "uid";
    private String groupAttribute = "cn";
    private String memberAttribute = "member";
    private Map<Pattern, String> ouMap = new LinkedHashMap();
    private Map<Pattern, String> groupMap = new LinkedHashMap();
    private Map<String, String> attributeMap = new LinkedHashMap();

    @Required
    public String getUrl() {
        return this.url;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    @Required
    public String getSearchBase() {
        return this.searchBase;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
    }

    public String getUserBase() {
        return this.userBase;
    }

    public String getGroupBase() {
        return this.groupBase;
    }

    public void setUserBase(String str) {
        this.userBase = str;
    }

    public void setGroupBase(String str) {
        this.groupBase = str;
    }

    public String getMemberAttribute() {
        return this.memberAttribute;
    }

    public void setMemberAttribute(String str) {
        this.memberAttribute = str;
    }

    public String getPrincipal() {
        return this.principal;
    }

    public void setPrincipal(String str) {
        this.principal = str;
    }

    public String getCredentials() {
        return this.credentials;
    }

    public void setCredentials(String str) {
        this.credentials = str;
    }

    public boolean isUseTls() {
        return this.useTls;
    }

    public void setUseTls(boolean z) {
        this.useTls = z;
    }

    public boolean isPaging() {
        return this.paging;
    }

    public void setPaging(boolean z) {
        this.paging = z;
    }

    public int getPageSize() {
        return this.pageSize;
    }

    public void setPageSize(int i) {
        this.pageSize = i;
    }

    public String getUidAttribute() {
        return this.uidAttribute;
    }

    public void setUidAttribute(String str) {
        this.uidAttribute = str;
    }

    public String getGroupAttribute() {
        return this.groupAttribute;
    }

    public void setGroupAttribute(String str) {
        this.groupAttribute = str;
    }

    public String getMemberOfAttribute() {
        return this.memberOfAttribute;
    }

    public void setMemberOfAttribute(String str) {
        this.memberOfAttribute = str;
    }

    public Map<String, String> getAttributeMap() {
        return this.attributeMap;
    }

    public void setAttributeMap(Map<String, String> map) {
        this.attributeMap = map;
    }

    public Map<Pattern, String> getOuMap() {
        return this.ouMap;
    }

    public void setOuMap(Map<String, String> map) {
        this.ouMap.clear();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.ouMap.put(Pattern.compile(entry.getKey()), entry.getValue());
        }
    }

    public Map<Pattern, String> getGroupMap() {
        return this.groupMap;
    }

    public void setGroupMap(Map<String, String> map) {
        this.groupMap.clear();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.groupMap.put(Pattern.compile(entry.getKey()), entry.getValue());
        }
    }

    private User entry2user(String str, LdapEntry ldapEntry) {
        AuthenticatorUser authenticatorUser = new AuthenticatorUser(str);
        authenticatorUser.getGroups().addAll(ldapEntry.addGroups);
        authenticatorUser.getGroups().removeAll(ldapEntry.delGroups);
        return authenticatorUser;
    }

    private LdapEntry loadInternal(AuthenticatorToken authenticatorToken) {
        LdapEntry ldapEntry = (LdapEntry) this.cache.get(authenticatorToken.getPrincipalName());
        if (ldapEntry != null) {
            if (log.isDebugEnabled()) {
                log.debug("Cache lookup for " + authenticatorToken.getPrincipalName() + " = " + ldapEntry);
            }
            if (ldapEntry != NULL_USER) {
                return ldapEntry;
            }
            return null;
        }
        try {
            if (log.isDebugEnabled()) {
                log.debug("LDAP search for " + authenticatorToken.getPrincipalName());
            }
            List<LdapEntry> ldapSearch = ldapSearch(username2filter(authenticatorToken.getPrincipalName()));
            if (ldapSearch.size() == 0) {
                if (log.isDebugEnabled()) {
                    log.debug(authenticatorToken.getPrincipalName() + " not found in LDAP");
                }
                this.cache.put(authenticatorToken.getPrincipalName(), NULL_USER);
                return null;
            }
            LdapEntry ldapEntry2 = ldapSearch.get(0);
            if (log.isDebugEnabled()) {
                log.debug(authenticatorToken.getPrincipalName() + " found in LDAP, adding to cache");
            }
            this.cache.put(authenticatorToken.getPrincipalName(), ldapEntry2);
            return ldapEntry2;
        } catch (NamingException e) {
            log.error("LDAP Error", e);
            return null;
        }
    }

    @Override // net.dataforte.doorkeeper.account.provider.AccountProvider
    public void flushCaches() {
        this.cache.clear();
    }

    @Override // net.dataforte.doorkeeper.account.provider.AbstractAccountProvider, net.dataforte.doorkeeper.account.provider.AccountProvider
    public User authenticate(AuthenticatorToken authenticatorToken) throws AuthenticatorException {
        LdapContext ldapContext = null;
        LdapContext ldapContext2 = null;
        PasswordAuthenticatorToken passwordAuthenticatorToken = (PasswordAuthenticatorToken) authenticatorToken;
        try {
            try {
                LdapEntry loadInternal = loadInternal(authenticatorToken);
                if (loadInternal == null) {
                    closeContexts(null, null);
                    return null;
                }
                Hashtable hashtable = new Hashtable(this.env);
                hashtable.put("java.naming.security.principal", loadInternal.dn);
                hashtable.put("java.naming.security.credentials", passwordAuthenticatorToken.getPassword());
                hashtable.put(COM_SUN_JNDI_LDAP_CONNECT_POOL, "false");
                ldapContext = new InitialLdapContext(hashtable, (Control[]) null);
                if (this.useTls) {
                    ldapContext.extendedOperation(new StartTlsRequest()).negotiate();
                }
                ldapContext2 = (LdapContext) ldapContext.lookup(loadInternal.dn);
                if (log.isDebugEnabled()) {
                    log.debug("Authenticated successfully user " + passwordAuthenticatorToken.getPrincipalName());
                }
                this.cache.put(passwordAuthenticatorToken.getPrincipalName(), loadInternal);
                User entry2user = entry2user(passwordAuthenticatorToken.getPrincipalName(), loadInternal);
                closeContexts(ldapContext2, ldapContext);
                return entry2user;
            } catch (Exception e) {
                log.error("Error during LDAP authentication", (Throwable) e);
                throw new AuthenticatorException(e);
            }
        } catch (Throwable th) {
            closeContexts(ldapContext2, ldapContext);
            throw th;
        }
    }

    @Override // net.dataforte.doorkeeper.account.provider.AbstractAccountProvider, net.dataforte.doorkeeper.account.provider.AccountProvider
    public User load(AuthenticatorToken authenticatorToken) {
        LdapEntry loadInternal = loadInternal(authenticatorToken);
        if (loadInternal == null) {
            return null;
        }
        return entry2user(authenticatorToken.getPrincipalName(), loadInternal);
    }

    @Override // net.dataforte.doorkeeper.account.provider.AbstractAccountProvider, net.dataforte.doorkeeper.account.provider.AccountProvider
    public List<User> getUsersInGroup(String str) {
        return null;
    }

    @Override // net.dataforte.doorkeeper.account.provider.AbstractAccountProvider, net.dataforte.doorkeeper.account.provider.AccountProvider
    public Collection<String> getGroups() {
        return null;
    }

    @PostConstruct
    public void init() {
        if (this.url == null) {
            throw new IllegalStateException("Parameter 'url' is required");
        }
        if (this.searchBase == null) {
            throw new IllegalStateException("Parameter 'searchBase' is required");
        }
        this.cache = new ConcurrentHashMap();
        this.attributeMap.put(this.uidAttribute, null);
        if (this.memberOfAttribute != null) {
            this.attributeMap.put(this.memberOfAttribute, null);
        }
        this.userReturnedAttributes = (String[]) this.attributeMap.keySet().toArray(new String[this.attributeMap.size()]);
        this.ouMap = new HashMap();
        this.env = new Hashtable<>();
        this.env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.env.put("java.naming.provider.url", this.url);
        this.env.put("java.naming.security.authentication", "simple");
        if (this.principal != null) {
            this.env.put("java.naming.security.principal", this.principal);
            this.env.put("java.naming.security.credentials", this.credentials);
        }
        if (log.isInfoEnabled()) {
            log.info("Initialized");
        }
    }

    public List<String> list() {
        return Collections.emptyList();
    }

    private String username2filter(String str) {
        return (this.attributeFilter == null || this.attributeFilter.equals("")) ? this.uidAttribute + "=" + str : "(&(" + this.uidAttribute + "=" + str + ")(" + this.attributeFilter + "))";
    }

    private List<LdapEntry> ldapSearch(String str) throws NamingException {
        LdapContext ldapContext = null;
        try {
            ldapContext = new InitialLdapContext(this.env, (Control[]) null);
            List<LdapEntry> search = search(ldapContext, this.searchBase, str);
            closeContexts(ldapContext);
            return search;
        } catch (Throwable th) {
            closeContexts(ldapContext);
            throw th;
        }
    }

    private List<LdapEntry> search(LdapContext ldapContext, String str, String str2) throws NamingException {
        NamingEnumeration namingEnumeration = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                if (this.paging) {
                    ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, true)});
                }
                searchControls.setReturningAttributes(this.userReturnedAttributes);
                byte[] bArr = null;
                do {
                    namingEnumeration = ldapContext.search(str, str2, searchControls);
                    while (namingEnumeration != null && namingEnumeration.hasMoreElements()) {
                        SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                        LdapEntry ldapEntry = new LdapEntry(searchResult.getNameInNamespace());
                        if (this.staticGroups != null) {
                            ldapEntry.addGroups.addAll(this.staticGroups);
                        }
                        for (Map.Entry<Pattern, String> entry : this.ouMap.entrySet()) {
                            if (entry.getKey().matcher(ldapEntry.dn).matches()) {
                                ldapEntry.addGroups.add(entry.getValue());
                            }
                        }
                        NamingEnumeration all = searchResult.getAttributes().getAll();
                        while (all.hasMoreElements()) {
                            Attribute attribute = (Attribute) all.nextElement();
                            if (attribute != null) {
                                String lowerCase = attribute.getID().toLowerCase();
                                if (lowerCase.equalsIgnoreCase(this.memberOfAttribute)) {
                                    HashSet hashSet = new HashSet();
                                    for (int i = 0; i < attribute.size(); i++) {
                                        hashSet.add((String) attribute.get(i));
                                    }
                                    remapGroups(ldapEntry, hashSet);
                                } else {
                                    String str3 = this.attributeMap.get(lowerCase);
                                    if (str3 != null) {
                                        ldapEntry.attributes.put(str3, convertAttribute(attribute.get(0)));
                                    }
                                }
                            }
                        }
                        closeEnumerations(all);
                        if (this.groupBase != null) {
                            remapGroups(ldapEntry, searchMembership(ldapContext, ldapEntry.dn, new HashSet()));
                        }
                        arrayList.add(ldapEntry);
                    }
                    closeEnumerations(namingEnumeration);
                    if (this.paging) {
                        PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
                        for (int i2 = 0; i2 < responseControls.length; i2++) {
                            if (responseControls[i2] instanceof PagedResultsResponseControl) {
                                bArr = responseControls[i2].getCookie();
                            }
                        }
                        if (bArr != null) {
                            ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, bArr, true)});
                        }
                    }
                } while (bArr != null);
                closeEnumerations(namingEnumeration);
                return arrayList;
            } catch (Exception e) {
                log.error("Search error", (Throwable) e);
                closeEnumerations(namingEnumeration);
                return null;
            }
        } catch (Throwable th) {
            closeEnumerations(namingEnumeration);
            throw th;
        }
    }

    private void recursiveSearch(LdapContext ldapContext, String str, String str2, Set<String> set) throws NamingException {
        NamingEnumeration all = ldapContext.getAttributes(str, new String[]{str2}).getAll();
        while (all.hasMoreElements()) {
            Object nextElement = all.nextElement();
            if (nextElement instanceof Attribute) {
                NamingEnumeration all2 = ((Attribute) nextElement).getAll();
                while (all2.hasMoreElements()) {
                    Object nextElement2 = all2.nextElement();
                    if (nextElement2 instanceof String) {
                        String str3 = (String) nextElement2;
                        if (!set.contains(str3)) {
                            set.add(str3);
                            recursiveSearch(ldapContext, str3, str2, set);
                        }
                    }
                }
                closeEnumerations(all2);
            }
        }
        closeEnumerations(all);
    }

    private Set<String> searchMembership(LdapContext ldapContext, String str, Set<String> set) {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                if (this.paging) {
                    ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, true)});
                }
                searchControls.setReturningAttributes(new String[]{this.groupAttribute});
                byte[] bArr = null;
                do {
                    namingEnumeration = ldapContext.search(this.groupBase, String.format("(%s=%s)", this.memberAttribute, str), searchControls);
                    while (namingEnumeration != null && namingEnumeration.hasMoreElements()) {
                        SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                        if (!set.contains(searchResult.getNameInNamespace())) {
                            set.add(searchResult.getNameInNamespace());
                            searchMembership(ldapContext, searchResult.getNameInNamespace(), set);
                        }
                    }
                    closeEnumerations(namingEnumeration);
                    if (this.paging) {
                        PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
                        for (int i = 0; i < responseControls.length; i++) {
                            if (responseControls[i] instanceof PagedResultsResponseControl) {
                                bArr = responseControls[i].getCookie();
                            }
                        }
                        if (bArr != null) {
                            ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, bArr, true)});
                        }
                    }
                } while (bArr != null);
                closeEnumerations(namingEnumeration);
                return set;
            } catch (Exception e) {
                log.error("Search error", (Throwable) e);
                closeEnumerations(namingEnumeration);
                return null;
            }
        } catch (Throwable th) {
            closeEnumerations(namingEnumeration);
            throw th;
        }
    }

    private void remapGroups(LdapEntry ldapEntry, Set<String> set) {
        if (this.groupMap.isEmpty()) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                String[] split = it.next().split("\\s*,\\s*");
                ldapEntry.addGroups.add(split[0].substring(split[0].indexOf(61) + 1));
            }
            return;
        }
        for (String str : set) {
            for (Map.Entry<Pattern, String> entry : this.groupMap.entrySet()) {
                if (entry.getKey().matcher(str).matches()) {
                    ldapEntry.addGroups.add(entry.getValue());
                } else {
                    ldapEntry.delGroups.add(entry.getValue());
                }
            }
        }
        ldapEntry.delGroups.removeAll(ldapEntry.addGroups);
    }

    private static void closeEnumerations(NamingEnumeration<?>... namingEnumerationArr) {
        for (int i = 0; i < namingEnumerationArr.length; i++) {
            try {
                if (namingEnumerationArr[i] != null) {
                    namingEnumerationArr[i].close();
                }
            } catch (Throwable th) {
                log.error("Error closing enumeration " + i, th);
            }
        }
    }

    private static void closeContexts(LdapContext... ldapContextArr) {
        for (int i = 0; i < ldapContextArr.length; i++) {
            try {
                if (ldapContextArr[i] != null) {
                    ldapContextArr[i].close();
                }
            } catch (Throwable th) {
                log.error("Error closing context " + i, th);
            }
        }
    }

    private String convertAttribute(Object obj) {
        if (obj instanceof String) {
            String str = (String) obj;
            try {
                return df.format(this.serverDateFormat.parse(str));
            } catch (ParseException e) {
                return str;
            }
        }
        if (!(obj instanceof byte[])) {
            return null;
        }
        byte[] bArr = (byte[]) obj;
        return bArr.length == 16 ? byteToUUID(bArr) : new String(bArr);
    }

    private static String byteToUUID(byte[] bArr) {
        return String.format("%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", Byte.valueOf(bArr[0]), Byte.valueOf(bArr[1]), Byte.valueOf(bArr[2]), Byte.valueOf(bArr[3]), Byte.valueOf(bArr[4]), Byte.valueOf(bArr[5]), Byte.valueOf(bArr[6]), Byte.valueOf(bArr[7]), Byte.valueOf(bArr[8]), Byte.valueOf(bArr[9]), Byte.valueOf(bArr[10]), Byte.valueOf(bArr[11]), Byte.valueOf(bArr[12]), Byte.valueOf(bArr[13]), Byte.valueOf(bArr[14]), Byte.valueOf(bArr[15]));
    }
}
