package net.sf.jkniv.jaas.gf;

import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.util.i18n.StringManager;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:net/sf/jkniv/jaas/gf/LdapAdapter.class */
class LdapAdapter {
    public static final String PROP_DIRURL = "directories";
    public static final String PROP_SECURITY_AUTHENTICATION = "auth-level";
    public static final String PROP_DEFAULT_DOMAIN = "default-domain";
    public static final String PROP_ATTR_GROUP_MEMBER = "group-member-attr";
    public static final String DEFAULT_AUTH = "simple";
    public static final String DEFAULT_FETCH_ATTR = "memberOf";
    private static final String DEFAULT_REFERRAL = "follow";
    private static final String PROP_FORCE_AUTH_LDAP = "force-auth-ldap";
    private static final String URL_LDAP = "ldap://";
    private static final String URL_LDAPS = "ldaps://";
    private static final String DEFAULT_POOL_PROTOCOL = "plain ssl";
    private static final String SSL = "SSL";
    private static final String PORT_SSL = "636";
    private static final String PORT = "389";
    public static final String PROP_SEARCH_FILTER = "search-filter";
    public static final String PROP_JNDICF = "jndiCtxFactory";
    public static final String PROP_READ_TIMEOUT = "read.timeout";
    public static final String SUBST_SUBJECT_NAME = "%s";
    public static final String SUBST_SUBJECT_DN = "%d";
    private static final String DEFAULT_SEARCH_FILTER = "mail=%s";
    private static final String DEFAULT_JNDICF = "com.sun.jndi.ldap.LdapCtxFactory";
    private String defaultBaseDn;
    private boolean forceAuthLdap;
    private static final Logger LOG = MyLoggerFactory.getLogger(LdapAdapter.class);
    private static final String REGEX_COMMON_NAME = "CN=[\\w\\.?]+";
    public static final Pattern PATTERN_CN = Pattern.compile(REGEX_COMMON_NAME, 2);
    private static final StringManager i18n = StringManager.getManager(JdbcAdapter.class);
    private Properties propsLdap = new Properties();
    private boolean sslEnable = false;
    private Map<String, String> urlDc = new HashMap();
    private Map<String, Vector<String>> cacheGroup = new HashMap();

    public LdapAdapter(Properties properties) throws BadRealmException, NoSuchRealmException {
        setPropertyValue(PROP_DIRURL, "", properties);
        setPropertyValue(PROP_DEFAULT_DOMAIN, "", properties);
        this.propsLdap.setProperty("java.naming.factory.initial", setPropertyValue(PROP_JNDICF, DEFAULT_JNDICF, properties));
        this.propsLdap.setProperty("java.naming.security.authentication", setPropertyValue(PROP_SECURITY_AUTHENTICATION, DEFAULT_AUTH, properties));
        this.forceAuthLdap = Boolean.valueOf(properties.getProperty(PROP_FORCE_AUTH_LDAP, "false")).booleanValue();
        setPropertyValue("java.naming.referral", DEFAULT_REFERRAL, properties);
        settingLdapProperties(properties);
        String property = properties.getProperty(PROP_SEARCH_FILTER);
        setPropertyValue(PROP_SEARCH_FILTER, property == null ? DEFAULT_SEARCH_FILTER : String.valueOf(property) + "=" + SUBST_SUBJECT_NAME);
        setPropertyValue(PROP_ATTR_GROUP_MEMBER, DEFAULT_FETCH_ATTR, properties);
        buildDomainComponent();
        checkMandatoryProperties();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29 */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v34 */
    public boolean authenticate(String str, String str2, boolean z) throws LoginException {
        InitialDirContext initialDirContext = null;
        String userWithDomain = getUserWithDomain(str);
        boolean z2 = false;
        if (this.forceAuthLdap) {
            LOG.info(i18n.getString("hybrid.ldap.forcelogin", userWithDomain));
            return true;
        }
        try {
            Properties ldapBindProps = getLdapBindProps();
            ldapBindProps.put("java.naming.security.principal", userWithDomain);
            ldapBindProps.put("java.naming.security.credentials", str2);
            ldapBindProps.put("java.naming.provider.url", getProviderUrl(userWithDomain));
            initialDirContext = new InitialDirContext(ldapBindProps);
            z2 = true;
        } catch (NamingException e) {
            LOG.log(Level.WARNING, i18n.getString("hybrid.realm.invaliduser", str));
            if (LOG.isLoggable(Level.FINE)) {
                LOG.log(Level.FINE, i18n.getString("hybrid.realm.invaliduserpass", str, "***"), e);
            }
        }
        if (z && initialDirContext != null) {
            List<String> groupNames = getGroupNames(initialDirContext, str);
            Vector<String> vector = this.cacheGroup.get(userWithDomain);
            if (vector == null) {
                vector = new Vector<>();
            }
            for (String str3 : groupNames) {
                if (!vector.contains(str3)) {
                    vector.add(str3);
                }
            }
            ?? r0 = this;
            synchronized (r0) {
                this.cacheGroup.put(userWithDomain, vector);
                r0 = r0;
            }
        }
        if (initialDirContext != null) {
            try {
                initialDirContext.close();
            } catch (NamingException e2) {
                LOG.log(Level.WARNING, "cannot close ");
            }
        }
        return z2;
    }

    public List<String> getGroupNames(String str) {
        Vector<String> vector = this.cacheGroup.get(getUserWithDomain(str));
        return vector != null ? vector : new Vector();
    }

    private List<String> getGroupNames(DirContext dirContext, String str) {
        List<String> emptyList = Collections.emptyList();
        String format = String.format(this.propsLdap.getProperty(PROP_SEARCH_FILTER), str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(1L);
        String str2 = this.urlDc.get(getDomain(str));
        LOG.info("base dn -> " + str2);
        try {
            try {
                NamingEnumeration search = dirContext.search(str2, format, searchControls);
                if (search.hasMore()) {
                    emptyList = extractGroups(((SearchResult) search.next()).getAttributes());
                }
            } catch (NamingException e) {
                LOG.log(Level.WARNING, i18n.getString("hybrid.ldap.groupsearcherror", str), e);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                    }
                }
            }
            return emptyList;
        } finally {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                }
            }
        }
    }

    private String getDomain(String str) {
        String userWithDomain = getUserWithDomain(str);
        String property = this.propsLdap.getProperty(PROP_DEFAULT_DOMAIN);
        int indexOf = userWithDomain.indexOf("@");
        if (indexOf > 0) {
            property = userWithDomain.substring(indexOf + 1);
        }
        LOG.finest("domain=" + property);
        return property;
    }

    private void buildDomainComponent() throws BadRealmException {
        String property = this.propsLdap.getProperty(PROP_DIRURL);
        String property2 = this.propsLdap.getProperty(PROP_DEFAULT_DOMAIN);
        String[] splitUrl = splitUrl(property);
        for (String str : splitUrl) {
            this.urlDc.put(str, domainComponent(str));
        }
        if (splitUrl.length == 0 && property2 != null) {
            this.urlDc.put(property2, domainComponent(property2));
        }
        LOG.finest("build domain=" + this.urlDc);
    }

    private void checkMandatoryProperties() throws BadRealmException {
        String property = this.propsLdap.getProperty(PROP_DIRURL);
        String property2 = this.propsLdap.getProperty(PROP_ATTR_GROUP_MEMBER);
        if (property == null || this.urlDc.isEmpty() || property2 == null) {
            throw new BadRealmException(i18n.getString("hybrid.ldap.badconfig", property, this.urlDc.isEmpty() ? "null" : this.urlDc, property2));
        }
    }

    private String getProviderUrl(String str) {
        String domain = getDomain(str);
        boolean z = domain.indexOf(":") > 0;
        String str2 = z ? "" : ":389";
        if (sslEnable() && !z) {
            str2 = ":636";
        }
        String str3 = (domain.startsWith(URL_LDAP) || domain.startsWith(URL_LDAPS)) ? String.valueOf(domain) + str2 : sslEnable() ? URL_LDAPS + domain + str2 : URL_LDAP + domain + str2;
        LOG.finest("provider url=" + str3);
        return str3;
    }

    private List<String> extractGroups(Attributes attributes) throws NamingException {
        ArrayList arrayList = new ArrayList();
        List asList = Arrays.asList(this.propsLdap.get(PROP_ATTR_GROUP_MEMBER).toString().split(","));
        NamingEnumeration all = attributes.getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            if (asList.contains(attribute.getID())) {
                LOG.finest("attribute: " + attribute.getID());
                NamingEnumeration all2 = attribute.getAll();
                while (all2.hasMore()) {
                    String str = null;
                    String valueOf = String.valueOf(all2.next());
                    Matcher matcher = PATTERN_CN.matcher(valueOf);
                    if (matcher.find()) {
                        str = matcher.group().substring(3);
                        arrayList.add(str);
                    }
                    LOG.finest("attr: " + valueOf + ", extract common name as group: " + str);
                }
            }
        }
        return arrayList;
    }

    private String getUserWithDomain(String str) {
        String str2 = str;
        int indexOf = str.indexOf("@");
        String property = this.propsLdap.getProperty(PROP_DEFAULT_DOMAIN);
        if (indexOf < 0 && property != null && !"".equals(property.trim())) {
            str2 = String.valueOf(str) + "@" + property;
        }
        LOG.finest("user domain=" + str2);
        return str2;
    }

    private String[] splitUrl(String str) throws BadRealmException {
        if (str == null) {
            return new String[0];
        }
        String[] split = str.split(",");
        for (int i = 0; i < split.length; i++) {
            try {
                new URL("http://" + split[i]);
                split[i] = split[i].trim();
            } catch (MalformedURLException e) {
                throw new BadRealmException(e.getMessage());
            }
        }
        return split;
    }

    private String domainComponent(String str) {
        int length = str.length();
        int indexOf = str.indexOf(":");
        if (indexOf > 0) {
            length = indexOf;
        }
        return "dc=" + str.substring(0, length).replaceAll("\\.", ",dc=");
    }

    private synchronized String setPropertyValue(String str, String str2, Properties properties) {
        String property = properties.getProperty(str, str2);
        this.propsLdap.setProperty(str, property);
        return property;
    }

    private synchronized void setPropertyValue(String str, String str2) {
        this.propsLdap.setProperty(str, str2);
    }

    private void settingLdapProperties(Properties properties) {
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith("com.sun.jndi.")) {
                setPropertyValue(str, (String) entry.getValue());
            }
        }
    }

    private boolean sslEnable() {
        return this.sslEnable;
    }

    private Properties getLdapBindProps() {
        return (Properties) this.propsLdap.clone();
    }
}
