package org.apache.eagle.common.service;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.eagle.common.config.EagleConfig;
import org.apache.eagle.common.config.EagleConfigFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:org/apache/eagle/common/service/LdapService.class */
public class LdapService {
    private static final Logger LOG = LoggerFactory.getLogger(LdapService.class);
    private final List<String> ldapSrvs;
    private String ldapCerts;
    private final String securityPrincipal;
    private final String securityCredentials;
    public static final String SECURITY_PRINCIPAL_CONFIG_NAME = "eagle.ldap.security-principal";
    public static final String SECURITY_CREDENTIALS_CONFIG_NAME = "eagle.ldap.security-credentials";
    public static final String LDAP_SERVER_CONFIG_NAME = "eagle.ldap.server";
    public static final String LDAP_CERTS_CONFIG_NAME = "eagle.ldap.certs";
    public static final String DEFAULT_LDAP_CERTS_FILE_NAME = "jssecacerts";
    private static LdapService instance;
    public static final String CN = "cn";
    public static final String DISPLAY_NAME = "displayName";
    public static final String DESCRIPTION = "description";
    public static final String SAMACCOUNT_NAME = "sAMAccountName";
    public static final String TELEPHONE_NUMBER = "telephonenumber";
    public static final String GIVEN_NAME = "givenName";
    public static final String UID_NUMBER = "uidNumber";
    public static final String L = "l";
    public static final String ST = "st";
    public static final String CO = "co";
    public static final String MEMBER_OF = "memberof";
    public static final String SN = "sn";
    public static final String MAIL = "mail";
    public static final String DISTINGUISHED_NAME = "distinguishedName";

    private LdapService() {
        EagleConfig load = EagleConfigFactory.load();
        this.securityPrincipal = load.getConfig().getString(SECURITY_PRINCIPAL_CONFIG_NAME);
        this.securityCredentials = load.getConfig().getString(SECURITY_CREDENTIALS_CONFIG_NAME);
        String string = load.getConfig().getString(LDAP_SERVER_CONFIG_NAME);
        if (LOG.isDebugEnabled()) {
            LOG.debug("eagle.ldap.security-principal:" + this.securityPrincipal);
        }
        if (this.securityCredentials == null) {
            LOG.warn("eagle.ldap.security-credentials:" + ((Object) null));
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("eagle.ldap.security-credentials: (hidden for security, length: " + this.securityCredentials.length() + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("eagle.ldap.server:" + string);
        }
        this.ldapSrvs = Arrays.asList(string.split(","));
        this.ldapCerts = load.getConfig().getString(LDAP_CERTS_CONFIG_NAME);
        if (this.ldapCerts == null) {
            this.ldapCerts = LdapService.class.getClassLoader().getResource(DEFAULT_LDAP_CERTS_FILE_NAME).getPath();
        } else if (!this.ldapCerts.startsWith("/") && !this.ldapCerts.matches("[a-zA-Z]+:.*")) {
            this.ldapCerts = LdapService.class.getClassLoader().getResource(this.ldapCerts).getPath();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("eagle.ldap.security-principal: " + this.securityPrincipal);
            if (this.securityCredentials == null) {
                LOG.debug("eagle.ldap.security-credentials: null");
            } else {
                LOG.debug("eagle.ldap.security-credentials: (hidden, length: " + this.securityCredentials.length() + DefaultExpressionEngine.DEFAULT_INDEX_END);
            }
            LOG.debug("eagle.ldap.server: " + this.ldapSrvs);
            LOG.debug("eagle.ldap.certs: " + this.ldapCerts);
        }
    }

    public static LdapService getInstance() {
        if (instance == null) {
            instance = new LdapService();
        }
        return instance;
    }

    protected DirContext getDirContext(int i) {
        InitialDirContext initialDirContext;
        if (this.ldapCerts != null) {
            System.setProperty("javax.net.ssl.keyStore", this.ldapCerts);
            System.setProperty("javax.net.ssl.trustStore", this.ldapCerts);
        }
        String str = this.ldapSrvs.get(i);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.protocol", "ssl");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        hashtable.put("java.naming.security.principal", this.securityPrincipal);
        hashtable.put("java.naming.security.credentials", this.securityCredentials);
        hashtable.put("java.naming.ldap.attributes.binary", "objectSID");
        hashtable.put("java.naming.ldap.factory.socket", "hadoop.eagle.common.service.TrustAllSSLSocketFactory");
        try {
            initialDirContext = new InitialDirContext(hashtable);
        } catch (Exception e) {
            initialDirContext = null;
            LOG.error("LDAP authentication failed with exception: " + e.getMessage(), e);
        }
        return initialDirContext;
    }

    protected SearchControls getSearchControl() {
        SearchControls searchControls = new SearchControls();
        String[] strArr = new String[15];
        strArr[0] = CN;
        strArr[1] = DISPLAY_NAME;
        strArr[2] = "description";
        strArr[3] = SAMACCOUNT_NAME;
        strArr[4] = TELEPHONE_NUMBER;
        strArr[5] = GIVEN_NAME;
        strArr[6] = UID_NUMBER;
        strArr[7] = L;
        strArr[8] = "st";
        strArr[9] = CO;
        strArr[10] = MEMBER_OF;
        strArr[11] = SN;
        strArr[12] = MAIL;
        strArr[13] = DISTINGUISHED_NAME;
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        return searchControls;
    }

    public Map<String, String> getUserInfo(String str) {
        Map<String, String> map = null;
        for (int i = 0; i < this.ldapSrvs.size(); i++) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Using server: " + this.ldapSrvs.get(i));
            }
            map = getUserInfo(i, str);
            if (map.size() > 0) {
                break;
            }
        }
        return map;
    }

    public Map<String, String> getUserInfo(int i, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Ldap get user information for id:" + i + ", username:" + str);
        }
        DirContext dirContext = getDirContext(i);
        HashMap hashMap = new HashMap();
        if (dirContext != null) {
            try {
                NamingEnumeration search = dirContext.search("OU=Accounts_User,DC=corp,DC=company1,DC=com", "(&(objectClass=user)(sAMAccountName=" + str + "))", getSearchControl());
                while (search.hasMore()) {
                    NamingEnumeration all = ((SearchResult) search.next()).getAttributes().getAll();
                    while (all.hasMoreElements()) {
                        Attribute attribute = (Attribute) all.next();
                        String id = attribute.getID();
                        NamingEnumeration all2 = attribute.getAll();
                        while (all2.hasMore()) {
                            hashMap.put(id, all2.next().toString());
                        }
                    }
                }
            } catch (NamingException e) {
                LOG.error("LDAP authentication failed with exception: " + e.getMessage(), e);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(hashMap.toString());
        }
        return hashMap;
    }

    public boolean authenticate(String str, String str2) {
        for (int i = 0; i < this.ldapSrvs.size(); i++) {
            if (authenticate(i, str, str2)) {
                return true;
            }
        }
        return false;
    }

    public boolean authenticate(int i, String str, String str2) {
        boolean z = false;
        DirContext dirContext = getDirContext(i);
        if (dirContext != null) {
            try {
                NamingEnumeration search = dirContext.search("OU=Accounts_User,DC=corp,DC=company1,DC=com", "(&(objectClass=user)(sAMAccountName=" + str + "))", getSearchControl());
                String str3 = null;
                if (search.hasMore()) {
                    while (search.hasMore()) {
                        str3 = ((SearchResult) search.next()).getAttributes().get(DISTINGUISHED_NAME).get().toString();
                    }
                }
                dirContext.close();
                if (str3 != null) {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put("java.naming.security.protocol", "ssl");
                    hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                    hashtable.put("java.naming.provider.url", this.ldapSrvs.get(i));
                    hashtable.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
                    hashtable.put("java.naming.security.principal", str3);
                    hashtable.put("java.naming.security.credentials", str2);
                    hashtable.put("java.naming.ldap.factory.socket", "hadoop.eagle.common.service.TrustAllSSLSocketFactory");
                    new InitialDirContext(hashtable).close();
                    z = true;
                }
            } catch (NamingException e) {
                LOG.error("LDAP authentication failed with exception: " + e.getMessage(), e);
            }
        }
        return z;
    }
}
