package org.apache.ranger.ldapconfigcheck;

import java.io.PrintStream;
import java.util.ArrayList;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;

/* loaded from: input_file:org/apache/ranger/ldapconfigcheck/AuthenticationCheck.class */
public class AuthenticationCheck {
    private String ldapUrl;
    private String authMethod;
    private String adDomain;
    private String userDnPattern;
    private String roleAttribute;
    private String groupSearchBase;
    private String groupSearchFilter;
    private PrintStream logFile;
    private PrintStream ambariProps;
    private PrintStream installProps;

    public AuthenticationCheck(String str, UserSync userSync, PrintStream printStream, PrintStream printStream2, PrintStream printStream3) {
        this.ldapUrl = null;
        this.authMethod = "NONE";
        this.adDomain = null;
        this.userDnPattern = null;
        this.roleAttribute = null;
        this.groupSearchBase = null;
        this.groupSearchFilter = null;
        this.logFile = null;
        this.ambariProps = null;
        this.installProps = null;
        this.logFile = printStream;
        this.ambariProps = printStream2;
        this.installProps = printStream3;
        if (userSync.getUserNameAttribute().equalsIgnoreCase("sAMAccountName")) {
            this.authMethod = "AD";
        } else {
            this.authMethod = "LDAP";
        }
        this.ldapUrl = str;
        this.adDomain = userSync.getSearchBase();
        this.userDnPattern = userSync.getUserNameAttribute() + "={0}," + userSync.getUserSearchBase();
        this.roleAttribute = userSync.getGroupNameAttrName();
        this.groupSearchBase = userSync.getGroupSearchBase();
        this.groupSearchFilter = userSync.getGroupMemberName() + "=" + this.userDnPattern;
    }

    public void discoverAuthProperties() {
        this.ambariProps.println("\n# Possible values for authetication properties:");
        this.installProps.println("\n# Possible values for authetication properties:");
        if (this.authMethod.equalsIgnoreCase("AD")) {
            this.installProps.println("xa_ldap_ad_url=" + this.ldapUrl);
            this.installProps.println("xa_ldap_ad_domain=" + this.adDomain);
        } else {
            this.installProps.println("xa_ldap_url=" + this.ldapUrl);
            this.installProps.println("xa_ldap_userDNpattern=" + this.userDnPattern);
            this.installProps.println("xa_ldap_groupRoleAttribute=" + this.roleAttribute);
            this.installProps.println("xa_ldap_groupSearchBase=" + this.groupSearchBase);
            this.installProps.println("xa_ldap_groupSearchFilter=" + this.groupSearchFilter);
        }
        this.ambariProps.println("ranger.authentication.method=" + this.authMethod);
        if (this.authMethod.equalsIgnoreCase("AD")) {
            this.ambariProps.println("ranger.ldap.ad.url=" + this.ldapUrl);
            this.ambariProps.println("ranger.ldap.ad.domain=" + this.adDomain);
            return;
        }
        this.ambariProps.println("ranger.ldap.url=" + this.ldapUrl);
        this.ambariProps.println("ranger.ldap.user.dnpattern=" + this.userDnPattern);
        this.ambariProps.println("ranger.ldap.group.roleattribute=" + this.roleAttribute);
        this.ambariProps.println("ranger.ldap.group.searchbase=" + this.groupSearchBase);
        this.ambariProps.println("ranger.ldap.group.searchfilter=" + this.groupSearchFilter);
    }

    public boolean isAuthenticated(String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        Authentication aDBindAuthentication = this.authMethod.equalsIgnoreCase("AD") ? getADBindAuthentication(str, str2, str3, str4, str5) : getLdapBindAuthentication(str, str2, str3, str4, str5);
        if (aDBindAuthentication != null) {
            z = aDBindAuthentication.isAuthenticated();
        }
        return z;
    }

    private Authentication getADBindAuthentication(String str, String str2, String str3, String str4, String str5) {
        Authentication authentication = null;
        try {
            DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(str);
            defaultSpringSecurityContextSource.setUserDn(str2);
            defaultSpringSecurityContextSource.setPassword(str3);
            defaultSpringSecurityContextSource.setReferral("follow");
            defaultSpringSecurityContextSource.setCacheEnvironmentProperties(true);
            defaultSpringSecurityContextSource.setAnonymousReadOnly(false);
            defaultSpringSecurityContextSource.setPooled(true);
            defaultSpringSecurityContextSource.afterPropertiesSet();
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(this.adDomain, "(sAMAccountName={0})", defaultSpringSecurityContextSource);
            filterBasedLdapUserSearch.setSearchSubtree(true);
            BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
            bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
            bindAuthenticator.afterPropertiesSet();
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
            if (str4 != null && str5 != null && !str4.trim().isEmpty() && !str5.trim().isEmpty()) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(new SimpleGrantedAuthority("ROLE_USER"));
                authentication = ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(new User(str4, str5, arrayList), str5, arrayList));
            }
        } catch (BadCredentialsException e) {
            this.logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and ranger.admin.auth.samplepassword\n");
        } catch (Exception e2) {
            this.logFile.println("ERROR: LDAP Authentication Failed: " + e2);
        }
        return authentication;
    }

    private Authentication getLdapBindAuthentication(String str, String str2, String str3, String str4, String str5) {
        Authentication authentication = null;
        try {
            DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(str);
            defaultSpringSecurityContextSource.setUserDn(str2);
            defaultSpringSecurityContextSource.setPassword(str3);
            defaultSpringSecurityContextSource.setReferral("follow");
            defaultSpringSecurityContextSource.setCacheEnvironmentProperties(false);
            defaultSpringSecurityContextSource.setAnonymousReadOnly(true);
            defaultSpringSecurityContextSource.setPooled(true);
            defaultSpringSecurityContextSource.afterPropertiesSet();
            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(defaultSpringSecurityContextSource, this.groupSearchBase);
            defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(this.roleAttribute);
            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
            defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
            FilterBasedLdapUserSearch filterBasedLdapUserSearch = new FilterBasedLdapUserSearch(this.adDomain, "(uid={0})", defaultSpringSecurityContextSource);
            filterBasedLdapUserSearch.setSearchSubtree(true);
            BindAuthenticator bindAuthenticator = new BindAuthenticator(defaultSpringSecurityContextSource);
            bindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
            bindAuthenticator.setUserDnPatterns(new String[]{this.userDnPattern});
            bindAuthenticator.afterPropertiesSet();
            LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
            if (str4 != null && str5 != null && !str4.trim().isEmpty() && !str5.trim().isEmpty()) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(new SimpleGrantedAuthority("ROLE_USER"));
                authentication = ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(new User(str4, str5, arrayList), str5, arrayList));
            }
        } catch (BadCredentialsException e) {
            this.logFile.println("ERROR: LDAP Authentication Failed. Please verify values for ranger.admin.auth.sampleuser and ranger.admin.auth.samplepassword\n");
        } catch (Exception e2) {
            this.logFile.println("ERROR: LDAP Authentication Failed: " + e2);
        }
        return authentication;
    }
}
