package org.jabylon.security.internal;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.jabylon.security.CommonPermissions;
import org.jabylon.security.GroupMemberAttribute;
import org.jabylon.security.SubjectAttribute;
import org.jabylon.users.UsersPackage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jabylon/security/internal/LDAPLoginModule.class */
public class LDAPLoginModule implements LoginModule {
    public static final String KEY_LDAP = "ldap";
    public static final String KEY_LDAP_PORT = "ldap.port";
    public static final String KEY_USER_NAME = "user.id";
    public static final String KEY_USER_FULL_NAME = "user.name";
    public static final String KEY_USER_MAIL = "user.mail";
    public static final String KEY_ROOT_DN = "root.dn";
    public static final String KEY_MANAGER = "manager";
    public static final String KEY_MANAGER_PASSWORD = "manager.password";
    public static final String KEY_MEMBER_OF = "member.of";
    public static final String KEY_GROUP_NAME = "group.name";
    private Subject subj;
    private CallbackHandler cbHandler;
    private Map<String, ?> options;
    private boolean authenticated;
    private String user;
    private static final Logger logger = LoggerFactory.getLogger(LDAPLoginModule.class);
    private DirContext ctx;
    private String email;
    private String fullName;
    private Set<String> groups;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subj = subject;
        this.cbHandler = callbackHandler;
        this.options = map2;
    }

    public boolean login() throws LoginException {
        Callback nameCallback = new NameCallback("User:");
        PasswordCallback passwordCallback = new PasswordCallback("Password:", false);
        try {
            this.cbHandler.handle(new Callback[]{nameCallback, passwordCallback});
        } catch (Exception e) {
            logger.error("Login failed", e);
        }
        this.user = nameCallback.getName();
        String str = null;
        if (passwordCallback.getPassword() != null) {
            str = String.valueOf(passwordCallback.getPassword());
        }
        this.authenticated = checkLogin(this.user, str);
        return this.authenticated;
    }

    private boolean checkLogin(String str, String str2) {
        DirContext createContext;
        this.ctx = createContext((String) this.options.get(KEY_MANAGER), (String) this.options.get(KEY_MANAGER_PASSWORD));
        try {
            if (this.ctx == null) {
                return false;
            }
            try {
                String findUser = findUser(str, this.ctx);
                if (findUser != null && (createContext = createContext(findUser, str2)) != null) {
                    createContext.close();
                    return true;
                }
                try {
                    this.ctx.close();
                    return false;
                } catch (NamingException e) {
                    logger.error("Failed to close directory context", e);
                    return false;
                }
            } catch (NamingException e2) {
                logger.error("LDAP search failed for user " + str, e2);
                try {
                    this.ctx.close();
                    return false;
                } catch (NamingException e3) {
                    logger.error("Failed to close directory context", e3);
                    return false;
                }
            }
        } finally {
            try {
                this.ctx.close();
            } catch (NamingException e4) {
                logger.error("Failed to close directory context", e4);
            }
        }
    }

    private String findUser(String str, DirContext dirContext) throws NamingException {
        Attribute attribute;
        Attribute attribute2;
        Attribute attribute3;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(getUserAttributes());
        NamingEnumeration search = dirContext.search("", MessageFormat.format("({0}={1})", this.options.get(KEY_USER_NAME), str), searchControls);
        if (!search.hasMore()) {
            return null;
        }
        SearchResult searchResult = (SearchResult) search.next();
        String nameInNamespace = searchResult.getNameInNamespace();
        Attributes attributes = searchResult.getAttributes();
        if ((this.options.get(KEY_USER_MAIL) instanceof String) && (attribute3 = attributes.get((String) this.options.get(KEY_USER_MAIL))) != null) {
            this.email = (String) attribute3.get();
        }
        if ((this.options.get(KEY_USER_FULL_NAME) instanceof String) && (attribute2 = attributes.get((String) this.options.get(KEY_USER_FULL_NAME))) != null) {
            this.fullName = (String) attribute2.get();
        }
        if ((this.options.get(KEY_USER_FULL_NAME) instanceof String) && (attribute = attributes.get((String) this.options.get(KEY_MEMBER_OF))) != null) {
            NamingEnumeration all = attribute.getAll();
            this.groups = new HashSet();
            this.groups.add(CommonPermissions.ROLE_LDAP_REGISTERED);
            while (all.hasMoreElements()) {
                Object nextElement = all.nextElement();
                if (nextElement instanceof String) {
                    this.groups.add(lookupGroupName(dirContext, (String) nextElement));
                }
            }
        }
        return nameInNamespace;
    }

    private String lookupGroupName(DirContext dirContext, String str) throws NamingException {
        try {
            return (String) dirContext.getAttributes(str.substring(0, str.indexOf((String) this.options.get(KEY_ROOT_DN)) - 1), new String[]{(String) this.options.get(KEY_GROUP_NAME)}).get((String) this.options.get(KEY_GROUP_NAME)).get();
        } catch (Exception e) {
            return str;
        }
    }

    private String[] getUserAttributes() {
        ArrayList arrayList = new ArrayList();
        if (this.options.get(KEY_USER_MAIL) instanceof String) {
            arrayList.add((String) this.options.get(KEY_USER_MAIL));
        }
        if (this.options.get(KEY_USER_FULL_NAME) instanceof String) {
            arrayList.add((String) this.options.get(KEY_USER_FULL_NAME));
        }
        if (this.options.get(KEY_MEMBER_OF) instanceof String) {
            arrayList.add((String) this.options.get(KEY_MEMBER_OF));
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public DirContext createContext(String str, String str2) {
        InitialDirContext initialDirContext = null;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", MessageFormat.format("ldap://{0}:{1}/{2}", this.options.get(KEY_LDAP), this.options.get(KEY_LDAP_PORT), this.options.get(KEY_ROOT_DN)));
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.credentials", str2);
        try {
            initialDirContext = new InitialDirContext(hashtable);
        } catch (NamingException e) {
            logger.warn("Cannot bind user with userDN = " + str + " with exception " + e.getLocalizedMessage());
        }
        return initialDirContext;
    }

    public boolean commit() throws LoginException {
        if (!this.authenticated) {
            this.subj.getPublicCredentials().remove(this.user);
            return false;
        }
        this.subj.getPublicCredentials().add(this.user);
        if (this.email != null && !this.email.isEmpty()) {
            this.subj.getPublicCredentials().add(new SubjectAttribute(UsersPackage.Literals.USER__EMAIL, this.email));
        }
        if (this.fullName != null && !this.fullName.isEmpty()) {
            this.subj.getPublicCredentials().add(new SubjectAttribute(UsersPackage.Literals.USER__DISPLAY_NAME, this.fullName));
        }
        if (this.groups != null && !this.groups.isEmpty()) {
            this.subj.getPublicCredentials().add(new GroupMemberAttribute(this.groups));
        }
        this.subj.getPublicCredentials().add(new SubjectAttribute(UsersPackage.Literals.USER__TYPE, CommonPermissions.AUTH_TYPE_LDAP));
        return true;
    }

    public boolean abort() throws LoginException {
        this.authenticated = false;
        return true;
    }

    public boolean logout() throws LoginException {
        this.authenticated = false;
        return true;
    }
}
