package com.greenhat.server.container.server.security.ldap;

import com.greenhat.server.container.server.security.Authenticator;
import com.greenhat.server.container.shared.datamodel.Role;
import com.greenhat.server.container.shared.datamodel.User;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:security-config.jar:com/greenhat/server/container/server/security/ldap/BaseLDAPAuthenticator.class */
public abstract class BaseLDAPAuthenticator implements Authenticator, CommonLDAPConfigurationAttributes {
    private static final Logger logger;
    protected final Map<String, String> config;
    protected final Map<String, Set<Role>> groupMappings;
    private LdapContext adminContext;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseLDAPAuthenticator(Map<String, String> map, Map<String, Set<Role>> map2) {
        if (!$assertionsDisabled && map == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && map2 == null) {
            throw new AssertionError();
        }
        this.config = map;
        this.groupMappings = map2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LdapContext getAdminContext() {
        LdapContext makeAdminContext = this.adminContext == null ? makeAdminContext() : this.adminContext;
        this.adminContext = makeAdminContext;
        return makeAdminContext;
    }

    private LdapContext makeAdminContext() {
        try {
            return loginToLDAP(makeUsernamePasswordConnection(getAdminUser(), getAdminPassword()));
        } catch (LdapLoginFailedException e) {
            logger.log(Level.SEVERE, "Failed to login to LDAP using admin account", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    protected LdapContext loginToLDAP(LdapConnection ldapConnection) throws LdapLoginFailedException {
        try {
            Hashtable<String, String> hashtable = new Hashtable<>();
            addCustomContextAttributes(hashtable);
            ldapConnection.open(hashtable);
            return ldapConnection.getRootDirContext();
        } catch (LdapLoginFailedException e) {
            throw e;
        } catch (LdapConnectionException e2) {
            throw new RuntimeException(e2);
        }
    }

    private LdapConnection getUsernamePasswordConnection(String str, String str2) throws LdapLoginFailedException {
        String makeQualifiedUsername = makeQualifiedUsername(str);
        if (makeQualifiedUsername == null) {
            throw new LdapLoginFailedException("Login failed for user " + str);
        }
        return makeUsernamePasswordConnection(makeQualifiedUsername, str2);
    }

    private LdapConnection makeUsernamePasswordConnection(String str, String str2) {
        return new UsernamePasswordConnection(getServerURL(), str, str2);
    }

    protected String makeQualifiedUsername(String str) {
        return str;
    }

    protected void addCustomContextAttributes(Hashtable<String, String> hashtable) {
    }

    @Override // com.greenhat.server.container.server.security.Authenticator
    public User login(String str, String str2) {
        try {
            LdapContext loginToLDAP = loginToLDAP(getUsernamePasswordConnection(str, str2));
            try {
                Set<Role> roles = getRoles(str);
                if (!roles.contains(Role.USER)) {
                    return null;
                }
                String userName = getUserName(loginToLDAP, str);
                if (userName != null) {
                    User user = new User(userName, roles);
                    loginToLDAP.close();
                    return user;
                }
                logger.warning("RTCP authentication failed: User " + str + " successfully logged in to LDAP, but either could not find LDAP record, or could not find canonical user name.");
                loginToLDAP.close();
                return null;
            } finally {
                loginToLDAP.close();
            }
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        } catch (LdapLoginFailedException e2) {
            return null;
        }
    }

    @Override // com.greenhat.server.container.server.security.Authenticator
    public String userExists(String str) {
        try {
            return getUserName(getAdminContext(), str);
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private Set<Role> mapGroups(Set<String> set) {
        HashSet hashSet = new HashSet();
        for (String str : set) {
            if (this.groupMappings.containsKey(str)) {
                hashSet.addAll(this.groupMappings.get(str));
            }
        }
        return hashSet;
    }

    private final Set<Role> getRoles(String str) {
        return mapGroups(getGroups(str));
    }

    protected abstract Set<String> getGroups(String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public SearchResult getUserSearchResult(LdapContext ldapContext, String str) throws NamingException {
        String format = MessageFormat.format(getUserFilter(), str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(getUserSearchBase(), format, searchControls);
        SearchResult searchResult = null;
        if (search.hasMoreElements()) {
            searchResult = (SearchResult) search.next();
        }
        return searchResult;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserDN(LdapContext ldapContext, String str) throws NamingException {
        SearchResult userSearchResult = getUserSearchResult(ldapContext, str);
        if (userSearchResult == null) {
            return null;
        }
        return userSearchResult.getNameInNamespace();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserName(LdapContext ldapContext, String str) throws NamingException {
        Attribute attribute;
        SearchResult userSearchResult = getUserSearchResult(ldapContext, str);
        if (userSearchResult == null) {
            return null;
        }
        String userNameAttribute = getUserNameAttribute();
        if (userNameAttribute != null && (attribute = userSearchResult.getAttributes().get(userNameAttribute)) != null) {
            Object obj = attribute.get();
            if (obj instanceof String) {
                return (String) obj;
            }
        }
        logger.severe("LDAP entry found for user " + str + " but no canonical username was found in field " + userNameAttribute);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getWithDefault(String str, String str2) {
        return this.config.containsKey(str) ? this.config.get(str) : str2;
    }

    protected String getAdminPassword() {
        return this.config.get(CommonLDAPConfigurationAttributes.ADMIN_PASSWORD);
    }

    protected String getAdminUser() {
        return this.config.get(CommonLDAPConfigurationAttributes.ADMIN_USERNAME);
    }

    protected String getServerURL() {
        return this.config.get(CommonLDAPConfigurationAttributes.URL);
    }

    protected String getUserFilter() {
        return this.config.get(CommonLDAPConfigurationAttributes.USER_FILTER);
    }

    protected String getUserNameAttribute() {
        return this.config.get(CommonLDAPConfigurationAttributes.USER_NAME_ATTRIBUTE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSearchBase() {
        return trim(this.config.get(CommonLDAPConfigurationAttributes.SEARCH_BASE));
    }

    protected String getUserSearchBase() {
        return isEmptyString(this.config.get(CommonLDAPConfigurationAttributes.USER_SEARCH_BASE)) ? getSearchBase() : this.config.get(CommonLDAPConfigurationAttributes.USER_SEARCH_BASE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getGroupIdentifier() {
        return this.config.get(CommonLDAPConfigurationAttributes.GROUP_IDENTIFIER);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAllGroupsFilter() {
        return this.config.get(CommonLDAPConfigurationAttributes.ALL_GROUPS_FILTER);
    }

    private String trim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    private boolean isEmptyString(String str) {
        return str == null || trim(str).isEmpty();
    }

    @Override // com.greenhat.server.container.server.security.Authenticator
    public final void close() {
        try {
            if (this.adminContext != null) {
                this.adminContext.close();
            }
        } catch (NamingException e) {
            logger.log(Level.SEVERE, "Exception closing admin context", e);
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getAllGroups(LdapContext ldapContext, String str) {
        HashMap hashMap = new HashMap();
        try {
            String[] strArr = {getGroupIdentifier()};
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(2);
            NamingEnumeration search = ldapContext.search(getSearchBase(), str, searchControls);
            while (search.hasMoreElements()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes = searchResult.getAttributes();
                if (attributes != null) {
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMore()) {
                        hashMap.put(searchResult.getNameInNamespace(), ((Attribute) all.next()).get().toString());
                    }
                    all.close();
                }
            }
            return hashMap;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    static {
        $assertionsDisabled = !BaseLDAPAuthenticator.class.desiredAssertionStatus();
        logger = Logger.getLogger(BaseLDAPAuthenticator.class.getName());
    }
}
