package com.luna.insight.client.security.ldap;

import com.sun.jndi.ldap.LdapCtxFactory;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;

/* loaded from: input_file:com/luna/insight/client/security/ldap/LDAPAuthenticationSearchImpl.class */
public class LDAPAuthenticationSearchImpl implements LDAPAuthenticationSearch {
    protected Pattern domianNamePattern;
    protected String ldapUserAttribute = "insightUser";
    protected String ldapURL = null;
    protected String baseDN = null;
    protected Boolean loginSSL = null;
    protected String ldapSecurityPrincipal = null;
    protected String ldapSecurityPrincipalAttributes = null;
    protected String trustStorePath = null;
    protected List ldapSearchFilters = null;
    protected List ldapAttributes = null;
    protected boolean activeDirectory = false;
    protected String domainNameForActiveDirectory = null;

    public LDAPAuthenticationSearchImpl() {
        this.domianNamePattern = null;
        this.domianNamePattern = Pattern.compile("dc\\s*=\\s*(\\w+)\\s*,\\s*dc\\s*=\\s*(\\w+)");
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setLdapSearchFilters(List list) {
        this.ldapSearchFilters = list;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public List getLdapSearchFilters() {
        return this.ldapSearchFilters;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setLdapSearchAttributes(List list) {
        this.ldapAttributes = list;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public List getLdapSearchAttributes() {
        return this.ldapAttributes;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setLdapUserAttribute(String str) {
        this.ldapUserAttribute = str;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public String getLdapUserAttribute() {
        return this.ldapUserAttribute;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public String getLdapURL() {
        return this.ldapURL;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setLdapURL(String str) {
        this.ldapURL = str;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public String getBaseDN() {
        return this.baseDN;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public Boolean getLoginSSL() {
        return this.loginSSL;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setLoginSSL(Boolean bool) {
        this.loginSSL = bool;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setBaseDN(String str) {
        this.baseDN = str;
    }

    public String getLdapSecurityPrincipal() {
        return this.ldapSecurityPrincipal;
    }

    public void setLdapSecurityPrincipal(String str) {
        this.ldapSecurityPrincipal = str;
    }

    public String getLdapSecurityPrincipalAttributes() {
        return this.ldapSecurityPrincipalAttributes;
    }

    public void setLdapSecurityPrincipalAttributes(String str) {
        this.ldapSecurityPrincipalAttributes = str;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setTrustStorePath(String str) {
        this.trustStorePath = str;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    public boolean addFilter(String str, String str2) {
        if (this.ldapSearchFilters == null) {
            this.ldapSearchFilters = new ArrayList();
        }
        debugOut(new StringBuffer().append("addFilter(..): ldapSearchFilter = ").append(str).append(", ldapSearchAttribute = ").append(str2).toString());
        boolean add = this.ldapSearchFilters.add(str);
        if (add) {
            if (this.ldapAttributes == null) {
                this.ldapAttributes = new ArrayList();
            }
            add = this.ldapAttributes.add(str2);
        }
        return add;
    }

    protected boolean addSearchAttributes(List list, String str, String str2, String str3) {
        return addSearchAttributes(list, new SearchAttributes(this.ldapUserAttribute, str, str2, str3));
    }

    protected void addFilters(List list, String str, List list2, List list3) {
        if (list2 == null || list3 == null) {
            return;
        }
        if (list2.size() > list3.size()) {
            debugOut("Error: LDAP Filters / attributes inconsistent", 3);
            return;
        }
        for (int i = 0; i < list2.size(); i++) {
            Object obj = list2.get(i);
            Object obj2 = list3.get(i);
            if (obj != null && obj2 != null) {
                addSearchAttributes(list, str, (String) obj, (String) obj2);
            }
        }
    }

    public boolean addSearchAttributes(List list, SearchAttributes searchAttributes) {
        return list.add(searchAttributes);
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public void setActiveDirectory(boolean z) {
        this.activeDirectory = z;
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public boolean getActiveDirectory() {
        return this.activeDirectory;
    }

    protected SearchAttributes getLastSearchAttributes(List list) {
        int size = list.size() - 2;
        int i = size < 0 ? 0 : size;
        debugOut(new StringBuffer().append("getLastSearchAttributes(..) index = ").append(i).toString());
        Object obj = null;
        if (list != null) {
            obj = list.get(i);
        }
        debugOut(new StringBuffer().append("getLastSearchAttributes(..): obj = ").append(obj).toString());
        if (obj == null) {
            return null;
        }
        return (SearchAttributes) obj;
    }

    protected List getSearchAttributesList(List list) {
        return list;
    }

    protected void precedingSearches(List list, Hashtable hashtable) throws Exception {
        debugOut("precedingSearches(..)");
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            int i = 0;
            while (i < list.size()) {
                SearchAttributes searchAttributes = (SearchAttributes) list.get(i);
                if (searchAttributes.getSearchFilter() != null) {
                    Object[] values = i == 0 ? searchAttributes.values(searchAttributes.getSearchAttributes()) : ((SearchAttributes) list.get(i - 1)).values(searchAttributes.getSearchAttributes());
                    debugOut(new StringBuffer().append("precedingSearches(..): LdapSearchFilter_ ").append(i).append(" = ").append(searchAttributes.getSearchFilter()).toString());
                    searchAttributes.populateAttributeValues(initialDirContext.search(this.baseDN, searchAttributes.getSearchFilter(), values, searchControls), this.baseDN);
                }
                i++;
            }
            if (initialDirContext != null) {
                initialDirContext.close();
            }
        } catch (Throwable th) {
            if (initialDirContext != null) {
                initialDirContext.close();
            }
            throw th;
        }
    }

    protected void searchWithCredential(List list, Hashtable hashtable, boolean z) throws Exception {
        debugOut(new StringBuffer().append("searchWithCredential(..): Security Settings: \nldapUserAttribute = ").append(this.ldapUserAttribute).append(", ldapURL = ").append(this.ldapURL).append(", loginSSL = ").append(this.loginSSL.toString()).append(", baseDN = ").append(this.baseDN).append(", ldapSecurityPrincipal = ").append(this.ldapSecurityPrincipal).append(", ldapSecurityPrincipalAttributes = ").append(this.ldapSecurityPrincipalAttributes).toString());
        if (this.ldapSecurityPrincipal == null || this.ldapSecurityPrincipalAttributes == null) {
            debugOut("searchWithCredential(..): ldapSecurityPrincipal or ldapSecurityPrincipalAttributes not specified in the config.");
            return;
        }
        InitialDirContext initialDirContext = null;
        try {
            try {
                String format = MessageFormat.format(this.ldapSecurityPrincipal, getLastSearchAttributes(list).values(this.ldapSecurityPrincipalAttributes));
                debugOut(new StringBuffer().append("searchWithCredential(..): bound with principal = ").append(format).toString());
                if (!z) {
                    hashtable.put("java.naming.security.principal", format);
                }
                initialDirContext = new InitialDirContext(hashtable);
                debugOut("searchWithCredential(..): login sueccessful");
                if (initialDirContext != null) {
                    initialDirContext.close();
                }
            } catch (AuthenticationException e) {
                debugOut("Checks the ldapAuthenticationSearch properties of the configuration.", 3);
                throw e;
            }
        } catch (Throwable th) {
            if (initialDirContext != null) {
                initialDirContext.close();
            }
            throw th;
        }
    }

    protected void checkTrustStorePath() {
        if (this.trustStorePath == null || this.trustStorePath.length() <= 0) {
            return;
        }
        System.setProperty("javax.net.ssl.trustStore", this.trustStorePath);
    }

    protected void populateSearchConditions(List list, String str) {
        if (this.ldapSearchFilters != null && this.ldapSearchFilters.size() > 0) {
            addFilters(list, str, this.ldapSearchFilters, this.ldapAttributes);
        }
        if (list.size() == 0) {
            addSearchAttributes(list, new SearchAttributes(this.ldapUserAttribute, str));
        }
    }

    @Override // com.luna.insight.client.security.ldap.LDAPAuthenticationSearch
    public boolean authenticate(String str, String str2) {
        boolean z = false;
        checkTrustStorePath();
        boolean loginActiveDirectory = loginActiveDirectory(str, str2);
        if (!loginActiveDirectory) {
            z = (this.ldapSearchFilters == null || this.ldapSearchFilters.size() == 0) ? false : loginWithSearch(str, str2, loginActiveDirectory);
        } else if (this.ldapSearchFilters == null || this.ldapSearchFilters.size() == 0) {
            z = true;
        }
        return z;
    }

    public static void debugOut(String str) {
        System.out.println(str);
    }

    public static void debugOut(String str, int i) {
        System.out.println(str);
    }

    protected void initEnvForLoginWithSearch(String str, String str2, boolean z, Hashtable hashtable, List list) {
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        if (this.loginSSL.equals(Boolean.TRUE)) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        hashtable.put("java.naming.provider.url", this.ldapURL);
        if (z) {
            prepareActiveDirectoryEnv(hashtable, str, str2);
        }
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.referral", "follow");
    }

    protected boolean loginWithSearch(String str, String str2, boolean z) {
        debugOut("loginWithSearch");
        boolean z2 = false;
        Hashtable hashtable = new Hashtable();
        ArrayList arrayList = new ArrayList();
        populateSearchConditions(arrayList, str);
        initEnvForLoginWithSearch(str, str2, z, hashtable, arrayList);
        try {
            precedingSearches(arrayList, hashtable);
            searchWithCredential(arrayList, hashtable, z);
            z2 = true;
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("LDAPAuthenticationSearchImpl: authenticate(..): Error: message = ").append(e.getMessage()).toString());
            e.printStackTrace();
        }
        return z2;
    }

    protected void prepareActiveDirectoryEnv(Hashtable hashtable, String str, String str2) {
        createDomainName();
        hashtable.put("java.naming.security.principal", new StringBuffer().append(str).append('@').append(this.domainNameForActiveDirectory).toString());
    }

    protected void createDomainName() {
        synchronized (this) {
            if (this.domainNameForActiveDirectory == null) {
                if (this.baseDN == null) {
                    System.out.println("Error: baseDN is not specified.");
                }
                Matcher matcher = this.domianNamePattern.matcher(this.baseDN);
                if (!matcher.find()) {
                    System.out.println(new StringBuffer().append("Error: incorrect baseDN = ").append(this.baseDN).toString());
                } else if (matcher.group(1) == null || matcher.group(2) == null) {
                    System.out.println(new StringBuffer().append("Error: incorrect baseDN = ").append(this.baseDN).toString());
                } else {
                    this.domainNameForActiveDirectory = new StringBuffer().append(matcher.group(1).trim()).append('.').append(matcher.group(2).trim()).toString();
                }
            }
        }
        debugOut(new StringBuffer().append("Domain name: ").append(this.domainNameForActiveDirectory).toString());
    }

    protected boolean loginActiveDirectory(String str, String str2) {
        boolean z = false;
        Hashtable hashtable = new Hashtable();
        prepareActiveDirectoryEnv(hashtable, str, str2);
        hashtable.put("java.naming.security.credentials", str2);
        if (this.loginSSL.equals(Boolean.TRUE)) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        hashtable.put("java.naming.referral", "follow");
        DirContext dirContext = null;
        try {
            try {
                dirContext = LdapCtxFactory.getLdapCtxInstance(new StringBuffer().append(this.ldapURL).append('/').toString(), hashtable);
                this.activeDirectory = true;
                z = true;
                debugOut("loginActiveDirectory(..): authenticated with Active Directory");
                try {
                    dirContext.close();
                } catch (Exception e) {
                }
            } catch (NamingException e2) {
                System.out.println(new StringBuffer().append("Could not bind to Active Directory for user:  ").append(str).toString());
                System.out.println("Tries to access as OpenLDAP");
                try {
                    dirContext.close();
                } catch (Exception e3) {
                }
            }
            return z;
        } catch (Throwable th) {
            try {
                dirContext.close();
            } catch (Exception e4) {
            }
            throw th;
        }
    }
}
