package com.luna.insight.client.security;

import com.luna.insight.client.security.iface.AuthenticationException;
import com.luna.insight.client.security.iface.AuthorizationException;
import com.luna.insight.client.security.iface.IAuthenticationHandler;
import com.luna.insight.client.security.iface.IAuthorizationEntityKey;
import com.luna.insight.client.security.iface.IAuthorizationGroup;
import com.luna.insight.client.security.iface.IAuthorizationHandler;
import com.luna.insight.client.security.iface.IShare;
import com.luna.insight.client.security.iface.IShareAuthorizationKey;
import com.luna.insight.client.security.iface.IUser;
import com.luna.insight.client.security.iface.SecurityCallbackHandler;
import com.luna.insight.client.security.iface.SecurityServerConnectionException;
import com.luna.insight.server.CollectionKey;
import com.luna.insight.server.CollectionKeyWrapper;
import com.luna.insight.server.Debug;
import com.luna.insight.server.InsightUser;
import com.luna.insight.server.InsightUserClient;
import com.luna.insight.server.InsightUtilities;
import com.luna.insight.server.security.InsightSecuritySettings;
import com.luna.insight.server.usergroup.ShareFolder;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;

/* loaded from: input_file:com/luna/insight/client/security/LDAPAuthorizationHandler.class */
public class LDAPAuthorizationHandler implements IAuthorizationHandler, PrivilegedAction {
    protected String userName = "";
    protected String userGroupProfiles = "";
    protected InsightUser insightUser = new InsightUser();
    protected LoginContext lc = null;
    protected Exception ldapException = null;

    public static void debugOut(String str) {
        debugOut(str, 2);
    }

    public static void debugOut(String str, int i) {
        Debug.debugOut("LDAPAuthorizationHandler: " + str, i);
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public List getCollections(IAuthenticationHandler iAuthenticationHandler, boolean z) throws AuthorizationException, SecurityServerConnectionException {
        if (!(iAuthenticationHandler instanceof KerberosAuthenticationHandler)) {
            throw new AuthorizationException();
        }
        this.lc = ((KerberosAuthenticationHandler) iAuthenticationHandler).getLoginContext();
        Subject.doAs(this.lc.getSubject(), this);
        debugOut("User group profiles: " + this.userGroupProfiles);
        if (this.userGroupProfiles == null || this.userGroupProfiles.length() == 0) {
            if (this.ldapException == null || !(this.ldapException instanceof SecurityServerConnectionException)) {
                throw new AuthorizationException();
            }
            throw ((SecurityServerConnectionException) this.ldapException);
        }
        new Vector();
        InsightUserClient insightUserClient = new InsightUserClient(InsightUserManager.USER_SERVER_ADDRESS);
        if (!insightUserClient.isConnectionGood()) {
            throw new SecurityServerConnectionException(false, true);
        }
        Vector medeCollectionsByUserGroups = z ? insightUserClient.getMedeCollectionsByUserGroups(this.userName, this.userGroupProfiles) : insightUserClient.getCollectionsByUserGroups(this.userName, this.userGroupProfiles);
        insightUserClient.closeConnection();
        debugOut("Received " + medeCollectionsByUserGroups.size() + " collection(s).");
        if (medeCollectionsByUserGroups == null || medeCollectionsByUserGroups.size() < 1) {
            throw new AuthorizationException();
        }
        return medeCollectionsByUserGroups;
    }

    @Override // java.security.PrivilegedAction
    public Object run() {
        performJndiOperation();
        return null;
    }

    private void performJndiOperation() {
        Set<Principal> principals = this.lc.getSubject().getPrincipals();
        InsightSecuritySettings insightSecuritySettings = InsightUserManager.LOGIN_PROPS;
        String property = insightSecuritySettings.getProperty(InsightSecuritySettings.USER_ATTRIBUTE_NAME_KEY);
        String property2 = insightSecuritySettings.getProperty(InsightSecuritySettings.BASE_DN_KEY);
        String property3 = insightSecuritySettings.getProperty(InsightSecuritySettings.TARGET_ATTRIBUTE_NAME_KEY);
        String property4 = insightSecuritySettings.getProperty(InsightSecuritySettings.ORG_ATTRIBUTE_NAME_KEY);
        String property5 = insightSecuritySettings.getProperty(InsightSecuritySettings.EMAIL_ATTRIBUTE_NAME_KEY);
        String property6 = insightSecuritySettings.getProperty(InsightSecuritySettings.PHONE_ATTRIBUTE_NAME_KEY);
        String property7 = insightSecuritySettings.getProperty(InsightSecuritySettings.LDAP_URL_KEY);
        debugOut("searchAttrName " + property);
        debugOut("baseDN " + property2);
        debugOut("targetAttrName " + property3);
        debugOut("ldapURL " + property7);
        debugOut("orgAttrName " + property4);
        debugOut("emailAttrName " + property5);
        debugOut("phoneAttrName " + property6);
        Iterator<Principal> it = principals.iterator();
        if (it.hasNext()) {
            this.userName = it.next().getName();
        }
        String str = "(" + property + "=" + this.userName + ")";
        debugOut("Filter " + str);
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", property7);
        hashtable.put("java.naming.security.authentication", "GSSAPI");
        hashtable.put("javax.security.sasl.server.authentication", "true");
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = initialDirContext.search(property2, str, searchControls);
            try {
                if (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    try {
                        this.userGroupProfiles = (String) attributes.get(property3).get(0);
                        Attribute attribute = attributes.get(property5);
                        Attribute attribute2 = attributes.get(property4);
                        Attribute attribute3 = attributes.get(property6);
                        this.insightUser.setEmail(attribute == null ? "" : (String) attribute.get(0));
                        this.insightUser.setOrganization(attribute2 == null ? "" : (String) attribute2.get(0));
                        this.insightUser.setPhone(attribute3 == null ? "" : (String) attribute3.get(0));
                        this.insightUser.setLastName(this.userName);
                        this.insightUser.setLoginName(this.userName);
                        debugOut(this.insightUser.toString());
                    } catch (Exception e) {
                        debugOut("Exception, the TargetAttributeName \"" + property3 + "\" was not found or configured incorrectly: " + InsightUtilities.getStackTrace(e));
                    }
                }
            } catch (Exception e2) {
                debugOut("Exception, the search filter \"" + str + "\" did not find the user, or the UserAttributeName or baseDN may not have been configured correctly: " + InsightUtilities.getStackTrace(e2));
            }
            initialDirContext.close();
        } catch (CommunicationException e3) {
            debugOut("Communication exception:\n" + InsightUtilities.getStackTrace(e3));
            this.ldapException = new SecurityServerConnectionException(false, true);
        } catch (NamingException e4) {
            debugOut("Naming exception:\n" + InsightUtilities.getStackTrace(e4));
        }
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public InsightUser getInsightUser(SecurityCallbackHandler securityCallbackHandler, IAuthenticationHandler iAuthenticationHandler) throws SecurityServerConnectionException {
        return this.insightUser;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean supportsManagement(SecurityCallbackHandler securityCallbackHandler) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public List getUserKeys(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IUser getUser(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public void saveUser(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IUser iUser) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public List getGroupKeys(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IAuthorizationGroup getGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public void saveGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationGroup iAuthorizationGroup) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public List getShareKeys(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IShare getShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public void saveShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IShare iShare) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public List getShareSubfolderList(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, ShareFolder shareFolder) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return new ArrayList();
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean addFolderToShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2, ShareFolder shareFolder, String str, boolean z) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeFolderFromShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, ShareFolder shareFolder, boolean z) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    public boolean linkKeys(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2, Object obj) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    public boolean unlinkKeys(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean setUserShareRights(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IShareAuthorizationKey iShareAuthorizationKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean addCollectionToGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, CollectionKey collectionKey, String str, int i, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        InsightUserClient insightUserClient = null;
        try {
            InsightUserClient insightUserClient2 = new InsightUserClient(InsightUserManager.USER_SERVER_ADDRESS);
            if (!insightUserClient2.isConnectionGood()) {
                throw new SecurityServerConnectionException(false, true);
            }
            boolean addCollectionToGroup = insightUserClient2.addCollectionToGroup(CollectionKeyWrapper.createCollectionKeyWrapper(collectionKey), str, i, iAuthorizationEntityKey.getUniqueIdentifier());
            if (insightUserClient2 != null) {
                insightUserClient2.closeConnection();
            }
            return addCollectionToGroup;
        } catch (Throwable th) {
            if (0 != 0) {
                insightUserClient.closeConnection();
            }
            throw th;
        }
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean addUserToGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeUserFromGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeUserFromShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean addUserToShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey, IAuthorizationEntityKey iAuthorizationEntityKey2, boolean z, boolean z2, boolean z3) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IAuthorizationEntityKey addUser(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, String str) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeUser(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IAuthorizationEntityKey addUserGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, String str, String str2) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add(str2);
        if (addAuthorizationEntity(1, arrayList)) {
            return new ManagedInsightAuthorizationEntityKey(str, ManagedUserGroup.class);
        }
        throw new AuthorizationException("Unable to add user group.");
    }

    private boolean addAuthorizationEntity(int i, Object obj) throws SecurityServerConnectionException {
        InsightUserClient insightUserClient = null;
        try {
            InsightUserClient insightUserClient2 = new InsightUserClient(InsightUserManager.USER_SERVER_ADDRESS);
            if (!insightUserClient2.isConnectionGood()) {
                throw new SecurityServerConnectionException(false, true);
            }
            boolean addAuthorizationEntity = insightUserClient2.addAuthorizationEntity(i, obj);
            if (insightUserClient2 != null) {
                insightUserClient2.closeConnection();
            }
            return addAuthorizationEntity;
        } catch (Throwable th) {
            if (0 != 0) {
                insightUserClient.closeConnection();
            }
            throw th;
        }
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeUserGroup(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public IAuthorizationEntityKey addShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, String str) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return null;
    }

    @Override // com.luna.insight.client.security.iface.IAuthorizationHandler
    public boolean removeShare(IAuthenticationHandler iAuthenticationHandler, SecurityCallbackHandler securityCallbackHandler, IAuthorizationEntityKey iAuthorizationEntityKey) throws AuthenticationException, AuthorizationException, SecurityServerConnectionException {
        return false;
    }
}
