package com.lunaimaging.insight.core.domain.authenticators;

import com.lunaimaging.insight.core.domain.Credentials;
import com.lunaimaging.insight.core.domain.cache.IntUnboundCache;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/lunaimaging/insight/core/domain/authenticators/KerberosAuthenticator.class */
public class KerberosAuthenticator extends LdapAuthenticator {
    protected Log log = LogFactory.getLog(getClass());
    protected String confFile = "";
    protected String realm = "";
    protected String kdcServer = "";
    protected String userDomain = "";
    protected String filterAttributeName = "userPrincipalName";

    @Override // com.lunaimaging.insight.core.domain.authenticators.LdapAuthenticator, com.lunaimaging.insight.core.domain.authenticators.LegacyUserAuthenticator, com.lunaimaging.insight.core.domain.authenticators.Authenticator
    public Credentials authenticate(String str, String str2, IntUnboundCache intUnboundCache) {
        System.setProperty("java.security.krb5.realm", this.realm);
        System.setProperty("java.security.krb5.kdc", this.kdcServer);
        try {
            Callback nameCallback = new NameCallback("do not prompt");
            nameCallback.setName(str + this.userDomain);
            PasswordCallback passwordCallback = new PasswordCallback("do not prompt", false);
            passwordCallback.setPassword(str2.toCharArray());
            Callback[] callbackArr = {nameCallback, passwordCallback};
            KerberosProxyCallbackHandler kerberosProxyCallbackHandler = new KerberosProxyCallbackHandler(str + this.userDomain, str2);
            kerberosProxyCallbackHandler.handle(callbackArr);
            new LoginContext(this.confFile, kerberosProxyCallbackHandler).login();
            return super.authenticate(findDisplayName(str), str2, (IntUnboundCache) null);
        } catch (Exception e) {
            this.log.debug("Kerberos authenticator exception with the KerberosProxyCallbackHandler.handle( callback ) method", e);
            return null;
        }
    }

    private String findDisplayName(String str) {
        SearchResult searchResult;
        Attributes attributes;
        Attribute attribute;
        String str2 = "";
        try {
            String str3 = "(" + this.filterAttributeName + "=" + str + this.userDomain + ")";
            Hashtable hashtable = new Hashtable(11);
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", "ldap://" + this.ldapHost);
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = initialDirContext.search(generateBaseDN(str), str3, searchControls);
            if (search.hasMore() && (searchResult = (SearchResult) search.next()) != null && (attributes = searchResult.getAttributes()) != null && (attribute = attributes.get("displayName")) != null && attribute.get() != null) {
                str2 = String.valueOf(attribute.get());
            }
        } catch (Exception e) {
            this.log.error("Unable to locate displayName", e);
        }
        return str2;
    }

    private String generateBaseDN(String str) {
        String str2 = "";
        for (String str3 : StringUtils.split(this.domainComponent, ".")) {
            str2 = str2 + ",DC=" + str3;
        }
        String str4 = "";
        for (String str5 : this.organizationUnits) {
            str4 = str4 + ",OU=" + str5;
        }
        return (str4 + str2).substring(1);
    }

    @Override // com.lunaimaging.insight.core.domain.authenticators.LdapAuthenticator, com.lunaimaging.insight.core.domain.authenticators.LegacyUserAuthenticator, com.lunaimaging.insight.core.domain.authenticators.AbstractAuthenticator, com.lunaimaging.insight.core.domain.authenticators.Authenticator
    public boolean isUniqueUsername(String str) {
        return true;
    }

    public String getConfFile() {
        return this.confFile;
    }

    public void setConfFile(String str) {
        this.confFile = str;
    }

    public String getKdcServer() {
        return this.kdcServer;
    }

    public void setKdcServer(String str) {
        this.kdcServer = str;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getUserDomain() {
        return this.userDomain;
    }

    public void setUserDomain(String str) {
        this.userDomain = str;
    }

    public void setFilterAttributeName(String str) {
        this.filterAttributeName = str;
    }
}
