package alpine.auth;

import alpine.Config;
import alpine.logging.Logger;
import alpine.model.LdapUser;
import alpine.validation.LdapStringSanitizer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:alpine/auth/LdapConnectionWrapper.class */
public class LdapConnectionWrapper {
    private static final Logger LOGGER = Logger.getLogger(LdapConnectionWrapper.class);
    private static final String BIND_USERNAME = Config.getInstance().getProperty(Config.AlpineKey.LDAP_BIND_USERNAME);
    private static final String BIND_PASSWORD = Config.getInstance().getPropertyOrFile(Config.AlpineKey.LDAP_BIND_PASSWORD);
    private static final String LDAP_SECURITY_AUTH = Config.getInstance().getProperty(Config.AlpineKey.LDAP_SECURITY_AUTH);
    private static final String LDAP_AUTH_USERNAME_FMT = Config.getInstance().getProperty(Config.AlpineKey.LDAP_AUTH_USERNAME_FMT);
    private static final String USER_GROUPS_FILTER = Config.getInstance().getProperty(Config.AlpineKey.LDAP_USER_GROUPS_FILTER);
    private static final String GROUPS_FILTER = Config.getInstance().getProperty(Config.AlpineKey.LDAP_GROUPS_FILTER);
    private static final String GROUPS_SEARCH_FILTER = Config.getInstance().getProperty(Config.AlpineKey.LDAP_GROUPS_SEARCH_FILTER);
    private static final String USERS_SEARCH_FILTER = Config.getInstance().getProperty(Config.AlpineKey.LDAP_USERS_SEARCH_FILTER);
    public static final boolean LDAP_ENABLED = Config.getInstance().getPropertyAsBoolean(Config.AlpineKey.LDAP_ENABLED);
    public static final String LDAP_URL = Config.getInstance().getProperty(Config.AlpineKey.LDAP_SERVER_URL);
    public static final String BASE_DN = Config.getInstance().getProperty(Config.AlpineKey.LDAP_BASEDN);
    public static final String ATTRIBUTE_MAIL = Config.getInstance().getProperty(Config.AlpineKey.LDAP_ATTRIBUTE_MAIL);
    public static final String ATTRIBUTE_NAME = Config.getInstance().getProperty(Config.AlpineKey.LDAP_ATTRIBUTE_NAME);
    public static final boolean USER_PROVISIONING = Config.getInstance().getPropertyAsBoolean(Config.AlpineKey.LDAP_USER_PROVISIONING);
    public static final boolean TEAM_SYNCHRONIZATION = Config.getInstance().getPropertyAsBoolean(Config.AlpineKey.LDAP_TEAM_SYNCHRONIZATION);
    public static final boolean LDAP_CONFIGURED;
    private static final boolean IS_LDAP_SSLTLS;

    public LdapContext createLdapContext(String str, String str2) throws NamingException {
        LOGGER.debug("Creating LDAP context for: " + str);
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new NamingException("Username or password cannot be empty or null");
        }
        Hashtable hashtable = new Hashtable();
        if (StringUtils.isNotBlank(LDAP_SECURITY_AUTH)) {
            hashtable.put("java.naming.security.authentication", LDAP_SECURITY_AUTH);
        }
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", LDAP_URL);
        if (IS_LDAP_SSLTLS) {
            hashtable.put("java.naming.ldap.factory.socket", "alpine.crypto.RelaxedSSLSocketFactory");
        }
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (NamingException e) {
            throw new NamingException("Failed to authenticate user");
        } catch (CommunicationException e2) {
            LOGGER.error("Failed to connect to directory server", e2);
            throw e2;
        }
    }

    public DirContext createDirContext() throws NamingException {
        LOGGER.debug("Creating directory service context (DirContext)");
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.principal", BIND_USERNAME);
        hashtable.put("java.naming.security.credentials", BIND_PASSWORD);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", LDAP_URL);
        if (IS_LDAP_SSLTLS) {
            hashtable.put("java.naming.ldap.factory.socket", "alpine.crypto.RelaxedSSLSocketFactory");
        }
        return new InitialDirContext(hashtable);
    }

    public List<String> getGroups(DirContext dirContext, LdapUser ldapUser) throws NamingException {
        LOGGER.debug("Retrieving groups for: " + ldapUser.getDN());
        ArrayList arrayList = new ArrayList();
        String variableSubstitution = variableSubstitution(USER_GROUPS_FILTER, ldapUser);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration<SearchResult> search = dirContext.search(BASE_DN, variableSubstitution, searchControls);
        while (hasMoreEnum(search)) {
            SearchResult searchResult = (SearchResult) search.next();
            arrayList.add(searchResult.getNameInNamespace());
            LOGGER.debug("Found group: " + searchResult.getNameInNamespace() + " for user: " + ldapUser.getDN());
        }
        closeQuietly(search);
        return arrayList;
    }

    public List<String> getGroups(DirContext dirContext) throws NamingException {
        LOGGER.debug("Retrieving all groups");
        ArrayList arrayList = new ArrayList();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration<SearchResult> search = dirContext.search(BASE_DN, GROUPS_FILTER, searchControls);
        while (hasMoreEnum(search)) {
            SearchResult searchResult = (SearchResult) search.next();
            arrayList.add(searchResult.getNameInNamespace());
            LOGGER.debug("Found group: " + searchResult.getNameInNamespace());
        }
        closeQuietly(search);
        return arrayList;
    }

    public List<String> searchForGroupName(DirContext dirContext, String str) throws NamingException {
        return search(dirContext, GROUPS_SEARCH_FILTER, str);
    }

    public List<String> searchForUserName(DirContext dirContext, String str) throws NamingException {
        return search(dirContext, USERS_SEARCH_FILTER, str);
    }

    public List<String> search(DirContext dirContext, String str, String str2) throws NamingException {
        LOGGER.debug("Searching / filter: " + str + " searchTerm: " + str2);
        ArrayList arrayList = new ArrayList();
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setSearchScope(2);
        String searchTermSubstitution = searchTermSubstitution(str, str2);
        LOGGER.debug("Searching for: " + searchTermSubstitution);
        NamingEnumeration<SearchResult> search = dirContext.search(BASE_DN, searchTermSubstitution, searchControls);
        while (hasMoreEnum(search)) {
            SearchResult searchResult = (SearchResult) search.next();
            arrayList.add(searchResult.getNameInNamespace());
            LOGGER.debug("Found: " + searchResult.getNameInNamespace());
        }
        closeQuietly(search);
        return arrayList;
    }

    public List<SearchResult> searchForUsername(DirContext dirContext, String str) throws NamingException {
        LOGGER.debug("Performing a directory search for: " + str);
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setSearchScope(2);
        String str2 = ATTRIBUTE_NAME + "=" + LdapStringSanitizer.sanitize(formatPrincipal(str));
        LOGGER.debug("Searching for: " + str2);
        return Collections.list(dirContext.search(BASE_DN, str2, searchControls));
    }

    public SearchResult searchForSingleUsername(DirContext dirContext, String str) throws NamingException {
        List<SearchResult> searchForUsername = searchForUsername(dirContext, str);
        if (searchForUsername == null || searchForUsername.size() == 0) {
            LOGGER.debug("Search for (" + str + ") did not produce any results");
            return null;
        }
        if (searchForUsername.size() != 1) {
            throw new NamingException("Multiple entries in the directory contain the same username. This scenario is not supported");
        }
        LOGGER.debug("Search for (" + str + ") produced a result");
        return searchForUsername.get(0);
    }

    public String getAttribute(DirContext dirContext, String str, String str2) throws NamingException {
        return getAttribute(dirContext.getAttributes(str), str2);
    }

    public String getAttribute(SearchResult searchResult, String str) throws NamingException {
        return getAttribute(searchResult.getAttributes(), str);
    }

    public String getAttribute(Attributes attributes, String str) throws NamingException {
        Attribute attribute;
        if (attributes == null || attributes.size() == 0 || (attribute = attributes.get(str)) == null || !(attribute.get() instanceof String)) {
            return null;
        }
        return (String) attribute.get();
    }

    private static String formatPrincipal(String str) {
        return StringUtils.isNotBlank(LDAP_AUTH_USERNAME_FMT) ? String.format(LDAP_AUTH_USERNAME_FMT, str) : str;
    }

    private String variableSubstitution(String str, LdapUser ldapUser) {
        if (str == null) {
            return null;
        }
        return str.replace("{USER_DN}", LdapStringSanitizer.sanitize(ldapUser.getDN()));
    }

    private String searchTermSubstitution(String str, String str2) {
        if (str == null) {
            return null;
        }
        if (str2 == null) {
            str2 = "";
        }
        return str.replace("{SEARCH_TERM}", LdapStringSanitizer.sanitize(str2));
    }

    private boolean hasMoreEnum(NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        if (namingEnumeration == null) {
            return false;
        }
        boolean z = true;
        try {
            if (!namingEnumeration.hasMore()) {
                z = false;
            }
        } catch (PartialResultException e) {
            z = false;
            LOGGER.warn("Partial results returned. If this is an Active Directory server, try using port 3268 or 3269 in " + Config.AlpineKey.LDAP_SERVER_URL.name());
        }
        return z;
    }

    public void closeQuietly(NamingEnumeration namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
            }
        }
    }

    public void closeQuietly(DirContext dirContext) {
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e) {
            }
        }
    }

    static {
        LDAP_CONFIGURED = LDAP_ENABLED && StringUtils.isNotBlank(LDAP_URL);
        IS_LDAP_SSLTLS = StringUtils.isNotBlank(LDAP_URL) && LDAP_URL.startsWith("ldaps:");
    }
}
