package alpine.auth;

import alpine.Config;
import alpine.auth.AlpineAuthenticationException;
import alpine.logging.Logger;
import alpine.model.LdapUser;
import alpine.persistence.AlpineQueryManager;
import java.security.Principal;
import java.util.Hashtable;
import javax.naming.CommunicationException;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:alpine/auth/LdapAuthenticationService.class */
public class LdapAuthenticationService implements AuthenticationService {
    private static final Logger LOGGER = Logger.getLogger(LdapAuthenticationService.class);
    private static final String LDAP_URL = Config.getInstance().getProperty(Config.AlpineKey.LDAP_SERVER_URL);
    private static final String DOMAIN_NAME = Config.getInstance().getProperty(Config.AlpineKey.LDAP_DOMAIN);
    private static final String LDAP_SECURITY_AUTH = Config.getInstance().getProperty(Config.AlpineKey.LDAP_SECURITY_AUTH);
    private static final String LDAP_AUTH_USERNAME_FMT = Config.getInstance().getProperty(Config.AlpineKey.LDAP_AUTH_USERNAME_FMT);
    private String username;
    private String password;

    public LdapAuthenticationService(String str, String str2) {
        this.username = str;
        this.password = str2;
    }

    @Override // alpine.auth.AuthenticationService
    public boolean isSpecified() {
        return true;
    }

    @Override // alpine.auth.AuthenticationService
    public Principal authenticate() throws AlpineAuthenticationException {
        if (!validateCredentials()) {
            throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.INVALID_CREDENTIALS);
        }
        AlpineQueryManager alpineQueryManager = new AlpineQueryManager();
        Throwable th = null;
        try {
            LdapUser ldapUser = alpineQueryManager.getLdapUser(this.username);
            if (ldapUser != null) {
                return ldapUser;
            }
            throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.UNMAPPED_ACCOUNT);
        } finally {
            if (alpineQueryManager != null) {
                if (0 != 0) {
                    try {
                        alpineQueryManager.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    alpineQueryManager.close();
                }
            }
        }
    }

    private LdapContext getConnection(String str, String str2) throws NamingException {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new NamingException("Username or password cannot be empty or null");
        }
        Hashtable hashtable = new Hashtable();
        String formatPrincipal = formatPrincipal(str);
        if (StringUtils.isNotBlank(LDAP_SECURITY_AUTH)) {
            hashtable.put("java.naming.security.authentication", LDAP_SECURITY_AUTH);
        }
        hashtable.put("java.naming.security.principal", formatPrincipal);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", LDAP_URL);
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (NamingException e) {
            throw new NamingException("Failed to authenticate user");
        } catch (CommunicationException e2) {
            LOGGER.error("Failed to connect to directory server", e2);
            throw e2;
        }
    }

    private boolean validateCredentials() {
        LdapContext ldapContext = null;
        try {
            ldapContext = getConnection(this.username, this.password);
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e) {
                }
            }
            return true;
        } catch (NamingException e2) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e3) {
                }
            }
            return false;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                }
            }
            throw th;
        }
    }

    private String formatPrincipal(String str) {
        return StringUtils.isNotBlank(LDAP_AUTH_USERNAME_FMT) ? String.format(LDAP_AUTH_USERNAME_FMT, str) : StringUtils.isNotBlank(DOMAIN_NAME) ? str + "@" + DOMAIN_NAME : str;
    }
}
