package de.otto.edison.togglz.authentication;

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.SSLUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;

/* loaded from: input_file:de/otto/edison/togglz/authentication/LdapAuthenticationFilter.class */
public class LdapAuthenticationFilter implements Filter {
    private static Logger LOG = LoggerFactory.getLogger(LdapAuthenticationFilter.class);
    private final String host;
    private final int port;
    private final String baseDn;
    private final String rdnIdentifier;

    public LdapAuthenticationFilter(String str, int i, String str2, String str3) {
        this.host = str;
        this.port = i;
        this.baseDn = str2;
        this.rdnIdentifier = str3;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (StringUtils.isEmpty(httpServletRequest.getHeader("Authorization"))) {
            unauthorized(httpServletResponse);
            return;
        }
        Optional<Credentials> readFrom = Credentials.readFrom(httpServletRequest);
        if (configurationIsValid() && readFrom.isPresent() && ldapAuthentication(readFrom.get())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            unauthorized(httpServletResponse);
        }
    }

    private boolean configurationIsValid() {
        if (StringUtils.isEmpty(this.host)) {
            LOG.error("host is undefined");
            return false;
        }
        if (StringUtils.isEmpty(this.baseDn)) {
            LOG.error("baseDn is undefined");
            return false;
        }
        if (!StringUtils.isEmpty(this.rdnIdentifier)) {
            return true;
        }
        LOG.error("rdnIdentifier is undefined");
        return false;
    }

    private void unauthorized(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=Authorization Required");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
    }

    private boolean ldapAuthentication(Credentials credentials) {
        boolean z = false;
        LDAPConnection lDAPConnection = null;
        try {
            try {
                StartTLSExtendedRequest startTLSExtendedRequest = new StartTLSExtendedRequest(new SSLUtil().createSSLContext());
                LDAPConnection lDAPConnection2 = new LDAPConnection(this.host, this.port);
                lDAPConnection2.processExtendedOperation(startTLSExtendedRequest);
                if (lDAPConnection2.bind(this.rdnIdentifier + "=" + credentials.getUsername() + "," + this.baseDn, credentials.getPassword()).getResultCode().equals(ResultCode.SUCCESS)) {
                    LOG.info("Login successful: " + credentials.getUsername());
                    z = true;
                } else {
                    LOG.info("Access denied: " + credentials.getUsername());
                }
                if (lDAPConnection2 != null) {
                    lDAPConnection2.close();
                }
            } catch (LDAPException | GeneralSecurityException e) {
                LOG.info("Authentication error: ", e);
                if (0 != 0) {
                    lDAPConnection.close();
                }
            }
            return z;
        } catch (Throwable th) {
            if (0 != 0) {
                lDAPConnection.close();
            }
            throw th;
        }
    }
}
