package blended.security;

import blended.security.internal.LDAPLoginConfig;
import blended.security.internal.LDAPLoginConfig$;
import blended.security.internal.LdapSearchResult;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import com.sun.jndi.ldap.LdapCtxFactory;
import java.text.MessageFormat;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;
import scala.MatchError;
import scala.None$;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.JavaConverters$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.Map;
import scala.collection.mutable.Map$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: LDAPLoginModule.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005ub\u0001B\u0001\u0003\u0001\u001d\u0011q\u0002\u0014#B!2{w-\u001b8N_\u0012,H.\u001a\u0006\u0003\u0007\u0011\t\u0001b]3dkJLG/\u001f\u0006\u0002\u000b\u00059!\r\\3oI\u0016$7\u0001A\n\u0003\u0001!\u0001\"!\u0003\u0006\u000e\u0003\tI!a\u0003\u0002\u0003'\u0005\u00137\u000f\u001e:bGRdunZ5o\u001b>$W\u000f\\3\t\u000b5\u0001A\u0011\u0001\b\u0002\rqJg.\u001b;?)\u0005y\u0001CA\u0005\u0001\u0011\u0019\t\u0002\u0001)A\u0005%\u0005\u0019An\\4\u0011\u0005MAR\"\u0001\u000b\u000b\u0005U1\u0012a\u00027pO\u001eLgn\u001a\u0006\u0003/\u0011\tA!\u001e;jY&\u0011\u0011\u0004\u0006\u0002\u0007\u0019><w-\u001a:\t\u000fm\u0001!\u0019!C)9\u0005QQn\u001c3vY\u0016t\u0015-\\3\u0016\u0003u\u0001\"AH\u0014\u000f\u0005})\u0003C\u0001\u0011$\u001b\u0005\t#B\u0001\u0012\u0007\u0003\u0019a$o\\8u})\tA%A\u0003tG\u0006d\u0017-\u0003\u0002'G\u00051\u0001K]3eK\u001aL!\u0001K\u0015\u0003\rM#(/\u001b8h\u0015\t13\u0005\u0003\u0004,\u0001\u0001\u0006I!H\u0001\f[>$W\u000f\\3OC6,\u0007\u0005\u0003\u0005.\u0001!\u0015\r\u0011\"\u0001/\u0003\u001daG-\u00199DM\u001e,\u0012a\f\t\u0003aMj\u0011!\r\u0006\u0003e\t\t\u0001\"\u001b8uKJt\u0017\r\\\u0005\u0003iE\u0012q\u0002\u0014#B!2{w-\u001b8D_:4\u0017n\u001a\u0005\tm\u0001A)\u0019)C\u0005o\u0005QA-\u001b:D_:$X\r\u001f;\u0016\u0003a\u00022!O\u001e>\u001b\u0005Q$BA\f$\u0013\ta$HA\u0002Uef\u0004\"AP#\u000e\u0003}R!\u0001Q!\u0002\u0013\u0011L'/Z2u_JL(B\u0001\"D\u0003\u0019q\u0017-\\5oO*\tA)A\u0003kCZ\f\u00070\u0003\u0002G\u007f\tQA)\u001b:D_:$X\r\u001f;\t\u000b!\u0003A\u0011I%\u0002\u000f\u0011|Gj\\4j]R\t!\n\u0005\u0002L\u00196\t1%\u0003\u0002NG\t9!i\\8mK\u0006t\u0007fA$P7B\u00191\n\u0015*\n\u0005E\u001b#A\u0002;ie><8\u000f\u0005\u0002T36\tAK\u0003\u0002V-\u0006)An\\4j]*\u0011q\u000bW\u0001\u0005CV$\bN\u0003\u0002\u0004\u0007&\u0011!\f\u0016\u0002\u000f\u0019><\u0017N\\#yG\u0016\u0004H/[8oc\u0011qR\u0004\u0018;2\u000b\rj\u0006m\\1\u0016\u0005qqF!B0\u0007\u0005\u0004!'!\u0001+\n\u0005\u0005\u0014\u0017a\u0007\u0013mKN\u001c\u0018N\\5uI\u001d\u0014X-\u0019;fe\u0012\"WMZ1vYR$\u0013G\u0003\u0002dG\u00051A\u000f\u001b:poN\f\"!\u001a5\u0011\u0005-3\u0017BA4$\u0005\u001dqu\u000e\u001e5j]\u001e\u0004\"!\u001b7\u000f\u0005-S\u0017BA6$\u0003\u001d\u0001\u0018mY6bO\u0016L!!\u001c8\u0003\u0013QC'o\\<bE2,'BA6$c\u0015\u0019\u0003/\u001d:d\u001d\tY\u0015/\u0003\u0002dGE\"!eS\u0012t\u0005\u0015\u00198-\u00197bc\t1#\u000bC\u0003w\u0001\u0011Es/\u0001\u0006q_N$8i\\7nSR$\u0012\u0001\u001f\t\u0003\u0017fL!A_\u0012\u0003\tUs\u0017\u000e\u001e\u0005\u0006y\u0002!\tf^\u0001\na>\u001cH/\u00112peRDQA \u0001\u0005R]\f!\u0002]8ti2{wm\\;u\u0011!\t\t\u0001\u0001Q\u0005\n\u0005\r\u0011\u0001\u0004<bY&$\u0017\r^3Vg\u0016\u0014H#A\u000f)\t}|\u0015qA\u0019\u0007=u\tI!a\u00042\r\rj\u0006-a\u0003bc\u0019\u0019\u0003/]A\u0007GF\"!eS\u0012tc\t1#\u000bC\u0004\u0002\u0014\u0001!\t%!\u0006\u0002\u0013\u001d,Go\u0012:pkB\u001cH\u0003BA\f\u0003G\u0001R!!\u0007\u0002 uq1!a\u0007k\u001d\r\u0001\u0013QD\u0005\u0002I%\u0019\u0011\u0011\u00058\u0003\t1K7\u000f\u001e\u0005\b\u0003K\t\t\u00021\u0001\u001e\u0003\u0019iW-\u001c2fe\"*\u0011\u0011C(\u0002*E2a$HA\u0016\u0003c\tdaI/a\u0003[\t\u0017GB\u0012qc\u0006=2-\r\u0003#\u0017\u000e\u001a\u0018G\u0001\u0014S\u0011!\t)\u0004\u0001Q\u0005\n\u0005]\u0012!\u00053p%\u001a\u001b%GM\u001b5\u000b:\u001cw\u000eZ5oOR\u0019Q$!\u000f\t\u000f\u0005m\u00121\u0007a\u0001;\u0005Y\u0011N\u001c9viN#(/\u001b8h\u0001")
/* loaded from: input_file:blended/security/LDAPLoginModule.class */
public class LDAPLoginModule extends AbstractLoginModule {
    private LDAPLoginConfig ldapCfg;
    private Try<DirContext> dirContext;
    private final Logger log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(LDAPLoginModule.class));
    private final String moduleName = "ldap";
    private volatile byte bitmap$0;

    @Override // blended.security.AbstractLoginModule
    public String moduleName() {
        return this.moduleName;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.LDAPLoginModule] */
    private LDAPLoginConfig ldapCfg$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.ldapCfg = LDAPLoginConfig$.MODULE$.fromConfig(loginConfig());
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.ldapCfg;
    }

    public LDAPLoginConfig ldapCfg() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? ldapCfg$lzycompute() : this.ldapCfg;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.LDAPLoginModule] */
    private Try<DirContext> dirContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.dirContext = Try$.MODULE$.apply(() -> {
                    try {
                        Map apply = Map$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.factory.initial"), LdapCtxFactory.class.getName()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.provider.url"), this.ldapCfg().url()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.authentication"), "simple")}));
                        apply.$plus$plus$eq(Option$.MODULE$.option2Iterable(this.ldapCfg().systemUser().map(str -> {
                            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.principal"), str);
                        })));
                        apply.$plus$plus$eq(Option$.MODULE$.option2Iterable(this.ldapCfg().systemPassword().map(str2 -> {
                            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("java.naming.security.credentials"), str2);
                        })));
                        return new InitialDirContext(new Hashtable((java.util.Map) JavaConverters$.MODULE$.mutableMapAsJavaMapConverter(apply).asJava()));
                    } catch (Throwable th) {
                        this.log.error(th, () -> {
                            return th.getMessage();
                        });
                        throw new LoginException(th.getMessage());
                    }
                });
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.dirContext;
    }

    private Try<DirContext> dirContext() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? dirContext$lzycompute() : this.dirContext;
    }

    @Override // blended.security.AbstractLoginModule
    public boolean doLogin() throws LoginException {
        try {
            dirContext().get();
            this.log.debug(() -> {
                return new StringBuilder(48).append("Successfully connected to LDAP server [").append(this.ldapCfg().url()).append("] user [").append(this.ldapCfg().systemUser()).append("]").toString();
            });
            loggedInUser_$eq(new Some(validateUser()));
            return true;
        } catch (Throwable th) {
            this.log.error(th, () -> {
                return th.getMessage();
            });
            throw new LoginException(th.getMessage());
        }
    }

    @Override // blended.security.AbstractLoginModule
    public void postCommit() {
        ((Context) dirContext().get()).close();
    }

    @Override // blended.security.AbstractLoginModule
    public void postAbort() {
        ((Context) dirContext().get()).close();
    }

    @Override // blended.security.AbstractLoginModule
    public void postLogout() {
        ((Context) dirContext().get()).close();
    }

    private String validateUser() throws LoginException {
        Object addToEnvironment;
        Object addToEnvironment2;
        try {
            try {
                Tuple2<String, String> extractCredentials = extractCredentials();
                if (extractCredentials == null) {
                    throw new MatchError(extractCredentials);
                }
                Tuple2 tuple2 = new Tuple2((String) extractCredentials._1(), (String) extractCredentials._2());
                String str = (String) tuple2._1();
                String str2 = (String) tuple2._2();
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                $colon.colon result = new LdapSearchResult(((DirContext) dirContext().get()).search(ldapCfg().userBase(), new MessageFormat(ldapCfg().userSearch()).format(new String[]{doRFC2254Encoding(str)}), searchControls)).result();
                if (Nil$.MODULE$.equals(result)) {
                    throw new LoginException(new StringBuilder(26).append("User [").append(str).append("] not found in LDAP.").toString());
                }
                if (!(result instanceof $colon.colon)) {
                    throw new MatchError(result);
                }
                $colon.colon colonVar = result;
                SearchResult searchResult = (SearchResult) colonVar.head();
                List tl$access$1 = colonVar.tl$access$1();
                if (tl$access$1.length() > 0) {
                    this.log.warn(() -> {
                        return new StringBuilder(64).append("Search for user [").append(str).append("] returned [").append(1 + tl$access$1.length()).append("] records, using first record only.").toString();
                    });
                }
                String nameInNamespace = searchResult.getNameInNamespace();
                ((Context) dirContext().get()).addToEnvironment("java.naming.security.principal", nameInNamespace);
                ((Context) dirContext().get()).addToEnvironment("java.naming.security.credentials", str2);
                ((DirContext) dirContext().get()).getAttributes("", (String[]) null);
                this.log.info(() -> {
                    return new StringBuilder(39).append("User [").append(str).append("] authenticated with LDAP name [").append(nameInNamespace).append("]").toString();
                });
                Some systemUser = ldapCfg().systemUser();
                if (None$.MODULE$.equals(systemUser)) {
                    addToEnvironment2 = ((Context) dirContext().get()).removeFromEnvironment("java.naming.security.principal");
                } else {
                    if (!(systemUser instanceof Some)) {
                        throw new MatchError(systemUser);
                    }
                    addToEnvironment2 = ((Context) dirContext().get()).addToEnvironment("java.naming.security.principal", (String) systemUser.value());
                }
                Some systemPassword = ldapCfg().systemPassword();
                if (None$.MODULE$.equals(systemPassword)) {
                    ((Context) dirContext().get()).removeFromEnvironment("java.naming.security.credentials");
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    if (!(systemPassword instanceof Some)) {
                        throw new MatchError(systemPassword);
                    }
                    ((Context) dirContext().get()).addToEnvironment("java.naming.security.credentials", (String) systemPassword.value());
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
                return nameInNamespace;
            } catch (Throwable th) {
                this.log.error(th, () -> {
                    return th.getMessage();
                });
                throw new LoginException(th.getMessage());
            }
        } catch (Throwable th2) {
            Some systemUser2 = ldapCfg().systemUser();
            if (None$.MODULE$.equals(systemUser2)) {
                addToEnvironment = ((Context) dirContext().get()).removeFromEnvironment("java.naming.security.principal");
            } else {
                if (!(systemUser2 instanceof Some)) {
                    throw new MatchError(systemUser2);
                }
                addToEnvironment = ((Context) dirContext().get()).addToEnvironment("java.naming.security.principal", (String) systemUser2.value());
            }
            Some systemPassword2 = ldapCfg().systemPassword();
            if (None$.MODULE$.equals(systemPassword2)) {
                ((Context) dirContext().get()).removeFromEnvironment("java.naming.security.credentials");
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                if (!(systemPassword2 instanceof Some)) {
                    throw new MatchError(systemPassword2);
                }
                ((Context) dirContext().get()).addToEnvironment("java.naming.security.credentials", (String) systemPassword2.value());
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            throw th2;
        }
    }

    @Override // blended.security.AbstractLoginModule
    public List<String> getGroups(String str) throws LoginException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return (List) new LdapSearchResult(((DirContext) dirContext().get()).search(ldapCfg().groupBase(), new MessageFormat(ldapCfg().groupSearch()).format(new String[]{doRFC2254Encoding(str)}), searchControls)).result().map(searchResult -> {
            return searchResult.getAttributes().get(this.ldapCfg().groupAttribute()).get().toString();
        }, List$.MODULE$.canBuildFrom());
    }

    private String doRFC2254Encoding(String str) {
        return str.isEmpty() ? "" : str.startsWith("\\") ? new StringBuilder(3).append("\\5c").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith("*") ? new StringBuilder(3).append("\\2a").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith("(") ? new StringBuilder(3).append("\\28").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith(")") ? new StringBuilder(3).append("\\29").append(doRFC2254Encoding(str.substring(1))).toString() : str.startsWith("��") ? new StringBuilder(3).append("\\00").append(doRFC2254Encoding(str.substring(1))).toString() : new StringBuilder(0).append(str.substring(0, 1)).append(doRFC2254Encoding(str.substring(1))).toString();
    }
}
