package li.strolch.privilege.handler;

import java.util.Hashtable;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import li.strolch.privilege.base.AccessDeniedException;
import li.strolch.privilege.model.UserState;
import li.strolch.privilege.model.internal.User;
import li.strolch.privilege.model.internal.UserHistory;
import li.strolch.privilege.policy.PrivilegePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:li/strolch/privilege/handler/BaseLdapPrivilegeHandler.class */
public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
    protected static final Logger logger = LoggerFactory.getLogger(BaseLdapPrivilegeHandler.class);
    private String providerUrl;
    private String searchBase;
    private String domain;

    @Override // li.strolch.privilege.handler.DefaultPrivilegeHandler
    public synchronized void initialize(Map<String, String> map, EncryptionHandler encryptionHandler, PasswordStrengthHandler passwordStrengthHandler, PersistenceHandler persistenceHandler, UserChallengeHandler userChallengeHandler, SingleSignOnHandler singleSignOnHandler, Map<String, Class<PrivilegePolicy>> map2) {
        super.initialize(map, encryptionHandler, passwordStrengthHandler, persistenceHandler, userChallengeHandler, singleSignOnHandler, map2);
        this.providerUrl = map.get("providerUrl");
        this.searchBase = map.get("searchBase");
        this.domain = map.get("domain");
    }

    @Override // li.strolch.privilege.handler.DefaultPrivilegeHandler
    protected synchronized User checkCredentialsAndUserState(String str, char[] cArr) throws AccessDeniedException {
        User user = this.persistenceHandler.getUser(str);
        if (user != null && user.getUserState() != UserState.REMOTE) {
            return super.checkCredentialsAndUserState(str, cArr);
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.providerUrl);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str + this.domain);
        hashtable.put("java.naming.security.credentials", new String(cArr));
        logger.info("User {} tries to login on ldap", str + this.domain);
        DirContext dirContext = null;
        try {
            try {
                InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = initialDirContext.search(this.searchBase, "(&(objectCategory=person)(objectClass=user)(userPrincipalName=" + str + this.domain + "))", searchControls);
                if (!search.hasMore()) {
                    logger.warn("No LDAP data retrieved using userPrincipalName, trying with sAMAccountName...");
                    search = initialDirContext.search(this.searchBase, "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + str + "))", searchControls);
                    if (!search.hasMore()) {
                        throw new AccessDeniedException("Could not login with user: " + str + this.domain + " on Ldap: no LDAP Data, for either userPrincipalName or sAMAccountName");
                    }
                }
                SearchResult searchResult = (SearchResult) search.next();
                if (search.hasMore()) {
                    throw new AccessDeniedException("Could not login with user: " + str + this.domain + " on Ldap: Multiple LDAP Data");
                }
                User buildUserFromSearchResult = buildUserFromSearchResult(str, searchResult);
                if (user == null) {
                    this.persistenceHandler.addUser(buildUserFromSearchResult);
                } else {
                    this.persistenceHandler.replaceUser(buildUserFromSearchResult);
                }
                if (this.autoPersistOnUserChangesData) {
                    this.persistenceHandler.persist();
                }
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e) {
                        logger.error("Failed to close DirContext", e);
                    }
                }
                return buildUserFromSearchResult;
            } catch (Exception e2) {
                logger.error("Could not login with user: " + str + this.domain + " on Ldap", e2);
                throw new AccessDeniedException("Could not login with user: " + str + this.domain + " on Ldap", e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                    logger.error("Failed to close DirContext", e3);
                }
            }
            throw th;
        }
    }

    protected User buildUserFromSearchResult(String str, SearchResult searchResult) throws Exception {
        Attributes attributes = searchResult.getAttributes();
        String validateLdapUsername = validateLdapUsername(str, attributes);
        String firstName = getFirstName(validateLdapUsername, attributes);
        String lastName = getLastName(validateLdapUsername, attributes);
        Locale locale = getLocale(attributes);
        Set<String> ldapGroups = getLdapGroups(validateLdapUsername, attributes);
        logger.info("User " + validateLdapUsername + " is member of the following LDAP groups: ");
        ldapGroups.forEach(str2 -> {
            logger.info("- " + str2);
        });
        Set<String> mapToStrolchRoles = mapToStrolchRoles(validateLdapUsername, ldapGroups);
        return new User(validateLdapUsername, validateLdapUsername, null, null, null, -1, -1, firstName, lastName, UserState.REMOTE, mapToStrolchRoles, locale, buildProperties(validateLdapUsername, attributes, ldapGroups, mapToStrolchRoles), false, new UserHistory());
    }

    protected abstract Map<String, String> buildProperties(String str, Attributes attributes, Set<String> set, Set<String> set2) throws Exception;

    protected String validateLdapUsername(String str, Attributes attributes) throws NamingException {
        Attribute attribute = attributes.get("sAMAccountName");
        if (attribute == null || !str.equalsIgnoreCase(attribute.get().toString())) {
            throw new AccessDeniedException("Could not login with user: " + str + this.domain + " on Ldap: Wrong LDAP Data");
        }
        return attribute.get().toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getLdapString(Attributes attributes, String str) throws NamingException {
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return null;
        }
        return attribute.get().toString();
    }

    protected abstract String getFirstName(String str, Attributes attributes) throws NamingException;

    protected abstract String getLastName(String str, Attributes attributes) throws NamingException;

    protected abstract Locale getLocale(Attributes attributes) throws NamingException;

    protected abstract Set<String> getLdapGroups(String str, Attributes attributes) throws NamingException;

    protected abstract Set<String> mapToStrolchRoles(String str, Set<String> set);
}
