package org.apache.griffin.core.login;

import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.NoSuchElementException;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.griffin.core.login.ldap.SelfSignedSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:org/apache/griffin/core/login/LoginServiceLdapImpl.class */
public class LoginServiceLdapImpl implements LoginService {
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginServiceLdapImpl.class);
    private static final String LDAP_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private String url;
    private String email;
    private String searchBase;
    private String searchPattern;
    private SearchControls searchControls;
    private boolean sslSkipVerify;
    private String bindDN;
    private String bindPassword;

    public LoginServiceLdapImpl(String str, String str2, String str3, String str4, boolean z, String str5, String str6) {
        this.url = str;
        this.email = str2;
        this.searchBase = str3;
        this.searchPattern = str4;
        this.sslSkipVerify = z;
        this.bindDN = str5;
        this.bindPassword = str6;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        this.searchControls = searchControls;
    }

    @Override // org.apache.griffin.core.login.LoginService
    public ResponseEntity<Map<String, Object>> login(Map<String, String> map) {
        String str = map.get("username");
        String str2 = map.get("password");
        String str3 = StringUtils.isEmpty(this.bindDN) ? str : this.bindDN;
        String str4 = StringUtils.isEmpty(this.bindDN) ? str2 : this.bindPassword;
        String replace = this.searchPattern.replace("{0}", str);
        LdapContext ldapContext = null;
        try {
            try {
                try {
                    ldapContext = getContextInstance(toPrincipal(str3), str4);
                    SearchResult singleUser = getSingleUser(ldapContext.search(this.searchBase, replace, this.searchControls));
                    if (!StringUtils.equals(str, str3)) {
                        checkPassword(getAttributeValue(singleUser, "distinguishedName", toPrincipal(str)), str2);
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put("ntAccount", str);
                    hashMap.put("fullName", getFullName(singleUser, str));
                    hashMap.put("status", 0);
                    ResponseEntity<Map<String, Object>> responseEntity = new ResponseEntity<>(hashMap, HttpStatus.OK);
                    if (ldapContext != null) {
                        try {
                            ldapContext.close();
                        } catch (NamingException e) {
                            LOGGER.debug("Failed to close LDAP context", e);
                        }
                    }
                    return responseEntity;
                } catch (Throwable th) {
                    if (ldapContext != null) {
                        try {
                            ldapContext.close();
                        } catch (NamingException e2) {
                            LOGGER.debug("Failed to close LDAP context", e2);
                        }
                    }
                    throw th;
                }
            } catch (NamingException e3) {
                LOGGER.warn(String.format("User %s failed to login with LDAP auth.", str), e3);
                if (ldapContext == null) {
                    return null;
                }
                try {
                    ldapContext.close();
                    return null;
                } catch (NamingException e4) {
                    LOGGER.debug("Failed to close LDAP context", e4);
                    return null;
                }
            }
        } catch (AuthenticationException e5) {
            LOGGER.warn("User {} failed to login with LDAP auth. {}", str, e5.getMessage());
            if (ldapContext == null) {
                return null;
            }
            try {
                ldapContext.close();
                return null;
            } catch (NamingException e6) {
                LOGGER.debug("Failed to close LDAP context", e6);
                return null;
            }
        }
    }

    private void checkPassword(String str, String str2) throws NamingException {
        getContextInstance(str, str2).close();
    }

    private SearchResult getSingleUser(NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        if (!namingEnumeration.hasMoreElements()) {
            throw new AuthenticationException("User does not exist or not allowed by search string");
        }
        SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
        if (namingEnumeration.hasMoreElements()) {
            throw new NamingException(String.format("Ambiguous search, found two users: %s, %s", searchResult.getNameInNamespace(), ((SearchResult) namingEnumeration.nextElement()).getNameInNamespace()));
        }
        return searchResult;
    }

    private String getAttributeValue(SearchResult searchResult, String str, String str2) throws NamingException {
        Attribute attribute;
        Attributes attributes = searchResult.getAttributes();
        if (attributes != null && (attribute = attributes.get(str)) != null) {
            try {
                return (String) attribute.get();
            } catch (NoSuchElementException e) {
                return str2;
            }
        }
        return str2;
    }

    private String getFullName(SearchResult searchResult, String str) {
        try {
            String attributeValue = getAttributeValue(searchResult, "cn", null);
            return attributeValue.indexOf("(") > 0 ? attributeValue.substring(0, attributeValue.indexOf("(")) : str;
        } catch (NamingException e) {
            LOGGER.warn("User {} successfully login with LDAP auth, but failed to get full name.", str);
            return str;
        }
    }

    private String toPrincipal(String str) {
        return str.toUpperCase().startsWith("CN=") ? str : str + this.email;
    }

    private LdapContext getContextInstance(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", LDAP_FACTORY);
        hashtable.put("java.naming.provider.url", this.url);
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        if (this.url.startsWith("ldaps") && this.sslSkipVerify) {
            hashtable.put("java.naming.ldap.factory.socket", SelfSignedSocketFactory.class.getName());
        }
        return new InitialLdapContext(hashtable, (Control[]) null);
    }
}
