package systems.dennis.usb.auth.delegations.ldap;

import java.util.Hashtable;
import java.util.List;
import java.util.Optional;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import systems.dennis.shared.config.WebContext;
import systems.dennis.shared.exceptions.AuthorizationFailedException;
import systems.dennis.shared.exceptions.ItemNotFoundException;
import systems.dennis.usb.auth.client.LoginPassword;
import systems.dennis.usb.auth.client.entity.UserData;
import systems.dennis.usb.auth.config.AuthorizationDelegator;
import systems.dennis.usb.auth.config.AuthorizeResponse;
import systems.dennis.usb.auth.data_providers.ServerTypeProvider;
import systems.dennis.usb.auth.delegations.simple.AuthorizationAttemptProcessor;
import systems.dennis.usb.auth.entity.ActiveToken;
import systems.dennis.usb.auth.entity.LoginHistory;
import systems.dennis.usb.auth.entity.ServerConfig;
import systems.dennis.usb.auth.repository.LoginHistoryRepository;
import systems.dennis.usb.auth.repository.ServerConfigRepo;
import systems.dennis.usb.auth.repository.UserDataRepository;
import systems.dennis.usb.auth.role_validator.TokenProvider;
import systems.dennis.usb.auth.role_validator.entity.UserRole;
import systems.dennis.usb.auth.role_validator.entity.UserTokenDTO;
import systems.dennis.usb.auth.service.LoginPasswordService;
import systems.dennis.usb.auth.util.PasswordService;

/* loaded from: input_file:systems/dennis/usb/auth/delegations/ldap/LdapAuthorization.class */
public class LdapAuthorization implements AuthorizationAttemptProcessor, AuthorizationDelegator {
    private static final Logger log = LoggerFactory.getLogger(LdapAuthorization.class);

    @Override // systems.dennis.usb.auth.delegations.simple.AuthorizationAttemptProcessor
    public <T extends UserTokenDTO> T authorize(LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        ServerConfig orElse = ((ServerConfigRepo) localWebContext.getBean(ServerConfigRepo.class)).findFirstByActiveIsTrueAndType(ServerTypeProvider.LDAP).orElse(null);
        if (orElse == null) {
            log.info(" NO LDAP CONFIG FOUND. return null");
            return null;
        }
        if (loginPassword.getDomain() == null) {
            throw new AuthorizationFailedException("Domain is required for authorization");
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + orElse.getHost() + ":" + orElse.getPort());
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.referral", "follow");
        hashtable.put("java.naming.security.principal", loginPassword.getDomain() + "\\" + loginPassword.getLogin());
        hashtable.put("java.naming.security.credentials", loginPassword.getPassword());
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            UserData userInfo = getUserInfo(loginPassword.getLogin(), initialLdapContext, getSearchControls(), orElse, localWebContext);
            initialLdapContext.close();
            LoginPasswordService loginPasswordService = (LoginPasswordService) localWebContext.getBean(LoginPasswordService.class);
            Optional<LoginPassword> findUserByLogin = loginPasswordService.findUserByLogin(loginPassword.getLogin());
            loginPassword = findUserByLogin.isPresent() ? findUserByLogin.get() : (LoginPassword) loginPasswordService.save(loginPassword);
            T t = (T) new UserTokenDTO();
            t.setUserData(userInfo);
            List<UserRole> roles = ((PasswordService) localWebContext.getBean(PasswordService.class)).getRoles(loginPassword);
            t.setToken(((TokenProvider) localWebContext.getBean(TokenProvider.class)).createToken(t, ActiveToken.DEFAULT_LDAP_TOKEN_TYPE, roles));
            t.setRoles(roles);
            return t;
        } catch (NamingException e) {
            throw new AuthorizationFailedException(loginPassword.getLogin());
        }
    }

    private static SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"distinguishedName", "sn", "givenname", "mail", "telephonenumber", "thumbnailPhoto"});
        searchControls.setDerefLinkFlag(true);
        return searchControls;
    }

    private UserData getUserInfo(String str, InitialLdapContext initialLdapContext, SearchControls searchControls, ServerConfig serverConfig, WebContext.LocalWebContext localWebContext) {
        NamingEnumeration search;
        System.out.println("*** " + str + " ***");
        UserData orElse = ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(str).orElse(new UserData());
        try {
            search = initialLdapContext.search(serverConfig.getServerParam(), "sAMAccountName=" + str, searchControls);
        } catch (Exception e) {
            e.printStackTrace();
        } catch (AuthorizationFailedException e2) {
            throw e2;
        }
        if (!search.hasMore()) {
            throw new AuthorizationFailedException("User had successfully logged in, but there is no info in LDAP about user" + str);
        }
        Attributes attributes = ((SearchResult) search.next()).getAttributes();
        orElse.setLogin(str);
        orElse.setEmail(getValue(attributes.get("mail")));
        orElse.setName(getValue(attributes.get("givenname")) + " " + getValue(attributes.get("sn")));
        orElse.setPhone(getValue(attributes.get("telephonenumber")));
        orElse.setEmail(getValue(attributes.get("mail")));
        orElse = (UserData) ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).save(orElse);
        search.close();
        return orElse;
    }

    private String getValue(Attribute attribute) {
        try {
            return String.valueOf(attribute.get());
        } catch (Exception e) {
            return "";
        }
    }

    @Override // systems.dennis.usb.auth.delegations.simple.AuthorizationAttemptProcessor
    public <T extends UserData> T createUser(LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        return null;
    }

    @Override // systems.dennis.usb.auth.delegations.simple.AuthorizationAttemptProcessor
    public void saveLoginAttempt(UserTokenDTO userTokenDTO, WebContext.LocalWebContext localWebContext) {
        LoginHistory loginHistory = new LoginHistory();
        log.debug("TRacing Login history started");
        loginHistory.setUserData(userTokenDTO.getUserData());
        loginHistory.setToken(userTokenDTO.getToken());
        loginHistory.setAuthorizationType(ActiveToken.DEFAULT_LDAP_TOKEN_TYPE);
        loginHistory.setLogin(userTokenDTO.getUserData().getLogin());
        ((LoginHistoryRepository) localWebContext.getBean(LoginHistoryRepository.class)).save(loginHistory);
    }

    @Override // systems.dennis.usb.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext) {
        return AuthorizeResponse.of(authorize(loginPassword, localWebContext), false);
    }

    @Override // systems.dennis.usb.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if (ActiveToken.DEFAULT_LDAP_TOKEN_TYPE.equals(httpServletRequest.getHeader("AUTH-TYPE"))) {
            log.debug("Header AUTH-TYPE declares to use VirtualUserAuth");
            return true;
        }
        log.debug("Header AUTH-TYPE declares not to use VirtualUserAuth");
        return false;
    }

    @Override // systems.dennis.usb.auth.config.AuthorizationDelegator
    public boolean blockUser(boolean z, Long l, WebContext.LocalWebContext localWebContext) {
        UserDataRepository userDataRepository = (UserDataRepository) localWebContext.getBean(UserDataRepository.class);
        UserData userData = (UserData) userDataRepository.findById(l).orElseThrow(() -> {
            return new ItemNotFoundException(l);
        });
        userDataRepository.save(userData);
        logout(userData.getLogin(), localWebContext);
        return true;
    }

    @Override // systems.dennis.usb.auth.config.AuthorizationDelegator
    public boolean logout(String str, WebContext.LocalWebContext localWebContext) {
        ((TokenProvider) localWebContext.getBean(TokenProvider.class)).removeAuthToken(str, "VIRTUAL");
        return true;
    }

    @Override // systems.dennis.usb.auth.config.AuthorizationDelegator
    public void validate(UserTokenDTO userTokenDTO, WebContext.LocalWebContext localWebContext) {
        userTokenDTO.validate(localWebContext);
    }
}
