package org.apache.jetspeed.security.impl;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticatedUserImpl;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.mapping.ldap.util.DnUtils;
import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
import org.apache.jetspeed.security.spi.impl.ldap.LdapContextProxy;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-security-2.2.0.jar:org/apache/jetspeed/security/impl/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends BaseAuthenticationProvider {
    private JetspeedSecuritySynchronizer synchronizer;
    private UserPasswordCredentialManager upcm;
    private UserManager manager;
    private LdapContextProxy context;

    public LdapAuthenticationProvider(String str, String str2, String str3, UserPasswordCredentialManager userPasswordCredentialManager, UserManager userManager) {
        super(str, str2, str3);
        this.upcm = userPasswordCredentialManager;
        this.manager = userManager;
    }

    public void setContext(LdapContextProxy ldapContextProxy) {
        this.context = ldapContextProxy;
    }

    public void setSynchronizer(JetspeedSecuritySynchronizer jetspeedSecuritySynchronizer) {
        this.synchronizer = jetspeedSecuritySynchronizer;
    }

    @Override // org.apache.jetspeed.security.AuthenticationProvider
    public AuthenticatedUser authenticate(String str, String str2) throws SecurityException {
        AuthenticatedUserImpl authenticatedUserImpl = null;
        try {
            if (str == null) {
                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
            }
            if (str2 == null) {
                throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
            }
            if (authenticateUser(str, str2)) {
                User user = getUser(str);
                authenticatedUserImpl = new AuthenticatedUserImpl(user, new UserCredentialImpl(this.upcm.getPasswordCredential(user)));
            }
            return authenticatedUserImpl;
        } catch (SecurityException e) {
            if (e.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]")) {
                throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
            }
            throw e;
        }
    }

    private User getUser(String str) throws SecurityException {
        if (this.synchronizer != null) {
            this.synchronizer.synchronizeUserPrincipal(str, false);
        }
        return this.manager.getUser(str);
    }

    private boolean authenticateUser(String str, String str2) throws SecurityException {
        try {
            Hashtable hashtable = (Hashtable) this.context.getCtx().getEnvironment().clone();
            String lookupByUid = lookupByUid(str);
            if (lookupByUid == null) {
                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
            }
            if (!StringUtils.isEmpty(this.context.getRootContext()) && DnUtils.encodeDn(lookupByUid).indexOf(DnUtils.encodeDn(this.context.getRootContext())) < 0) {
                lookupByUid = lookupByUid + "," + DnUtils.encodeDn(this.context.getRootContext());
            }
            hashtable.put("java.naming.security.principal", lookupByUid);
            hashtable.put("java.naming.security.credentials", str2);
            new InitialContext(hashtable);
            return true;
        } catch (NamingException e) {
            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", e.getMessage()));
        } catch (AuthenticationException e2) {
            throw new SecurityException((Throwable) e2);
        }
    }

    public String lookupByUid(String str) throws SecurityException {
        try {
            return getFirstDnForUid(searchByWildcardedUid(str, setSearchControls()));
        } catch (NamingException e) {
            throw new SecurityException((Throwable) e);
        }
    }

    protected SearchControls setSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(true);
        return searchControls;
    }

    protected NamingEnumeration searchByWildcardedUid(String str, SearchControls searchControls) throws NamingException {
        String str2;
        if (StringUtils.isEmpty(getSearchSuffix())) {
            str2 = DefaultExpressionEngine.DEFAULT_INDEX_START + this.context.getEntryPrefix() + "=" + (StringUtils.isEmpty(str) ? "*" : str) + DefaultExpressionEngine.DEFAULT_INDEX_END;
        } else {
            str2 = "(&(" + this.context.getEntryPrefix() + "=" + (StringUtils.isEmpty(str) ? "*" : str) + DefaultExpressionEngine.DEFAULT_INDEX_END + getSearchSuffix() + DefaultExpressionEngine.DEFAULT_INDEX_END;
        }
        searchControls.setSearchScope(Integer.parseInt(this.context.getMemberShipSearchScope()));
        return this.context.getCtx().search(getSearchDomain(), str2, searchControls);
    }

    private String getFirstDnForUid(NamingEnumeration namingEnumeration) throws NamingException {
        String str = null;
        while (null != namingEnumeration && namingEnumeration.hasMore()) {
            str = ((SearchResult) namingEnumeration.next()).getName();
            String searchDomain = getSearchDomain();
            if (searchDomain.length() > 0) {
                str = str + "," + StringUtils.replace(searchDomain, "," + this.context.getRootContext(), "");
            }
        }
        return str;
    }

    private String getSearchSuffix() {
        return this.context.getUserFilter();
    }

    private String getSearchDomain() {
        StringBuffer stringBuffer = new StringBuffer();
        if (!StringUtils.isEmpty(this.context.getUserSearchBase())) {
            stringBuffer.append(this.context.getUserSearchBase());
        }
        if (stringBuffer.length() == 0 && !StringUtils.isEmpty(this.context.getRootContext())) {
            stringBuffer.append(this.context.getRootContext());
        }
        return stringBuffer.toString();
    }
}
