package org.ow2.jonas.security.internal.realm.factory;

import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.objectweb.util.monolog.api.BasicLevel;
import org.ow2.jonas.security.internal.realm.lib.HashHelper;
import org.ow2.jonas.security.internal.realm.principal.LDAPUser;
import org.ow2.jonas.security.realm.factory.JResourceException;
import org.ow2.jonas.security.realm.principal.JUser;

/* loaded from: input_file:org/ow2/jonas/security/internal/realm/factory/JResourceLDAP.class */
public class JResourceLDAP extends AbstractJResource {
    private static final String FACTORY_TYPE = "org.ow2.jonas.security.realm.factory.JResourceLDAP";
    private static final String FACTORY_NAME = "org.ow2.jonas.security.realm.factory.JResourceLDAPFactory";
    private static final String BIND_AUTHENTICATION_MODE = "bind";
    private static final String COMPARE_AUTHENTICATION_MODE = "compare";
    private static final String ROLEDN_EMPTY = "EMPTY";
    private String initialContextFactory = null;
    private String providerUrl = null;
    private String securityAuthentication = null;
    private String securityPrincipal = null;
    private String securityCredentials = null;
    private String securityProtocol = null;
    private String language = null;
    private String referral = null;
    private String stateFactories = null;
    private String authenticationMode = null;
    private String userPasswordAttribute = null;
    private String userRolesAttribute = null;
    private String roleNameAttribute = null;
    private String baseDN = null;
    private String userDN = null;
    private String userSearchFilter = null;
    private String roleDN = null;
    private String roleSearchFilter = null;
    private String algorithm = null;

    public JUser findUser(String str) throws JResourceException {
        String readValueFromAttribute;
        if (str == null) {
            return null;
        }
        LDAPUser lDAPUser = new LDAPUser();
        lDAPUser.setName(str);
        try {
            DirContext dirContext = getDirContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(this.authenticationMode.equals(COMPARE_AUTHENTICATION_MODE) ? new String[]{this.userPasswordAttribute, this.userRolesAttribute} : new String[0]);
            searchControls.setSearchScope(2);
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "userDN = '" + this.userDN + "'");
                getLogger().log(BasicLevel.DEBUG, "baseDN = '" + this.baseDN + "'");
            }
            String format = MessageFormat.format((this.userDN == null || this.userDN.equals("")) ? this.baseDN : this.userDN.concat(",").concat(this.baseDN), str);
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "lookupUserDN = '" + format + "'");
            }
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "search : lookupUserDN = '" + format + "', searchFilter = '" + this.userSearchFilter + "', username = '" + str + "'");
            }
            NamingEnumeration search = dirContext.search(format, this.userSearchFilter, new Object[]{str}, searchControls);
            if (search == null || !search.hasMore()) {
                if (!getLogger().isLoggable(BasicLevel.DEBUG)) {
                    return null;
                }
                if (search == null) {
                    getLogger().log(BasicLevel.DEBUG, "answer is null");
                    return null;
                }
                getLogger().log(BasicLevel.DEBUG, "no anwser");
                return null;
            }
            SearchResult searchResult = (SearchResult) search.next();
            if (search.hasMore()) {
                return null;
            }
            NameParser nameParser = dirContext.getNameParser("");
            Name addAll = nameParser.parse(dirContext.getNameInNamespace()).addAll(nameParser.parse(format)).addAll(nameParser.parse(searchResult.getName()));
            lDAPUser.setDN(addAll.toString());
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "DN found : '" + addAll + "'");
            }
            Attributes attributes = searchResult.getAttributes();
            if (attributes == null) {
                if (!getLogger().isLoggable(BasicLevel.DEBUG)) {
                    return null;
                }
                getLogger().log(BasicLevel.DEBUG, "No user attributes found");
                return null;
            }
            if (this.authenticationMode.equals(COMPARE_AUTHENTICATION_MODE) && (readValueFromAttribute = readValueFromAttribute(this.userPasswordAttribute, attributes)) != null) {
                lDAPUser.setPassword(readValueFromAttribute);
            }
            lDAPUser.setRoles(readValuesFromAttribute(this.userRolesAttribute, attributes));
            return lDAPUser;
        } catch (NamingException e) {
            throw new JResourceException("Could not find user :" + e.getMessage());
        }
    }

    public boolean isValidUser(JUser jUser, String str) {
        if (str == null || jUser == null) {
            return false;
        }
        if (this.authenticationMode.equals(COMPARE_AUTHENTICATION_MODE)) {
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "Compare mode");
            }
            return isValidUserCompare(jUser, str);
        }
        if (this.authenticationMode.equals(BIND_AUTHENTICATION_MODE)) {
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "Bind mode");
            }
            return isValidUserBind(jUser, str);
        }
        if (!getLogger().isLoggable(BasicLevel.DEBUG)) {
            return false;
        }
        getLogger().log(BasicLevel.DEBUG, "No authentication mode found, return false");
        return false;
    }

    public boolean isValidUserBind(JUser jUser, String str) {
        if (!(jUser instanceof LDAPUser)) {
            if (!getLogger().isLoggable(BasicLevel.DEBUG)) {
                return false;
            }
            getLogger().log(BasicLevel.DEBUG, "Not instance of LDAPUser");
            return false;
        }
        String dn = ((LDAPUser) jUser).getDN();
        if (dn == null) {
            if (!getLogger().isLoggable(BasicLevel.DEBUG)) {
                return false;
            }
            getLogger().log(BasicLevel.DEBUG, "No DN found in User");
            return false;
        }
        Hashtable envInitialDirContext = getEnvInitialDirContext();
        envInitialDirContext.put("java.naming.security.principal", dn);
        envInitialDirContext.put("java.naming.security.credentials", str);
        boolean z = false;
        try {
            z = true;
            new InitialDirContext(envInitialDirContext).close();
        } catch (AuthenticationException e) {
            getLogger().log(BasicLevel.ERROR, "Can't make an initial dir context : " + e.getMessage());
        } catch (NamingException e2) {
            getLogger().log(BasicLevel.ERROR, "Naming exception " + e2.getMessage());
        }
        return z;
    }

    public boolean isValidUserCompare(JUser jUser, String str) {
        boolean z = false;
        if (jUser != null && jUser.getHashPassword() == null) {
            getLogger().log(BasicLevel.ERROR, ("No password for the user so it cannot perform a check. Check that you are using the correct mode ('compare' or 'bind').") + " By using compare mode, the anonymous user cannot retrieved password in many cases.");
            return false;
        }
        String password = jUser.getHashPassword().getPassword();
        String algorithm = jUser.getHashPassword().getAlgorithm();
        if (algorithm != null && password != null) {
            try {
                z = HashHelper.hashPassword(str, algorithm).equalsIgnoreCase(password);
            } catch (NoSuchAlgorithmException e) {
                getLogger().log(BasicLevel.ERROR, "Can't make a password with the algorithm " + algorithm + ". " + e.getMessage());
            }
        } else if (this.algorithm == null || this.algorithm.equals("")) {
            z = str.equals(password);
        } else {
            try {
                z = HashHelper.hashPassword(str, this.algorithm).equalsIgnoreCase(password);
            } catch (NoSuchAlgorithmException e2) {
                getLogger().log(BasicLevel.ERROR, "Can't make a password with the algorithm " + this.algorithm + ". " + e2.getMessage());
            }
        }
        return z;
    }

    public ArrayList getArrayListCombinedRoles(JUser jUser) throws JResourceException {
        ArrayList arrayList = new ArrayList();
        if (jUser == null) {
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "User is empty, return empty array of roles");
            }
            return arrayList;
        }
        for (String str : jUser.getArrayRoles()) {
            if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        if (!(jUser instanceof LDAPUser)) {
            return arrayList;
        }
        String dn = ((LDAPUser) jUser).getDN();
        if (dn == null) {
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "DN of user is empty, return empty array of roles");
            }
            return arrayList;
        }
        try {
            DirContext dirContext = getDirContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.roleNameAttribute});
            searchControls.setSearchScope(2);
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "roleDN = '" + this.roleDN + "'");
                getLogger().log(BasicLevel.DEBUG, "baseDN = '" + this.baseDN + "'");
            }
            String concat = (this.roleDN == null || this.roleDN.equals("")) ? this.baseDN : ROLEDN_EMPTY.equals(this.roleDN) ? "" : this.roleDN.concat(",").concat(this.baseDN);
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                getLogger().log(BasicLevel.DEBUG, "search with lookupRoleDN = '" + concat + "', rolesearchFilter = '" + this.roleSearchFilter + "', dn = '" + dn + "'");
            }
            NamingEnumeration search = dirContext.search(concat, this.roleSearchFilter, new Object[]{dn}, searchControls);
            if (search == null) {
                if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                    getLogger().log(BasicLevel.DEBUG, "answer is null");
                }
                return arrayList;
            }
            Vector vector = new Vector();
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                if (attributes != null) {
                    addValueFromAttributeToVector(this.roleNameAttribute, attributes, vector);
                }
            }
            Enumeration elements = vector.elements();
            while (elements.hasMoreElements()) {
                String str2 = (String) elements.nextElement();
                if (!arrayList.contains(str2)) {
                    arrayList.add(str2);
                }
            }
            jUser.setCombinedRoles(arrayList);
            if (getLogger().isLoggable(BasicLevel.DEBUG)) {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                    stringBuffer.append(",");
                }
                getLogger().log(BasicLevel.DEBUG, "Roles are : " + ((Object) stringBuffer) + " for user '" + jUser.getName() + "'");
            }
            return arrayList;
        } catch (NamingException e) {
            throw new JResourceException("Could not find roles from the user :" + e.getMessage());
        }
    }

    public String toXML() {
        StringBuffer stringBuffer = new StringBuffer("    <ldaprealm name=\"");
        stringBuffer.append(getName());
        stringBuffer.append("\"\n               baseDN=\"");
        if (this.baseDN != null) {
            stringBuffer.append(this.baseDN);
        }
        if (this.initialContextFactory != null && !this.initialContextFactory.equals("")) {
            stringBuffer.append("\"\n               initialContextFactory=\"");
            stringBuffer.append(this.initialContextFactory);
        }
        if (this.providerUrl != null && !this.providerUrl.equals("")) {
            stringBuffer.append("\"\n               providerUrl=\"");
            stringBuffer.append(this.providerUrl);
        }
        if (this.securityAuthentication != null && !this.securityAuthentication.equals("")) {
            stringBuffer.append("\"\n               securityAuthentication=\"");
            stringBuffer.append(this.securityAuthentication);
        }
        if (this.securityPrincipal != null && !this.securityPrincipal.equals("")) {
            stringBuffer.append("\"\n               securityPrincipal=\"");
            stringBuffer.append(this.securityPrincipal);
        }
        if (this.securityCredentials != null && !this.securityCredentials.equals("")) {
            stringBuffer.append("\"\n               securityCredentials=\"");
            stringBuffer.append(this.securityCredentials);
        }
        if (this.authenticationMode != null && !this.authenticationMode.equals("")) {
            stringBuffer.append("\"\n               authenticationMode=\"");
            stringBuffer.append(this.authenticationMode);
        }
        if (this.userPasswordAttribute != null && !this.userPasswordAttribute.equals("")) {
            stringBuffer.append("\"\n               userPasswordAttribute=\"");
            stringBuffer.append(this.userPasswordAttribute);
        }
        if (this.userRolesAttribute != null && !this.userRolesAttribute.equals("")) {
            stringBuffer.append("\"\n               userRolesAttribute=\"");
            stringBuffer.append(this.userRolesAttribute);
        }
        if (this.roleNameAttribute != null && !this.roleNameAttribute.equals("")) {
            stringBuffer.append("\"\n               roleNameAttribute=\"");
            stringBuffer.append(this.roleNameAttribute);
        }
        if (this.userDN != null && !this.userDN.equals("")) {
            stringBuffer.append("\"\n               userDN=\"");
            stringBuffer.append(this.userDN);
        }
        if (this.userSearchFilter != null && !this.userSearchFilter.equals("")) {
            stringBuffer.append("\"\n               userSearchFilter=\"");
            stringBuffer.append(this.userSearchFilter);
        }
        if (this.roleDN != null && !this.roleDN.equals("")) {
            stringBuffer.append("\"\n               roleDN=\"");
            stringBuffer.append(this.roleDN);
        }
        if (this.roleSearchFilter != null && !this.roleSearchFilter.equals("")) {
            stringBuffer.append("\"\n               roleSearchFilter=\"");
            stringBuffer.append(this.roleSearchFilter);
        }
        if (this.securityProtocol != null && !this.securityProtocol.equals("")) {
            stringBuffer.append("\"\n               securityProtocol=\"");
            stringBuffer.append(this.securityProtocol);
        }
        if (this.language != null && !this.language.equals("")) {
            stringBuffer.append("\"\n               language=\"");
            stringBuffer.append(this.language);
        }
        if (this.referral != null && !this.referral.equals("")) {
            stringBuffer.append("\"\n               referral=\"");
            stringBuffer.append(this.referral);
        }
        if (this.stateFactories != null && !this.stateFactories.equals("")) {
            stringBuffer.append("\"\n               stateFactories=\"");
            stringBuffer.append(this.stateFactories);
        }
        if (this.algorithm != null && !this.algorithm.equals("")) {
            stringBuffer.append("\"\n               algorithm=\"");
            stringBuffer.append(this.algorithm);
        }
        stringBuffer.append("\" />");
        return stringBuffer.toString();
    }

    public String toString() {
        return toXML();
    }

    public Reference getReference() throws NamingException {
        Reference reference = new Reference(FACTORY_TYPE, FACTORY_NAME, (String) null);
        reference.add(new StringRefAddr("name", getName()));
        reference.add(new StringRefAddr("initialContextFactory", getInitialContextFactory()));
        reference.add(new StringRefAddr("providerUrl", getProviderUrl()));
        reference.add(new StringRefAddr("securityAuthentication", getSecurityAuthentication()));
        reference.add(new StringRefAddr("securityPrincipal", getSecurityPrincipal()));
        reference.add(new StringRefAddr("securityCredentials", getSecurityCredentials()));
        reference.add(new StringRefAddr("securityProtocol", getSecurityProtocol()));
        reference.add(new StringRefAddr("language", getLanguage()));
        reference.add(new StringRefAddr("referral", getReferral()));
        reference.add(new StringRefAddr("stateFactories", getStateFactories()));
        reference.add(new StringRefAddr("authenticationMode", getAuthenticationMode()));
        reference.add(new StringRefAddr("userPasswordAttribute", getUserPasswordAttribute()));
        reference.add(new StringRefAddr("userRolesAttribute", getUserRolesAttribute()));
        reference.add(new StringRefAddr("roleNameAttribute", getRoleNameAttribute()));
        reference.add(new StringRefAddr("baseDN", getBaseDN()));
        reference.add(new StringRefAddr("userDN", getUserDN()));
        reference.add(new StringRefAddr("userSearchFilter", getUserSearchFilter()));
        reference.add(new StringRefAddr("roleDN", getRoleDN()));
        reference.add(new StringRefAddr("roleSearchFilter", getRoleSearchFilter()));
        reference.add(new StringRefAddr("algorithm", this.algorithm));
        return reference;
    }

    public void setInitialContextFactory(String str) {
        this.initialContextFactory = str;
    }

    public void setProviderUrl(String str) {
        this.providerUrl = str;
    }

    public void setSecurityAuthentication(String str) {
        this.securityAuthentication = str;
    }

    public void setSecurityPrincipal(String str) {
        this.securityPrincipal = str;
    }

    public void setSecurityCredentials(String str) {
        this.securityCredentials = str;
    }

    public void setSecurityProtocol(String str) {
        this.securityProtocol = str;
    }

    public void setLanguage(String str) {
        this.language = str;
    }

    public void setReferral(String str) {
        this.referral = str;
    }

    public void setStateFactories(String str) {
        this.stateFactories = str;
    }

    public void setAuthenticationMode(String str) {
        this.authenticationMode = str;
    }

    public void setUserPasswordAttribute(String str) {
        this.userPasswordAttribute = str;
    }

    public void setUserRolesAttribute(String str) {
        this.userRolesAttribute = str;
    }

    public void setRoleNameAttribute(String str) {
        this.roleNameAttribute = str;
    }

    public void setBaseDN(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        this.baseDN = str;
    }

    public void setUserDN(String str) {
        if (str == null || str.equals("")) {
            return;
        }
        this.userDN = str;
    }

    public void setUserSearchFilter(String str) {
        this.userSearchFilter = str;
    }

    public void setRoleDN(String str) {
        this.roleDN = str;
    }

    public void setRoleSearchFilter(String str) {
        this.roleSearchFilter = str;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public String getInitialContextFactory() {
        return this.initialContextFactory;
    }

    public String getProviderUrl() {
        return this.providerUrl;
    }

    public String getSecurityAuthentication() {
        return this.securityAuthentication;
    }

    public String getSecurityPrincipal() {
        return this.securityPrincipal;
    }

    public String getSecurityCredentials() {
        return this.securityCredentials;
    }

    public String getSecurityProtocol() {
        return this.securityProtocol;
    }

    public String getLanguage() {
        return this.language;
    }

    public String getReferral() {
        return this.referral;
    }

    public String getStateFactories() {
        return this.stateFactories;
    }

    public String getAuthenticationMode() {
        return this.authenticationMode;
    }

    public String getUserPasswordAttribute() {
        return this.userPasswordAttribute;
    }

    public String getUserRolesAttribute() {
        return this.userRolesAttribute;
    }

    public String getRoleNameAttribute() {
        return this.roleNameAttribute;
    }

    public String getBaseDN() {
        return this.baseDN;
    }

    public String getUserDN() {
        return this.userDN;
    }

    public String getUserSearchFilter() {
        return this.userSearchFilter;
    }

    public String getRoleDN() {
        return this.roleDN;
    }

    public String getRoleSearchFilter() {
        return this.roleSearchFilter;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    protected DirContext getDirContext() throws NamingException {
        return new InitialDirContext(getEnvInitialDirContext());
    }

    private Hashtable getEnvInitialDirContext() {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.initialContextFactory);
        hashtable.put("java.naming.provider.url", this.providerUrl);
        hashtable.put("java.naming.security.authentication", this.securityAuthentication);
        if (this.securityPrincipal != null && !this.securityPrincipal.equals("")) {
            hashtable.put("java.naming.security.principal", this.securityPrincipal);
        }
        if (this.securityCredentials != null && !this.securityCredentials.equals("")) {
            hashtable.put("java.naming.security.credentials", this.securityCredentials);
        }
        if (this.language != null && !this.language.equals("")) {
            hashtable.put("java.naming.language", this.language);
        }
        if (this.referral != null && !this.referral.equals("")) {
            hashtable.put("java.naming.referral", this.referral);
        }
        if (this.securityProtocol != null && !this.securityProtocol.equals("")) {
            hashtable.put("java.naming.security.protocol", this.securityProtocol);
        }
        if (this.stateFactories != null && !this.stateFactories.equals("")) {
            hashtable.put("java.naming.factory.state", this.stateFactories);
        }
        return hashtable;
    }

    private String readValueFromAttribute(String str, Attributes attributes) throws NamingException {
        Attribute attribute;
        if (attributes == null || str == null || (attribute = attributes.get(str)) == null) {
            return null;
        }
        Object obj = attribute.get();
        return obj instanceof byte[] ? new String((byte[]) obj) : obj.toString();
    }

    private String readValuesFromAttribute(String str, Attributes attributes) throws NamingException {
        Attribute attribute;
        if (attributes == null || str == null || (attribute = attributes.get(str)) == null) {
            return null;
        }
        String str2 = null;
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            String str3 = (String) all.next();
            str2 = str2 == null ? str3 : str2 + "," + str3;
        }
        return str2;
    }

    private void addValueFromAttributeToVector(String str, Attributes attributes, Vector vector) throws NamingException {
        Attribute attribute;
        if (attributes == null || str == null || (attribute = attributes.get(str)) == null) {
            return;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            vector.add(all.next());
        }
    }

    public void removeMBeans() throws JResourceException {
    }
}
