package org.josso.gateway.identity.service.store.ldap;

import java.lang.reflect.Array;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.Credential;
import org.josso.auth.CredentialKey;
import org.josso.gateway.SSONameValuePair;
import org.josso.gateway.identity.exceptions.NoSuchUserException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.identity.service.BaseRole;
import org.josso.gateway.identity.service.BaseRoleImpl;
import org.josso.gateway.identity.service.BaseUser;
import org.josso.gateway.identity.service.BaseUserImpl;
import org.josso.gateway.identity.service.store.AbstractStore;
import org.josso.gateway.identity.service.store.SimpleUserKey;
import org.josso.gateway.identity.service.store.UserKey;

/* loaded from: input_file:org/josso/gateway/identity/service/store/ldap/LDAPIdentityStore.class */
public class LDAPIdentityStore extends AbstractStore {
    private static final Log logger;
    private static final String USERPASSWORD_SCHEME_MD5 = "{md5}";
    private static final String USERPASSWORD_SCHEME_CRYPT = "{crypt}";
    private static final String USERPASSWORD_SCHEME_SHA = "{sha}";
    private String _initialContextFactory;
    private String _providerUrl;
    private String _securityAuthentication;
    private String _rolesCtxDN;
    private String _uidAttributeID;
    private String _roleAttributeID;
    private String _securityProtocol;
    private String _securityPrincipal;
    private String _securityCredential;
    private String _principalUidAttributeID;
    private String _usersCtxDN;
    private String _credentialQueryString;
    private String _userPropertiesQueryString;
    private String _ldapSearchScope;
    static Class class$org$josso$gateway$identity$service$store$ldap$LDAPIdentityStore;

    @Override // org.josso.gateway.identity.service.store.IdentityStore
    public BaseUser loadUser(UserKey userKey) throws NoSuchUserException, SSOIdentityException {
        try {
            if (!(userKey instanceof SimpleUserKey)) {
                throw new SSOIdentityException(new StringBuffer().append("Unsupported key type : ").append(userKey.getClass().getName()).toString());
            }
            String selectUser = selectUser(((SimpleUserKey) userKey).getId());
            BaseUserImpl baseUserImpl = new BaseUserImpl();
            baseUserImpl.setName(selectUser);
            ArrayList arrayList = new ArrayList();
            if (getUserPropertiesQueryString() != null) {
                HashMap selectUserProperties = selectUserProperties(((SimpleUserKey) userKey).getId());
                for (String str : selectUserProperties.keySet()) {
                    arrayList.add(new SSONameValuePair(str, (String) selectUserProperties.get(str)));
                }
            }
            arrayList.add(new SSONameValuePair("josso.user.dn", selectUserDN(((SimpleUserKey) userKey).getId())));
            baseUserImpl.setProperties((SSONameValuePair[]) arrayList.toArray(new SSONameValuePair[arrayList.size()]));
            return baseUserImpl;
        } catch (NamingException e) {
            logger.error("NamingException while obtaining user", e);
            throw new SSOIdentityException(new StringBuffer().append("Error obtaining user : ").append(userKey).toString());
        }
    }

    @Override // org.josso.gateway.identity.service.store.IdentityStore
    public BaseRole[] findRolesByUserKey(UserKey userKey) throws SSOIdentityException {
        try {
            if (!(userKey instanceof SimpleUserKey)) {
                throw new SSOIdentityException(new StringBuffer().append("Unsupported key type : ").append(userKey.getClass().getName()).toString());
            }
            String[] selectRolesByUsername = selectRolesByUsername(((SimpleUserKey) userKey).getId());
            ArrayList arrayList = new ArrayList();
            for (String str : selectRolesByUsername) {
                BaseRoleImpl baseRoleImpl = new BaseRoleImpl();
                baseRoleImpl.setName(str);
                arrayList.add(baseRoleImpl);
            }
            return (BaseRole[]) arrayList.toArray(new BaseRole[arrayList.size()]);
        } catch (NamingException e) {
            logger.error("NamingException while obtaining roles", e);
            throw new SSOIdentityException(new StringBuffer().append("Error obtaining roles for user : ").append(userKey).toString());
        }
    }

    @Override // org.josso.auth.CredentialStore
    public Credential[] loadCredentials(CredentialKey credentialKey) throws SSOIdentityException {
        try {
            if (!(credentialKey instanceof CredentialKey)) {
                throw new SSOIdentityException(new StringBuffer().append("Unsupported key type : ").append(credentialKey.getClass().getName()).toString());
            }
            ArrayList arrayList = new ArrayList();
            HashMap selectCredentials = selectCredentials(((SimpleUserKey) credentialKey).getId());
            for (String str : selectCredentials.keySet()) {
                arrayList.add(getAuthenticationScheme().newCredential(str, selectCredentials.get(str)));
            }
            return (Credential[]) arrayList.toArray(new Credential[selectCredentials.size()]);
        } catch (NamingException e) {
            logger.error("NamingException while obtaining Credentials", e);
            throw new SSOIdentityException(new StringBuffer().append("Error obtaining credentials for user : ").append(credentialKey).toString());
        }
    }

    protected String[] selectRolesByUsername(String str) throws NamingException {
        ArrayList arrayList = new ArrayList();
        InitialLdapContext createLdapInitialContext = createLdapInitialContext();
        String rolesCtxDN = getRolesCtxDN();
        if (rolesCtxDN != null) {
            String uidAttributeID = getUidAttributeID();
            if (uidAttributeID == null) {
                uidAttributeID = "uniquemember";
            }
            String roleAttributeID = getRoleAttributeID();
            if (roleAttributeID == null) {
                roleAttributeID = "roles";
            }
            String selectUserDN = selectUserDN(str);
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Searching Roles for user '").append(selectUserDN).append("' in Uid attribute name '").append(uidAttributeID).append("'").toString());
            }
            try {
                NamingEnumeration search = createLdapInitialContext.search(rolesCtxDN, new StringBuffer().append("(&(").append(uidAttributeID).append("=").append(selectUserDN).append("))").toString(), getSearchControls());
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(roleAttributeID);
                    for (int i = 0; i < attribute.size(); i++) {
                        String obj = attribute.get(i).toString();
                        if (obj != null) {
                            if (logger.isDebugEnabled()) {
                                logger.debug(new StringBuffer().append("Saving role '").append(obj).append("' for user '").append(str).append("'").toString());
                            }
                            arrayList.add(obj);
                        }
                    }
                }
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate roles", e);
                }
            }
        }
        createLdapInitialContext.close();
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String selectUserDN(String str) throws NamingException {
        String str2 = null;
        InitialLdapContext createLdapInitialContext = createLdapInitialContext();
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, new StringBuffer().append("(&(").append(principalUidAttributeID).append("=").append(str).append("))").toString(), getSearchControls());
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attribute attribute = searchResult.getAttributes().get(principalUidAttributeID);
                    if (attribute == null) {
                        logger.warn(new StringBuffer().append("Invalid user uid attribute '").append(principalUidAttributeID).append("'").toString());
                    } else {
                        String obj = attribute.get().toString();
                        if (obj != null) {
                            str2 = new StringBuffer().append(searchResult.getName()).append(",").append(usersCtxDN).toString();
                            if (logger.isDebugEnabled()) {
                                logger.debug(new StringBuffer().append("Found user '").append(principalUidAttributeID).append("=").append(obj).append("' for user '").append(str).append("' DN=").append(str2).toString());
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug(new StringBuffer().append("User not found for user '").append(str).append("'").toString());
                        }
                    }
                }
                createLdapInitialContext.close();
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                createLdapInitialContext.close();
            }
            return str2;
        } catch (Throwable th) {
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected String selectUser(String str) throws NamingException {
        String str2 = null;
        InitialLdapContext createLdapInitialContext = createLdapInitialContext();
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        basicAttributes.put(principalUidAttributeID, str);
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, new StringBuffer().append("(&(").append(principalUidAttributeID).append("=").append(str).append("))").toString(), getSearchControls());
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(principalUidAttributeID);
                    if (attribute == null) {
                        logger.warn(new StringBuffer().append("Invalid user uid attribute '").append(principalUidAttributeID).append("'").toString());
                    } else {
                        str2 = attribute.get().toString();
                        if (str2 != null) {
                            if (logger.isDebugEnabled()) {
                                logger.debug(new StringBuffer().append("Found user '").append(principalUidAttributeID).append("=").append(str2).append("' for user '").append(str).append("'").toString());
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug(new StringBuffer().append("User not found for user '").append(str).append("'").toString());
                        }
                    }
                }
                createLdapInitialContext.close();
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                createLdapInitialContext.close();
            }
            return str2;
        } catch (Throwable th) {
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected HashMap selectCredentials(String str) throws NamingException {
        HashMap hashMap = new HashMap();
        InitialLdapContext createLdapInitialContext = createLdapInitialContext();
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        HashMap parseQueryString = parseQueryString(getCredentialQueryString());
        Iterator it = parseQueryString.keySet().iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, new StringBuffer().append("(&(").append(principalUidAttributeID).append("=").append(str).append("))").toString(), getSearchControls());
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    for (int i = 0; i < strArr.length; i++) {
                        Object obj = attributes.get(strArr[i]).get();
                        String str2 = (String) parseQueryString.get(strArr[i]);
                        String str3 = null;
                        if (logger.isDebugEnabled()) {
                            logger.debug(new StringBuffer().append("Found user credential '").append(str2).append("' of type '").append(obj.getClass().getName()).append("").append(obj.getClass().isArray() ? new StringBuffer().append("[").append(Array.getLength(obj)).append("]").toString() : "").append("'").toString());
                        }
                        if (obj.getClass().isArray()) {
                            try {
                                byte[] bArr = (byte[]) obj;
                                ByteBuffer allocate = ByteBuffer.allocate(bArr.length);
                                allocate.put(bArr);
                                allocate.flip();
                                str3 = Charset.forName("UTF-8").newDecoder().decode(allocate).toString();
                            } catch (CharacterCodingException e) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("Can't convert credential value to String using UTF-8");
                                }
                            }
                        } else if (obj instanceof String) {
                            str3 = (String) obj;
                        }
                        if (str3 != null) {
                            str3 = getSchemeFreeValue(str3);
                            hashMap.put(str2, str3);
                        } else {
                            hashMap.put(str2, obj);
                        }
                        if (logger.isDebugEnabled()) {
                            logger.debug(new StringBuffer().append("Found user credential '").append(str2).append("' with value '").append(str3 != null ? str3 : obj).append("'").toString());
                        }
                    }
                }
                createLdapInitialContext.close();
            } catch (NamingException e2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e2);
                }
                createLdapInitialContext.close();
            }
            return hashMap;
        } catch (Throwable th) {
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected HashMap selectUserProperties(String str) throws NamingException {
        HashMap hashMap = new HashMap();
        InitialLdapContext createLdapInitialContext = createLdapInitialContext();
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        basicAttributes.put(principalUidAttributeID, str);
        HashMap parseQueryString = parseQueryString(getUserPropertiesQueryString());
        Iterator it = parseQueryString.keySet().iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, new StringBuffer().append("(&(").append(principalUidAttributeID).append("=").append(str).append("))").toString(), getSearchControls());
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    for (int i = 0; i < strArr.length; i++) {
                        if (attributes.get(strArr[i]) == null) {
                            logger.warn(new StringBuffer().append("Invalid user property attribute '").append(strArr[i]).append("'").toString());
                        } else {
                            Object obj = attributes.get(strArr[i]).get();
                            if (obj == null) {
                                logger.warn(new StringBuffer().append("Found a 'null' value for user property '").append(strArr[i]).append("'").toString());
                            } else {
                                String obj2 = obj.toString();
                                String str2 = (String) parseQueryString.get(strArr[i]);
                                hashMap.put(str2, obj2);
                                if (logger.isDebugEnabled()) {
                                    logger.debug(new StringBuffer().append("Found user property '").append(str2).append("' with value '").append(obj2).append("'").toString());
                                }
                            }
                        }
                    }
                }
                createLdapInitialContext.close();
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                createLdapInitialContext.close();
            }
            return hashMap;
        } catch (Throwable th) {
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected InitialLdapContext createLdapInitialContext() throws NamingException {
        String securityPrincipal = getSecurityPrincipal();
        if (securityPrincipal == null) {
            securityPrincipal = "";
        }
        String securityCredential = getSecurityCredential();
        if (securityCredential == null) {
            securityCredential = "";
        }
        return createLdapInitialContext(securityPrincipal, securityCredential);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InitialLdapContext createLdapInitialContext(String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", getInitialContextFactory());
        properties.setProperty("java.naming.security.authentication", getSecurityAuthentication());
        properties.setProperty("java.naming.provider.url", getProviderUrl());
        properties.setProperty("java.naming.security.protocol", getSecurityProtocol() == null ? "" : getSecurityProtocol());
        if (properties.getProperty("java.naming.factory.initial") == null) {
            properties.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (properties.getProperty("java.naming.security.authentication") == null) {
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        String property = properties.getProperty("java.naming.security.protocol");
        String providerUrl = getProviderUrl();
        if (providerUrl == null) {
            providerUrl = new StringBuffer().append("ldap://localhost:").append((property == null || !property.equals("ssl")) ? "389" : "636").toString();
        }
        properties.setProperty("java.naming.provider.url", providerUrl);
        properties.setProperty("java.naming.security.principal", str);
        properties.put("java.naming.security.credentials", str2);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Logging into LDAP server, env=").append(properties).toString());
        }
        InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Logged into LDAP server, ").append(initialLdapContext).toString());
        }
        return initialLdapContext;
    }

    protected String getSchemeFreeValue(String str) {
        String str2 = str;
        if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_CRYPT)) {
            str2 = str.substring(USERPASSWORD_SCHEME_CRYPT.length());
        } else if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_MD5)) {
            str2 = str.substring(USERPASSWORD_SCHEME_MD5.length());
        } else if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_SHA)) {
            str2 = str.substring(USERPASSWORD_SCHEME_SHA.length());
        }
        return str2;
    }

    protected HashMap parseQueryString(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        HashMap hashMap = new HashMap();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf(61);
            if (indexOf == -1) {
                throw new IllegalArgumentException();
            }
            hashMap.put(nextToken.substring(0, indexOf), nextToken.substring(indexOf + 1, nextToken.length()));
        }
        return hashMap;
    }

    protected SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope((this._ldapSearchScope == null || this._ldapSearchScope.equalsIgnoreCase("ONELEVEL")) ? 1 : 2);
        return searchControls;
    }

    public void setInitialContextFactory(String str) {
        this._initialContextFactory = str;
    }

    public String getInitialContextFactory() {
        return this._initialContextFactory;
    }

    public void setProviderUrl(String str) {
        this._providerUrl = str;
    }

    public String getProviderUrl() {
        return this._providerUrl;
    }

    public void setSecurityAuthentication(String str) {
        this._securityAuthentication = str;
    }

    public String getSecurityAuthentication() {
        return this._securityAuthentication;
    }

    public void setSecurityProtocol(String str) {
        this._securityProtocol = str;
    }

    public String getSecurityProtocol() {
        return this._securityProtocol;
    }

    public void setSecurityPrincipal(String str) {
        this._securityPrincipal = str;
    }

    public String getSecurityPrincipal() {
        return this._securityPrincipal;
    }

    public void setSecurityCredential(String str) {
        this._securityCredential = str;
    }

    protected String getSecurityCredential() {
        return this._securityCredential;
    }

    public String getLdapSearchScope() {
        return this._ldapSearchScope;
    }

    public void setLdapSearchScope(String str) {
        this._ldapSearchScope = str;
    }

    public void setUsersCtxDN(String str) {
        this._usersCtxDN = str;
    }

    public String getUsersCtxDN() {
        return this._usersCtxDN;
    }

    public void setRolesCtxDN(String str) {
        this._rolesCtxDN = str;
    }

    public String getRolesCtxDN() {
        return this._rolesCtxDN;
    }

    public void setPrincipalUidAttributeID(String str) {
        this._principalUidAttributeID = str;
    }

    public String getPrincipalUidAttributeID() {
        return this._principalUidAttributeID;
    }

    public void setUidAttributeID(String str) {
        this._uidAttributeID = str;
    }

    public String getUidAttributeID() {
        return this._uidAttributeID;
    }

    public void setRoleAttributeID(String str) {
        this._roleAttributeID = str;
    }

    public String getRoleAttributeID() {
        return this._roleAttributeID;
    }

    public void setCredentialQueryString(String str) {
        this._credentialQueryString = str;
    }

    public String getCredentialQueryString() {
        return this._credentialQueryString;
    }

    public void setUserPropertiesQueryString(String str) {
        this._userPropertiesQueryString = str;
    }

    public String getUserPropertiesQueryString() {
        return this._userPropertiesQueryString;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$josso$gateway$identity$service$store$ldap$LDAPIdentityStore == null) {
            cls = class$("org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore");
            class$org$josso$gateway$identity$service$store$ldap$LDAPIdentityStore = cls;
        } else {
            cls = class$org$josso$gateway$identity$service$store$ldap$LDAPIdentityStore;
        }
        logger = LogFactory.getLog(cls);
    }
}
