package org.apache.karaf.jaas.modules.ldap;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/karaf/jaas/org.apache.karaf.jaas.modules/2.4.0.redhat-630472/org.apache.karaf.jaas.modules-2.4.0.redhat-630472.jar:org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.class */
public class LDAPLoginModule extends AbstractKarafLoginModule {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) LDAPLoginModule.class);

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map2);
    }

    public boolean login() throws LoginException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            boolean doLogin = doLogin();
            ManagedSSLSocketFactory.setSocketFactory(null);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            return doLogin;
        } catch (Throwable th) {
            ManagedSSLSocketFactory.setSocketFactory(null);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    protected boolean doLogin() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("Username: "), new PasswordCallback("Password: ", false)};
        try {
            this.callbackHandler.handle(nameCallbackArr);
            this.user = doRFC2254Encoding(nameCallbackArr[0].getName());
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            LDAPOptions lDAPOptions = new LDAPOptions(this.options);
            String authentication = lDAPOptions.getAuthentication();
            if ("none".equals(authentication) && (this.user != null || password != null)) {
                logger.debug("Changing from authentication = none to simple since user or password was specified.");
                authentication = LDAPOptions.DEFAULT_AUTHENTICATION;
                HashMap hashMap = new HashMap(this.options);
                hashMap.put(LDAPOptions.AUTHENTICATION, authentication);
                lDAPOptions = new LDAPOptions(hashMap);
            }
            boolean allowEmptyPasswords = lDAPOptions.getAllowEmptyPasswords();
            if (!"none".equals(authentication) && !allowEmptyPasswords && (password == null || password.length == 0)) {
                throw new LoginException("Empty passwords not allowed");
            }
            if (password == null) {
                password = new char[0];
            }
            String str = new String(password);
            this.principals = new HashSet();
            LDAPCache cache = LDAPCache.getCache(lDAPOptions);
            try {
                logger.debug("Get the user DN.");
                String[] userDnAndNamespace = cache.getUserDnAndNamespace(this.user);
                if (userDnAndNamespace == null) {
                    return false;
                }
                DirContext dirContext = null;
                try {
                    try {
                        logger.debug("Bind user (authentication).");
                        Hashtable<String, Object> env = lDAPOptions.getEnv();
                        env.put("java.naming.security.authentication", authentication);
                        logger.debug("Set the security principal for " + userDnAndNamespace[0] + "," + lDAPOptions.getUserBaseDn());
                        env.put("java.naming.security.principal", userDnAndNamespace[0] + "," + lDAPOptions.getUserBaseDn());
                        env.put("java.naming.security.credentials", str);
                        logger.debug("Binding the user.");
                        dirContext = new InitialDirContext(env);
                        logger.debug("User " + this.user + " successfully bound.");
                        dirContext.close();
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (Exception e) {
                            }
                        }
                        this.principals.add(new UserPrincipal(this.user));
                        try {
                            for (String str2 : cache.getUserRoles(this.user, userDnAndNamespace[0], userDnAndNamespace[1])) {
                                this.principals.add(new RolePrincipal(str2));
                            }
                            return true;
                        } catch (Exception e2) {
                            throw new LoginException("Can't get user " + this.user + " roles: " + e2.getMessage());
                        }
                    } catch (Exception e3) {
                        logger.warn("User " + this.user + " authentication failed.", (Throwable) e3);
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (Exception e4) {
                            }
                        }
                        return false;
                    }
                } catch (Throwable th) {
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (Exception e5) {
                        }
                    }
                    throw th;
                }
            } catch (Exception e6) {
                logger.warn("Can't connect to the LDAP server: {}", e6.getMessage(), e6);
                throw new LoginException("Can't connect to the LDAP server: " + e6.getMessage());
            }
        } catch (IOException e7) {
            throw new LoginException(e7.getMessage());
        } catch (UnsupportedCallbackException e8) {
            throw new LoginException(e8.getMessage() + " not available to obtain information from user.");
        }
    }

    protected String doRFC2254Encoding(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        return true;
    }
}
