package org.apache.karaf.jaas.modules.ldap;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingException;
import org.apache.felix.framework.util.FelixConstants;
import org.apache.karaf.jaas.config.KeystoreManager;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/karaf/jaas/org.apache.karaf.jaas.modules/2.4.0.redhat-621117/org.apache.karaf.jaas.modules-2.4.0.redhat-621117.jar:org/apache/karaf/jaas/modules/ldap/LDAPOptions.class */
public class LDAPOptions {
    public static final String CONNECTION_URL = "connection.url";
    public static final String CONNECTION_USERNAME = "connection.username";
    public static final String CONNECTION_PASSWORD = "connection.password";
    public static final String USER_BASE_DN = "user.base.dn";
    public static final String USER_FILTER = "user.filter";
    public static final String USER_SEARCH_SUBTREE = "user.search.subtree";
    public static final String ROLE_BASE_DN = "role.base.dn";
    public static final String ROLE_FILTER = "role.filter";
    public static final String ROLE_NAME_ATTRIBUTE = "role.name.attribute";
    public static final String ROLE_SEARCH_SUBTREE = "role.search.subtree";
    public static final String ROLE_MAPPING = "role.mapping";
    public static final String AUTHENTICATION = "authentication";
    public static final String ALLOW_EMPTY_PASSWORDS = "allowEmptyPasswords";
    public static final String INITIAL_CONTEXT_FACTORY = "initial.context.factory";
    public static final String CONTEXT_PREFIX = "context.";
    public static final String SSL = "ssl";
    public static final String SSL_PROVIDER = "ssl.provider";
    public static final String SSL_PROTOCOL = "ssl.protocol";
    public static final String SSL_ALGORITHM = "ssl.algorithm";
    public static final String SSL_KEYSTORE = "ssl.keystore";
    public static final String SSL_KEYALIAS = "ssl.keyalias";
    public static final String SSL_TRUSTSTORE = "ssl.truststore";
    public static final String SSL_TIMEOUT = "ssl.timeout";
    public static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public static final String DEFAULT_AUTHENTICATION = "simple";
    public static final int DEFAULT_SSL_TIMEOUT = 10;
    private static Logger LOGGER = LoggerFactory.getLogger((Class<?>) LDAPLoginModule.class);
    private final Map<String, ?> options;

    public LDAPOptions(Map<String, ?> map) {
        this.options = new HashMap(map);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return this.options.equals(((LDAPOptions) obj).options);
    }

    public int hashCode() {
        return this.options.hashCode();
    }

    public String getUserFilter() {
        return (String) this.options.get(USER_FILTER);
    }

    public String getUserBaseDn() {
        return (String) this.options.get(USER_BASE_DN);
    }

    public boolean getUserSearchSubtree() {
        return Boolean.parseBoolean((String) this.options.get(USER_SEARCH_SUBTREE));
    }

    public String getRoleFilter() {
        return (String) this.options.get(ROLE_FILTER);
    }

    public String getRoleBaseDn() {
        return (String) this.options.get(ROLE_BASE_DN);
    }

    public boolean getRoleSearchSubtree() {
        return Boolean.parseBoolean((String) this.options.get(ROLE_SEARCH_SUBTREE));
    }

    public String getRoleNameAttribute() {
        return (String) this.options.get(ROLE_NAME_ATTRIBUTE);
    }

    public Map<String, Set<String>> getRoleMapping() {
        return parseRoleMapping((String) this.options.get(ROLE_MAPPING));
    }

    private Map<String, Set<String>> parseRoleMapping(String str) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            LOGGER.debug("Parse role mapping {}", str);
            for (String str2 : str.split(FelixConstants.PACKAGE_SEPARATOR)) {
                String[] split = str2.split(FelixConstants.ATTRIBUTE_SEPARATOR, 2);
                String trim = split[0].trim();
                String[] split2 = split[1].split(",");
                if (hashMap.get(trim) == null) {
                    hashMap.put(trim, new HashSet());
                }
                Set set = (Set) hashMap.get(trim);
                for (String str3 : split2) {
                    set.add(str3.trim());
                }
            }
        }
        return hashMap;
    }

    public Hashtable<String, Object> getEnv() throws NamingException {
        Hashtable<String, Object> hashtable = new Hashtable<>();
        for (String str : this.options.keySet()) {
            if (str.startsWith(CONTEXT_PREFIX)) {
                hashtable.put(str.substring(CONTEXT_PREFIX.length()), this.options.get(str));
            }
        }
        hashtable.put("java.naming.factory.initial", getInitialContextFactory());
        hashtable.put("java.naming.provider.url", getConnectionURL());
        if (getConnectionUsername() != null && getConnectionUsername().trim().length() > 0) {
            hashtable.put("java.naming.security.authentication", getAuthentication());
            hashtable.put("java.naming.security.principal", getConnectionUsername());
            hashtable.put("java.naming.security.credentials", getConnectionPassword());
        }
        if (getSsl()) {
            setupSsl(hashtable);
        }
        return hashtable;
    }

    protected void setupSsl(Hashtable<String, Object> hashtable) throws NamingException {
        BundleContext bundleContext = FrameworkUtil.getBundle(LDAPOptions.class).getBundleContext();
        ServiceReference<?> serviceReference = null;
        try {
            try {
                LOGGER.debug("Setting up SSL");
                hashtable.put("java.naming.security.protocol", SSL);
                hashtable.put("java.naming.ldap.factory.socket", ManagedSSLSocketFactory.class.getName());
                serviceReference = bundleContext.getServiceReference(KeystoreManager.class.getName());
                ManagedSSLSocketFactory.setSocketFactory(((KeystoreManager) bundleContext.getService(serviceReference)).createSSLFactory(getSslProvider(), getSslProtocol(), getSslAlgorithm(), getSslKeystore(), getSslKeyAlias(), getSslTrustStore(), getSslTimeout()));
                Thread.currentThread().setContextClassLoader(ManagedSSLSocketFactory.class.getClassLoader());
                bundleContext.ungetService(serviceReference);
            } catch (Exception e) {
                throw new NamingException("Unable to setup SSL support for LDAP: " + e.getMessage());
            }
        } catch (Throwable th) {
            bundleContext.ungetService(serviceReference);
            throw th;
        }
    }

    public Object getInitialContextFactory() {
        String str = (String) this.options.get(INITIAL_CONTEXT_FACTORY);
        if (str == null) {
            str = DEFAULT_INITIAL_CONTEXT_FACTORY;
        }
        return str;
    }

    public String getConnectionURL() {
        String str = (String) this.options.get(CONNECTION_URL);
        if (str == null || str.trim().length() == 0) {
            LOGGER.error("No LDAP URL specified.");
        } else if (!str.startsWith("ldap:") && !str.startsWith("ldaps:")) {
            LOGGER.error("Invalid LDAP URL: " + str);
        }
        return str;
    }

    public String getConnectionUsername() {
        return (String) this.options.get(CONNECTION_USERNAME);
    }

    public String getConnectionPassword() {
        return (String) this.options.get(CONNECTION_PASSWORD);
    }

    public String getAuthentication() {
        String str = (String) this.options.get(AUTHENTICATION);
        if (str == null) {
            str = DEFAULT_AUTHENTICATION;
        }
        return str;
    }

    public boolean getSsl() {
        Object obj = this.options.get(SSL);
        return obj instanceof Boolean ? ((Boolean) obj).booleanValue() : obj != null ? Boolean.parseBoolean(obj.toString()) : getConnectionURL().startsWith("ldaps:");
    }

    public String getSslProvider() {
        return (String) this.options.get(SSL_PROVIDER);
    }

    public String getSslProtocol() {
        return (String) this.options.get(SSL_PROTOCOL);
    }

    public String getSslAlgorithm() {
        return (String) this.options.get(SSL_ALGORITHM);
    }

    public String getSslKeystore() {
        return (String) this.options.get(SSL_KEYSTORE);
    }

    public String getSslKeyAlias() {
        return (String) this.options.get(SSL_KEYALIAS);
    }

    public String getSslTrustStore() {
        return (String) this.options.get(SSL_TRUSTSTORE);
    }

    public int getSslTimeout() {
        Object obj = this.options.get(SSL_TIMEOUT);
        if (obj instanceof Number) {
            return ((Number) obj).intValue();
        }
        if (obj != null) {
            return Integer.parseInt(obj.toString());
        }
        return 10;
    }

    public boolean getAllowEmptyPasswords() {
        return Boolean.parseBoolean((String) this.options.get(ALLOW_EMPTY_PASSWORDS));
    }
}
