package org.rhq.enterprise.server.core.jaas;

import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
import javax.naming.CompositeName;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import org.rhq.core.util.obfuscation.Obfuscator;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.rest.reporting.CsvWriter;
import org.rhq.enterprise.server.util.LookupUtil;
import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory;

/* loaded from: input_file:org/rhq/enterprise/server/core/jaas/LdapLoginModule.class */
public class LdapLoginModule extends UsernamePasswordLoginModule {
    private Log log = LogFactory.getLog(LdapLoginModule.class);
    LdapGroupManagerLocal ldapManager = LookupUtil.getLdapGroupManager();
    private static final String BASEDN_DELIMITER = ";";

    protected String getUsersPassword() throws LoginException {
        return "";
    }

    protected Group[] getRoleSets() throws LoginException {
        return new Group[]{new SimpleGroup("Roles")};
    }

    protected boolean validatePassword(String str, String str2) {
        String str3;
        Properties properties = getProperties();
        String str4 = (String) this.options.get("BaseDN");
        if (str4 == null) {
            this.log.info("BaseDN is not set, refusing login");
            return false;
        }
        if (str == null || str.equals("")) {
            this.log.debug("Empty password, refusing login");
            return false;
        }
        String str5 = (String) this.options.get("LoginProperty");
        if (str5 == null) {
            str5 = "cn";
        }
        String str6 = (String) this.options.get("Filter");
        String username = getUsername();
        String str7 = (String) this.options.get("BindDN");
        String str8 = (String) this.options.get("BindPW");
        try {
            str8 = Obfuscator.decode(str8);
        } catch (Exception e) {
            this.log.debug("Failed to decode bindPW, validating using undecoded value [" + str8 + "]", e);
        }
        if (str7 != null) {
            properties.setProperty("java.naming.security.principal", str7);
            properties.setProperty("java.naming.security.credentials", str8);
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
            SearchControls searchControls = getSearchControls();
            String str9 = (str6 == null || str6.length() == 0) ? "(" + str5 + "=" + username + ")" : "(&(" + str5 + "=" + username + ")(" + str6 + "))";
            this.log.debug("Using LDAP filter=" + str9);
            String[] split = str4.split(BASEDN_DELIMITER);
            for (int i = 0; i < split.length; i++) {
                NamingEnumeration search = initialLdapContext.search(split[i], str9, searchControls);
                if (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    try {
                        str3 = searchResult.getNameInNamespace();
                    } catch (UnsupportedOperationException e2) {
                        str3 = new CompositeName(searchResult.getName()).get(0);
                        if (searchResult.isRelative()) {
                            str3 = str3 + CsvWriter.DELIMITER + split[i];
                        }
                    }
                    this.log.debug("Using LDAP userDN=" + str3);
                    initialLdapContext.addToEnvironment("java.naming.security.principal", str3);
                    initialLdapContext.addToEnvironment("java.naming.security.credentials", str);
                    initialLdapContext.addToEnvironment("java.naming.security.authentication", "simple");
                    initialLdapContext.reconnect((Control[]) null);
                    return true;
                }
                this.log.debug("User " + username + " not found for BaseDN " + split[i]);
            }
            return false;
        } catch (Exception e3) {
            this.log.info("Failed to validate password for [" + username + "]: " + e3.getMessage());
            return false;
        }
    }

    private Properties getProperties() {
        Properties properties = new Properties();
        for (Map.Entry entry : this.options.entrySet()) {
            if (entry.getKey() != null && entry.getValue() != null) {
                properties.put(entry.getKey(), entry.getValue());
            }
        }
        if (properties.getProperty("java.naming.factory.initial") == null) {
            properties.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        String property = properties.getProperty("java.naming.security.protocol");
        if (RHQConstants.LDAP_PROTOCOL_SECURED.equals(property)) {
            if (properties.getProperty("java.naming.ldap.factory.socket") == null) {
                properties.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName());
            }
            properties.put("java.naming.security.protocol", RHQConstants.LDAP_PROTOCOL_SECURED);
        }
        String property2 = properties.getProperty("java.naming.provider.url");
        if (property2 == null) {
            property2 = "ldap://localhost:" + ((property == null || !property.equals(RHQConstants.LDAP_PROTOCOL_SECURED)) ? "389" : "636");
        }
        properties.setProperty("java.naming.provider.url", property2);
        properties.setProperty("java.naming.referral", "follow".equals(properties.getProperty("java.naming.referral", "ignore")) ? "follow" : "ignore");
        return properties;
    }

    private SearchControls getSearchControls() {
        return new SearchControls(2, 0L, 0, (String[]) null, false, false);
    }
}
