package org.apache.activemq.jaas;

import java.io.IOException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/activemq-core-5.6-fuse-20120221.233628-36.jar:org/apache/activemq/jaas/LDAPLoginModule.class */
public class LDAPLoginModule implements LoginModule {
    private static final String INITIAL_CONTEXT_FACTORY = "initialContextFactory";
    private static final String CONNECTION_URL = "connectionURL";
    private static final String CONNECTION_USERNAME = "connectionUsername";
    private static final String CONNECTION_PASSWORD = "connectionPassword";
    private static final String CONNECTION_PROTOCOL = "connectionProtocol";
    private static final String AUTHENTICATION = "authentication";
    private static final String USER_BASE = "userBase";
    private static final String USER_SEARCH_MATCHING = "userSearchMatching";
    private static final String USER_SEARCH_SUBTREE = "userSearchSubtree";
    private static final String ROLE_BASE = "roleBase";
    private static final String ROLE_NAME = "roleName";
    private static final String ROLE_SEARCH_MATCHING = "roleSearchMatching";
    private static final String ROLE_SEARCH_SUBTREE = "roleSearchSubtree";
    private static final String USER_ROLE_NAME = "userRoleName";
    private static Logger log = LoggerFactory.getLogger(LDAPLoginModule.class);
    protected DirContext context;
    private Subject subject;
    private CallbackHandler handler;
    private LDAPLoginProperty[] config;
    private String username;
    private Set<GroupPrincipal> groups = new HashSet();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.handler = callbackHandler;
        this.config = new LDAPLoginProperty[]{new LDAPLoginProperty("initialContextFactory", (String) map2.get("initialContextFactory")), new LDAPLoginProperty("connectionURL", (String) map2.get("connectionURL")), new LDAPLoginProperty("connectionUsername", (String) map2.get("connectionUsername")), new LDAPLoginProperty("connectionPassword", (String) map2.get("connectionPassword")), new LDAPLoginProperty("connectionProtocol", (String) map2.get("connectionProtocol")), new LDAPLoginProperty("authentication", (String) map2.get("authentication")), new LDAPLoginProperty(USER_BASE, (String) map2.get(USER_BASE)), new LDAPLoginProperty(USER_SEARCH_MATCHING, (String) map2.get(USER_SEARCH_MATCHING)), new LDAPLoginProperty(USER_SEARCH_SUBTREE, (String) map2.get(USER_SEARCH_SUBTREE)), new LDAPLoginProperty(ROLE_BASE, (String) map2.get(ROLE_BASE)), new LDAPLoginProperty(ROLE_NAME, (String) map2.get(ROLE_NAME)), new LDAPLoginProperty(ROLE_SEARCH_MATCHING, (String) map2.get(ROLE_SEARCH_MATCHING)), new LDAPLoginProperty(ROLE_SEARCH_SUBTREE, (String) map2.get(ROLE_SEARCH_SUBTREE)), new LDAPLoginProperty(USER_ROLE_NAME, (String) map2.get(USER_ROLE_NAME))};
    }

    public boolean login() throws LoginException {
        NameCallback[] nameCallbackArr = {new NameCallback("User name"), new PasswordCallback("Password", false)};
        try {
            this.handler.handle(nameCallbackArr);
            this.username = nameCallbackArr[0].getName();
            if (this.username == null) {
                return false;
            }
            authenticate(this.username, ((PasswordCallback) nameCallbackArr[1]).getPassword() != null ? new String(((PasswordCallback) nameCallbackArr[1]).getPassword()) : "");
            return true;
        } catch (IOException e) {
            throw ((LoginException) new LoginException().initCause(e));
        } catch (UnsupportedCallbackException e2) {
            throw ((LoginException) new LoginException().initCause(e2));
        }
    }

    public boolean logout() throws LoginException {
        this.username = null;
        return true;
    }

    public boolean commit() throws LoginException {
        Set<Principal> principals = this.subject.getPrincipals();
        principals.add(new UserPrincipal(this.username));
        Iterator<GroupPrincipal> it = this.groups.iterator();
        while (it.hasNext()) {
            principals.add(it.next());
        }
        return true;
    }

    public boolean abort() throws LoginException {
        this.username = null;
        return true;
    }

    protected void close(DirContext dirContext) {
        try {
            dirContext.close();
        } catch (Exception e) {
            log.error(e.toString());
        }
    }

    protected boolean authenticate(String str, String str2) throws LoginException {
        if (log.isDebugEnabled()) {
            log.debug("Create the LDAP initial context.");
        }
        try {
            DirContext open = open();
            if (!isLoginPropertySet(USER_SEARCH_MATCHING)) {
                return false;
            }
            MessageFormat messageFormat = new MessageFormat(getLDAPPropertyValue(USER_SEARCH_MATCHING));
            boolean booleanValue = Boolean.valueOf(getLDAPPropertyValue(USER_SEARCH_SUBTREE)).booleanValue();
            try {
                String format = messageFormat.format(new String[]{str});
                SearchControls searchControls = new SearchControls();
                if (booleanValue) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                ArrayList arrayList = new ArrayList();
                if (isLoginPropertySet(USER_ROLE_NAME)) {
                    arrayList.add(getLDAPPropertyValue(USER_ROLE_NAME));
                }
                String[] strArr = new String[arrayList.size()];
                arrayList.toArray(strArr);
                searchControls.setReturningAttributes(strArr);
                if (log.isDebugEnabled()) {
                    log.debug("Get the user DN.");
                    log.debug("Looking for the user in LDAP with ");
                    log.debug("  base DN: " + getLDAPPropertyValue(USER_BASE));
                    log.debug("  filter: " + format);
                }
                NamingEnumeration search = open.search(getLDAPPropertyValue(USER_BASE), format, searchControls);
                if (search == null || !search.hasMore()) {
                    log.warn("User " + str + " not found in LDAP.");
                    throw new FailedLoginException("User " + str + " not found in LDAP.");
                }
                SearchResult searchResult = (SearchResult) search.next();
                if (search.hasMore()) {
                }
                NameParser nameParser = open.getNameParser("");
                String obj = nameParser.parse(open.getNameInNamespace()).addAll(nameParser.parse(getLDAPPropertyValue(USER_BASE))).addAll(nameParser.parse(searchResult.getName())).toString();
                Attributes attributes = searchResult.getAttributes();
                if (attributes == null) {
                    throw new FailedLoginException("User found, but LDAP entry malformed: " + str);
                }
                List<String> addAttributeValues = isLoginPropertySet(USER_ROLE_NAME) ? addAttributeValues(getLDAPPropertyValue(USER_ROLE_NAME), attributes, null) : null;
                if (!bindUser(open, obj, str2)) {
                    throw new FailedLoginException("Password does not match for user: " + str);
                }
                List<String> roles = getRoles(open, obj, str, addAttributeValues);
                if (log.isDebugEnabled()) {
                    log.debug("Roles " + roles + " for user " + str);
                }
                for (int i = 0; i < roles.size(); i++) {
                    this.groups.add(new GroupPrincipal(roles.get(i)));
                }
                return true;
            } catch (CommunicationException e) {
                FailedLoginException failedLoginException = new FailedLoginException("Error contacting LDAP");
                failedLoginException.initCause(e);
                throw failedLoginException;
            } catch (NamingException e2) {
                if (open != null) {
                    close(open);
                }
                FailedLoginException failedLoginException2 = new FailedLoginException("Error contacting LDAP");
                failedLoginException2.initCause(e2);
                throw failedLoginException2;
            }
        } catch (NamingException e3) {
            FailedLoginException failedLoginException3 = new FailedLoginException("Error opening LDAP connection");
            failedLoginException3.initCause(e3);
            throw failedLoginException3;
        }
    }

    protected List<String> getRoles(DirContext dirContext, String str, String str2, List<String> list) throws NamingException {
        List<String> list2 = list;
        MessageFormat messageFormat = new MessageFormat(getLDAPPropertyValue(ROLE_SEARCH_MATCHING));
        boolean booleanValue = Boolean.valueOf(getLDAPPropertyValue(ROLE_SEARCH_SUBTREE)).booleanValue();
        if (list2 == null) {
            list2 = new ArrayList();
        }
        if (!isLoginPropertySet(ROLE_NAME)) {
            return list2;
        }
        String format = messageFormat.format(new String[]{doRFC2254Encoding(str), str2});
        SearchControls searchControls = new SearchControls();
        if (booleanValue) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        if (log.isDebugEnabled()) {
            log.debug("Get user roles.");
            log.debug("Looking for the user roles in LDAP with ");
            log.debug("  base DN: " + getLDAPPropertyValue(ROLE_BASE));
            log.debug("  filter: " + format);
        }
        NamingEnumeration search = dirContext.search(getLDAPPropertyValue(ROLE_BASE), format, searchControls);
        while (search.hasMore()) {
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (attributes != null) {
                list2 = addAttributeValues(getLDAPPropertyValue(ROLE_NAME), attributes, list2);
            }
        }
        return list2;
    }

    protected String doRFC2254Encoding(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    protected boolean bindUser(DirContext dirContext, String str, String str2) throws NamingException {
        boolean z;
        if (log.isDebugEnabled()) {
            log.debug("Binding the user.");
        }
        dirContext.addToEnvironment("java.naming.security.principal", str);
        dirContext.addToEnvironment("java.naming.security.credentials", str2);
        try {
            dirContext.getAttributes("", (String[]) null);
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("User " + str + " successfully bound.");
            }
        } catch (AuthenticationException e) {
            z = false;
            if (log.isDebugEnabled()) {
                log.debug("Authentication failed for dn=" + str);
            }
        }
        if (isLoginPropertySet("connectionUsername")) {
            dirContext.addToEnvironment("java.naming.security.principal", getLDAPPropertyValue("connectionUsername"));
        } else {
            dirContext.removeFromEnvironment("java.naming.security.principal");
        }
        if (isLoginPropertySet("connectionPassword")) {
            dirContext.addToEnvironment("java.naming.security.credentials", getLDAPPropertyValue("connectionPassword"));
        } else {
            dirContext.removeFromEnvironment("java.naming.security.credentials");
        }
        return z;
    }

    private List<String> addAttributeValues(String str, Attributes attributes, List<String> list) throws NamingException {
        if (str == null || attributes == null) {
            return list;
        }
        if (list == null) {
            list = new ArrayList();
        }
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return list;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            list.add((String) all.next());
        }
        return list;
    }

    protected DirContext open() throws NamingException {
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", getLDAPPropertyValue("initialContextFactory"));
            if (isLoginPropertySet("connectionUsername")) {
                hashtable.put("java.naming.security.principal", getLDAPPropertyValue("connectionUsername"));
            }
            if (isLoginPropertySet("connectionPassword")) {
                hashtable.put("java.naming.security.credentials", getLDAPPropertyValue("connectionPassword"));
            }
            hashtable.put("java.naming.security.protocol", getLDAPPropertyValue("connectionProtocol"));
            hashtable.put("java.naming.provider.url", getLDAPPropertyValue("connectionURL"));
            hashtable.put("java.naming.security.authentication", getLDAPPropertyValue("authentication"));
            this.context = new InitialDirContext(hashtable);
            return this.context;
        } catch (NamingException e) {
            log.error(e.toString());
            throw e;
        }
    }

    private String getLDAPPropertyValue(String str) {
        for (int i = 0; i < this.config.length; i++) {
            if (this.config[i].getPropertyName() == str) {
                return this.config[i].getPropertyValue();
            }
        }
        return null;
    }

    private boolean isLoginPropertySet(String str) {
        for (int i = 0; i < this.config.length; i++) {
            if (this.config[i].getPropertyName() == str && this.config[i].getPropertyValue() != null) {
                return true;
            }
        }
        return false;
    }
}
