package org.wildfly.security.auth.provider.ldap;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.x500.X500Principal;
import org.fusesource.jansi.AnsiRenderer;
import org.jboss.modules.xml.XmlPullParser;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.spi.AuthenticatedRealmIdentity;
import org.wildfly.security.auth.spi.CredentialSupport;
import org.wildfly.security.auth.spi.RealmIdentity;
import org.wildfly.security.auth.spi.SecurityRealm;
import org.wildfly.security.auth.util.NameRewriter;
import org.wildfly.security.password.Password;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm.class */
public class LdapSecurityRealm implements SecurityRealm {
    private final DirContextFactory dirContextFactory;
    private final List<NameRewriter> nameRewriters;
    private final PrincipalMapping principalMapping;
    private final Collection<CredentialLoader> credentialLoaders;

    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$LdapRealmIdentity.class */
    private class LdapRealmIdentity implements RealmIdentity {
        private boolean loadedNames;
        private String simpleName;
        private String distinguishedName;
        private Principal principal;
        static final /* synthetic */ boolean $assertionsDisabled;

        private LdapRealmIdentity(String str, String str2) {
            this.loadedNames = false;
            this.simpleName = str;
            this.distinguishedName = str2;
        }

        private LdapRealmIdentity(Principal principal) {
            this.loadedNames = false;
            if (!$assertionsDisabled && !(principal instanceof NamePrincipal) && !(principal instanceof X500Principal)) {
                throw new AssertionError();
            }
            if (!(principal instanceof NamePrincipal)) {
                this.distinguishedName = principal.getName();
            } else if (LdapSecurityRealm.this.principalMapping.principalUseDn) {
                this.distinguishedName = principal.getName();
            } else {
                this.simpleName = principal.getName();
            }
            this.principal = principal;
        }

        private void loadNames() {
            if (this.loadedNames) {
                return;
            }
            try {
                NamePair loadNamePair = LdapSecurityRealm.this.loadNamePair(this.simpleName, this.distinguishedName);
                this.loadedNames = true;
                this.simpleName = loadNamePair.simpleName;
                this.distinguishedName = loadNamePair.distinguishedName;
            } catch (NamingException e) {
            }
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public Principal getPrincipal() {
            if (this.principal == null) {
                loadNames();
                if (this.loadedNames) {
                    if (LdapSecurityRealm.this.principalMapping.principalUseDn) {
                        try {
                            this.principal = new X500Principal(this.distinguishedName);
                        } catch (IllegalArgumentException e) {
                            this.principal = new NamePrincipal(this.distinguishedName);
                        }
                    } else {
                        this.principal = new NamePrincipal(this.simpleName);
                    }
                }
            }
            return this.principal;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public CredentialSupport getCredentialSupport(Class<?> cls) {
            if (LdapSecurityRealm.this.getCredentialSupport(cls) == CredentialSupport.UNSUPPORTED) {
                return CredentialSupport.UNSUPPORTED;
            }
            CredentialSupport credentialSupport = null;
            loadNames();
            for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                if (credentialLoader.getCredentialSupport(LdapSecurityRealm.this.dirContextFactory, cls).mayBeObtainable()) {
                    CredentialSupport credentialSupport2 = credentialLoader.forIdentity(LdapSecurityRealm.this.dirContextFactory, this.distinguishedName).getCredentialSupport(cls);
                    if (credentialSupport2 != null && credentialSupport2.isDefinitelyObtainable()) {
                        return credentialSupport2;
                    }
                    if (credentialSupport == null || credentialSupport.compareTo(credentialSupport2) < 0) {
                        credentialSupport = credentialSupport2;
                    }
                }
            }
            return credentialSupport == null ? CredentialSupport.UNSUPPORTED : credentialSupport;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public <C> C getCredential(Class<C> cls) {
            C c;
            if (LdapSecurityRealm.this.getCredentialSupport(cls) == CredentialSupport.UNSUPPORTED) {
                return null;
            }
            loadNames();
            for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                if (credentialLoader.getCredentialSupport(LdapSecurityRealm.this.dirContextFactory, cls).mayBeObtainable() && (c = (C) credentialLoader.forIdentity(LdapSecurityRealm.this.dirContextFactory, this.distinguishedName).getCredential(cls)) != null) {
                    return c;
                }
            }
            return null;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public void dispose() {
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public AuthenticatedRealmIdentity getAuthenticatedRealmIdentity() {
            return new AuthenticatedRealmIdentity() { // from class: org.wildfly.security.auth.provider.ldap.LdapSecurityRealm.LdapRealmIdentity.1
                @Override // org.wildfly.security.auth.spi.AuthenticatedRealmIdentity
                public Principal getPrincipal() {
                    return LdapRealmIdentity.this.principal;
                }

                @Override // org.wildfly.security.auth.spi.AuthenticatedRealmIdentity
                public void dispose() {
                }
            };
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public boolean verifyCredential(Object obj) {
            return false;
        }

        static {
            $assertionsDisabled = !LdapSecurityRealm.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$NamePair.class */
    public class NamePair {
        private final String simpleName;
        private final String distinguishedName;

        public NamePair(String str, String str2) {
            this.simpleName = str;
            this.distinguishedName = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/ldap/LdapSecurityRealm$PrincipalMapping.class */
    public static class PrincipalMapping {
        private final String searchDn;
        private final boolean recursive;
        private final boolean nameIsDn;
        private final boolean principalUseDn;
        private final String nameAttribute;
        private final String dnAttribute;
        private final boolean validatePresence;
        private final boolean reloadPrincipalName;

        public PrincipalMapping(String str, boolean z, boolean z2, boolean z3, String str2, String str3, boolean z4, boolean z5) {
            this.searchDn = str;
            this.recursive = z;
            this.nameIsDn = z2;
            this.principalUseDn = z3;
            this.nameAttribute = str2;
            this.dnAttribute = str3;
            this.validatePresence = z4;
            this.reloadPrincipalName = z5;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapSecurityRealm(DirContextFactory dirContextFactory, List<NameRewriter> list, PrincipalMapping principalMapping, Collection<CredentialLoader> collection) {
        this.dirContextFactory = dirContextFactory;
        this.nameRewriters = list;
        this.principalMapping = principalMapping;
        this.credentialLoaders = collection;
    }

    @Override // org.wildfly.security.auth.spi.SecurityRealm
    public RealmIdentity createRealmIdentity(String str) {
        Iterator<NameRewriter> it = this.nameRewriters.iterator();
        while (it.hasNext()) {
            str = it.next().rewriteName(str);
        }
        return this.principalMapping.nameIsDn ? new LdapRealmIdentity(null, str) : new LdapRealmIdentity(str, null);
    }

    @Override // org.wildfly.security.auth.spi.SecurityRealm
    public RealmIdentity createRealmIdentity(Principal principal) {
        if ((principal instanceof NamePrincipal) || (principal instanceof X500Principal)) {
            return new LdapRealmIdentity(principal);
        }
        return null;
    }

    @Override // org.wildfly.security.auth.spi.SecurityRealm
    public CredentialSupport getCredentialSupport(Class<?> cls) {
        CredentialSupport credentialSupport = CredentialSupport.UNSUPPORTED;
        if (!Password.class.isAssignableFrom(cls)) {
            return credentialSupport;
        }
        Iterator<CredentialLoader> it = this.credentialLoaders.iterator();
        while (it.hasNext()) {
            CredentialSupport credentialSupport2 = it.next().getCredentialSupport(this.dirContextFactory, cls);
            if (credentialSupport2.isDefinitelyObtainable()) {
                return credentialSupport2;
            }
            if (credentialSupport.compareTo(credentialSupport2) < 0) {
                credentialSupport = credentialSupport2;
            }
        }
        return credentialSupport;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NamePair loadNamePair(String str, String str2) throws NamingException {
        Attribute attribute;
        Attribute attribute2;
        Attribute attribute3;
        Attribute attribute4;
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            if (!this.principalMapping.nameIsDn) {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.principalMapping.recursive ? 2 : 1);
                searchControls.setTimeLimit(10000);
                dirContext = this.dirContextFactory.obtainDirContext(null);
                ArrayList arrayList = new ArrayList(2);
                if (this.principalMapping.reloadPrincipalName) {
                    arrayList.add(this.principalMapping.nameAttribute);
                }
                if (this.principalMapping.dnAttribute != null) {
                    arrayList.add(this.principalMapping.dnAttribute);
                }
                if (arrayList.size() > 0) {
                    searchControls.setReturningAttributes((String[]) arrayList.toArray(new String[arrayList.size()]));
                }
                namingEnumeration = dirContext.search(this.principalMapping.searchDn, String.format("(%s={0})", this.principalMapping.nameAttribute), new Object[]{str}, searchControls);
                if (!namingEnumeration.hasMore()) {
                    throw new NamingException("Search returned no results.");
                }
                SearchResult searchResult = (SearchResult) namingEnumeration.next();
                if (namingEnumeration.hasMore()) {
                    throw new NamingException("Search returned too many results.");
                }
                Attributes attributes = searchResult.getAttributes();
                if (this.principalMapping.dnAttribute != null && (attribute2 = attributes.get(this.principalMapping.dnAttribute)) != null) {
                    str2 = (String) attribute2.get();
                }
                if (str2 == null) {
                    str2 = searchResult.getName() + (XmlPullParser.NO_NAMESPACE.equals(this.principalMapping.searchDn) ? XmlPullParser.NO_NAMESPACE : AnsiRenderer.CODE_LIST_SEPARATOR + this.principalMapping.searchDn);
                }
                if (this.principalMapping.reloadPrincipalName && (attribute = attributes.get(this.principalMapping.nameAttribute)) != null) {
                    str = (String) attribute.get();
                }
            } else if (!this.principalMapping.principalUseDn || (this.principalMapping.principalUseDn && (this.principalMapping.reloadPrincipalName || this.principalMapping.validatePresence))) {
                dirContext = this.dirContextFactory.obtainDirContext(null);
                ArrayList arrayList2 = new ArrayList(2);
                if (this.principalMapping.reloadPrincipalName) {
                    arrayList2.add(this.principalMapping.dnAttribute);
                }
                if (this.principalMapping.nameAttribute != null) {
                    arrayList2.add(this.principalMapping.nameAttribute);
                }
                Attributes attributes2 = dirContext.getAttributes(str2, (String[]) arrayList2.toArray(new String[arrayList2.size()]));
                if (this.principalMapping.nameAttribute != null && (attribute4 = attributes2.get(this.principalMapping.nameAttribute)) != null) {
                    str = (String) attribute4.get();
                }
                if (this.principalMapping.reloadPrincipalName && (attribute3 = attributes2.get(this.principalMapping.dnAttribute)) != null) {
                    str2 = (String) attribute3.get();
                }
            }
            NamePair namePair = new NamePair(str, str2);
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            if (dirContext != null) {
                this.dirContextFactory.returnContext(dirContext);
            }
            return namePair;
        } catch (Throwable th) {
            if (0 != 0) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                this.dirContextFactory.returnContext(null);
            }
            throw th;
        }
    }
}
