package org.jboss.security.xacml.util;

import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.juddi.v3.client.config.Property;
import org.jboss.security.xacml.jaxb.Option;
import org.picketbox.commons.cipher.PBEUtils;
import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;

/* loaded from: input_file:jboss-as-7.1.1.Final/modules/org/jboss/security/xacml/main/jbossxacml-2.0.6.Final.jar:org/jboss/security/xacml/util/LDAPCommon.class */
public class LDAPCommon {
    private static Logger log = Logger.getLogger(LDAPCommon.class.getName());
    private static final String XACML_LDAP_URL = "url";
    private String url;
    private static final String XACML_LDAP_FACTORY = "factory";
    private String factory;
    private static final String XACML_LDAP_USERNAME = "username";
    private String username;
    private static final String XACML_LDAP_PASSWORD = "password";
    private String password;
    private static final String XACML_LDAP_FILTER = "filter";
    private String filter;
    private static final String XACML_LDAP_ATTRIBUTE = "attribute";
    private String attribute;
    private static final String XACML_LDAP_SEARCH_SCOPE = "searchScope";
    private static final String XACML_LDAP_SEARCH_TIMELIMIT = "searchTimeLimit";
    private static final String XACML_LDAP_BASEDN = "baseDN";
    private String baseDN;
    private static final String XACML_LDAP_SALT = "salt";
    private String salt;
    private static final String XACML_LDAP_COUNT = "iterationCount";
    private int iterationCount;
    private static final String XACML_LDAP_PASSWORD_PREFIX = "MASK-";
    private static final String XACML_LDAP_ATTRIBUTE_SUPPORTED_ID = "attributeSupportedId";
    private String attributeSupportedId;
    private static final String XACML_LDAP_SUBSTITUTE_VALUE = "substituteValue";
    private String substituteValue;
    private static final String XACML_LDAP_VALUE_DATA_TYPE = "valueDataType";
    private String valueDataType;
    private int searchScope = 2;
    private int searchTimeLimit = 10000;
    private Properties env = new Properties();
    private InitialLdapContext ctx = null;

    /* loaded from: input_file:jboss-as-7.1.1.Final/modules/org/jboss/security/xacml/main/jbossxacml-2.0.6.Final.jar:org/jboss/security/xacml/util/LDAPCommon$TYPE.class */
    public enum TYPE {
        POLICY,
        ATTRIBUTE
    }

    public void processOptions(List<Option> list) {
        for (Option option : list) {
            processPassedOption(option.getName(), (String) option.getContent().iterator().next());
        }
        fillInMissingConfigurationWithDefaults();
    }

    public void processPassedOption(String str, String str2) {
        if (str.equals("url")) {
            this.url = str2;
            return;
        }
        if (str.equals(XACML_LDAP_FACTORY)) {
            this.factory = str2;
            return;
        }
        if (str.equals("username")) {
            this.username = str2;
            return;
        }
        if (str.equals("password")) {
            this.password = str2;
            return;
        }
        if (str.equals("filter")) {
            this.filter = str2;
            return;
        }
        if (str.equals("attribute")) {
            this.attribute = str2;
            return;
        }
        if (str.equals(XACML_LDAP_BASEDN)) {
            this.baseDN = str2;
            return;
        }
        if (str.equals(XACML_LDAP_SEARCH_TIMELIMIT)) {
            if (str2 != null) {
                try {
                    this.searchTimeLimit = Integer.parseInt(str2);
                    return;
                } catch (NumberFormatException e) {
                    log.fine("Failed to parse: " + str2 + ", using searchTimeLimit = " + this.searchTimeLimit + ". " + e.getMessage());
                    return;
                }
            }
            return;
        }
        if (str.equals(XACML_LDAP_SEARCH_SCOPE)) {
            if ("OBJECT_SCOPE".equalsIgnoreCase(str2)) {
                this.searchScope = 0;
            } else if ("ONELEVEL_SCOPE".equalsIgnoreCase(str2)) {
                this.searchScope = 1;
            }
            if ("SUBTREE_SCOPE".equalsIgnoreCase(str2)) {
                this.searchScope = 2;
                return;
            }
            return;
        }
        if (str.equals("salt")) {
            this.salt = str2;
            return;
        }
        if (str.equals("iterationCount")) {
            this.iterationCount = Integer.parseInt(str2);
            return;
        }
        if (str.equals("attributeSupportedId")) {
            this.attributeSupportedId = str2;
            return;
        }
        if (str.equals(XACML_LDAP_SUBSTITUTE_VALUE)) {
            this.substituteValue = str2;
            return;
        }
        if (str.equals(XACML_LDAP_VALUE_DATA_TYPE)) {
            this.valueDataType = str2;
        } else if (str.equals(Property.UDDI_PROXY_FACTORY_INITIAL)) {
            this.factory = str2;
        } else if (str.equals(Property.UDDI_PROXY_PROVIDER_URL)) {
            this.url = str2;
        }
    }

    public void validateConfiguration(TYPE type) {
        if (this.url == null) {
            throw new IllegalArgumentException("Option url cannot be null");
        }
        if (this.filter == null) {
            throw new IllegalArgumentException("Option filter cannot be null");
        }
        if (this.attribute == null) {
            throw new IllegalArgumentException("Option attribute cannot be null");
        }
        if (type == TYPE.ATTRIBUTE) {
            if (this.valueDataType == null) {
                throw new IllegalArgumentException("Option valueDataType cannot be null");
            }
            if (this.attributeSupportedId == null) {
                throw new IllegalArgumentException("Option attributeSupportedId cannot be null");
            }
            if (this.substituteValue == null) {
                throw new IllegalArgumentException("Option substituteValue cannot be null");
            }
        }
    }

    public String getLdapAttribute() {
        return this.attribute;
    }

    public String getDataTypeOfSubstituteValue() {
        return this.valueDataType;
    }

    public String getSubsititeValue() {
        return this.substituteValue;
    }

    public NamingEnumeration<SearchResult> search(Object[] objArr) throws NamingException {
        InitialLdapContext initialLdapContext = new InitialLdapContext(this.env, (Control[]) null);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(this.searchScope);
        searchControls.setTimeLimit(this.searchTimeLimit);
        searchControls.setReturningAttributes(new String[]{this.attribute});
        return objArr != null ? initialLdapContext.search(this.baseDN, this.filter, objArr, searchControls) : initialLdapContext.search(this.baseDN, this.filter, searchControls);
    }

    public void constructJNDIContext() throws NamingException {
        if (this.password != null && this.password.startsWith("MASK-")) {
            if (this.salt == null || this.salt.equals("") || this.salt.length() != 8) {
                throw new IllegalArgumentException("Option salt is not set correctly");
            }
            if (this.iterationCount == 0) {
                throw new IllegalArgumentException("Option iterationCount must be a positive integer");
            }
            this.password = decodePassword(this.password);
        }
        this.env.put(Property.UDDI_PROXY_FACTORY_INITIAL, this.factory);
        this.env.put(Property.UDDI_PROXY_PROVIDER_URL, this.url);
        if (this.username != null) {
            this.env.put("java.naming.security.principal", this.username);
        }
        if (this.password != null) {
            this.env.put("java.naming.security.credentials", this.password);
        }
        this.ctx = new InitialLdapContext(this.env, (Control[]) null);
    }

    public void closeJNDIContext() throws NamingException {
        if (this.ctx != null) {
            this.ctx.close();
        }
    }

    private void fillInMissingConfigurationWithDefaults() {
        if (this.factory == null) {
            this.factory = "com.sun.jndi.ldap.LdapCtxFactory";
        }
    }

    private String decodePassword(String str) {
        try {
            String substring = str.substring("MASK-".length());
            byte[] bytes = this.salt.getBytes();
            return PBEUtils.decode64(substring, PicketLinkFederationConstants.PBE_ALGORITHM, SecretKeyFactory.getInstance(PicketLinkFederationConstants.PBE_ALGORITHM).generateSecret(new PBEKeySpec("somearbitrarycrazystringthatdoesnotmatter".toCharArray())), new PBEParameterSpec(bytes, this.iterationCount));
        } catch (Exception e) {
            log.severe("Could not decode masked password. " + e.getMessage());
            throw new IllegalStateException(e);
        }
    }
}
