package org.apache.catalina.realm;

import java.io.IOException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.util.Base64;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;

/* loaded from: input_file:WEB-INF/lib/catalina-6.0.16.jar:org/apache/catalina/realm/JNDIRealm.class */
public class JNDIRealm extends RealmBase {
    public static final String DEREF_ALIASES = "java.naming.ldap.derefAliases";
    protected static final String info = "org.apache.catalina.realm.JNDIRealm/1.0";
    protected static final String name = "JNDIRealm";
    protected String alternateURL;
    protected String authentication = null;
    protected String connectionName = null;
    protected String connectionPassword = null;
    protected String connectionURL = null;
    protected DirContext context = null;
    protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    protected String derefAliases = null;
    protected String protocol = null;
    protected String referrals = null;
    protected String userBase = "";
    protected String userSearch = null;
    protected MessageFormat userSearchFormat = null;
    protected boolean userSubtree = false;
    protected String userPassword = null;
    protected String[] userPatternArray = null;
    protected String userPattern = null;
    protected MessageFormat[] userPatternFormatArray = null;
    protected String roleBase = "";
    protected MessageFormat roleFormat = null;
    protected String userRoleName = null;
    protected String roleName = null;
    protected String roleSearch = null;
    protected boolean roleSubtree = false;
    protected int connectionAttempt = 0;
    protected int curUserPattern = 0;

    public String getAuthentication() {
        return this.authentication;
    }

    public void setAuthentication(String str) {
        this.authentication = str;
    }

    public String getConnectionName() {
        return this.connectionName;
    }

    public void setConnectionName(String str) {
        this.connectionName = str;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public void setConnectionPassword(String str) {
        this.connectionPassword = str;
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public void setConnectionURL(String str) {
        this.connectionURL = str;
    }

    public String getContextFactory() {
        return this.contextFactory;
    }

    public void setContextFactory(String str) {
        this.contextFactory = str;
    }

    public String getDerefAliases() {
        return this.derefAliases;
    }

    public void setDerefAliases(String str) {
        this.derefAliases = str;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public void setProtocol(String str) {
        this.protocol = str;
    }

    public String getReferrals() {
        return this.referrals;
    }

    public void setReferrals(String str) {
        this.referrals = str;
    }

    public String getUserBase() {
        return this.userBase;
    }

    public void setUserBase(String str) {
        this.userBase = str;
    }

    public String getUserSearch() {
        return this.userSearch;
    }

    public void setUserSearch(String str) {
        this.userSearch = str;
        if (str == null) {
            this.userSearchFormat = null;
        } else {
            this.userSearchFormat = new MessageFormat(str);
        }
    }

    public boolean getUserSubtree() {
        return this.userSubtree;
    }

    public void setUserSubtree(boolean z) {
        this.userSubtree = z;
    }

    public String getUserRoleName() {
        return this.userRoleName;
    }

    public void setUserRoleName(String str) {
        this.userRoleName = str;
    }

    public String getRoleBase() {
        return this.roleBase;
    }

    public void setRoleBase(String str) {
        this.roleBase = str;
    }

    public String getRoleName() {
        return this.roleName;
    }

    public void setRoleName(String str) {
        this.roleName = str;
    }

    public String getRoleSearch() {
        return this.roleSearch;
    }

    public void setRoleSearch(String str) {
        this.roleSearch = str;
        if (str == null) {
            this.roleFormat = null;
        } else {
            this.roleFormat = new MessageFormat(str);
        }
    }

    public boolean getRoleSubtree() {
        return this.roleSubtree;
    }

    public void setRoleSubtree(boolean z) {
        this.roleSubtree = z;
    }

    public String getUserPassword() {
        return this.userPassword;
    }

    public void setUserPassword(String str) {
        this.userPassword = str;
    }

    public String getUserPattern() {
        return this.userPattern;
    }

    public void setUserPattern(String str) {
        this.userPattern = str;
        if (str == null) {
            this.userPatternArray = null;
            return;
        }
        this.userPatternArray = parseUserPatternString(str);
        int length = this.userPatternArray.length;
        this.userPatternFormatArray = new MessageFormat[length];
        for (int i = 0; i < length; i++) {
            this.userPatternFormatArray[i] = new MessageFormat(this.userPatternArray[i]);
        }
    }

    public String getAlternateURL() {
        return this.alternateURL;
    }

    public void setAlternateURL(String str) {
        this.alternateURL = str;
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        Principal authenticate;
        DirContext dirContext = null;
        try {
            dirContext = open();
            try {
                try {
                    authenticate = authenticate(dirContext, str, str2);
                } catch (CommunicationException e) {
                    this.containerLog.warn(sm.getString("jndiRealm.exception"), e);
                    if (dirContext != null) {
                        close(dirContext);
                    }
                    dirContext = open();
                    authenticate = authenticate(dirContext, str, str2);
                }
            } catch (ServiceUnavailableException e2) {
                this.containerLog.warn(sm.getString("jndiRealm.exception"), e2);
                if (dirContext != null) {
                    close(dirContext);
                }
                dirContext = open();
                authenticate = authenticate(dirContext, str, str2);
            } catch (NullPointerException e3) {
                this.containerLog.warn(sm.getString("jndiRealm.exception"), e3);
                if (dirContext != null) {
                    close(dirContext);
                }
                dirContext = open();
                authenticate = authenticate(dirContext, str, str2);
            }
            release(dirContext);
            return authenticate;
        } catch (NamingException e4) {
            this.containerLog.error(sm.getString("jndiRealm.exception"), e4);
            if (dirContext == null) {
                return null;
            }
            close(dirContext);
            return null;
        }
    }

    public synchronized Principal authenticate(DirContext dirContext, String str, String str2) throws NamingException {
        if (str == null || str.equals("") || str2 == null || str2.equals("")) {
            return null;
        }
        if (this.userPatternArray == null) {
            User user = getUser(dirContext, str);
            if (user != null && checkCredentials(dirContext, user, str2)) {
                return new GenericPrincipal(this, str, str2, getRoles(dirContext, user));
            }
            return null;
        }
        this.curUserPattern = 0;
        while (this.curUserPattern < this.userPatternFormatArray.length) {
            User user2 = getUser(dirContext, str);
            if (user2 != null) {
                try {
                    if (checkCredentials(dirContext, user2, str2)) {
                        return new GenericPrincipal(this, str, str2, getRoles(dirContext, user2));
                    }
                    continue;
                } catch (InvalidNameException e) {
                    this.containerLog.warn(sm.getString("jndiRealm.exception"), e);
                }
            }
            this.curUserPattern++;
        }
        return null;
    }

    protected User getUser(DirContext dirContext, String str) throws NamingException {
        ArrayList arrayList = new ArrayList();
        if (this.userPassword != null) {
            arrayList.add(this.userPassword);
        }
        if (this.userRoleName != null) {
            arrayList.add(this.userRoleName);
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        return this.userPatternFormatArray != null ? getUserByPattern(dirContext, str, strArr) : getUserBySearch(dirContext, str, strArr);
    }

    protected User getUserByPattern(DirContext dirContext, String str, String[] strArr) throws NamingException {
        if (str == null || this.userPatternFormatArray[this.curUserPattern] == null) {
            return null;
        }
        String format = this.userPatternFormatArray[this.curUserPattern].format(new String[]{str});
        try {
            Attributes attributes = dirContext.getAttributes(format, strArr);
            if (attributes == null) {
                return null;
            }
            String str2 = null;
            if (this.userPassword != null) {
                str2 = getAttributeValue(this.userPassword, attributes);
            }
            ArrayList<String> arrayList = null;
            if (this.userRoleName != null) {
                arrayList = addAttributeValues(this.userRoleName, attributes, null);
            }
            return new User(str, format, str2, arrayList);
        } catch (NameNotFoundException e) {
            return null;
        }
    }

    protected User getUserBySearch(DirContext dirContext, String str, String[] strArr) throws NamingException {
        if (str == null || this.userSearchFormat == null) {
            return null;
        }
        String format = this.userSearchFormat.format(new String[]{str});
        SearchControls searchControls = new SearchControls();
        if (this.userSubtree) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        if (strArr == null) {
            strArr = new String[0];
        }
        searchControls.setReturningAttributes(strArr);
        NamingEnumeration search = dirContext.search(this.userBase, format, searchControls);
        if (search == null || !search.hasMore()) {
            return null;
        }
        SearchResult searchResult = (SearchResult) search.next();
        if (search.hasMore()) {
            if (!this.containerLog.isInfoEnabled()) {
                return null;
            }
            this.containerLog.info("username " + str + " has multiple entries");
            return null;
        }
        NameParser nameParser = dirContext.getNameParser("");
        String obj = nameParser.parse(dirContext.getNameInNamespace()).addAll(nameParser.parse(this.userBase)).addAll(nameParser.parse(new CompositeName(searchResult.getName()).get(0))).toString();
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  entry found for " + str + " with dn " + obj);
        }
        Attributes attributes = searchResult.getAttributes();
        if (attributes == null) {
            return null;
        }
        String str2 = null;
        if (this.userPassword != null) {
            str2 = getAttributeValue(this.userPassword, attributes);
        }
        ArrayList<String> arrayList = null;
        if (this.userRoleName != null) {
            arrayList = addAttributeValues(this.userRoleName, attributes, null);
        }
        return new User(str, obj, str2, arrayList);
    }

    protected boolean checkCredentials(DirContext dirContext, User user, String str) throws NamingException {
        boolean bindAsUser = this.userPassword == null ? bindAsUser(dirContext, user, str) : compareCredentials(dirContext, user, str);
        if (this.containerLog.isTraceEnabled()) {
            if (bindAsUser) {
                this.containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", user.username));
            } else {
                this.containerLog.trace(sm.getString("jndiRealm.authenticateFailure", user.username));
            }
        }
        return bindAsUser;
    }

    protected boolean compareCredentials(DirContext dirContext, User user, String str) throws NamingException {
        String str2;
        boolean equals;
        if (user == null || str == null || (str2 = user.password) == null) {
            return false;
        }
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  validating credentials");
        }
        if (!hasMessageDigest()) {
            equals = digest(str).equals(str2);
        } else if (str2.startsWith("{SHA}")) {
            synchronized (this) {
                String substring = str2.substring(5);
                this.md.reset();
                this.md.update(str.getBytes());
                equals = substring.equals(new String(Base64.encode(this.md.digest())));
            }
        } else if (str2.startsWith("{SSHA}")) {
            synchronized (this) {
                String substring2 = str2.substring(6);
                this.md.reset();
                this.md.update(str.getBytes());
                ByteChunk byteChunk = new ByteChunk(substring2.length());
                try {
                    byteChunk.append(substring2.getBytes(), 0, substring2.length());
                } catch (IOException e) {
                    this.containerLog.error("Could not append password bytes to chunk: ", e);
                }
                CharChunk charChunk = new CharChunk();
                Base64.decode(byteChunk, charChunk);
                char[] buffer = charChunk.getBuffer();
                byte[] bArr = new byte[20];
                for (int i = 0; i < bArr.length; i++) {
                    bArr[i] = (byte) buffer[i];
                }
                byte[] bArr2 = new byte[buffer.length - 20];
                for (int i2 = 0; i2 < bArr2.length; i2++) {
                    bArr2[i2] = (byte) buffer[i2 + 20];
                }
                this.md.update(bArr2);
                equals = Arrays.equals(this.md.digest(), bArr);
            }
        } else {
            equals = digest(str).equalsIgnoreCase(str2);
        }
        return equals;
    }

    protected boolean bindAsUser(DirContext dirContext, User user, String str) throws NamingException {
        String str2;
        if (str == null || user == null || (str2 = user.dn) == null) {
            return false;
        }
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  validating credentials by binding as the user");
        }
        dirContext.addToEnvironment("java.naming.security.principal", str2);
        dirContext.addToEnvironment("java.naming.security.credentials", str);
        boolean z = false;
        try {
            if (this.containerLog.isTraceEnabled()) {
                this.containerLog.trace("  binding as " + str2);
            }
            dirContext.getAttributes("", (String[]) null);
            z = true;
        } catch (AuthenticationException e) {
            if (this.containerLog.isTraceEnabled()) {
                this.containerLog.trace("  bind attempt failed");
            }
        }
        if (this.connectionName != null) {
            dirContext.addToEnvironment("java.naming.security.principal", this.connectionName);
        } else {
            dirContext.removeFromEnvironment("java.naming.security.principal");
        }
        if (this.connectionPassword != null) {
            dirContext.addToEnvironment("java.naming.security.credentials", this.connectionPassword);
        } else {
            dirContext.removeFromEnvironment("java.naming.security.credentials");
        }
        return z;
    }

    protected List<String> getRoles(DirContext dirContext, User user) throws NamingException {
        if (user == null) {
            return null;
        }
        String str = user.dn;
        String str2 = user.username;
        if (str == null || str2 == null) {
            return null;
        }
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  getRoles(" + str + ")");
        }
        ArrayList<String> arrayList = user.roles;
        if (arrayList == null) {
            arrayList = new ArrayList<>();
        }
        if (this.roleFormat == null || this.roleName == null) {
            return arrayList;
        }
        String format = this.roleFormat.format(new String[]{doRFC2254Encoding(str), str2});
        SearchControls searchControls = new SearchControls();
        if (this.roleSubtree) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        searchControls.setReturningAttributes(new String[]{this.roleName});
        NamingEnumeration search = dirContext.search(this.roleBase, format, searchControls);
        if (search == null) {
            return arrayList;
        }
        while (search.hasMore()) {
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (attributes != null) {
                arrayList = addAttributeValues(this.roleName, attributes, arrayList);
            }
        }
        if (this.containerLog.isTraceEnabled()) {
            if (arrayList != null) {
                this.containerLog.trace("  Returning " + arrayList.size() + " roles");
                for (int i = 0; i < arrayList.size(); i++) {
                    this.containerLog.trace("  Found role " + arrayList.get(i));
                }
            } else {
                this.containerLog.trace("  getRoles about to return null ");
            }
        }
        return arrayList;
    }

    private String getAttributeValue(String str, Attributes attributes) throws NamingException {
        Attribute attribute;
        Object obj;
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  retrieving attribute " + str);
        }
        if (str == null || attributes == null || (attribute = attributes.get(str)) == null || (obj = attribute.get()) == null) {
            return null;
        }
        return obj instanceof byte[] ? new String((byte[]) obj) : obj.toString();
    }

    private ArrayList<String> addAttributeValues(String str, Attributes attributes, ArrayList<String> arrayList) throws NamingException {
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("  retrieving values for attribute " + str);
        }
        if (str == null || attributes == null) {
            return arrayList;
        }
        if (arrayList == null) {
            arrayList = new ArrayList<>();
        }
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return arrayList;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            arrayList.add((String) all.next());
        }
        return arrayList;
    }

    protected void close(DirContext dirContext) {
        if (dirContext == null) {
            return;
        }
        try {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("Closing directory context");
            }
            dirContext.close();
        } catch (NamingException e) {
            this.containerLog.error(sm.getString("jndiRealm.close"), e);
        }
        this.context = null;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getName() {
        return name;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getPassword(String str) {
        return null;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected Principal getPrincipal(String str) {
        Principal principal;
        DirContext dirContext = null;
        try {
            dirContext = open();
            try {
                try {
                    principal = getPrincipal(dirContext, str);
                } catch (CommunicationException e) {
                    this.containerLog.warn(sm.getString("jndiRealm.exception"), e);
                    if (dirContext != null) {
                        close(dirContext);
                    }
                    dirContext = open();
                    principal = getPrincipal(dirContext, str);
                }
            } catch (ServiceUnavailableException e2) {
                this.containerLog.warn(sm.getString("jndiRealm.exception"), e2);
                if (dirContext != null) {
                    close(dirContext);
                }
                dirContext = open();
                principal = getPrincipal(dirContext, str);
            }
            release(dirContext);
            return principal;
        } catch (NamingException e3) {
            this.containerLog.error(sm.getString("jndiRealm.exception"), e3);
            if (dirContext == null) {
                return null;
            }
            close(dirContext);
            return null;
        }
    }

    protected synchronized Principal getPrincipal(DirContext dirContext, String str) throws NamingException {
        User user = getUser(dirContext, str);
        return new GenericPrincipal(this, user.username, user.password, getRoles(dirContext, user));
    }

    protected DirContext open() throws NamingException {
        try {
            if (this.context != null) {
                return this.context;
            }
            try {
                this.context = new InitialDirContext(getDirectoryContextEnvironment());
                this.connectionAttempt = 0;
            } catch (Exception e) {
                this.connectionAttempt = 1;
                this.containerLog.warn(sm.getString("jndiRealm.exception"), e);
                this.context = new InitialDirContext(getDirectoryContextEnvironment());
                this.connectionAttempt = 0;
            }
            return this.context;
        } catch (Throwable th) {
            this.connectionAttempt = 0;
            throw th;
        }
    }

    protected Hashtable getDirectoryContextEnvironment() {
        Hashtable hashtable = new Hashtable();
        if (this.containerLog.isDebugEnabled() && this.connectionAttempt == 0) {
            this.containerLog.debug("Connecting to URL " + this.connectionURL);
        } else if (this.containerLog.isDebugEnabled() && this.connectionAttempt > 0) {
            this.containerLog.debug("Connecting to URL " + this.alternateURL);
        }
        hashtable.put("java.naming.factory.initial", this.contextFactory);
        if (this.connectionName != null) {
            hashtable.put("java.naming.security.principal", this.connectionName);
        }
        if (this.connectionPassword != null) {
            hashtable.put("java.naming.security.credentials", this.connectionPassword);
        }
        if (this.connectionURL != null && this.connectionAttempt == 0) {
            hashtable.put("java.naming.provider.url", this.connectionURL);
        } else if (this.alternateURL != null && this.connectionAttempt > 0) {
            hashtable.put("java.naming.provider.url", this.alternateURL);
        }
        if (this.authentication != null) {
            hashtable.put("java.naming.security.authentication", this.authentication);
        }
        if (this.protocol != null) {
            hashtable.put("java.naming.security.protocol", this.protocol);
        }
        if (this.referrals != null) {
            hashtable.put("java.naming.referral", this.referrals);
        }
        if (this.derefAliases != null) {
            hashtable.put(DEREF_ALIASES, this.derefAliases);
        }
        return hashtable;
    }

    protected void release(DirContext dirContext) {
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        super.start();
        try {
            open();
        } catch (NamingException e) {
            throw new LifecycleException(sm.getString("jndiRealm.open"), e);
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        super.stop();
        close(this.context);
    }

    protected String[] parseUserPatternString(String str) {
        int i;
        if (str == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        int indexOf = str.indexOf(40);
        if (indexOf == -1) {
            return new String[]{str};
        }
        while (indexOf > -1) {
            while (true) {
                if (str.charAt(indexOf + 1) == '|' || (indexOf != 0 && str.charAt(indexOf - 1) == '\\')) {
                    indexOf = str.indexOf("(", indexOf + 1);
                }
            }
            int indexOf2 = str.indexOf(")", indexOf + 1);
            while (true) {
                i = indexOf2;
                if (str.charAt(i - 1) == '\\') {
                    indexOf2 = str.indexOf(")", i + 1);
                }
            }
            arrayList.add(str.substring(indexOf + 1, i));
            indexOf = str.indexOf(40, i + 1);
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    protected String doRFC2254Encoding(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }
}
