package org.wildfly.security.auth.realm.ldap;

import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.net.SocketFactory;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.jboss.modules.Module;
import org.wildfly.common.array.Arrays2;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.manager.action.GetClassLoaderAction;
import org.wildfly.security.manager.action.GetModuleClassLoaderAction;
import org.wildfly.security.manager.action.SetContextClassLoaderAction;
import org.wildfly.security.password.interfaces.ClearPassword;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/wildfly-elytron-1.12.1.Final.jar:org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.class
 */
/* loaded from: input_file:BOOT-INF/lib/wildfly-elytron-realm-ldap-1.12.1.Final.jar:org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder.class */
public class SimpleDirContextFactoryBuilder {
    private static final String CONNECT_TIMEOUT = "com.sun.jndi.ldap.connect.timeout";
    private static final String READ_TIMEOUT = "com.sun.jndi.ldap.read.timeout";
    private static final String SOCKET_FACTORY = "java.naming.ldap.factory.socket";
    private static final int DEFAULT_CONNECT_TIMEOUT = 5000;
    private static final int DEFAULT_READ_TIMEOUT = 60000;
    private static final String LDAPS_SCHEME = "ldaps";
    private Properties connectionProperties;
    private Module targetModule;
    private ClassLoader targetClassLoader;
    private static final AuthenticationContextConfigurationClient authClient = (AuthenticationContextConfigurationClient) doPrivileged(AuthenticationContextConfigurationClient.ACTION);
    private boolean built = false;
    private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private String providerUrl = null;
    private String securityAuthentication = "simple";
    private String securityPrincipal = null;
    private String securityCredential = null;
    private CredentialSource credentialSource = null;
    private AuthenticationContext authenticationContext = null;
    private SocketFactory socketFactory = null;
    private int connectTimeout = 5000;
    private int readTimeout = 60000;

    /* JADX WARN: Classes with same name are omitted:
      input_file:BOOT-INF/lib/wildfly-elytron-1.12.1.Final.jar:org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder$SimpleDirContextFactory.class
     */
    /* loaded from: input_file:BOOT-INF/lib/wildfly-elytron-realm-ldap-1.12.1.Final.jar:org/wildfly/security/auth/realm/ldap/SimpleDirContextFactoryBuilder$SimpleDirContextFactory.class */
    private class SimpleDirContextFactory implements DirContextFactory {
        private SimpleDirContextFactory() {
        }

        @Override // org.wildfly.security.auth.realm.ldap.DirContextFactory
        public DirContext obtainDirContext(DirContextFactory.ReferralMode referralMode) throws NamingException {
            String str = SimpleDirContextFactoryBuilder.this.securityPrincipal;
            char[] cArr = null;
            if (SimpleDirContextFactoryBuilder.this.securityCredential != null) {
                cArr = SimpleDirContextFactoryBuilder.this.securityCredential.toCharArray();
            } else if (SimpleDirContextFactoryBuilder.this.credentialSource != null) {
                ClearPassword clearPassword = null;
                try {
                    try {
                        PasswordCredential passwordCredential = (PasswordCredential) SimpleDirContextFactoryBuilder.this.credentialSource.getCredential(PasswordCredential.class);
                        if (passwordCredential == null) {
                            throw ElytronMessages.log.couldNotObtainCredential();
                        }
                        ClearPassword clearPassword2 = (ClearPassword) passwordCredential.getPassword(ClearPassword.class);
                        if (clearPassword2 == null) {
                            throw ElytronMessages.log.couldNotObtainCredential();
                        }
                        cArr = clearPassword2.getPassword();
                        if (clearPassword2 != null) {
                            try {
                                clearPassword2.destroy();
                            } catch (DestroyFailedException e) {
                                ElytronMessages.log.credentialDestroyingFailed(e);
                            }
                        }
                    } catch (Exception e2) {
                        throw ElytronMessages.log.couldNotObtainCredentialWithCause(e2);
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            clearPassword.destroy();
                        } catch (DestroyFailedException e3) {
                            ElytronMessages.log.credentialDestroyingFailed(e3);
                            throw th;
                        }
                    }
                    throw th;
                }
            } else if (SimpleDirContextFactoryBuilder.this.authenticationContext != null) {
                ClearPassword clearPassword3 = null;
                try {
                    try {
                        AuthenticationConfiguration authenticationConfiguration = SimpleDirContextFactoryBuilder.authClient.getAuthenticationConfiguration(new URI(SimpleDirContextFactoryBuilder.this.providerUrl.split(" ")[0]), SimpleDirContextFactoryBuilder.this.authenticationContext, 0, null, null);
                        Callback nameCallback = new NameCallback("LDAP principal");
                        CredentialCallback credentialCallback = new CredentialCallback(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
                        try {
                            SimpleDirContextFactoryBuilder.authClient.getCallbackHandler(authenticationConfiguration).handle(new Callback[]{nameCallback, credentialCallback});
                            str = nameCallback.getName();
                            PasswordCredential passwordCredential2 = (PasswordCredential) credentialCallback.getCredential(PasswordCredential.class);
                            if (passwordCredential2 == null) {
                                throw ElytronMessages.log.couldNotObtainCredential();
                            }
                            ClearPassword clearPassword4 = (ClearPassword) passwordCredential2.getPassword(ClearPassword.class);
                            if (clearPassword4 == null) {
                                throw ElytronMessages.log.couldNotObtainCredential();
                            }
                            cArr = clearPassword4.getPassword();
                            if (clearPassword4 != null) {
                                try {
                                    clearPassword4.destroy();
                                } catch (DestroyFailedException e4) {
                                    ElytronMessages.log.credentialDestroyingFailed(e4);
                                }
                            }
                        } catch (Exception e5) {
                            throw ElytronMessages.log.couldNotObtainCredentialWithCause(e5);
                        }
                    } catch (Exception e6) {
                        throw ElytronMessages.log.obtainingDirContextCredentialFromAuthenticationContextFailed(e6);
                    }
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            clearPassword3.destroy();
                        } catch (DestroyFailedException e7) {
                            ElytronMessages.log.credentialDestroyingFailed(e7);
                            throw th2;
                        }
                    }
                    throw th2;
                }
            }
            return createDirContext(str, cArr, referralMode, getSocketFactory());
        }

        @Override // org.wildfly.security.auth.realm.ldap.DirContextFactory
        public DirContext obtainDirContext(CallbackHandler callbackHandler, DirContextFactory.ReferralMode referralMode) throws NamingException {
            Callback nameCallback = new NameCallback("Principal Name");
            PasswordCallback passwordCallback = new PasswordCallback("Password", false);
            try {
                callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                String name = nameCallback.getName();
                if (name == null) {
                    throw ElytronMessages.log.couldNotObtainPrincipal();
                }
                char[] password = passwordCallback.getPassword();
                if (password == null) {
                    throw ElytronMessages.log.couldNotObtainCredential();
                }
                return createDirContext(name, password, referralMode, getSocketFactory());
            } catch (Exception e) {
                throw ElytronMessages.log.couldNotObtainCredentialWithCause(e);
            }
        }

        private SocketFactory getSocketFactory() throws NamingException {
            if (SimpleDirContextFactoryBuilder.this.socketFactory != null || SimpleDirContextFactoryBuilder.this.authenticationContext == null) {
                return SimpleDirContextFactoryBuilder.this.socketFactory;
            }
            try {
                URI uri = new URI(SimpleDirContextFactoryBuilder.this.providerUrl.split(" ")[0]);
                return !uri.getScheme().equalsIgnoreCase(SimpleDirContextFactoryBuilder.LDAPS_SCHEME) ? SimpleDirContextFactoryBuilder.this.socketFactory : SimpleDirContextFactoryBuilder.authClient.getSSLContextFactory(uri, SimpleDirContextFactoryBuilder.this.authenticationContext, null, null).create().getSocketFactory();
            } catch (Exception e) {
                throw ElytronMessages.log.obtainingDirContextCredentialFromAuthenticationContextFailed(e);
            }
        }

        private DirContext createDirContext(String str, char[] cArr, DirContextFactory.ReferralMode referralMode, SocketFactory socketFactory) throws NamingException {
            ClassLoader classLoaderTo = setClassLoaderTo(SimpleDirContextFactoryBuilder.this.targetClassLoader);
            try {
                Hashtable hashtable = new Hashtable();
                hashtable.put("java.naming.factory.initial", SimpleDirContextFactoryBuilder.this.initialContextFactory);
                hashtable.put("java.naming.provider.url", SimpleDirContextFactoryBuilder.this.providerUrl);
                hashtable.put("java.naming.security.authentication", SimpleDirContextFactoryBuilder.this.securityAuthentication);
                if (str != null) {
                    hashtable.put("java.naming.security.principal", str);
                }
                if (cArr != null) {
                    hashtable.put("java.naming.security.credentials", cArr);
                }
                hashtable.put("java.naming.referral", referralMode == null ? DirContextFactory.ReferralMode.IGNORE.getValue() : referralMode.getValue());
                if (socketFactory != null) {
                    hashtable.put(SimpleDirContextFactoryBuilder.SOCKET_FACTORY, ThreadLocalSSLSocketFactory.class.getName());
                }
                hashtable.put(SimpleDirContextFactoryBuilder.CONNECT_TIMEOUT, Integer.toString(SimpleDirContextFactoryBuilder.this.connectTimeout));
                hashtable.put(SimpleDirContextFactoryBuilder.READ_TIMEOUT, Integer.toString(SimpleDirContextFactoryBuilder.this.readTimeout));
                if (SimpleDirContextFactoryBuilder.this.connectionProperties != null) {
                    for (Object obj : SimpleDirContextFactoryBuilder.this.connectionProperties.keySet()) {
                        Object obj2 = SimpleDirContextFactoryBuilder.this.connectionProperties.get(obj.toString());
                        if (obj2 != null) {
                            hashtable.put(obj.toString(), obj2);
                        }
                    }
                }
                if (ElytronMessages.log.isDebugEnabled()) {
                    ElytronMessages.log.debugf("Creating [" + InitialDirContext.class + "] with environment:", new Object[0]);
                    hashtable.forEach((str2, obj3) -> {
                        ElytronMessages.log.debugf("    Property [%s] with value [%s]", str2, str2 != "java.naming.security.credentials" ? Arrays2.objectToString(obj3) : "******");
                    });
                }
                try {
                    if (socketFactory != null) {
                        try {
                            ThreadLocalSSLSocketFactory.set(socketFactory);
                        } catch (NamingException e) {
                            ElytronMessages.log.debugf(e, "Could not create [%s]. Failed to connect to LDAP server.", InitialLdapContext.class);
                            throw e;
                        }
                    }
                    InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                    if (socketFactory != null) {
                        ThreadLocalSSLSocketFactory.unset();
                    }
                    ElytronMessages.log.debugf("[%s] successfully created. Connection established to LDAP server.", initialLdapContext);
                    DelegatingLdapContext delegatingLdapContext = new DelegatingLdapContext(initialLdapContext, this::returnContext, socketFactory);
                    setClassLoaderTo(classLoaderTo);
                    return delegatingLdapContext;
                } catch (Throwable th) {
                    if (socketFactory != null) {
                        ThreadLocalSSLSocketFactory.unset();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                setClassLoaderTo(classLoaderTo);
                throw th2;
            }
        }

        @Override // org.wildfly.security.auth.realm.ldap.DirContextFactory
        public void returnContext(DirContext dirContext) {
            if (dirContext != null && (dirContext instanceof InitialDirContext)) {
                ClassLoader classLoaderTo = setClassLoaderTo(SimpleDirContextFactoryBuilder.this.targetClassLoader);
                try {
                    dirContext.close();
                    ElytronMessages.log.debugf("Context [%s] was closed. Connection closed or just returned to the pool.", dirContext);
                    setClassLoaderTo(classLoaderTo);
                } catch (NamingException e) {
                    setClassLoaderTo(classLoaderTo);
                } catch (Throwable th) {
                    setClassLoaderTo(classLoaderTo);
                    throw th;
                }
            }
        }

        private ClassLoader setClassLoaderTo(ClassLoader classLoader) {
            return (ClassLoader) SimpleDirContextFactoryBuilder.doPrivileged(new SetContextClassLoaderAction(classLoader));
        }
    }

    private SimpleDirContextFactoryBuilder() {
    }

    public static SimpleDirContextFactoryBuilder builder() {
        return new SimpleDirContextFactoryBuilder();
    }

    public SimpleDirContextFactoryBuilder setInitialContextFactory(String str) {
        assertNotBuilt();
        this.initialContextFactory = str;
        return this;
    }

    public SimpleDirContextFactoryBuilder setProviderUrl(String str) {
        assertNotBuilt();
        this.providerUrl = str;
        return this;
    }

    public SimpleDirContextFactoryBuilder setSecurityAuthentication(String str) {
        assertNotBuilt();
        this.securityAuthentication = str;
        return this;
    }

    public SimpleDirContextFactoryBuilder setSecurityPrincipal(String str) {
        assertNotBuilt();
        this.securityPrincipal = str;
        return this;
    }

    public SimpleDirContextFactoryBuilder setSecurityCredential(String str) {
        assertNotBuilt();
        this.securityCredential = str;
        return this;
    }

    public SimpleDirContextFactoryBuilder setCredentialSource(CredentialSource credentialSource) {
        assertNotBuilt();
        this.credentialSource = credentialSource;
        return this;
    }

    public SimpleDirContextFactoryBuilder setAuthenticationContext(AuthenticationContext authenticationContext) {
        assertNotBuilt();
        this.authenticationContext = authenticationContext;
        return this;
    }

    public SimpleDirContextFactoryBuilder setSocketFactory(SocketFactory socketFactory) {
        assertNotBuilt();
        this.socketFactory = socketFactory;
        return this;
    }

    public SimpleDirContextFactoryBuilder setConnectTimeout(int i) {
        assertNotBuilt();
        this.connectTimeout = i;
        return this;
    }

    public SimpleDirContextFactoryBuilder setReadTimeout(int i) {
        assertNotBuilt();
        this.readTimeout = i;
        return this;
    }

    public SimpleDirContextFactoryBuilder setConnectionProperties(Properties properties) {
        assertNotBuilt();
        this.connectionProperties = properties;
        return this;
    }

    public SimpleDirContextFactoryBuilder setModule(Module module) {
        assertNotBuilt();
        this.targetModule = module;
        return this;
    }

    public DirContextFactory build() {
        assertNotBuilt();
        if (this.providerUrl == null) {
            throw ElytronMessages.log.noProviderUrlSet();
        }
        if (this.targetModule != null) {
            this.targetClassLoader = (ClassLoader) doPrivileged(new GetModuleClassLoaderAction(this.targetModule));
        } else {
            this.targetClassLoader = (ClassLoader) doPrivileged(new GetClassLoaderAction(getClass()));
        }
        this.built = true;
        return new SimpleDirContextFactory();
    }

    private void assertNotBuilt() {
        if (this.built) {
            throw ElytronMessages.log.builderAlreadyBuilt();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> T doPrivileged(PrivilegedAction<T> privilegedAction) {
        return System.getSecurityManager() != null ? (T) AccessController.doPrivileged(privilegedAction) : privilegedAction.run();
    }
}
