package com.cenqua.fisheye.user.ldap;

import com.cenqua.fisheye.config1.LdapConfigType;
import com.cenqua.fisheye.config1.LdapRepositoryConfigType;
import com.cenqua.fisheye.logging.Logs;
import com.cenqua.fisheye.rep.RepositoryHandle;
import com.cenqua.fisheye.user.BaseAuth;
import com.cenqua.fisheye.util.VariableSubstituter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/fisheye/user/ldap/LDAPAuth.class */
public class LDAPAuth extends BaseAuth {
    private static String ATTR_MATCH_TYPE_ANY = "any";
    private static String ATTR_MATCH_TYPE_USER = "user";
    private final Hashtable initialEnv;
    private final String baseDN;
    private final String userFilter;
    private final String emailAttr;
    private final String displayNameAttr;
    private final String[] returnedAttrIDs;
    private final boolean initialBind;
    private final String uidAttr;
    private boolean resync;
    private long resyncPeriod;
    private final boolean autoAdd;

    /* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/fisheye/user/ldap/LDAPAuth$LdapAuthTok.class */
    public static class LdapAuthTok extends BaseAuth.AuthTok {
        final String username;
        final String email;
        final String displayName;
        final String dn;

        public LdapAuthTok(String str, String str2, String str3, String str4) {
            this.username = str;
            this.email = str2;
            this.displayName = str3;
            this.dn = str4;
        }

        public String getDn() {
            return this.dn;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getEmail() {
            return this.email;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getUsername() {
            return this.username;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public String getDisplayName() {
            return this.displayName;
        }

        @Override // com.cenqua.fisheye.user.BaseAuth.AuthTok
        public int getAuthType() {
            return 2;
        }
    }

    public LDAPAuth(LdapConfigType ldapConfigType) {
        this(ldapConfigType, Logs.APP_LOG, Logs.PERF_LOG);
    }

    public LDAPAuth(LdapConfigType ldapConfigType, Logger logger, Logger logger2) {
        super(logger, logger2);
        this.initialEnv = new Hashtable();
        this.autoAdd = ldapConfigType.getAutoAdd();
        this.initialEnv.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.initialEnv.put("java.naming.provider.url", ldapConfigType.getUrl());
        this.initialEnv.put("java.naming.security.authentication", "none");
        this.initialEnv.put("java.naming.referral", "follow");
        this.baseDN = ldapConfigType.getBaseDn();
        this.userFilter = ldapConfigType.getFilter();
        this.uidAttr = ldapConfigType.getUidAttr();
        this.resync = ldapConfigType.getResync();
        this.resyncPeriod = convertStringToLong(ldapConfigType.getResyncPeriod());
        this.emailAttr = ldapConfigType.getEmailAttr();
        this.displayNameAttr = ldapConfigType.getDisplaynameAttr();
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.uidAttr);
        if (this.emailAttr != null) {
            arrayList.add(this.emailAttr);
        }
        if (this.displayNameAttr != null) {
            arrayList.add(this.displayNameAttr);
        }
        this.returnedAttrIDs = (String[]) arrayList.toArray(new String[0]);
        this.initialBind = ldapConfigType.isSetInitialDn();
        if (this.initialBind) {
            this.initialEnv.put("java.naming.security.principal", ldapConfigType.getInitialDn());
            this.initialEnv.put("java.naming.security.credentials", ldapConfigType.getInitialSecret());
            this.initialEnv.put("java.naming.security.authentication", "simple");
        }
        setPermCacheTTL(ldapConfigType.getPositiveCacheTtl());
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public boolean isResync() {
        return this.resync;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public long getResyncPeriod() {
        return this.resyncPeriod;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public void close() {
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public boolean getAutoAdd() {
        return this.autoAdd;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public int getAuthType() {
        return 2;
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok checkPassword(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (str == null || "".equals(str)) {
            this.appLog.debug("LDAP: can't check an empty username");
            return null;
        }
        if (str2 == null || "".equals(str2)) {
            this.appLog.debug("LDAP: can't check an empty password");
            return null;
        }
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = makeContext();
            if (initialDirContext == null) {
                close(initialDirContext);
                return null;
            }
            long currentTimeMillis = System.currentTimeMillis();
            HashMap hashMap = new HashMap();
            hashMap.put("USERNAME", str);
            SearchResult doSearch = doSearch(initialDirContext, VariableSubstituter.substituteRefs(this.userFilter, hashMap));
            LdapAuthTok ldapAuthTok = null;
            if (doSearch != null) {
                String str3 = doSearch.getName() + "," + this.baseDN;
                if (checkPassword(str3, str2)) {
                    ldapAuthTok = new LdapAuthTok(str, extractEmailAddress(doSearch), extractDisplayName(doSearch), str3);
                }
            }
            long currentTimeMillis2 = System.currentTimeMillis();
            if (this.perfLog.isInfoEnabled()) {
                this.perfLog.info("LDAP password check for " + str + " in " + (currentTimeMillis2 - currentTimeMillis) + "ms");
            }
            LdapAuthTok ldapAuthTok2 = ldapAuthTok;
            close(initialDirContext);
            return ldapAuthTok2;
        } catch (Throwable th) {
            close(initialDirContext);
            throw th;
        }
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok recreateAuth(String str) {
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = makeContext();
            if (initialDirContext == null) {
                close(initialDirContext);
                return null;
            }
            HashMap hashMap = new HashMap();
            hashMap.put("USERNAME", str);
            SearchResult doSearch = doSearch(initialDirContext, VariableSubstituter.substituteRefs(this.userFilter, hashMap));
            if (doSearch == null) {
                close(initialDirContext);
                return null;
            }
            LdapAuthTok ldapAuthTok = new LdapAuthTok(str, extractEmailAddress(doSearch), extractDisplayName(doSearch), doSearch.getName() + "," + this.baseDN);
            close(initialDirContext);
            return ldapAuthTok;
        } catch (Throwable th) {
            close(initialDirContext);
            throw th;
        }
    }

    private String extractEmailAddress(SearchResult searchResult) {
        Attribute attribute;
        Object obj;
        try {
            if (this.emailAttr != null && (attribute = searchResult.getAttributes().get(this.emailAttr)) != null && (obj = attribute.get()) != null) {
                return obj.toString();
            }
            return null;
        } catch (NamingException e) {
            this.appLog.warn("problem extracting email", e);
            return null;
        }
    }

    private String extractDisplayName(SearchResult searchResult) {
        Attribute attribute;
        Object obj;
        try {
            if (this.displayNameAttr != null && (attribute = searchResult.getAttributes().get(this.displayNameAttr)) != null && (obj = attribute.get()) != null) {
                return obj.toString();
            }
            return null;
        } catch (NamingException e) {
            this.appLog.warn("problem extracting display name", e);
            return null;
        }
    }

    private void close(InitialDirContext initialDirContext) {
        if (initialDirContext != null) {
            try {
                initialDirContext.close();
            } catch (NamingException e) {
                this.appLog.warn("problem closing LDAP connection", e);
            }
        }
    }

    private InitialDirContext makeContext() {
        try {
            return new InitialDirContext(this.initialEnv);
        } catch (NamingException e) {
            this.appLog.warn("problem getting initial LDAP context", e);
            return null;
        }
    }

    private SearchResult doSearch(InitialDirContext initialDirContext, String str) {
        NamingEnumeration doSearchMany = doSearchMany(initialDirContext, str);
        if (doSearchMany != null) {
            try {
                if (doSearchMany.hasMore()) {
                    return (SearchResult) doSearchMany.next();
                }
            } catch (NamingException e) {
                this.appLog.warn("LDAP: problem retrieving results", e);
                return null;
            }
        }
        if (!this.appLog.isDebugEnabled()) {
            return null;
        }
        this.appLog.debug("LDAP: could not find user using " + str + " on " + this.baseDN);
        return null;
    }

    private NamingEnumeration doSearchMany(InitialDirContext initialDirContext, String str) {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(this.returnedAttrIDs);
        searchControls.setSearchScope(2);
        try {
            if (this.appLog.isDebugEnabled()) {
                this.appLog.debug("performing search: " + str + " on " + this.baseDN + " (" + (this.initialBind ? "authenticated" : "anonymous") + ")");
            }
            return initialDirContext.search(this.baseDN, str, searchControls);
        } catch (NamingException e) {
            this.appLog.warn("LDAP: could not list users using " + str + " on " + this.baseDN + " (" + (this.initialBind ? "authenticated" : "anonymous") + ")", e);
            return null;
        }
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public List<String> getAllUserNames() {
        ArrayList arrayList = new ArrayList();
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = makeContext();
            if (initialDirContext == null) {
                close(initialDirContext);
                return null;
            }
            HashMap hashMap = new HashMap();
            hashMap.put("USERNAME", "*");
            String substituteRefs = VariableSubstituter.substituteRefs(this.userFilter, hashMap);
            NamingEnumeration doSearchMany = doSearchMany(initialDirContext, substituteRefs);
            while (doSearchMany.hasMore()) {
                try {
                    Attribute attribute = ((SearchResult) doSearchMany.next()).getAttributes().get(this.uidAttr);
                    if (attribute != null && attribute.get() != null) {
                        arrayList.add(attribute.get().toString());
                    }
                } catch (NamingException e) {
                    this.appLog.warn("LDAP: could not list users using " + substituteRefs + " on " + this.baseDN + " (" + (this.initialBind ? "authenticated" : "anonymous") + ")", e);
                    close(initialDirContext);
                    return null;
                }
            }
            close(initialDirContext);
            return arrayList;
        } catch (Throwable th) {
            close(initialDirContext);
            throw th;
        }
    }

    private boolean checkPassword(String str, String str2) {
        InitialDirContext initialDirContext = null;
        try {
            try {
                try {
                    Hashtable hashtable = new Hashtable(this.initialEnv);
                    hashtable.put("java.naming.security.principal", str);
                    hashtable.put("java.naming.security.credentials", str2);
                    hashtable.put("java.naming.security.authentication", "simple");
                    initialDirContext = new InitialDirContext(hashtable);
                    close(initialDirContext);
                    return true;
                } catch (NamingException e) {
                    this.appLog.error("LDAP: Initial connect and search successful, but authenticating user as '" + str + "' failed.", e);
                    close(initialDirContext);
                    return false;
                }
            } catch (AuthenticationException e2) {
                this.appLog.debug("LDAP: User with dn '" + str + "' found, but authentication failed.");
                close(initialDirContext);
                return false;
            }
        } catch (Throwable th) {
            close(initialDirContext);
            throw th;
        }
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public boolean hasPermissionToAccess(BaseAuth.AuthTok authTok, boolean z, RepositoryHandle repositoryHandle) {
        LdapRepositoryConfigType ldapConstraint = repositoryHandle.getCfg().getLdapConstraint();
        if (ldapConstraint == null) {
            return z;
        }
        if (!(authTok instanceof LdapAuthTok)) {
            return false;
        }
        LdapAuthTok ldapAuthTok = (LdapAuthTok) authTok;
        String name = repositoryHandle.getName();
        Boolean checkCache = checkCache(ldapAuthTok, name);
        if (checkCache != null) {
            if (this.appLog.isDebugEnabled()) {
                this.appLog.debug("LDAP: got perm check from the cache, " + ldapAuthTok.username + " against rep " + name);
            }
            return checkCache.booleanValue();
        }
        String filter = ldapConstraint.getFilter();
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = makeContext();
            if (initialDirContext == null) {
                close(initialDirContext);
                return false;
            }
            long currentTimeMillis = System.currentTimeMillis();
            HashMap hashMap = new HashMap();
            hashMap.put("USERNAME", ldapAuthTok.username);
            hashMap.put("DN", ldapAuthTok.dn);
            hashMap.put("REP", name);
            SearchResult doSearch = doSearch(initialDirContext, VariableSubstituter.substituteRefs(filter, hashMap));
            boolean z2 = false;
            if (doSearch != null) {
                if (ATTR_MATCH_TYPE_ANY.equalsIgnoreCase(ldapConstraint.getMatchType() == null ? ATTR_MATCH_TYPE_USER : ldapConstraint.getMatchType())) {
                    z2 = true;
                } else {
                    String str = doSearch.getName() + "," + this.baseDN;
                    if (str.equals(ldapAuthTok.dn)) {
                        z2 = true;
                    } else {
                        this.appLog.warn("LDAP: for some reason, permission check returned different dn: " + ldapAuthTok.dn + " vs " + str);
                    }
                }
            }
            long currentTimeMillis2 = System.currentTimeMillis();
            if (this.perfLog.isInfoEnabled()) {
                this.perfLog.info("LDAP permission check for " + ldapAuthTok.username + " on " + name + " in " + (currentTimeMillis2 - currentTimeMillis) + "ms");
            }
            setCache(ldapAuthTok, name, z2);
            boolean z3 = z2;
            close(initialDirContext);
            return z3;
        } catch (Throwable th) {
            close(initialDirContext);
            throw th;
        }
    }

    @Override // com.cenqua.fisheye.user.BaseAuth
    public BaseAuth.AuthTok checkRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }
}
