package com.liferay.vldap.server.internal.handler;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.NoSuchCompanyException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.service.CompanyLocalServiceUtil;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.vldap.server.internal.handler.util.LdapHandlerContext;
import com.liferay.vldap.server.internal.handler.util.LdapHandlerThreadLocal;
import com.liferay.vldap.server.internal.handler.util.SaslCallbackHandler;
import com.liferay.vldap.server.internal.util.PortletPropsValues;
import java.net.InetSocketAddress;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.message.BindRequest;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.Request;
import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.api.util.StringConstants;
import org.apache.mina.core.session.IoSession;

/* loaded from: input_file:com/liferay/vldap/server/internal/handler/BindLdapHandler.class */
public class BindLdapHandler extends BaseLdapHandler {
    public static final String DIGEST_MD5 = "DIGEST-MD5";
    private static final String _LDAP = "ldap";
    private static final Log _log = LogFactoryUtil.getLog(BindLdapHandler.class);

    @Override // com.liferay.vldap.server.internal.handler.LdapHandler
    public List<Response> messageReceived(Request request, IoSession ioSession, LdapHandlerContext ldapHandlerContext) throws PortalException {
        BindRequest bindRequest = (BindRequest) request;
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new Object[]{"Bind request from ", ioSession.getRemoteAddress(), " for ", bindRequest.getName()}));
        }
        return toList(GetterUtil.getString(bindRequest.getSaslMechanism()).equals("DIGEST-MD5") ? getSaslResponse(bindRequest, ioSession, ldapHandlerContext) : bindRequest.isSimple() ? getSimpleResponse(bindRequest, ldapHandlerContext) : getUnsupportedResponse(bindRequest));
    }

    protected String getSaslHostName(IoSession ioSession) {
        String str = PortletPropsValues.BIND_SASL_HOSTNAME;
        if (Validator.isNull(str)) {
            str = ((InetSocketAddress) ioSession.getLocalAddress()).getHostName();
        }
        if (_log.isDebugEnabled()) {
            _log.debug("SASL host name " + str);
        }
        return str;
    }

    protected Response getSaslResponse(BindRequest bindRequest, IoSession ioSession, LdapHandlerContext ldapHandlerContext) throws PortalException {
        if (bindRequest.getCredentials() == null) {
            bindRequest.setCredentials(StringConstants.EMPTY_BYTES);
        }
        SaslServer saslServer = ldapHandlerContext.getSaslServer();
        if (saslServer == null) {
            try {
                synchronized (ldapHandlerContext) {
                    saslServer = ldapHandlerContext.getSaslServer();
                    if (saslServer == null) {
                        SaslCallbackHandler saslCallbackHandler = new SaslCallbackHandler();
                        ldapHandlerContext.setSaslCallbackHandler(saslCallbackHandler);
                        saslServer = Sasl.createSaslServer("DIGEST-MD5", _LDAP, getSaslHostName(ioSession), (Map) null, saslCallbackHandler);
                        ldapHandlerContext.setSaslServer(saslServer);
                    }
                }
            } catch (SaslException e) {
                _log.error(e, e);
                ldapHandlerContext.setSaslCallbackHandler(null);
                ldapHandlerContext.setSaslServer(null);
                return getResultResponse(bindRequest, ResultCodeEnum.INVALID_CREDENTIALS);
            }
        }
        ((BindResponse) bindRequest.getResultResponse()).setServerSaslCreds(saslServer.evaluateResponse(bindRequest.getCredentials()));
        if (!saslServer.isComplete()) {
            return getResultResponse(bindRequest, ResultCodeEnum.SASL_BIND_IN_PROGRESS);
        }
        SaslCallbackHandler saslCallbackHandler2 = ldapHandlerContext.getSaslCallbackHandler();
        ldapHandlerContext.setSaslCallbackHandler(null);
        ldapHandlerContext.setSaslServer(null);
        Dn name = saslCallbackHandler2.getName();
        setCompany(ldapHandlerContext, name);
        setUser(ldapHandlerContext, name);
        return getResultResponse(bindRequest, ResultCodeEnum.SUCCESS);
    }

    protected Response getSimpleResponse(BindRequest bindRequest, LdapHandlerContext ldapHandlerContext) throws PortalException {
        Dn dn = bindRequest.getDn();
        if (Validator.isNull(dn.getName())) {
            return getResultResponse(bindRequest, ResultCodeEnum.SUCCESS);
        }
        Company company = setCompany(ldapHandlerContext, dn);
        String value = getValue(dn, SchemaConstants.CN_AT);
        if (Validator.isNull(value)) {
            value = getValue(dn, SchemaConstants.UID_AT);
        }
        String value2 = getValue(dn, SchemaConstants.MAIL_AT);
        String str = new String(bindRequest.getCredentials());
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        int i = -1;
        if (Validator.isNotNull(value)) {
            i = UserLocalServiceUtil.authenticateByScreenName(company.getCompanyId(), value, str, hashMap, hashMap2, hashMap3);
        } else if (Validator.isNotNull(value2)) {
            i = isEmailAddressWhitelisted(value2) ? 1 : UserLocalServiceUtil.authenticateByEmailAddress(company.getCompanyId(), value2, str, hashMap, hashMap2, hashMap3);
        }
        if (i != 1) {
            return getResultResponse(bindRequest, ResultCodeEnum.INVALID_CREDENTIALS);
        }
        setUser(ldapHandlerContext, dn);
        return getResultResponse(bindRequest, ResultCodeEnum.SUCCESS);
    }

    protected Response getUnsupportedResponse(BindRequest bindRequest) {
        return getResultResponse(bindRequest, ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED);
    }

    protected String getValue(Dn dn, String str) {
        Iterator<Rdn> it = dn.iterator();
        while (it.hasNext()) {
            Rdn next = it.next();
            if (StringUtil.equalsIgnoreCase(next.getNormType(), str)) {
                return GetterUtil.getString(next.getNormValue().getString());
            }
        }
        return "";
    }

    protected boolean isEmailAddressWhitelisted(String str) {
        for (String str2 : PortletPropsValues.EMAIL_ADDRESSES_WHITELIST) {
            String[] split = StringUtil.split(str2, ":");
            if (str.equals(split[0]) && (split.length == 1 || LdapHandlerThreadLocal.isHostAllowed(StringUtil.split(split[1], ";")))) {
                return true;
            }
        }
        return false;
    }

    protected Company setCompany(LdapHandlerContext ldapHandlerContext, Dn dn) throws PortalException {
        Company company;
        String value = getValue(dn, "webId");
        try {
            company = CompanyLocalServiceUtil.getCompanyByWebId(value);
        } catch (NoSuchCompanyException e) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to get company with web ID " + value, e);
            }
            company = CompanyLocalServiceUtil.getCompany(PortalUtil.getDefaultCompanyId());
        }
        ldapHandlerContext.setCompany(company);
        return company;
    }

    protected void setUser(LdapHandlerContext ldapHandlerContext, Dn dn) throws PortalException {
        User user = null;
        boolean z = false;
        String value = getValue(dn, SchemaConstants.CN_AT);
        if (Validator.isNull(value)) {
            value = getValue(dn, SchemaConstants.UID_AT);
        }
        String value2 = getValue(dn, SchemaConstants.MAIL_AT);
        if (Validator.isNotNull(value)) {
            user = UserLocalServiceUtil.fetchUserByScreenName(ldapHandlerContext.getCompanyId(), value);
        } else if (Validator.isNotNull(value2)) {
            if (isEmailAddressWhitelisted(value2)) {
                user = UserLocalServiceUtil.getDefaultUser(ldapHandlerContext.getCompanyId());
                z = true;
            } else {
                user = UserLocalServiceUtil.fetchUserByEmailAddress(ldapHandlerContext.getCompanyId(), value2);
            }
        }
        if (user != null) {
            if (!user.isDefaultUser() || z) {
                ldapHandlerContext.setUser(user);
            }
        }
    }
}
