package com.opensymphony.user.provider.ldap;

import com.opensymphony.user.Entity;
import com.opensymphony.user.UserManager;
import com.opensymphony.user.provider.CredentialsProvider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/opensymphony/user/provider/ldap/LDAPCredentialsProvider.class */
public class LDAPCredentialsProvider implements CredentialsProvider {
    private static final Log log;
    private static Map cache;
    Hashtable env;
    String providerName;
    String searchBase;
    String uidSearchName;
    long timeout;
    static Class class$com$opensymphony$user$provider$ldap$LDAPCredentialsProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/opensymphony/user/provider/ldap/LDAPCredentialsProvider$TimeAndPassword.class */
    public class TimeAndPassword {
        public String password;
        public long time;
        private final LDAPCredentialsProvider this$0;

        public TimeAndPassword(LDAPCredentialsProvider lDAPCredentialsProvider, long j, String str) {
            this.this$0 = lDAPCredentialsProvider;
            this.time = j;
            this.password = str;
        }
    }

    @Override // com.opensymphony.user.provider.CredentialsProvider
    public boolean authenticate(String str, String str2) {
        SearchControls searchControls;
        if (str2 == null || "".equals(str2)) {
            return false;
        }
        TimeAndPassword timeAndPassword = (TimeAndPassword) cache.get(str);
        if (timeAndPassword != null && timeAndPassword.password.equals(str2) && timeAndPassword.time > System.currentTimeMillis()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(new StringBuffer().append("Successful authentication for ").append(str).append(" from cached ").append(providerName()).append(" lookup").toString());
            return true;
        }
        try {
            InitialDirContext initialDirContext = new InitialDirContext(this.env);
            StringBuffer append = new StringBuffer(this.uidSearchName).append("=").append(str);
            String[] strArr = {this.uidSearchName};
            SearchControls searchControls2 = new SearchControls();
            searchControls2.setReturningAttributes(strArr);
            searchControls2.setSearchScope(2);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Doing initial search: username='").append(this.env.get("java.naming.security.principal")).append("', password='").append(this.env.get("java.naming.security.credentials")).append("', base='").append(this.searchBase).append("', filter='").append((Object) append).append("'").toString());
            }
            try {
                NamingEnumeration search = initialDirContext.search(this.searchBase, append.toString(), searchControls2);
                try {
                    if (log.isDebugEnabled()) {
                        if (search == null || !search.hasMore()) {
                            log.debug("No users found");
                        } else {
                            log.debug("Found user(s)");
                        }
                    }
                    DirContext initialDirContext2 = new InitialDirContext(initialDirContext.getEnvironment());
                    while (search != null && search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append(searchResult.getName());
                        stringBuffer.append(",");
                        stringBuffer.append(this.searchBase);
                        try {
                            initialDirContext2.removeFromEnvironment("java.naming.security.principal");
                            initialDirContext2.removeFromEnvironment("java.naming.security.credentials");
                            initialDirContext2.addToEnvironment("java.naming.security.principal", stringBuffer.toString());
                            initialDirContext2.addToEnvironment("java.naming.security.credentials", str2);
                            searchControls = new SearchControls();
                            searchControls.setReturningAttributes(new String[0]);
                            searchControls.setSearchScope(0);
                            if (log.isDebugEnabled()) {
                                log.debug(new StringBuffer().append("Searching below '").append((Object) stringBuffer).append("' for '").append((Object) append).append("'").toString());
                            }
                        } catch (NamingException e) {
                            log.error(new StringBuffer().append("Connected and searched ").append(providerName()).append(", but encountered unexpected error when switching authentication details.").toString(), e);
                        }
                        try {
                            try {
                                initialDirContext2.search(stringBuffer.toString(), append.toString(), searchControls);
                            } catch (CommunicationException e2) {
                                log.info("Second phase connection failed. Trying to reconnect...");
                                initialDirContext2 = new InitialDirContext(initialDirContext2.getEnvironment());
                                initialDirContext2.search(stringBuffer.toString(), append.toString(), searchControls);
                            }
                            if (log.isDebugEnabled()) {
                                log.debug(new StringBuffer().append("User '").append(str).append("' successfully authenticated; caching for ").append(this.timeout).append(" ms").toString());
                            }
                            cache.put(str, new TimeAndPassword(this, System.currentTimeMillis() + this.timeout, str2));
                            return true;
                        } catch (AuthenticationException e3) {
                            if (!log.isDebugEnabled()) {
                                return false;
                            }
                            log.debug(new StringBuffer().append("User with dn '").append((Object) stringBuffer).append("' found, but authentication failed.").toString());
                            return false;
                        } catch (NamingException e4) {
                            log.error(new StringBuffer().append("Initial connect and search successful, but second phase connection to ").append(providerName()).append(" as '").append((Object) stringBuffer).append("' failed.").toString(), e4);
                        }
                    }
                } catch (NamingException e5) {
                    log.error(new StringBuffer().append("Connected but encountered error checking if ").append(providerName()).append(" had more results.").toString(), e5);
                } catch (PartialResultException e6) {
                    log.error(new StringBuffer().append("Connected but encountered error checking if ").append(providerName()).append(" had more results.  For Unprocessed Continuation References, try adding <property name=\"java.naming.referral\">follow</property> to the LDAPCredentialsProvider config.").toString(), e6);
                }
                return tryNextCredentialsProviders(str, str2);
            } catch (NamingException e7) {
                log.error(new StringBuffer().append("Connected to ").append(providerName()).append(", but could not perform ").append(this.env.containsKey("java.naming.security.principal") ? "authenticated" : "anonymous").append(" search from base '").append(this.searchBase).append("'").toString());
                return tryNextCredentialsProviders(str, str2);
            }
        } catch (NamingException e8) {
            log.error(new StringBuffer().append("Could not connect to ").append(providerName()).append(". Please check your ").append("host ('").append(this.env.get("java.naming.provider.url")).append("'), ").append("bind DN ('").append(this.env.get("java.naming.security.principal")).append("') and bind password.").toString(), e8);
            return tryNextCredentialsProviders(str, str2);
        }
    }

    @Override // com.opensymphony.user.provider.CredentialsProvider
    public boolean changePassword(String str, String str2) {
        for (CredentialsProvider credentialsProvider : UserManager.getInstance().getCredentialsProviders()) {
            if (!(credentialsProvider instanceof LDAPCredentialsProvider) && credentialsProvider.handles(str)) {
                return credentialsProvider.changePassword(str, str2);
            }
        }
        return false;
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean create(String str) {
        return false;
    }

    public boolean equals(Object obj) {
        if (obj == null || !obj.getClass().equals(getClass())) {
            return false;
        }
        return this.env.equals(((LDAPCredentialsProvider) obj).env);
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public void flushCaches() {
        cache = Collections.synchronizedMap(new HashMap());
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean handles(String str) {
        TimeAndPassword timeAndPassword = (TimeAndPassword) cache.get(str);
        if (timeAndPassword != null && timeAndPassword.time > System.currentTimeMillis()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(new StringBuffer().append("Cached lookup: Credentials for '").append(str).append("' could be handled by ").append(providerName()).toString());
            return true;
        }
        boolean z = false;
        Iterator it = UserManager.getInstance().getCredentialsProviders().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (!(credentialsProvider instanceof LDAPCredentialsProvider) && credentialsProvider.handles(str)) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("'").append(str).append("' could be handled by ").append(providerName()).toString());
                }
                z = true;
            }
        }
        if (log.isDebugEnabled() && !z) {
            log.debug(new StringBuffer().append("Credentials for '").append(str).append("' NOT handled by LDAP, because '").append(str).append("' not handled by any other credentials provider. Check you have at least one other").append(" credentials provider, and that they contain this user.").toString());
        }
        return z;
    }

    public int hashCode() {
        return this.env.hashCode();
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean init(Properties properties) {
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Credentials Provider ").append(providerName()).append(" $Revision: 1.8 $ initializing").toString());
        }
        this.env = new Hashtable(properties);
        this.env.put("java.naming.security.authentication", "simple");
        this.searchBase = properties.getProperty("searchBase");
        this.uidSearchName = properties.getProperty("uidSearchName");
        this.providerName = properties.getProperty("providerName");
        try {
            this.timeout = Long.parseLong(properties.getProperty("cacheTimeout"));
            return true;
        } catch (NumberFormatException e) {
            this.timeout = 1800000L;
            return true;
        }
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public List list() {
        return Collections.EMPTY_LIST;
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean load(String str, Entity.Accessor accessor) {
        for (CredentialsProvider credentialsProvider : UserManager.getInstance().getCredentialsProviders()) {
            if (!(credentialsProvider instanceof LDAPCredentialsProvider) && credentialsProvider.handles(str)) {
                return credentialsProvider.load(str, accessor);
            }
        }
        return true;
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean remove(String str) {
        for (CredentialsProvider credentialsProvider : UserManager.getInstance().getCredentialsProviders()) {
            if (!(credentialsProvider instanceof LDAPCredentialsProvider) && credentialsProvider.handles(str)) {
                return credentialsProvider.remove(str);
            }
        }
        return false;
    }

    @Override // com.opensymphony.user.provider.UserProvider
    public boolean store(String str, Entity.Accessor accessor) {
        for (CredentialsProvider credentialsProvider : UserManager.getInstance().getCredentialsProviders()) {
            if (!(credentialsProvider instanceof LDAPCredentialsProvider) && credentialsProvider.handles(str)) {
                return credentialsProvider.store(str, accessor);
            }
        }
        return true;
    }

    private final String providerName() {
        return this.providerName == null ? "LDAP" : new StringBuffer().append("LDAP provider '").append(this.providerName).append("'").toString();
    }

    private boolean tryNextCredentialsProviders(String str, String str2) {
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Couldn't authenticate against ").append(providerName()).append(", trying other CredentialsProviders").toString());
        }
        boolean z = false;
        for (CredentialsProvider credentialsProvider : UserManager.getInstance().getCredentialsProviders()) {
            if (z) {
                String providerName = log.isDebugEnabled() ? credentialsProvider instanceof LDAPCredentialsProvider ? ((LDAPCredentialsProvider) credentialsProvider).providerName() : credentialsProvider.getClass().getName() : null;
                if (credentialsProvider.handles(str)) {
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("Next provider ").append(providerName).append("' could handle user; checking authentication...").toString());
                    }
                    if (credentialsProvider.authenticate(str, str2)) {
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("User authenticated by '").append(providerName).append("'").toString());
                        }
                        cache.put(str, new TimeAndPassword(this, System.currentTimeMillis() + this.timeout, str2));
                        return true;
                    }
                    if (!log.isDebugEnabled()) {
                        return false;
                    }
                    log.debug(new StringBuffer().append("Next provider '").append(providerName).append("' failed to authenticate user.").toString());
                    return false;
                }
            } else if (equals(credentialsProvider)) {
                z = true;
            }
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("No non-LDAP authenticators could authenticate this user");
        return false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$opensymphony$user$provider$ldap$LDAPCredentialsProvider == null) {
            cls = class$("com.opensymphony.user.provider.ldap.LDAPCredentialsProvider");
            class$com$opensymphony$user$provider$ldap$LDAPCredentialsProvider = cls;
        } else {
            cls = class$com$opensymphony$user$provider$ldap$LDAPCredentialsProvider;
        }
        log = LogFactory.getLog(cls);
        cache = Collections.synchronizedMap(new HashMap());
    }
}
