package com.metamatrix.platform.security.membership.spi.ldap;

import com.metamatrix.api.exception.security.InvalidUserException;
import com.metamatrix.api.exception.security.LogonException;
import com.metamatrix.api.exception.security.UnsupportedCredentialException;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.platform.PlatformPlugin;
import com.metamatrix.platform.security.api.Credentials;
import com.metamatrix.platform.security.membership.service.SuccessfulAuthenticationToken;
import com.metamatrix.platform.security.membership.spi.MembershipDomain;
import com.metamatrix.platform.security.membership.spi.MembershipSourceException;
import com.metamatrix.platform.service.api.exception.ServiceStateException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NamingSecurityException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:com/metamatrix/platform/security/membership/spi/ldap/LDAPMembershipDomain.class */
public class LDAPMembershipDomain implements MembershipDomain {
    public static final String ONELEVEL_SCOPE_VALUE = "ONELEVEL_SCOPE";
    public static final String OBJECT_SCOPE_VALUE = "OBJECT_SCOPE";
    public static final String SUBTREE_SCOPE_VALUE = "SUBTREE_SCOPE";
    public static final String GROUPS_GROUP_MEMBER_ATTRIBUTE = "groups.groupMember.attribute";
    public static final String GROUPS_ROOT_CONTEXT = "groups.rootContext";
    public static final String GROUPS_SEARCH_SCOPE = "groups.searchScope";
    public static final String GROUPS_SEARCH_FILTER = "groups.searchFilter";
    public static final String GROUPS_DISPLAY_NAME_ATTRIBUTE = "groups.displayName.attribute";
    public static final String USERS_MEMBER_OF_ATTRIBUTE = "users.memberOf.attribute";
    public static final String USERS_ROOT_CONTEXT = "users.rootContext";
    public static final String USERS_SEARCH_SCOPE = "users.searchScope";
    public static final String USERS_DISPLAY_NAME_ATTRIBUTE = "users.displayName.attribute";
    public static final String USERS_SEARCH_FILTER = "users.searchFilter";
    public static final String LDAP_URL = "ldapURL";
    public static final String LDAP_ADMIN_PASSWORD = "ldapAdmin.password";
    public static final String LDAP_ADMIN_DN = "ldapAdmin.dn";
    public static final String TXN_TIMEOUT_IN_MILLIS = "txnTimeoutInMillis";
    public static final String LDAP_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public static final String LDAP_AUTH_TYPE = "simple";
    public static final String LDAP_USER_OBJECT_TYPE = "person";
    public static final String LDAP_REFERRAL_MODE = "follow";
    public static final String DEFAULT_SEARCH_FILTER = "(objectclass=*)";
    public static final String POOL_KEY = "com.sun.jndi.ldap.connect.pool";
    public static final String TIMEOUT_KEY = "com.sun.jndi.ldap.connect.timeout";
    public static final String DEFAULT_USERS_DISPLAY_NAME_ATTRIBUTE = "uid";
    public static final String DEFAULT_GROUPS_DISPLAY_NAME_ATTRIBUTE = "cn";
    public static final String USE_POOL = "usePool";
    private String domainName;
    private String ldapURL;
    private String ldapAdminUserDN;
    private String ldapAdminUserPass;
    private String ldapTxnTimeoutInMillis;
    private String ldapUsePool;
    private boolean usePool;
    private List usersRootContexts;
    private List groupsRootContexts;
    private Hashtable adminContext = new Hashtable();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/metamatrix/platform/security/membership/spi/ldap/LDAPMembershipDomain$LdapContext.class */
    public static class LdapContext {
        String context;
        String displayAttribute;
        String memberOfAttribute;
        String searchFilter = LDAPMembershipDomain.DEFAULT_SEARCH_FILTER;
        int searchScope = 2;

        LdapContext() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/metamatrix/platform/security/membership/spi/ldap/LDAPMembershipDomain$UserEntry.class */
    public static class UserEntry {
        private String dn;
        private Set groups;

        public UserEntry(String str, Set set) {
            this.dn = str;
            this.groups = set;
        }

        public String getDn() {
            return this.dn;
        }

        public Set getGroups() {
            return this.groups;
        }
    }

    public void initialize(Properties properties) throws ServiceStateException {
        this.domainName = properties.getProperty("domainName");
        LogManager.logTrace("MEMBERSHIP", "Initializing LDAP Domain: " + this.domainName);
        this.ldapTxnTimeoutInMillis = properties.getProperty(TXN_TIMEOUT_IN_MILLIS);
        this.ldapAdminUserDN = getPropertyValue(properties, LDAP_ADMIN_DN, null);
        this.ldapAdminUserPass = getPropertyValue(properties, LDAP_ADMIN_PASSWORD, null);
        this.ldapURL = getPropertyValue(properties, LDAP_URL, null);
        this.ldapUsePool = getPropertyValue(properties, USE_POOL, null);
        this.usePool = true;
        if (this.ldapUsePool != null && this.ldapUsePool.equalsIgnoreCase(Boolean.FALSE.toString())) {
            this.usePool = false;
        }
        String bool = this.usePool ? Boolean.TRUE.toString() : Boolean.FALSE.toString();
        if (this.ldapURL == null) {
            throw new ServiceStateException(PlatformPlugin.Util.getString("LDAPMembershipDomain.Required_property", LDAP_URL));
        }
        this.usersRootContexts = buildContexts(USERS_ROOT_CONTEXT, USERS_SEARCH_FILTER, USERS_DISPLAY_NAME_ATTRIBUTE, USERS_SEARCH_SCOPE, USERS_MEMBER_OF_ATTRIBUTE, DEFAULT_USERS_DISPLAY_NAME_ATTRIBUTE, properties);
        this.groupsRootContexts = buildContexts(GROUPS_ROOT_CONTEXT, GROUPS_SEARCH_FILTER, GROUPS_DISPLAY_NAME_ATTRIBUTE, GROUPS_SEARCH_SCOPE, GROUPS_GROUP_MEMBER_ATTRIBUTE, DEFAULT_GROUPS_DISPLAY_NAME_ATTRIBUTE, properties);
        if (properties.getProperty(USERS_MEMBER_OF_ATTRIBUTE, "").trim().length() == 0 && properties.getProperty(GROUPS_GROUP_MEMBER_ATTRIBUTE, "").trim().length() == 0) {
            LogManager.logWarning("MEMBERSHIP", PlatformPlugin.Util.getString("LDAPMembershipDomain.Require_memberof_property", this.domainName));
        }
        this.adminContext.put("java.naming.factory.initial", LDAP_INITIAL_CONTEXT_FACTORY);
        this.adminContext.put("java.naming.provider.url", this.ldapURL);
        this.adminContext.put("java.naming.referral", LDAP_REFERRAL_MODE);
        this.adminContext.put(POOL_KEY, bool);
        if (this.ldapAdminUserDN == null || this.ldapAdminUserPass == null) {
            LogManager.logTrace("MEMBERSHIP", this.domainName + ": admin dn was blank; performing anonymous bind.");
            this.adminContext.put("java.naming.security.authentication", "none");
        } else {
            LogManager.logTrace("MEMBERSHIP", this.domainName + ": Username was set to:" + this.ldapAdminUserDN);
            this.adminContext.put("java.naming.security.authentication", LDAP_AUTH_TYPE);
            this.adminContext.put("java.naming.security.principal", this.ldapAdminUserDN);
            this.adminContext.put("java.naming.security.credentials", this.ldapAdminUserPass);
        }
        if (this.ldapTxnTimeoutInMillis != null) {
            this.adminContext.put(TIMEOUT_KEY, this.ldapTxnTimeoutInMillis);
        }
    }

    private List buildContexts(String str, String str2, String str3, String str4, String str5, String str6, Properties properties) throws ServiceStateException {
        String property = properties.getProperty(str, null);
        if (property == null) {
            throw new ServiceStateException(PlatformPlugin.Util.getString("LDAPMembershipDomain.Required_property", str));
        }
        String property2 = properties.getProperty(str2);
        String property3 = properties.getProperty(str4);
        String property4 = properties.getProperty(str5);
        String property5 = properties.getProperty(str3);
        String[] split = property.split("\\?");
        String[] split2 = property5 != null ? property5.split("\\?") : null;
        String[] split3 = property2 != null ? property2.split("\\?") : null;
        String[] split4 = property3 != null ? property3.split("\\?") : null;
        String[] split5 = property4 != null ? property4.split("\\?") : null;
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < split.length; i++) {
            LdapContext ldapContext = new LdapContext();
            arrayList.add(ldapContext);
            ldapContext.context = split[i];
            ldapContext.displayAttribute = getContextValue(split2, i, str6);
            ldapContext.memberOfAttribute = getContextValue(split5, i, null);
            ldapContext.searchFilter = getContextValue(split3, i, ldapContext.searchFilter);
            ldapContext.searchScope = getSearchScope(getContextValue(split4, i, null));
        }
        return arrayList;
    }

    private static String getContextValue(String[] strArr, int i, String str) {
        String str2 = null;
        if (strArr != null) {
            if (strArr.length > i) {
                str2 = strArr[i];
            } else if (strArr.length == 1) {
                str2 = strArr[0];
            }
        }
        if (str2 == null || str2.trim().length() == 0) {
            str2 = str;
        }
        return str2;
    }

    private static String getPropertyValue(Properties properties, String str, String str2) {
        String property = properties.getProperty(str);
        return (property == null || property.trim().length() == 0) ? str2 : property.trim();
    }

    private int getSearchScope(String str) {
        if (str == null) {
            return 2;
        }
        if (str.equals(OBJECT_SCOPE_VALUE)) {
            return 0;
        }
        return str.equals(ONELEVEL_SCOPE_VALUE) ? 1 : 2;
    }

    public void shutdown() throws ServiceStateException {
        LogManager.logTrace("MEMBERSHIP", this.domainName + ": shutdown()");
    }

    public SuccessfulAuthenticationToken authenticateUser(String str, Credentials credentials, Serializable serializable, String str2) throws UnsupportedCredentialException, InvalidUserException, LogonException, MembershipSourceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "authenticateUser username", str, "applicationName", str2});
        if (str == null) {
            throw new UnsupportedCredentialException(PlatformPlugin.Util.getString("LDAPMembershipDomain.No_annonymous", this.domainName));
        }
        UserEntry userEntry = getUserEntry(str, false);
        if (credentials == null) {
            throw new UnsupportedCredentialException(PlatformPlugin.Util.getString("LDAPMembershipDomain.No_annonymous", this.domainName));
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", LDAP_INITIAL_CONTEXT_FACTORY);
        hashtable.put("java.naming.provider.url", this.ldapURL);
        hashtable.put("java.naming.security.authentication", LDAP_AUTH_TYPE);
        hashtable.put("java.naming.security.principal", userEntry.getDn());
        hashtable.put("java.naming.security.credentials", String.valueOf(credentials.getCredentialsAsCharArray()));
        DirContext dirContext = null;
        try {
            try {
                try {
                    dirContext = new InitialDirContext(hashtable);
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (NamingException e) {
                            LogManager.logTrace("MEMBERSHIP", e, this.domainName + ": error closing context");
                        }
                    }
                    return new SuccessfulAuthenticationToken(serializable, str);
                } catch (NamingException e2) {
                    throw new MembershipSourceException(e2, e2.getMessage());
                }
            } catch (NamingSecurityException e3) {
                throw new LogonException(e3, e3.getMessage());
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e4) {
                    LogManager.logTrace("MEMBERSHIP", e4, this.domainName + ": error closing context");
                }
            }
            throw th;
        }
    }

    public Set getGroupNames() throws MembershipSourceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, " getGroupNames() called"});
        DirContext dirContext = null;
        try {
            dirContext = getAdminContext();
            HashSet hashSet = new HashSet(getGroupNames(dirContext, null, false).values());
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e) {
                    LogManager.logTrace("MEMBERSHIP", e, this.domainName + ": error closing context");
                }
            }
            return hashSet;
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e2) {
                    LogManager.logTrace("MEMBERSHIP", e2, this.domainName + ": error closing context");
                }
            }
            throw th;
        }
    }

    private DirContext getAdminContext() throws MembershipSourceException {
        try {
            return new InitialDirContext((Hashtable) this.adminContext.clone());
        } catch (AuthenticationException e) {
            throw new MembershipSourceException(e, PlatformPlugin.Util.getString("LDAPMembershipDomain.Admin_credentials", this.domainName));
        } catch (NamingException e2) {
            throw new MembershipSourceException(e2);
        }
    }

    public Set getGroupNamesForUser(String str) throws InvalidUserException, MembershipSourceException {
        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "getGroupNamesForUser", str});
        return getUserEntry(str, true).getGroups();
    }

    public static final String escapeLDAPSearchFilter(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    private UserEntry getUserEntry(String str, boolean z) throws MembershipSourceException, InvalidUserException {
        String escapeLDAPSearchFilter = escapeLDAPSearchFilter(str);
        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "getUserEntry", escapeLDAPSearchFilter, "getGroups", String.valueOf(z)});
        DirContext dirContext = null;
        try {
            try {
                dirContext = getAdminContext();
                for (int i = 0; i < this.usersRootContexts.size(); i++) {
                    LdapContext ldapContext = (LdapContext) this.usersRootContexts.get(i);
                    String str2 = ldapContext.context;
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(ldapContext.searchScope);
                    if (ldapContext.memberOfAttribute != null) {
                        searchControls.setReturningAttributes(new String[]{ldapContext.memberOfAttribute});
                    }
                    String str3 = "(" + ldapContext.displayAttribute + "=" + escapeLDAPSearchFilter + ")";
                    if (ldapContext.searchFilter.length() > 0) {
                        str3 = "(&" + str3 + ldapContext.searchFilter + ")";
                    }
                    LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "searching context", str2, "with filter", str3, "and search scope", String.valueOf(ldapContext.searchScope)});
                    NamingEnumeration search = dirContext.search(str2, str3, searchControls);
                    if (search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "found user", escapeLDAPSearchFilter, "in context", str2});
                        if (search.hasMore()) {
                            LogManager.logWarning("MEMBERSHIP", this.domainName + ": Only expected one user when performing lookup. Check to ensure the display name is unique.");
                        }
                        String str4 = searchResult.getName() + ',' + str2;
                        HashSet hashSet = new HashSet();
                        if (z) {
                            Map groupNames = getGroupNames(dirContext, str4, ldapContext.memberOfAttribute == null);
                            if (ldapContext.memberOfAttribute != null) {
                                Attribute attribute = searchResult.getAttributes().get(ldapContext.memberOfAttribute);
                                if (attribute != null) {
                                    int size = attribute.size();
                                    for (int i2 = 0; i2 < size; i2++) {
                                        String str5 = (String) attribute.get(i);
                                        if (str5 != null && ((String) groupNames.get(str5)) != null) {
                                            hashSet.add(str5);
                                            LogManager.logTrace("MEMBERSHIP", this.domainName + "-----Adding user's group: " + str5);
                                        }
                                    }
                                }
                            } else {
                                hashSet.addAll(groupNames.values());
                            }
                        }
                        UserEntry userEntry = new UserEntry(str4, hashSet);
                        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "UserEntry retrieved for username", escapeLDAPSearchFilter, userEntry.getDn()});
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (NamingException e) {
                                LogManager.logTrace("MEMBERSHIP", e, this.domainName + ": error closing context");
                            }
                        }
                        return userEntry;
                    }
                    LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "no user match found in context", str2});
                }
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                        LogManager.logTrace("MEMBERSHIP", e2, this.domainName + ": error closing context");
                    }
                }
                LogManager.logInfo("MEMBERSHIP", this.domainName + ": No user DN found for user: " + escapeLDAPSearchFilter + ", could not authenticate.");
                throw new InvalidUserException(escapeLDAPSearchFilter);
            } catch (NamingException e3) {
                throw new MembershipSourceException(e3);
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e4) {
                    LogManager.logTrace("MEMBERSHIP", e4, this.domainName + ": error closing context");
                }
            }
            throw th;
        }
    }

    private Map getGroupNames(DirContext dirContext, String str, boolean z) throws MembershipSourceException {
        Attribute attribute;
        String str2;
        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "getGroupNames", str, "mustMatchDn", String.valueOf(z)});
        HashMap hashMap = new HashMap();
        for (int i = 0; i < this.groupsRootContexts.size(); i++) {
            try {
                LdapContext ldapContext = (LdapContext) this.groupsRootContexts.get(i);
                String str3 = ldapContext.context;
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(ldapContext.searchScope);
                searchControls.setReturningAttributes(new String[]{ldapContext.displayAttribute});
                String str4 = ldapContext.searchFilter;
                if (str != null && ldapContext.memberOfAttribute != null) {
                    str4 = "(&(" + ldapContext.memberOfAttribute + "=" + str + ")" + str4 + ")";
                } else if (z) {
                    LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "skipping group context"});
                }
                LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "searching group context", str3, "with filter", str4, "and search scope", String.valueOf(ldapContext.searchScope)});
                NamingEnumeration search = dirContext.search(str3, str4, searchControls);
                LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "Parsing through groups search results."});
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    String str5 = searchResult.getName() + ',' + str3;
                    if (str5.charAt(0) == ',') {
                        str5 = str5.substring(1);
                    }
                    Attributes attributes = searchResult.getAttributes();
                    if (attributes != null && (attribute = attributes.get(ldapContext.displayAttribute)) != null && (str2 = (String) attribute.get()) != null) {
                        hashMap.put(str5, str2);
                        LogManager.logTrace("MEMBERSHIP", new Object[]{this.domainName, "Found groupDN", str5, "with display name", str2});
                    }
                }
            } catch (NamingException e) {
                throw new MembershipSourceException(e);
            }
        }
        return hashMap;
    }
}
