package org.p000sparkproject.jetty.plus.jaas.spi;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.security.LdapGroupsMapping;
import org.p000sparkproject.jetty.plus.jaas.callback.ObjectCallback;
import org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule;
import org.p000sparkproject.jetty.util.log.Log;
import org.p000sparkproject.jetty.util.log.Logger;
import org.p000sparkproject.jetty.util.security.Credential;

/* loaded from: input_file:org/spark-project/jetty/plus/jaas/spi/LdapLoginModule.class */
public class LdapLoginModule extends AbstractLoginModule {
    private static final Logger LOG = Log.getLogger((Class<?>) LdapLoginModule.class);
    private String _hostname;
    private int _port;
    private String _authenticationMethod;
    private String _contextFactory;
    private String _bindDn;
    private String _bindPassword;
    private String _userBaseDn;
    private String _roleBaseDn;
    private boolean _debug;
    private DirContext _rootContext;
    private String _userObjectClass = "inetOrgPerson";
    private String _userRdnAttribute = "uid";
    private String _userIdAttribute = LdapGroupsMapping.GROUP_NAME_ATTR_DEFAULT;
    private String _userPasswordAttribute = "userPassword";
    private String _roleObjectClass = "groupOfUniqueNames";
    private String _roleMemberAttribute = "uniqueMember";
    private String _roleNameAttribute = "roleName";
    private boolean _forceBindingLogin = false;
    private boolean _useLdaps = false;

    @Override // org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule
    public UserInfo getUserInfo(String str) throws Exception {
        String userCredentials = getUserCredentials(str);
        if (userCredentials == null) {
            return null;
        }
        return new UserInfo(str, Credential.getCredential(convertCredentialLdapToJetty(userCredentials)), getUserRoles(this._rootContext, str));
    }

    protected String doRFC2254Encoding(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    private String getUserCredentials(String str) throws LoginException {
        String str2 = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        LOG.debug("Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: " + this._userBaseDn, new Object[0]);
        try {
            NamingEnumeration search = this._rootContext.search(this._userBaseDn, "(&(objectClass={0})({1}={2}))", new Object[]{this._userObjectClass, this._userIdAttribute, str}, searchControls);
            LOG.debug("Found user?: " + search.hasMoreElements(), new Object[0]);
            if (!search.hasMoreElements()) {
                throw new LoginException("User not found.");
            }
            Attribute attribute = findUser(str).getAttributes().get(this._userPasswordAttribute);
            if (attribute != null) {
                try {
                    str2 = new String((byte[]) attribute.get());
                } catch (NamingException e) {
                    LOG.debug("no password available under attribute: " + this._userPasswordAttribute, new Object[0]);
                }
            }
            LOG.debug("user cred is: " + str2, new Object[0]);
            return str2;
        } catch (NamingException e2) {
            throw new LoginException("Root context binding failure.");
        }
    }

    private List<String> getUserRoles(DirContext dirContext, String str) throws LoginException, NamingException {
        return getUserRolesByDn(dirContext, this._userRdnAttribute + AbstractGangliaSink.EQUAL + str + "," + this._userBaseDn);
    }

    private List<String> getUserRolesByDn(DirContext dirContext, String str) throws LoginException, NamingException {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        if (dirContext == null || this._roleBaseDn == null || this._roleMemberAttribute == null || this._roleObjectClass == null) {
            return arrayList;
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{this._roleNameAttribute});
        NamingEnumeration search = dirContext.search(this._roleBaseDn, "(&(objectClass={0})({1}={2}))", new Object[]{this._roleObjectClass, this._roleMemberAttribute, str}, searchControls);
        LOG.debug("Found user roles?: " + search.hasMoreElements(), new Object[0]);
        while (search.hasMoreElements()) {
            Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
            if (attributes != null && (attribute = attributes.get(this._roleNameAttribute)) != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore()) {
                    arrayList.add(all.next().toString());
                }
            }
        }
        return arrayList;
    }

    @Override // org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule
    public boolean login() throws LoginException {
        try {
            if (getCallbackHandler() == null) {
                throw new LoginException("No callback handler");
            }
            NameCallback[] configureCallbacks = configureCallbacks();
            getCallbackHandler().handle(configureCallbacks);
            String name = configureCallbacks[0].getName();
            Object object = ((ObjectCallback) configureCallbacks[1]).getObject();
            if (name == null || object == null) {
                setAuthenticated(false);
                return isAuthenticated();
            }
            if (this._forceBindingLogin) {
                return bindingLogin(name, object);
            }
            UserInfo userInfo = getUserInfo(name);
            if (userInfo == null) {
                setAuthenticated(false);
                return false;
            }
            setCurrentUser(new AbstractLoginModule.JAASUserInfo(userInfo));
            return object instanceof String ? credentialLogin(Credential.getCredential((String) object)) : credentialLogin(object);
        } catch (IOException e) {
            if (this._debug) {
                e.printStackTrace();
            }
            throw new LoginException("IO Error performing login.");
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Error obtaining callback information.");
        } catch (Exception e3) {
            if (this._debug) {
                e3.printStackTrace();
            }
            throw new LoginException("Error obtaining user info.");
        }
    }

    protected boolean credentialLogin(Object obj) throws LoginException {
        setAuthenticated(getCurrentUser().checkCredential(obj));
        return isAuthenticated();
    }

    public boolean bindingLogin(String str, Object obj) throws LoginException, NamingException {
        String nameInNamespace = findUser(str).getNameInNamespace();
        LOG.info("Attempting authentication: " + nameInNamespace, new Object[0]);
        Hashtable<Object, Object> environment = getEnvironment();
        environment.put("java.naming.security.principal", nameInNamespace);
        environment.put("java.naming.security.credentials", obj);
        setCurrentUser(new AbstractLoginModule.JAASUserInfo(new UserInfo(str, null, getUserRolesByDn(new InitialDirContext(environment), nameInNamespace))));
        setAuthenticated(true);
        return true;
    }

    private SearchResult findUser(String str) throws NamingException, LoginException {
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        LOG.info("Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: " + this._userBaseDn, new Object[0]);
        NamingEnumeration search = this._rootContext.search(this._userBaseDn, "(&(objectClass={0})({1}={2}))", new Object[]{this._userObjectClass, this._userIdAttribute, str}, searchControls);
        LOG.info("Found user?: " + search.hasMoreElements(), new Object[0]);
        if (search.hasMoreElements()) {
            return (SearchResult) search.nextElement();
        }
        throw new LoginException("User not found.");
    }

    @Override // org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this._hostname = (String) map2.get("hostname");
        this._port = Integer.parseInt((String) map2.get("port"));
        this._contextFactory = (String) map2.get("contextFactory");
        this._bindDn = (String) map2.get("bindDn");
        this._bindPassword = (String) map2.get("bindPassword");
        this._authenticationMethod = (String) map2.get("authenticationMethod");
        this._userBaseDn = (String) map2.get("userBaseDn");
        this._roleBaseDn = (String) map2.get("roleBaseDn");
        if (map2.containsKey("forceBindingLogin")) {
            this._forceBindingLogin = Boolean.parseBoolean((String) map2.get("forceBindingLogin"));
        }
        if (map2.containsKey("useLdaps")) {
            this._useLdaps = Boolean.parseBoolean((String) map2.get("useLdaps"));
        }
        this._userObjectClass = getOption(map2, "userObjectClass", this._userObjectClass);
        this._userRdnAttribute = getOption(map2, "userRdnAttribute", this._userRdnAttribute);
        this._userIdAttribute = getOption(map2, "userIdAttribute", this._userIdAttribute);
        this._userPasswordAttribute = getOption(map2, "userPasswordAttribute", this._userPasswordAttribute);
        this._roleObjectClass = getOption(map2, "roleObjectClass", this._roleObjectClass);
        this._roleMemberAttribute = getOption(map2, "roleMemberAttribute", this._roleMemberAttribute);
        this._roleNameAttribute = getOption(map2, "roleNameAttribute", this._roleNameAttribute);
        this._debug = Boolean.parseBoolean(String.valueOf(getOption(map2, "debug", Boolean.toString(this._debug))));
        try {
            this._rootContext = new InitialDirContext(getEnvironment());
        } catch (NamingException e) {
            throw new IllegalStateException("Unable to establish root context", e);
        }
    }

    @Override // org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule
    public boolean commit() throws LoginException {
        try {
            this._rootContext.close();
            return super.commit();
        } catch (NamingException e) {
            throw new LoginException("error closing root context: " + e.getMessage());
        }
    }

    @Override // org.p000sparkproject.jetty.plus.jaas.spi.AbstractLoginModule
    public boolean abort() throws LoginException {
        try {
            this._rootContext.close();
            return super.abort();
        } catch (NamingException e) {
            throw new LoginException("error closing root context: " + e.getMessage());
        }
    }

    private String getOption(Map<String, ?> map, String str, String str2) {
        Object obj = map.get(str);
        return obj == null ? str2 : (String) obj;
    }

    public Hashtable<Object, Object> getEnvironment() {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", this._contextFactory);
        if (this._hostname != null) {
            properties.put("java.naming.provider.url", (this._useLdaps ? "ldaps://" : "ldap://") + this._hostname + (this._port == 0 ? "" : ":" + this._port) + "/");
        }
        if (this._authenticationMethod != null) {
            properties.put("java.naming.security.authentication", this._authenticationMethod);
        }
        if (this._bindDn != null) {
            properties.put("java.naming.security.principal", this._bindDn);
        }
        if (this._bindPassword != null) {
            properties.put("java.naming.security.credentials", this._bindPassword);
        }
        return properties;
    }

    public static String convertCredentialJettyToLdap(String str) {
        return Credential.MD5.__TYPE.startsWith(str.toUpperCase(Locale.ENGLISH)) ? "{MD5}" + str.substring(Credential.MD5.__TYPE.length(), str.length()) : Credential.Crypt.__TYPE.startsWith(str.toUpperCase(Locale.ENGLISH)) ? "{CRYPT}" + str.substring(Credential.Crypt.__TYPE.length(), str.length()) : str;
    }

    public static String convertCredentialLdapToJetty(String str) {
        return str == null ? str : "{MD5}".startsWith(str.toUpperCase(Locale.ENGLISH)) ? Credential.MD5.__TYPE + str.substring("{MD5}".length(), str.length()) : "{CRYPT}".startsWith(str.toUpperCase(Locale.ENGLISH)) ? Credential.Crypt.__TYPE + str.substring("{CRYPT}".length(), str.length()) : str;
    }
}
