package org.dspace.authenticate;

import java.sql.SQLException;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;

/* loaded from: input_file:WEB-INF/lib/dspace-api-1.5.0-beta1.jar:org/dspace/authenticate/LDAPAuthentication.class */
public class LDAPAuthentication implements AuthenticationMethod {
    private static Logger log = Logger.getLogger(LDAPAuthentication.class);

    /* loaded from: input_file:WEB-INF/lib/dspace-api-1.5.0-beta1.jar:org/dspace/authenticate/LDAPAuthentication$SpeakerToLDAP.class */
    public class SpeakerToLDAP {
        private Logger log;
        protected String ldapEmail = null;
        protected String ldapGivenName = null;
        protected String ldapSurname = null;
        protected String ldapPhone = null;

        SpeakerToLDAP(Logger logger) {
            this.log = null;
            this.log = logger;
        }

        protected boolean ldapAuthenticate(String str, String str2, Context context) {
            Attribute attribute;
            Attribute attribute2;
            Attribute attribute3;
            Attribute attribute4;
            if (str2.equals("")) {
                return false;
            }
            String property = ConfigurationManager.getProperty("ldap.provider_url");
            String property2 = ConfigurationManager.getProperty("ldap.id_field");
            String property3 = ConfigurationManager.getProperty("ldap.search_context");
            String property4 = ConfigurationManager.getProperty("ldap.object_context");
            Hashtable hashtable = new Hashtable(11);
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", property);
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", property2 + "=" + str + "," + property4);
            hashtable.put("java.naming.security.credentials", str2);
            DirContext dirContext = null;
            try {
                try {
                    dirContext = new InitialDirContext(hashtable);
                    String property5 = ConfigurationManager.getProperty("ldap.email_field");
                    String property6 = ConfigurationManager.getProperty("ldap.givenname_field");
                    String property7 = ConfigurationManager.getProperty("ldap.surname_field");
                    String property8 = ConfigurationManager.getProperty("ldap.phone_field");
                    BasicAttributes basicAttributes = new BasicAttributes(true);
                    basicAttributes.put(new BasicAttribute(property2, str));
                    String[] strArr = {property5, property6, property7, property8};
                    try {
                        NamingEnumeration search = dirContext.search(property3, basicAttributes, strArr);
                        while (search.hasMore()) {
                            Attributes attributes = ((SearchResult) search.next()).getAttributes();
                            if (strArr[0] != null && (attribute4 = attributes.get(strArr[0])) != null) {
                                this.ldapEmail = (String) attribute4.get();
                            }
                            if (strArr[1] != null && (attribute3 = attributes.get(strArr[1])) != null) {
                                this.ldapGivenName = (String) attribute3.get();
                            }
                            if (strArr[2] != null && (attribute2 = attributes.get(strArr[2])) != null) {
                                this.ldapSurname = (String) attribute2.get();
                            }
                            if (strArr[3] != null && (attribute = attributes.get(strArr[3])) != null) {
                                this.ldapPhone = (String) attribute.get();
                            }
                        }
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (NamingException e) {
                                return true;
                            }
                        }
                        return true;
                    } catch (NamingException e2) {
                        this.log.warn(LogManager.getHeader(context, "ldap_attribute_lookup", "type=failed_search " + e2));
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (NamingException e3) {
                                return true;
                            }
                        }
                        return true;
                    }
                } catch (Throwable th) {
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (NamingException e4) {
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (NamingException e5) {
                this.log.warn(LogManager.getHeader(context, "ldap_authentication", "type=failed_auth " + e5));
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e6) {
                        return false;
                    }
                }
                return false;
            }
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return ConfigurationManager.getBooleanProperty("webui.ldap.autoregister");
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int[] getSpecialGroups(Context context, HttpServletRequest httpServletRequest) {
        return new int[0];
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        log.info(LogManager.getHeader(context, "auth", "attempting trivial auth of user=" + str));
        EPerson ePerson = null;
        try {
            ePerson = EPerson.findByNetid(context, str.toLowerCase());
        } catch (SQLException e) {
        }
        SpeakerToLDAP speakerToLDAP = new SpeakerToLDAP(log);
        if (ePerson != null) {
            if (ePerson.getRequireCertificate()) {
                return 3;
            }
            if (!ePerson.canLogIn()) {
                return 5;
            }
            if (!speakerToLDAP.ldapAuthenticate(str, str2, context)) {
                return 2;
            }
            log.info(LogManager.getHeader(context, "authenticate", "type=ldap"));
            return 1;
        }
        if (!speakerToLDAP.ldapAuthenticate(str, str2, context)) {
            return 5;
        }
        log.info(LogManager.getHeader(context, "autoregister", "netid=" + str));
        if (speakerToLDAP.ldapEmail == null || speakerToLDAP.ldapEmail.equals("")) {
            return 5;
        }
        try {
            EPerson findByEmail = EPerson.findByEmail(context, speakerToLDAP.ldapEmail);
            if (findByEmail != null) {
                log.info(LogManager.getHeader(context, "type=ldap-login", "type=ldap_but_already_email"));
                context.setIgnoreAuthorization(true);
                findByEmail.setNetid(str);
                findByEmail.update();
                context.commit();
                context.setIgnoreAuthorization(false);
                context.setCurrentUser(findByEmail);
                context.setIgnoreAuthorization(false);
                return 1;
            }
            if (!canSelfRegister(context, httpServletRequest, str)) {
                log.info(LogManager.getHeader(context, "failed_login", "type=ldap_but_no_record"));
                context.setIgnoreAuthorization(false);
                return 4;
            }
            try {
                context.setIgnoreAuthorization(true);
                EPerson create = EPerson.create(context);
                if (speakerToLDAP.ldapEmail == null || speakerToLDAP.ldapEmail.equals("")) {
                    create.setEmail(str);
                } else {
                    create.setEmail(speakerToLDAP.ldapEmail);
                }
                if (speakerToLDAP.ldapGivenName != null && !speakerToLDAP.ldapGivenName.equals("")) {
                    create.setFirstName(speakerToLDAP.ldapGivenName);
                }
                if (speakerToLDAP.ldapSurname != null && !speakerToLDAP.ldapSurname.equals("")) {
                    create.setLastName(speakerToLDAP.ldapSurname);
                }
                if (speakerToLDAP.ldapPhone != null && !speakerToLDAP.ldapPhone.equals("")) {
                    create.setMetadata("phone", speakerToLDAP.ldapPhone);
                }
                create.setNetid(str);
                create.setCanLogIn(true);
                AuthenticationManager.initEPerson(context, httpServletRequest, create);
                create.update();
                context.commit();
                context.setIgnoreAuthorization(false);
                log.info(LogManager.getHeader(context, "authenticate", "type=ldap-login, created ePerson"));
                context.setIgnoreAuthorization(false);
                return 1;
            } catch (AuthorizeException e2) {
                context.setIgnoreAuthorization(false);
                context.setIgnoreAuthorization(false);
                return 4;
            } catch (Throwable th) {
                context.setIgnoreAuthorization(false);
                throw th;
            }
        } catch (AuthorizeException e3) {
            context.setIgnoreAuthorization(false);
            return 5;
        } catch (Throwable th2) {
            context.setIgnoreAuthorization(false);
            throw th2;
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/ldap-login");
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageTitle(Context context) {
        return "org.dspace.eperson.LDAPAuthentication.title";
    }
}
