package com.sun.messaging.jmq.jmsserver.auth.ldap;

import com.sun.enterprise.security.auth.realm.ldap.LDAPRealm;
import com.sun.faces.context.UrlBuilder;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.messaging.jmq.auth.api.FailedLoginException;
import com.sun.messaging.jmq.auth.api.server.model.UserRepository;
import com.sun.messaging.jmq.auth.jaas.MQGroup;
import com.sun.messaging.jmq.auth.jaas.MQUser;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.auth.AccessController;
import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
import com.sun.messaging.jmq.util.Password;
import com.sun.messaging.jmq.util.log.Logger;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.Refreshable;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.glassfish.enterprise.iiop.impl.GlassFishORBManager;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/install/applications/jmsra/imqbroker.jar:com/sun/messaging/jmq/jmsserver/auth/ldap/LdapUserRepository.class
 */
/* loaded from: input_file:com/sun/messaging/jmq/jmsserver/auth/ldap/LdapUserRepository.class */
public class LdapUserRepository implements UserRepository {
    public static final String TYPE = "ldap";
    private String authType;
    private static final int DEFAULT_TIMELIMIT = 180000;
    private static final String DN_USRFORMAT = "dn";
    private static final String PROP_SERVER_SUFFIX = ".server";
    public static final String PROP_BINDDN_SUFFIX = ".principal";
    public static final String PROP_BINDPW_SUFFIX = ".password";
    private static final String PROP_UIDATTR_SUFFIX = ".uidattr";
    private static final String PROP_USRFORMAT_SUFFIX = ".usrformat";
    private static final String PROP_USRFILTER_SUFFIX = ".usrfilter";
    private static final String PROP_BASE_SUFFIX = ".base";
    private static final String PROP_GRPBASE_SUFFIX = ".grpbase";
    private static final String PROP_GIDATTR_SUFFIX = ".gidattr";
    private static final String PROP_MEMATTR_SUFFIX = ".memattr";
    private static final String PROP_GRPFILTER_SUFFIX = ".grpfilter";
    private static final String PROP_GRPSEARCH_SUFFIX = ".grpsearch";
    private static final String PROP_TIMEOUT_SUFFIX = ".timeout";
    private static final String PROP_SSL_SUFFIX = ".ssl.enabled";
    private static final String PROP_SSLFACTORY_SUFFIX = ".ssl.socketfactory";
    private static boolean DEBUG = false;
    private static final transient Logger logger = Globals.getLogger();
    private static final transient BrokerResources br = Globals.getBrokerResources();
    private static String INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static String DEFAULT_SSLFACTORY = "javax.net.ssl.SSLSocketFactory";
    private static String TRUST_SSLFACTORY = "com.sun.messaging.jmq.jmsserver.auth.ldap.TrustSSLSocketFactory";
    private Properties authProps = null;
    private String server = null;
    private String bindDN = null;
    private String bindPW = null;
    private String base = null;
    private LdapName ldapbase = null;
    private String uidattr = null;
    private String usrformat = null;
    private String usrfilter = null;
    private int timelimit = 180000;
    private boolean grpsearch = true;
    private String grpbase = null;
    private String gidattr = null;
    private String memattr = null;
    private String grpfilter = null;
    private String repository = null;
    private boolean sslprotocol = false;
    private String sslfactory = null;

    @Override // com.sun.messaging.jmq.auth.api.server.model.UserRepository
    public String getType() {
        return "ldap";
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.UserRepository
    public void open(String str, Properties properties, Refreshable refreshable) throws LoginException {
        this.authType = str;
        this.authProps = properties;
        String property = this.authProps.getProperty(AccessController.PROP_AUTHENTICATION_PREFIX + str + AccessController.PROP_USER_REPOSITORY_SUFFIX);
        if (property == null) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_REPOSITORY_NOT_DEFINED, str));
        }
        this.repository = property;
        if (!property.equals("ldap")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_REPOSITORY_TYPE_MISMATCH, (Object[]) new String[]{property, "ldap", getClass().getName()}));
        }
        String str2 = AccessController.PROP_USER_REPOSITORY_PREFIX + property;
        this.server = this.authProps.getProperty(str2 + PROP_SERVER_SUFFIX);
        if (this.server == null || this.server.trim().equals("")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_SERVER_SUFFIX}));
        }
        this.server = "ldap://" + this.server;
        this.bindDN = this.authProps.getProperty(str2 + PROP_BINDDN_SUFFIX);
        if (this.bindDN == null || this.bindDN.trim().equals("")) {
            this.bindDN = null;
        } else {
            this.bindPW = this.authProps.getProperty(str2 + PROP_BINDPW_SUFFIX);
            int i = 0;
            boolean z = this.bindPW == null || this.bindPW.equals("");
            while (true) {
                if (this.bindPW == null || (this.bindPW.trim().equals("") && i < 5)) {
                    Password password = new Password();
                    System.err.print(Globals.getBrokerResources().getString(BrokerResources.M_ENTER_KEY_LDAP, this.bindDN));
                    System.err.flush();
                    this.bindPW = password.getPassword();
                    i++;
                }
            }
            if (this.bindPW == null || this.bindPW.trim().equals("")) {
                logger.log(16, BrokerResources.W_NO_LDAP_PASSWD, this.bindPW);
                this.bindDN = null;
            } else if (z) {
                this.authProps.put(str2 + PROP_BINDPW_SUFFIX, this.bindPW);
            }
        }
        this.usrformat = this.authProps.getProperty(str2 + PROP_USRFORMAT_SUFFIX);
        if (this.usrformat != null) {
            this.usrformat = this.usrformat.trim();
            if (this.usrformat.equals("")) {
                this.usrformat = null;
            } else if (!this.usrformat.trim().equals(DN_USRFORMAT)) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_UNSUPPORTED_PROPERTY_VALUE, "" + str2 + PROP_USRFORMAT_SUFFIX, this.usrformat));
            }
        }
        this.base = this.authProps.getProperty(str2 + PROP_BASE_SUFFIX);
        if (this.base != null && this.base.trim().equals("")) {
            this.base = null;
        }
        if (this.base == null && (this.usrformat == null || !this.usrformat.equals(DN_USRFORMAT))) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_BASE_SUFFIX}));
        }
        this.ldapbase = null;
        if (this.base != null && this.usrformat != null && this.usrformat.equals(DN_USRFORMAT)) {
            try {
                this.ldapbase = new LdapName(this.base);
            } catch (Exception e) {
                throw new LoginException(e.toString());
            }
        }
        this.uidattr = this.authProps.getProperty(str2 + PROP_UIDATTR_SUFFIX);
        if (this.uidattr == null || this.uidattr.trim().equals("")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_UIDATTR_SUFFIX}));
        }
        this.usrfilter = this.authProps.getProperty(str2 + PROP_USRFILTER_SUFFIX);
        if (this.usrfilter != null && this.usrfilter.trim().equals("")) {
            this.usrfilter = null;
        }
        String property2 = this.authProps.getProperty(str2 + PROP_TIMEOUT_SUFFIX);
        if (property2 != null) {
            try {
                this.timelimit = Integer.parseInt(property2) * 1000;
            } catch (NumberFormatException e2) {
                this.timelimit = -1;
            }
        }
        if (this.timelimit < 0) {
            this.timelimit = 180000;
        }
        String property3 = this.authProps.getProperty(str2 + PROP_GRPSEARCH_SUFFIX);
        if (property3 != null && property3.equals("false")) {
            this.grpsearch = false;
        }
        if (this.grpsearch) {
            this.grpbase = this.authProps.getProperty(str2 + PROP_GRPBASE_SUFFIX);
            if (this.grpbase == null || this.grpbase.trim().equals("")) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_GRPBASE_SUFFIX}));
            }
            this.gidattr = this.authProps.getProperty(str2 + PROP_GIDATTR_SUFFIX);
            if (this.gidattr == null || this.gidattr.trim().equals("")) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_GIDATTR_SUFFIX}));
            }
            this.memattr = this.authProps.getProperty(str2 + PROP_MEMATTR_SUFFIX);
            if (this.memattr == null || this.memattr.trim().equals("")) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_REPOSITORY_PROPERTY_NOT_DEFINED, (Object[]) new String[]{str, property, PROP_MEMATTR_SUFFIX}));
            }
            this.grpfilter = this.authProps.getProperty(str2 + PROP_GRPFILTER_SUFFIX);
            if (this.grpfilter != null && this.grpfilter.trim().equals("")) {
                this.grpfilter = null;
            }
        }
        String property4 = this.authProps.getProperty(str2 + PROP_SSL_SUFFIX);
        if (property4 == null || !property4.equals("true")) {
            return;
        }
        this.sslprotocol = true;
        String property5 = this.authProps.getProperty(str2 + PROP_SSLFACTORY_SUFFIX);
        if (property5 == null || property5.trim().equals("")) {
            return;
        }
        this.sslfactory = property5.trim();
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.UserRepository
    public Subject findMatch(String str, Object obj, Object obj2, String str2) throws LoginException {
        if (str2 == null || !str2.equals("basic")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_UNSUPPORTED_USER_REPOSITORY_MATCHTYPE, (Object[]) new String[]{str2 == null ? JavaClassWriterHelper.null_ : str2, this.authType, getType(), "basic"}));
        }
        return jmqbasicFindMatch(str, (String) obj);
    }

    private Subject jmqbasicFindMatch(String str, String str2) throws LoginException {
        String searchDN;
        if (DEBUG) {
            logger.log(8, "Authenticate[basic] " + str + ":" + str2 + (this.usrformat == null ? ":" : ":usrformat=" + this.usrformat));
        }
        if (str2 == null || str2.trim().equals("")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_PASSWORD_NOT_PROVIDED, str));
        }
        if (str == null || str.trim().equals("")) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USERNAME_NOT_PROVIDED, str));
        }
        String str3 = this.server;
        if (DEBUG) {
            logger.log(8, "LDAP server: " + str3);
        }
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", INITIAL_CONTEXT_FACTORY);
        hashtable.put(GlassFishORBManager.JNDI_PROVIDER_URL_PROPERTY, str3);
        hashtable.put("java.naming.referral", "follow");
        if (this.sslprotocol) {
            hashtable.put("java.naming.security.protocol", "ssl");
            if (this.sslfactory != null) {
                hashtable.put(LDAPRealm.LDAP_SOCKET_FACTORY, this.sslfactory);
            }
        }
        boolean z = false;
        if (this.usrformat == null || !this.usrformat.equals(DN_USRFORMAT)) {
            searchDN = searchDN(str, hashtable);
        } else {
            z = true;
            searchDN = str;
            str = handleDNusrformat(str);
        }
        DirContext dirContext = null;
        try {
            try {
                if (z) {
                    logger.log(8, br.getKString(BrokerResources.I_AUTHENTICATE_AS_USER, searchDN, str));
                } else {
                    logger.log(8, br.getKString(BrokerResources.I_AUTHENTICATE_USER_AS, str, searchDN));
                }
                hashtable.put("java.naming.security.authentication", "simple");
                hashtable.put("java.naming.security.principal", searchDN);
                hashtable.put("java.naming.security.credentials", str2);
                try {
                    InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                    initialDirContext.close();
                    Subject subject = new Subject();
                    subject.getPrincipals().add(new MQUser(str));
                    try {
                        findGroups(searchDN, subject);
                        if (initialDirContext != null) {
                            try {
                                initialDirContext.close();
                            } catch (NamingException e) {
                            }
                        }
                        return subject;
                    } catch (NamingException e2) {
                        String kString = Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_GROUP_SEARCH_ERROR, str + " [" + searchDN + "]");
                        logger.logStack(32, kString, e2);
                        throw new LoginException(kString + ":" + e2.getMessage());
                    }
                } catch (AuthenticationException e3) {
                    if (DEBUG) {
                        logger.log(8, e3.getMessage(), e3);
                    }
                    throw new FailedLoginException(e3.getMessage());
                }
            } catch (Exception e4) {
                if (e4 instanceof FailedLoginException) {
                    throw ((FailedLoginException) e4);
                }
                if (e4 instanceof LoginException) {
                    throw ((LoginException) e4);
                }
                String namingException = e4 instanceof NamingException ? ((NamingException) e4).toString(true) : e4.toString();
                logger.logStack(32, namingException, e4);
                throw new LoginException(namingException);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e5) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private String searchDN(String str, Hashtable hashtable) throws LoginException {
        if (this.bindDN != null && this.bindPW != null) {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", this.bindDN);
            hashtable.put("java.naming.security.credentials", this.bindPW);
        }
        DirContext dirContext = null;
        try {
            try {
                InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[0]);
                searchControls.setSearchScope(2);
                searchControls.setTimeLimit(this.timelimit);
                String str2 = this.uidattr + UrlBuilder.PARAMETER_NAME_VALUE_SEPARATOR + str;
                if (this.usrfilter != null) {
                    str2 = "(&(" + this.usrfilter + ")(" + str2 + "))";
                }
                if (DEBUG) {
                    logger.log(8, "filter:" + str2 + ":");
                }
                NamingEnumeration search = initialDirContext.search(this.base, str2, searchControls);
                int i = 0;
                String str3 = null;
                while (search.hasMore()) {
                    if (i != 0) {
                        search.close();
                        throw new NamingException(Globals.getBrokerResources().getKString(BrokerResources.X_NOT_UNIQUE_USER, str, this.repository));
                    }
                    SearchResult searchResult = (SearchResult) search.next();
                    if (!searchResult.isRelative()) {
                        throw new NamingException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_SEARCH_RESULT_NOT_RELATIVE, searchResult.getName()));
                    }
                    str3 = searchResult.getName() + JavaClassWriterHelper.paramSeparator_ + this.base;
                    i++;
                }
                initialDirContext.close();
                if (str3 == null) {
                    throw new FailedLoginException(Globals.getBrokerResources().getKString(BrokerResources.X_DN_NOT_FOUND, str, this.repository));
                }
                if (DEBUG) {
                    logger.log(8, "dn=" + str3);
                }
                String str4 = str3;
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e) {
                    }
                }
                return str4;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            if (e3 instanceof FailedLoginException) {
                throw ((FailedLoginException) e3);
            }
            String namingException = e3 instanceof NamingException ? ((NamingException) e3).toString(true) : e3.toString();
            logger.logStack(32, namingException, e3);
            throw new LoginException(namingException);
        }
    }

    private String handleDNusrformat(String str) throws LoginException {
        try {
            LdapName ldapName = new LdapName(str);
            if (this.ldapbase != null && !ldapName.startsWith(this.ldapbase)) {
                BrokerResources brokerResources = br;
                BrokerResources brokerResources2 = br;
                throw new LoginException(brokerResources.getKString(BrokerResources.X_DN_BASE_NOTMATCH, str, this.ldapbase.toString()));
            }
            Iterator it = ldapName.getRdns().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Attribute attribute = ((Rdn) it.next()).toAttributes().get(this.uidattr);
                if (attribute != null) {
                    Object obj = attribute.get(0);
                    if (obj != null) {
                        if (!(obj instanceof String)) {
                            throw new LoginException(br.getKString(BrokerResources.X_ATTRIBUTE_NOT_STRING_TYPE, this.uidattr + "[" + str + "]", obj.getClass().getName()));
                        }
                        if (!((String) obj).trim().equals("")) {
                            return (String) obj;
                        }
                    }
                }
            }
            throw new LoginException(br.getKString(BrokerResources.X_ATTRIBUTE_NOT_FOUND_IN, this.uidattr, str));
        } catch (Exception e) {
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            logger.logStack(32, e instanceof NamingException ? e.toString(true) : e.toString(), e);
            throw new LoginException(e.getMessage());
        }
    }

    private void findGroups(String str, final Subject subject) throws NamingException {
        Attribute attribute;
        final String str2;
        if (this.grpsearch) {
            Hashtable hashtable = new Hashtable(11);
            hashtable.put("java.naming.factory.initial", INITIAL_CONTEXT_FACTORY);
            hashtable.put(GlassFishORBManager.JNDI_PROVIDER_URL_PROPERTY, this.server);
            hashtable.put("java.naming.referral", "follow");
            if (this.bindDN != null) {
                hashtable.put("java.naming.security.authentication", "simple");
                hashtable.put("java.naming.security.principal", this.bindDN);
                hashtable.put("java.naming.security.credentials", this.bindPW);
            }
            if (this.sslprotocol) {
                hashtable.put("java.naming.security.protocol", "ssl");
                if (this.sslfactory != null) {
                    hashtable.put(LDAPRealm.LDAP_SOCKET_FACTORY, this.sslfactory);
                }
            }
            DirContext dirContext = null;
            try {
                try {
                    InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                    SearchControls searchControls = new SearchControls();
                    searchControls.setReturningAttributes(new String[]{this.gidattr});
                    searchControls.setSearchScope(1);
                    searchControls.setTimeLimit(this.timelimit);
                    String str3 = this.memattr + UrlBuilder.PARAMETER_NAME_VALUE_SEPARATOR + str;
                    if (this.grpfilter != null) {
                        str3 = "(&(" + this.grpfilter + ")(" + str3 + "))";
                    }
                    if (DEBUG) {
                        logger.log(8, "filter:" + str3 + ":");
                    }
                    NamingEnumeration search = initialDirContext.search(this.grpbase, str3, searchControls);
                    while (search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        if (!searchResult.isRelative()) {
                            throw new NamingException(Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_SEARCH_RESULT_NOT_RELATIVE, searchResult.getName()));
                        }
                        Attributes attributes = searchResult.getAttributes();
                        if (attributes != null && (attribute = attributes.get(this.gidattr)) != null && (str2 = (String) attribute.get(0)) != null && !str2.equals("")) {
                            if (DEBUG) {
                                logger.log(8, "found group:" + str2 + ":");
                            }
                            java.security.AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.messaging.jmq.jmsserver.auth.ldap.LdapUserRepository.1
                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    subject.getPrincipals().add(new MQGroup(str2));
                                    return null;
                                }
                            });
                        }
                    }
                    initialDirContext.close();
                    DirContext dirContext2 = null;
                    if (0 != 0) {
                        dirContext2.close();
                    }
                } catch (Exception e) {
                    if (e instanceof NamingException) {
                        throw e;
                    }
                    NamingException namingException = new NamingException(e.toString());
                    namingException.initCause(e);
                    throw namingException;
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    dirContext.close();
                }
                throw th;
            }
        }
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.UserRepository
    public Refreshable getCacheData() {
        return null;
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.UserRepository
    public void close() throws LoginException {
    }
}
