package org.nakedobjects.runtime.authentication.standard.ldap;

import java.util.ArrayList;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.log4j.Logger;
import org.nakedobjects.metamodel.commons.ensure.Assert;
import org.nakedobjects.metamodel.commons.exceptions.NakedObjectException;
import org.nakedobjects.metamodel.config.NakedObjectConfiguration;
import org.nakedobjects.runtime.authentication.AuthenticationRequest;
import org.nakedobjects.runtime.authentication.AuthenticationRequestPassword;
import org.nakedobjects.runtime.authentication.standard.AuthenticatorAbstract;
import org.nakedobjects.runtime.authorization.standard.file.FileAuthorizationConstants;

/* loaded from: input_file:org/nakedobjects/runtime/authentication/standard/ldap/LdapAuthenticator.class */
public class LdapAuthenticator extends AuthenticatorAbstract {
    private static final Logger LOG = Logger.getLogger(LdapAuthenticator.class);
    private final String ldapProvider;
    private final String ldapDn;

    public LdapAuthenticator(NakedObjectConfiguration nakedObjectConfiguration) {
        super(nakedObjectConfiguration);
        this.ldapProvider = getConfiguration().getString(LdapAuthenticationConstants.SERVER_KEY);
        this.ldapDn = getConfiguration().getString(LdapAuthenticationConstants.LDAPDN_KEY);
    }

    @Override // org.nakedobjects.runtime.authentication.standard.Authenticator
    public boolean canAuthenticate(AuthenticationRequest authenticationRequest) {
        return authenticationRequest instanceof AuthenticationRequestPassword;
    }

    private void setRoles(DirContext dirContext, AuthenticationRequest authenticationRequest, String str) throws NamingException {
        ArrayList arrayList = new ArrayList();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"cn"});
        NamingEnumeration search = dirContext.search("uid=" + str + ", " + this.ldapDn, LdapAuthenticationConstants.FILTER, searchControls);
        while (search.hasMore()) {
            String str2 = (String) ((SearchResult) search.nextElement()).getAttributes().get("cn").get(0);
            arrayList.add(str2);
            LOG.debug("Adding role: " + str2);
        }
        authenticationRequest.setRoles(arrayList);
    }

    @Override // org.nakedobjects.runtime.authentication.standard.Authenticator
    public boolean isValid(AuthenticationRequest authenticationRequest) {
        AuthenticationRequestPassword authenticationRequestPassword = (AuthenticationRequestPassword) authenticationRequest;
        String name = authenticationRequestPassword.getName();
        Assert.assertNotNull(name);
        if (name.equals(FileAuthorizationConstants.BLACKLIST_RESOURCE_DEFAULT)) {
            LOG.debug("empty username");
            return false;
        }
        String password = authenticationRequestPassword.getPassword();
        Assert.assertNotNull(password);
        Hashtable hashtable = new Hashtable(4);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.ldapProvider);
        hashtable.put("java.naming.security.principal", "uid=" + name + ", " + this.ldapDn);
        hashtable.put("java.naming.security.credentials", password);
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(hashtable);
                setRoles(dirContext, authenticationRequest, name);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        throw new NakedObjectException("Failed to authenticate using LDAP", e);
                    }
                }
                return true;
            } catch (AuthenticationException e2) {
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e3) {
                        throw new NakedObjectException("Failed to authenticate using LDAP", e3);
                    }
                }
                return false;
            } catch (NamingException e4) {
                throw new NakedObjectException("Failed to authenticate using LDAP", e4);
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e5) {
                    throw new NakedObjectException("Failed to authenticate using LDAP", e5);
                }
            }
            throw th;
        }
    }
}
