package org.nakedobjects.runtime.authorization.standard.ldap;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.log4j.Logger;
import org.nakedobjects.applib.Identifier;
import org.nakedobjects.metamodel.commons.exceptions.NakedObjectException;
import org.nakedobjects.metamodel.config.NakedObjectConfiguration;
import org.nakedobjects.runtime.authorization.standard.AuthorizorAbstract;

/* loaded from: input_file:org/nakedobjects/runtime/authorization/standard/ldap/LdapAuthorizor.class */
public class LdapAuthorizor extends AuthorizorAbstract {
    private static final Logger LOG = Logger.getLogger(LdapAuthorizor.class);
    private static final String FILTER = "(&(uniquemember={0}) (|(cn={1}) (cn={2}) (cn={3})))";
    private static final String RW = "RW";
    private final String ldapProvider;
    private final String ldapDn;
    private final String appDn;
    private final boolean learn;

    public LdapAuthorizor(NakedObjectConfiguration nakedObjectConfiguration) {
        super(nakedObjectConfiguration);
        this.ldapProvider = getConfiguration().getString(LdapAuthorizationConstants.SERVER_KEY);
        this.ldapDn = getConfiguration().getString(LdapAuthorizationConstants.LDAPDN_KEY);
        this.appDn = getConfiguration().getString(LdapAuthorizationConstants.APP_DN_KEY);
        this.learn = getConfiguration().getBoolean("nakedobjects.authorization.learn", false);
    }

    public void init() {
    }

    public void shutdown() {
    }

    @Override // org.nakedobjects.runtime.authorization.standard.Authorizor
    public boolean isUsableInRole(String str, Identifier identifier) {
        return isAuthorised(str, identifier, RW);
    }

    @Override // org.nakedobjects.runtime.authorization.standard.Authorizor
    public boolean isVisibleInRole(String str, Identifier identifier) {
        return isAuthorised(str, identifier, null);
    }

    private boolean isAuthorised(String str, Identifier identifier, String str2) {
        Hashtable hashtable = new Hashtable(4);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.ldapProvider);
        if (this.learn) {
            hashtable.put("java.naming.security.principal", "uid=admin, ou=system");
            hashtable.put("java.naming.security.credentials", "secret");
        }
        DirContext dirContext = null;
        try {
            try {
                InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                if (this.learn) {
                    boolean bindNames = bindNames(initialDirContext, str, identifier);
                    if (initialDirContext != null) {
                        try {
                            initialDirContext.close();
                        } catch (NamingException e) {
                            throw new NakedObjectException("Failed to authorise using LDAP", e);
                        }
                    }
                    return bindNames;
                }
                boolean isPermitted = isPermitted(initialDirContext, str, identifier, str2);
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e2) {
                        throw new NakedObjectException("Failed to authorise using LDAP", e2);
                    }
                }
                return isPermitted;
            } catch (AuthenticationException e3) {
                throw new NakedObjectException("Failed to authorise using LDAP", e3);
            } catch (NamingException e4) {
                throw new NakedObjectException("Failed to authorise using LDAP", e4);
            } catch (NameNotFoundException e5) {
                LOG.error(e5);
                if (0 != 0) {
                    try {
                        dirContext.close();
                    } catch (NamingException e6) {
                        throw new NakedObjectException("Failed to authorise using LDAP", e6);
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e7) {
                    throw new NakedObjectException("Failed to authorise using LDAP", e7);
                }
            }
            throw th;
        }
    }

    private boolean isPermitted(DirContext dirContext, String str, Identifier identifier, String str2) throws NamingException {
        Attribute attribute;
        String identityString = identifier.toIdentityString(Identifier.CLASS);
        String identityString2 = identifier.toIdentityString(Identifier.MEMBERNAME_ONLY);
        String identityString3 = identifier.toIdentityString(Identifier.PARMS_ONLY);
        Object[] objArr = {str, identityString, identityString2, identityString3};
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = dirContext.search(buildSearchName(identityString, this.appDn), FILTER, objArr, searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.nextElement();
            String str3 = (String) searchResult.getAttributes().get("cn").get(0);
            if (str3.equals(identityString) || str3.equals(identityString2) || (str3.equals(identityString3) && searchResult.getName().contains(identityString2))) {
                if (str2 == null || (attribute = searchResult.getAttributes().get("flag")) == null) {
                    return true;
                }
                return str2.equalsIgnoreCase((String) attribute.get(0));
            }
        }
        return false;
    }

    private String buildSearchName(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("cn=").append(str).append(", ").append(str2);
        return stringBuffer.toString();
    }

    private Attributes createCommonAttributes(String str, String str2, boolean z) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("javaContainer");
        basicAttribute.add("groupOfUniqueNames");
        if (z) {
            basicAttribute.add("javaObject");
        }
        BasicAttribute basicAttribute2 = new BasicAttribute("cn");
        basicAttribute2.add(str);
        BasicAttribute basicAttribute3 = new BasicAttribute("uniquemember");
        basicAttribute3.add(str2);
        if (z) {
            BasicAttribute basicAttribute4 = new BasicAttribute("javaclassname");
            basicAttribute4.add(str);
            basicAttributes.put(basicAttribute4);
        }
        basicAttributes.put(basicAttribute);
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute3);
        return basicAttributes;
    }

    private String createClassBindname(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("cn=").append(str).append(", ").append(this.appDn);
        return stringBuffer.toString();
    }

    private void bindClass(DirContext dirContext, String str, Identifier identifier) throws NamingException {
        String identityString = identifier.toIdentityString(Identifier.CLASS);
        try {
            dirContext.createSubcontext(createClassBindname(identityString), createCommonAttributes(identityString, str, true));
        } catch (NameAlreadyBoundException e) {
            LOG.debug(e);
        }
    }

    private String createNameBindname(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("cn=").append(str2).append(", ");
        stringBuffer.append(createClassBindname(str));
        return stringBuffer.toString();
    }

    private void bindName(DirContext dirContext, String str, Identifier identifier) throws NamingException {
        String identityString = identifier.toIdentityString(Identifier.CLASS);
        String identityString2 = identifier.toIdentityString(Identifier.MEMBERNAME_ONLY);
        try {
            dirContext.createSubcontext(createNameBindname(identityString, identityString2), createCommonAttributes(identityString2, str, false));
        } catch (NameAlreadyBoundException e) {
            LOG.debug(e);
        }
    }

    private String createParmsBindname(String str, String str2, String str3) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("cn=").append(str3).append(", ");
        stringBuffer.append(createNameBindname(str, str2));
        return stringBuffer.toString();
    }

    private void bindParms(DirContext dirContext, String str, Identifier identifier) throws NamingException {
        String identityString = identifier.toIdentityString(Identifier.CLASS);
        String identityString2 = identifier.toIdentityString(Identifier.MEMBERNAME_ONLY);
        String replace = identifier.toIdentityString(Identifier.PARMS_ONLY).replace(",", "\\,");
        if (replace.length() == 0) {
            return;
        }
        try {
            dirContext.createSubcontext(createParmsBindname(identityString, identityString2, replace), createCommonAttributes(replace, str, false));
        } catch (NameAlreadyBoundException e) {
            LOG.debug(e);
        }
    }

    private boolean bindNames(DirContext dirContext, String str, Identifier identifier) throws NamingException {
        bindClass(dirContext, str, identifier);
        bindName(dirContext, str, identifier);
        bindParms(dirContext, str, identifier);
        return true;
    }
}
