package org.lamsfoundation.lams.security;

import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.authoring.web.ImportToolContentAction;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.LdapService;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.web.util.HttpSessionManager;
import org.lamsfoundation.lams.workspace.web.WorkspaceAction;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/security/LDAPAuthenticator.class */
public class LDAPAuthenticator {
    private static Logger log = Logger.getLogger(LDAPAuthenticator.class);
    private static UserManagementService service;
    private static LdapService ldapService;
    private static final String INITIAL_CONTEXT_FACTORY_VALUE = "com.sun.jndi.ldap.LdapCtxFactory";
    private Attributes attrs = null;

    private UserManagementService getService() {
        if (service == null) {
            service = (UserManagementService) WebApplicationContextUtils.getWebApplicationContext(HttpSessionManager.getInstance().getServletContext()).getBean(ImportToolContentAction.USER_SERVICE_BEAN_NAME);
        }
        return service;
    }

    private LdapService getLdapService() {
        if (ldapService == null) {
            ldapService = (LdapService) WebApplicationContextUtils.getWebApplicationContext(HttpSessionManager.getInstance().getServletContext()).getBean("ldapService");
        }
        return ldapService;
    }

    public Attributes getAttrs() {
        return this.attrs;
    }

    public void setAttrs(Attributes attributes) {
        this.attrs = attributes;
    }

    public boolean authenticate(String str, String str2) {
        return authentication(str, str2);
    }

    private boolean authentication(String str, Object obj) {
        User userByLogin;
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", INITIAL_CONTEXT_FACTORY_VALUE);
        properties.setProperty("java.naming.security.authentication", Configuration.get(ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION));
        String str2 = Configuration.get(ConfigurationKeys.LDAP_PRINCIPAL_DN_PREFIX);
        String[] split = Configuration.get(ConfigurationKeys.LDAP_PRINCIPAL_DN_SUFFIX).split(";");
        properties.setProperty("java.naming.provider.url", Configuration.get(ConfigurationKeys.LDAP_PROVIDER_URL));
        properties.put("java.naming.security.credentials", obj);
        System.getProperty("javax.net.ssl.trustStore");
        System.getProperty("javax.net.ssl.trustStorePassword");
        String str3 = Configuration.get(ConfigurationKeys.LDAP_SECURITY_PROTOCOL);
        if (StringUtils.equals("ssl", str3)) {
            properties.setProperty("java.naming.security.protocol", str3);
            System.setProperty("javax.net.ssl.trustStore", Configuration.get(ConfigurationKeys.LDAP_TRUSTSTORE_PATH));
            System.setProperty("javax.net.ssl.trustStorePassword", Configuration.get(ConfigurationKeys.LDAP_TRUSTSTORE_PASSWORD));
        }
        InitialLdapContext initialLdapContext = null;
        for (String str4 : split) {
            if (!str4.startsWith(WorkspaceAction.ROLE_DELIMITER)) {
                str4 = WorkspaceAction.ROLE_DELIMITER + str4;
            }
            String str5 = str2 + str + str4;
            properties.setProperty("java.naming.security.principal", str5);
            try {
                try {
                    try {
                        InitialLdapContext initialLdapContext2 = new InitialLdapContext(properties, (Control[]) null);
                        log.debug("===> LDAP context created using DN: " + str5);
                        Attributes attributes = initialLdapContext2.getAttributes(str5);
                        setAttrs(attributes);
                        if (log.isDebugEnabled()) {
                            NamingEnumeration all = attributes.getAll();
                            while (all.hasMoreElements()) {
                                log.debug(all.next());
                            }
                        }
                        if (getLdapService().getDisabledBoolean(attributes)) {
                            log.debug("===> User is disabled in LDAP.");
                            User userByLogin2 = getService().getUserByLogin(str);
                            if (userByLogin2 != null) {
                                getService().disableUser(userByLogin2.getUserId());
                            }
                            if (initialLdapContext2 != null) {
                                try {
                                    initialLdapContext2.close();
                                } catch (Exception e) {
                                    log.error("===> gettting problem when closing context. Exception: " + e);
                                }
                            }
                            return false;
                        }
                        if (Configuration.getAsBoolean(ConfigurationKeys.LDAP_UPDATE_ON_LOGIN) && (userByLogin = getService().getUserByLogin(str)) != null) {
                            getLdapService().updateLDAPUser(userByLogin, attributes);
                            getLdapService().addLDAPUser(attributes, userByLogin.getUserId());
                        }
                        if (initialLdapContext2 != null) {
                            try {
                                initialLdapContext2.close();
                            } catch (Exception e2) {
                                log.error("===> gettting problem when closing context. Exception: " + e2);
                            }
                        }
                        return true;
                    } catch (Exception e3) {
                        log.error("===> LDAP exception: " + e3, e3);
                        if (0 != 0) {
                            try {
                                initialLdapContext.close();
                            } catch (Exception e4) {
                                log.error("===> gettting problem when closing context. Exception: " + e4);
                            }
                        }
                    }
                } catch (AuthenticationException e5) {
                    log.info("===> Incorrect username (" + str5 + ") or password. " + e5.getMessage());
                    if (0 != 0) {
                        try {
                            initialLdapContext.close();
                        } catch (Exception e6) {
                            log.error("===> gettting problem when closing context. Exception: " + e6);
                        }
                    }
                }
            } catch (AuthenticationNotSupportedException e7) {
                try {
                    log.error("===> Authentication mechanism not supported.  Check your " + ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION + " parameter: " + Configuration.get(ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION));
                    if (0 != 0) {
                        try {
                            initialLdapContext.close();
                        } catch (Exception e8) {
                            log.error("===> gettting problem when closing context. Exception: " + e8);
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            initialLdapContext.close();
                        } catch (Exception e9) {
                            log.error("===> gettting problem when closing context. Exception: " + e9);
                            throw th;
                        }
                    }
                    throw th;
                }
            }
        }
        return false;
    }
}
