package org.lamsfoundation.lams.security;

import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.ILdapService;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/security/LDAPAuthenticator.class */
public class LDAPAuthenticator {
    private static Logger log = Logger.getLogger(LDAPAuthenticator.class);
    private static IUserManagementService userManagementService;
    private static ILdapService ldapService;
    private static final String INITIAL_CONTEXT_FACTORY_VALUE = "com.sun.jndi.ldap.LdapCtxFactory";
    private Attributes attrs = null;

    public LDAPAuthenticator(IUserManagementService iUserManagementService) {
        if (userManagementService == null) {
            userManagementService = iUserManagementService;
        }
        if (ldapService == null) {
            ldapService = (ILdapService) WebApplicationContextUtils.getWebApplicationContext(SessionManager.getServletContext()).getBean("ldapService");
        }
    }

    public boolean authenticate(String str, String str2) {
        User userByLogin;
        Object obj;
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", INITIAL_CONTEXT_FACTORY_VALUE);
        properties.setProperty("java.naming.security.authentication", Configuration.get(ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION));
        properties.setProperty("java.naming.provider.url", Configuration.get(ConfigurationKeys.LDAP_PROVIDER_URL));
        String str3 = Configuration.get(ConfigurationKeys.LDAP_SECURITY_PROTOCOL);
        if (StringUtils.equals("ssl", str3)) {
            properties.setProperty("java.naming.security.protocol", str3);
        }
        if (StringUtils.isNotBlank(Configuration.get(ConfigurationKeys.LDAP_BIND_USER_DN))) {
            properties.setProperty("java.naming.security.principal", Configuration.get(ConfigurationKeys.LDAP_BIND_USER_DN));
            properties.setProperty("java.naming.security.credentials", Configuration.get(ConfigurationKeys.LDAP_BIND_USER_PASSWORD));
        }
        String str4 = "";
        String str5 = "";
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                try {
                    InitialLdapContext initialLdapContext2 = new InitialLdapContext(properties, (Control[]) null);
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(2);
                    NamingEnumeration search = initialLdapContext2.search(Configuration.get(ConfigurationKeys.LDAP_BASE_DN), Configuration.get(ConfigurationKeys.LDAP_SEARCH_FILTER), new Object[]{str}, searchControls);
                    while (true) {
                        if (!search.hasMore()) {
                            break;
                        }
                        SearchResult searchResult = (SearchResult) search.next();
                        if (log.isDebugEnabled()) {
                            log.debug("Found matching object. Name: " + searchResult.getName() + ". Namespace: " + searchResult.getNameInNamespace());
                        }
                        Attributes attributes = searchResult.getAttributes();
                        Attribute attribute = attributes.get(Configuration.get(ConfigurationKeys.LDAP_LOGIN_ATTR));
                        str4 = ldapService.getSingleAttributeString(attribute);
                        if (attribute != null && (obj = attribute.get()) != null) {
                            str4 = obj.toString();
                        }
                        if (StringUtils.equals(str4, str)) {
                            str5 = searchResult.getNameInNamespace();
                            this.attrs = attributes;
                            initialLdapContext2.close();
                            break;
                        }
                    }
                    if (StringUtils.isBlank(str4)) {
                        log.error("No LDAP user found with name: " + str + ". This could mean that the the login attribute is incorrect, the user does not exist, or that an initial bind user is required.");
                        if (initialLdapContext2 != null) {
                            try {
                                initialLdapContext2.close();
                            } catch (Exception e) {
                                log.error("Exception when closing context.", e);
                            }
                        }
                        return false;
                    }
                    properties.setProperty("java.naming.security.principal", str5);
                    properties.setProperty("java.naming.security.credentials", str2.toString());
                    InitialLdapContext initialLdapContext3 = new InitialLdapContext(properties, (Control[]) null);
                    log.debug("LDAP context created using DN: " + str5);
                    if (log.isDebugEnabled()) {
                        NamingEnumeration all = this.attrs.getAll();
                        while (all.hasMoreElements()) {
                            log.debug(all.next());
                        }
                    }
                    if (ldapService.getDisabledBoolean(this.attrs)) {
                        log.info("User " + str + "is disabled in LDAP.");
                        User userByLogin2 = userManagementService.getUserByLogin(str);
                        if (userByLogin2 != null) {
                            userManagementService.disableUser(userByLogin2.getUserId());
                        }
                        if (initialLdapContext3 != null) {
                            try {
                                initialLdapContext3.close();
                            } catch (Exception e2) {
                                log.error("Exception when closing context.", e2);
                            }
                        }
                        return false;
                    }
                    if (Configuration.getAsBoolean(ConfigurationKeys.LDAP_UPDATE_ON_LOGIN) && (userByLogin = userManagementService.getUserByLogin(str)) != null) {
                        ldapService.updateLDAPUser(userByLogin, this.attrs);
                        ldapService.addLDAPUser(this.attrs, userByLogin.getUserId());
                    }
                    if (initialLdapContext3 != null) {
                        try {
                            initialLdapContext3.close();
                        } catch (Exception e3) {
                            log.error("Exception when closing context.", e3);
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            initialLdapContext.close();
                        } catch (Exception e4) {
                            log.error("Exception when closing context.", e4);
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (AuthenticationNotSupportedException e5) {
                log.error("Authentication mechanism not supported. Check your " + ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION + " parameter: " + Configuration.get(ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION));
                if (0 != 0) {
                    try {
                        initialLdapContext.close();
                    } catch (Exception e6) {
                        log.error("Exception when closing context.", e6);
                        return false;
                    }
                }
                return false;
            }
        } catch (Exception e7) {
            log.error("LDAP exception", e7);
            if (0 != 0) {
                try {
                    initialLdapContext.close();
                } catch (Exception e8) {
                    log.error("Exception when closing context.", e8);
                    return false;
                }
            }
            return false;
        } catch (AuthenticationException e9) {
            log.info("Incorrect username (" + str5 + ") or password. " + e9.getMessage());
            if (0 != 0) {
                try {
                    initialLdapContext.close();
                } catch (Exception e10) {
                    log.error("Exception when closing context.", e10);
                    return false;
                }
            }
            return false;
        }
    }

    public Attributes getAttrs() {
        return this.attrs;
    }
}
