package io.hops.hopsworks.common.user.ldap;

import io.hops.hopsworks.common.dao.user.ldap.LdapUser;
import io.hops.hopsworks.common.dao.user.ldap.LdapUserDTO;
import io.hops.hopsworks.common.util.Settings;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.login.LoginException;

@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/user/ldap/LdapRealm.class */
public class LdapRealm {
    private static final Logger LOGGER = Logger.getLogger(LdapRealm.class.getName());
    private static final String[] DN_ONLY = {"dn"};
    private static final String SUBST_SUBJECT_NAME = "%s";
    private static final String SUBST_SUBJECT_DN = "%d";
    private static final String JNDICF_DEFAULT = "com.sun.jndi.ldap.LdapCtxFactory";

    @EJB
    private Settings settings;
    private String entryUUIDField;
    private String usernameField;
    private String givenNameField;
    private String surnameField;
    private String emailField;
    private String searchFilter;
    private String groupSearchFilter;
    private String groupTarget;
    private String baseDN;
    private String groupDN;
    private String dynamicGroupSearchFilter;
    private String dynamicGroupTarget;
    private String[] returningAttrs;
    private Hashtable ldapProperties;
    private LdapGroupMapper ldapGroupMapper;

    @Resource(name = "ldap/LdapResource")
    private DirContext dirContext;

    @PostConstruct
    public void init() {
        if (!Boolean.parseBoolean(this.settings.getLDAPAuthStatus())) {
            throw new IllegalStateException("LDAP not enabled.");
        }
        this.ldapProperties = getLdapBindProps();
        String ldapAttrBinary = this.settings.getLdapAttrBinary();
        this.entryUUIDField = (String) this.ldapProperties.get(ldapAttrBinary);
        if (this.entryUUIDField == null || this.entryUUIDField.isEmpty()) {
            throw new IllegalStateException("No UUID set for resource. Try setting " + ldapAttrBinary);
        }
        populateVars();
    }

    private void populateVars() {
        this.usernameField = this.settings.getLdapUserId();
        this.givenNameField = this.settings.getLdapUserGivenName();
        this.surnameField = this.settings.getLdapUserSurname();
        this.emailField = this.settings.getLdapUserMail();
        this.searchFilter = this.settings.getLdapUserSearchFilter();
        this.groupSearchFilter = this.settings.getLdapGroupSearchFilter();
        this.groupTarget = this.settings.getLdapGroupTarget();
        this.baseDN = this.settings.getLdapUserDN();
        this.groupDN = this.settings.getLdapGroupDN();
        this.dynamicGroupSearchFilter = this.settings.getLdapUserSearchFilter();
        this.dynamicGroupTarget = this.settings.getLdapDynGroupTarget();
        this.returningAttrs = new String[]{this.entryUUIDField, this.usernameField, this.givenNameField, this.surnameField, this.emailField};
        String ldapGroupMapping = this.settings.getLdapGroupMapping();
        if (this.ldapGroupMapper == null || !this.ldapGroupMapper.getMappingStr().equals(ldapGroupMapping)) {
            this.ldapGroupMapper = new LdapGroupMapper(ldapGroupMapping);
        }
    }

    public LdapUserDTO findAndBind(String str, String str2) throws LoginException, NamingException {
        populateVars();
        StringBuffer stringBuffer = new StringBuffer(this.searchFilter);
        substitute(stringBuffer, SUBST_SUBJECT_NAME, str);
        String stringBuffer2 = stringBuffer.toString();
        String userDNSearch = userDNSearch(stringBuffer2);
        if (userDNSearch == null) {
            throw new LoginException("User not found.");
        }
        bindAsUser(userDNSearch, str2);
        LdapUserDTO createLdapUser = createLdapUser(stringBuffer2);
        validateLdapUser(createLdapUser);
        return createLdapUser;
    }

    public void authenticateLdapUser(String str, String str2) throws LoginException, NamingException {
        populateVars();
        StringBuffer stringBuffer = new StringBuffer(this.searchFilter);
        substitute(stringBuffer, SUBST_SUBJECT_NAME, str);
        String userDNSearch = userDNSearch(stringBuffer.toString());
        if (userDNSearch == null) {
            throw new LoginException("User not found.");
        }
        bindAsUser(userDNSearch, str2);
    }

    public void authenticateLdapUser(LdapUser ldapUser, String str) throws LoginException, NamingException {
        populateVars();
        String userDNSearch = userDNSearch(this.entryUUIDField + "=" + ldapUser.getEntryUuid());
        if (userDNSearch == null) {
            throw new LoginException("User not found.");
        }
        bindAsUser(userDNSearch, str);
    }

    public List<String> getUserGroups(String str) throws NamingException {
        populateVars();
        return this.ldapGroupMapper.getMappedGroups(getUserLdapGroups(str));
    }

    private List<String> getUserLdapGroups(String str) throws NamingException {
        StringBuffer stringBuffer = new StringBuffer(this.searchFilter);
        substitute(stringBuffer, SUBST_SUBJECT_NAME, str);
        String userDNSearch = userDNSearch(stringBuffer.toString());
        if (userDNSearch == null) {
            throw new IllegalArgumentException("User not found.");
        }
        StringBuffer stringBuffer2 = new StringBuffer(this.groupSearchFilter);
        StringBuffer stringBuffer3 = new StringBuffer(this.dynamicGroupSearchFilter);
        substitute(stringBuffer2, SUBST_SUBJECT_NAME, str);
        substitute(stringBuffer2, SUBST_SUBJECT_DN, userDNSearch);
        substitute(stringBuffer3, SUBST_SUBJECT_NAME, str);
        substitute(stringBuffer3, SUBST_SUBJECT_DN, userDNSearch);
        String stringBuffer4 = stringBuffer2.toString();
        String stringBuffer5 = stringBuffer3.toString();
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(groupSearch(this.groupDN, stringBuffer4, this.groupTarget));
        arrayList.addAll(dynamicGroupSearch(this.groupDN, this.dynamicGroupTarget, stringBuffer5, this.groupTarget));
        return arrayList;
    }

    private String userDNSearch(String str) throws NamingException {
        String str2 = null;
        NamingEnumeration namingEnumeration = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(DN_ONLY);
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(1L);
        try {
            try {
                namingEnumeration = this.dirContext.search(this.baseDN, str, searchControls);
                if (namingEnumeration.hasMore()) {
                    str2 = new CompositeName(((SearchResult) namingEnumeration.next()).getNameInNamespace()).get(0);
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
            } catch (InvalidNameException e2) {
                LOGGER.log(Level.WARNING, "Ldaprealm search error: {0}", str);
                LOGGER.log(Level.WARNING, "Ldaprealm security exception: {0}", e2.toString());
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return str2;
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    private LdapUserDTO createLdapUser(String str) {
        NamingEnumeration namingEnumeration = null;
        LdapUserDTO ldapUserDTO = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(this.returningAttrs);
        searchControls.setCountLimit(1L);
        try {
            try {
                namingEnumeration = this.dirContext.search(this.baseDN, str, searchControls);
                if (namingEnumeration.hasMore()) {
                    Attributes attributes = ((SearchResult) namingEnumeration.next()).getAttributes();
                    ldapUserDTO = new LdapUserDTO(getUUIDAttribute(attributes, this.entryUUIDField), getAttribute(attributes, this.usernameField), getAttribute(attributes, this.givenNameField), getAttribute(attributes, this.surnameField), getAttrList(attributes, this.emailField));
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                LOGGER.log(Level.WARNING, "Ldaprealm search error: {0}", str);
                LOGGER.log(Level.WARNING, "Ldaprealm security exception: {0}", e2.toString());
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return ldapUserDTO;
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    private boolean bindAsUser(String str, String str2) throws LoginException {
        Hashtable ldapBindProps = getLdapBindProps();
        ldapBindProps.put("java.naming.factory.initial", JNDICF_DEFAULT);
        ldapBindProps.put("java.naming.security.principal", str);
        ldapBindProps.put("java.naming.security.credentials", str2);
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(ldapBindProps);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e) {
                    }
                }
                return true;
            } catch (Exception e2) {
                LOGGER.log(Level.INFO, "Error binding to directory as: {0}", str);
                LOGGER.log(Level.INFO, "Exception from JNDI: {0}", e2.toString());
                throw new LoginException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    private List groupSearch(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        String[] strArr = {str3};
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(2);
            NamingEnumeration search = this.dirContext.search(str, str2.replaceAll(Matcher.quoteReplacement("\\"), Matcher.quoteReplacement("\\\\")), searchControls);
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str3);
                for (int i = 0; i < attribute.size(); i++) {
                    arrayList.add((String) attribute.get(i));
                }
            }
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Error in group search: {0}", str2);
        }
        return arrayList;
    }

    private List dynamicGroupSearch(String str, String str2, String str3, String str4) {
        ArrayList arrayList = new ArrayList();
        String[] strArr = {str2};
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(2);
            searchControls.setReturningObjFlag(false);
            NamingEnumeration search = this.dirContext.search(str, str3, searchControls);
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str2);
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMoreElements()) {
                        Iterator it = new LdapName((String) all.nextElement()).getRdns().iterator();
                        while (true) {
                            if (it.hasNext()) {
                                Rdn rdn = (Rdn) it.next();
                                if (rdn.getType().equalsIgnoreCase(str4)) {
                                    arrayList.add(rdn.getValue());
                                    break;
                                }
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Error in dynamic group search: {0}", str3);
        }
        return arrayList;
    }

    private String getUUIDAttribute(Attributes attributes, String str) throws NamingException {
        Attribute remove = attributes.remove(str);
        return new String(remove != null ? (byte[]) remove.get() : "".getBytes());
    }

    private String getAttribute(Attributes attributes, String str) throws NamingException {
        Attribute remove = attributes.remove(str);
        return remove != null ? (String) remove.get() : "";
    }

    private List<String> getAttrList(Attributes attributes, String str) throws NamingException {
        ArrayList arrayList = new ArrayList();
        Attribute remove = attributes.remove(str);
        if (remove == null) {
            return arrayList;
        }
        NamingEnumeration all = remove.getAll();
        while (all.hasMore()) {
            arrayList.add((String) all.next());
        }
        return arrayList;
    }

    private Hashtable getLdapBindProps() {
        Hashtable hashtable = new Hashtable();
        try {
            hashtable = (Hashtable) this.dirContext.getEnvironment().clone();
        } catch (NamingException e) {
            LOGGER.log(Level.SEVERE, (String) null, e);
        }
        return hashtable;
    }

    private static void substitute(StringBuffer stringBuffer, String str, String str2) {
        int indexOf = stringBuffer.indexOf(str);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return;
            }
            stringBuffer.replace(i, i + str.length(), str2);
            indexOf = stringBuffer.indexOf(str);
        }
    }

    private void validateLdapUser(LdapUserDTO ldapUserDTO) throws LoginException {
        if (ldapUserDTO.getEntryUUID() == null || ldapUserDTO.getEntryUUID().isEmpty()) {
            throw new LoginException("Could not find UUID for Ldap user.");
        }
        if (ldapUserDTO.getEmail() == null || ldapUserDTO.getEmail().isEmpty()) {
            throw new LoginException("Could not find email for Ldap user.");
        }
        if (ldapUserDTO.getGivenName() == null || ldapUserDTO.getGivenName().isEmpty()) {
            throw new LoginException("Could not find givenName for Ldap user.");
        }
        if (ldapUserDTO.getSn() == null || ldapUserDTO.getSn().isEmpty()) {
            throw new LoginException("Could not find surname for Ldap user.");
        }
    }
}
