package eu.scenari.userodb.authmethod.ldap;

import eu.scenari.commons.log.LogMgr;
import eu.scenari.commons.syntax.json.IJsonSerializer;
import eu.scenari.userodb.UserOdb;
import eu.scenari.userodb.authmethod.AuthMethodBase;
import eu.scenari.userodb.struct.lib.ValueUser;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;

/* loaded from: input_file:eu/scenari/userodb/authmethod/ldap/AuthMethodLdap.class */
public class AuthMethodLdap extends AuthMethodBase {
    public static final String AUTHTYPE_LDAP = "ldap";
    protected static final int AUTHMODE_DN = 1;
    protected static final int AUTHMODE_SEARCH = 2;
    protected String fContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    protected String fContextProviderUrl = null;
    protected String fContextSecurityAuth = "simple";
    protected String fLastNameAttr = "sn";
    protected String fFirstNameAttr = "givenName";
    protected String fDisplayNameAttr = "displayName";
    protected String fEmailAttr = "mail";
    protected int fAuthMode = 1;
    protected String fDnPattern = null;
    protected Boolean fAllowCheckWithoutCredential = false;
    protected List<TransformAccount> fTransformAccount = null;
    protected MessageFormat fSearchPattern = null;
    protected MessageFormat fSearchBase = null;
    protected String fSearchPrincipal = null;
    protected String fSearchCredential = null;
    protected SearchControls fSearchControls = null;
    protected boolean fSearchCheckAuth = true;
    protected long fRefreshInterval = 21600000;
    protected long fUserSessionTimeout = 120000;

    /* loaded from: input_file:eu/scenari/userodb/authmethod/ldap/AuthMethodLdap$CachedDatas.class */
    public static class CachedDatas {
        protected String fCheckedPassword;
        protected long fLastRefresh;
        protected long fLastUse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:eu/scenari/userodb/authmethod/ldap/AuthMethodLdap$TransformAccount.class */
    public static class TransformAccount {
        protected Pattern fPattern;
        protected String fReplaceBy;

        public TransformAccount(Pattern pattern, String str) {
            this.fPattern = pattern;
            this.fReplaceBy = str;
        }
    }

    public AuthMethodLdap(String str) {
        setCode(str);
    }

    @Override // eu.scenari.userodb.authmethod.IAuthMethod
    public String getAuthType() {
        return AUTHTYPE_LDAP;
    }

    @Override // eu.scenari.userodb.authmethod.IAuthMethod
    public void updateDatas(ValueUser valueUser, Map<String, Object> map) {
    }

    @Override // eu.scenari.userodb.authmethod.IAuthMethod
    public void deleteDatas(ValueUser valueUser) {
    }

    @Override // eu.scenari.userodb.authmethod.IAuthMethod
    public boolean checkPassword(UserOdb userOdb, ValueUser valueUser, String str) {
        if ((str == null || str.isEmpty()) && !this.fAllowCheckWithoutCredential.booleanValue()) {
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        CachedDatas cachedDatas = (CachedDatas) userOdb.getAuthMethodDatas(CachedDatas.class);
        if (cachedDatas == null) {
            cachedDatas = new CachedDatas();
            userOdb.setAuthMethodDatas(cachedDatas);
        }
        cachedDatas.fLastUse = currentTimeMillis;
        if (cachedDatas.fCheckedPassword != null) {
            if (this.fUserSessionTimeout >= 0 && cachedDatas.fLastUse + this.fUserSessionTimeout < currentTimeMillis) {
                cachedDatas.fCheckedPassword = null;
            } else if (this.fRefreshInterval >= 0 && cachedDatas.fLastRefresh + this.fRefreshInterval < currentTimeMillis) {
                cachedDatas.fCheckedPassword = null;
            }
        }
        if (cachedDatas.fCheckedPassword == null) {
            cachedDatas.fLastRefresh = currentTimeMillis;
            if (this.fAuthMode == 1) {
                xCheckUserByDn(valueUser, cachedDatas, str);
            } else {
                xCheckUserBySearch(valueUser, cachedDatas, str);
            }
        }
        if (cachedDatas.fCheckedPassword == null) {
            return false;
        }
        if (cachedDatas.fCheckedPassword.equals(str)) {
            return true;
        }
        cachedDatas.fCheckedPassword = null;
        return false;
    }

    @Override // eu.scenari.userodb.authmethod.IAuthMethod
    public void writeToJson(UserOdb userOdb, ValueUser valueUser, IJsonSerializer iJsonSerializer, Object... objArr) throws Exception {
    }

    public void setEnvContext(String str, String str2) {
        if (str.equals("java.naming.factory.initial")) {
            this.fContextFactory = str2;
            return;
        }
        if (str.equals("java.naming.provider.url")) {
            this.fContextProviderUrl = str2;
            return;
        }
        if (str.equals("java.naming.security.authentication")) {
            this.fContextSecurityAuth = str2;
        } else if (str.equals("java.naming.security.principal")) {
            this.fSearchPrincipal = str2;
        } else if (str.equals("java.naming.security.credentials")) {
            this.fSearchCredential = str2;
        }
    }

    public void setRefreshInterval(long j) {
        this.fRefreshInterval = j;
    }

    public void setUserSessionTimeout(long j) {
        this.fUserSessionTimeout = j;
    }

    public void setDnPattern(String str) {
        this.fDnPattern = str;
    }

    public void setAllowCheckWithoutCredential(Boolean bool) {
        this.fAllowCheckWithoutCredential = bool;
    }

    public void setSearchPattern(String str) {
        this.fAuthMode = 2;
        this.fSearchPattern = new MessageFormat(str);
    }

    public void setSearchBaseNamePattern(String str) {
        this.fAuthMode = 2;
        this.fSearchBase = new MessageFormat(str);
    }

    public void setSearchScope(String str) {
        this.fAuthMode = 2;
        if (this.fSearchControls == null) {
            this.fSearchControls = new SearchControls();
        }
        if (str == null) {
            this.fSearchControls.setSearchScope(1);
            return;
        }
        if (str.equals("oneLevel")) {
            this.fSearchControls.setSearchScope(1);
            return;
        }
        if (str.equals("subtree")) {
            this.fSearchControls.setSearchScope(2);
        } else if (str.equals("object")) {
            this.fSearchControls.setSearchScope(0);
        } else {
            this.fSearchControls.setSearchScope(1);
        }
    }

    public void setSearchCheckAuth(Boolean bool) {
        this.fSearchCheckAuth = bool.booleanValue();
    }

    public void addTransformAccount(Pattern pattern, String str) {
        if (this.fTransformAccount == null) {
            this.fTransformAccount = new ArrayList();
        }
        this.fTransformAccount.add(new TransformAccount(pattern, str));
    }

    protected void xCheckUserByDn(ValueUser valueUser, CachedDatas cachedDatas, String str) {
        cachedDatas.fCheckedPassword = null;
        int indexOf = this.fDnPattern.indexOf("{0}");
        String str2 = this.fDnPattern.substring(0, indexOf) + xGetAccountForLdap(valueUser) + this.fDnPattern.substring(indexOf + 3);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.fContextFactory);
        hashtable.put("java.naming.provider.url", this.fContextProviderUrl);
        hashtable.put("java.naming.security.authentication", this.fContextSecurityAuth);
        hashtable.put("java.naming.security.principal", str2);
        hashtable.put("java.naming.security.credentials", str.getBytes());
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            cachedDatas.fCheckedPassword = str;
            initialDirContext.close();
        } catch (Exception e) {
            throw LogMgr.wrapMessage(e, "Echec à la connection LDAP.", new Object[0]);
        } catch (AuthenticationException e2) {
        }
    }

    /* JADX WARN: Finally extract failed */
    protected void xCheckUserBySearch(ValueUser valueUser, CachedDatas cachedDatas, String str) {
        cachedDatas.fCheckedPassword = null;
        try {
            Hashtable hashtable = new Hashtable();
            Object[] objArr = {xGetAccountForLdap(valueUser), str};
            String format = this.fSearchPattern.format(objArr);
            String format2 = this.fSearchBase != null ? this.fSearchBase.format(objArr) : "";
            hashtable.put("java.naming.factory.initial", this.fContextFactory);
            hashtable.put("java.naming.provider.url", this.fContextProviderUrl);
            hashtable.put("java.naming.security.authentication", this.fContextSecurityAuth);
            if (this.fSearchPrincipal != null && this.fSearchPrincipal.length() > 0) {
                hashtable.put("java.naming.security.principal", this.fSearchPrincipal);
                if (this.fSearchCredential != null && this.fSearchCredential.length() > 0) {
                    hashtable.put("java.naming.security.credentials", this.fSearchCredential);
                }
            }
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            try {
                NamingEnumeration search = initialLdapContext.search(format2, format, this.fSearchControls);
                if (search != null) {
                    try {
                        if (search.hasMore()) {
                            if (this.fSearchCheckAuth) {
                                String name = ((SearchResult) search.next()).getName();
                                if (format2 != null && format2.length() > 0) {
                                    name = name + "," + format2;
                                }
                                initialLdapContext.addToEnvironment("java.naming.security.principal", name);
                                initialLdapContext.addToEnvironment("java.naming.security.credentials", str.getBytes());
                                try {
                                    initialLdapContext.reconnect((Control[]) null);
                                    cachedDatas.fCheckedPassword = str;
                                } catch (AuthenticationException e) {
                                }
                            } else {
                                cachedDatas.fCheckedPassword = str;
                            }
                        }
                        search.close();
                    } catch (Throwable th) {
                        search.close();
                        throw th;
                    }
                }
                if (initialLdapContext != null) {
                    initialLdapContext.close();
                }
            } catch (Throwable th2) {
                if (initialLdapContext != null) {
                    initialLdapContext.close();
                }
                throw th2;
            }
        } catch (Exception e2) {
            throw LogMgr.wrapMessage(e2, "Echec à la connection LDAP.", new Object[0]);
        }
    }

    protected String xGetAccountForLdap(ValueUser valueUser) {
        String account = valueUser.getAccount();
        if (this.fTransformAccount != null) {
            for (TransformAccount transformAccount : this.fTransformAccount) {
                account = transformAccount.fPattern.matcher(account).replaceAll(transformAccount.fReplaceBy);
            }
        }
        return account;
    }
}
