package org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;

import com.google.common.base.Optional;
import java.text.MessageFormat;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.eclipse.emf.emfstore.internal.common.model.util.ModelUtil;
import org.eclipse.emf.emfstore.internal.server.ServerConfiguration;
import org.eclipse.emf.emfstore.internal.server.connection.ServerKeyStoreManager;
import org.eclipse.emf.emfstore.internal.server.core.MonitorProvider;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.AccesscontrolFactory;
import org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider;
import org.eclipse.emf.emfstore.server.model.ESUser;

/* loaded from: input_file:org/eclipse/emf/emfstore/internal/server/accesscontrol/authentication/verifiers/LDAPUserVerifier.class */
public class LDAPUserVerifier extends UserVerifier {
    private final String ldapUrl;
    private final String ldapBase;
    private final String searchDn;
    private boolean useSSL;
    private static final String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
    private final String authUser;
    private final String authPassword;
    private final ESOrgUnitProvider orgUnitProvider;

    public LDAPUserVerifier(ESOrgUnitProvider eSOrgUnitProvider, String str, String str2, String str3, String str4, String str5) {
        super(eSOrgUnitProvider);
        this.orgUnitProvider = eSOrgUnitProvider;
        this.ldapUrl = str;
        this.ldapBase = str2;
        this.searchDn = str3;
        this.authUser = str4;
        this.authPassword = str5;
        if (str.startsWith("ldaps://")) {
            this.useSSL = true;
            ServerKeyStoreManager.getInstance().setJavaSSLProperties();
        }
    }

    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.PasswordVerifier
    public boolean verifyPassword(String str, String str2) throws AccessControlException {
        InitialDirContext initialDirContext;
        try {
            if (this.authUser == null || this.authPassword == null) {
                initialDirContext = new InitialDirContext(anonymousBind());
            } else {
                Properties authenticatedBind = authenticatedBind(this.authUser, this.authPassword);
                authenticatedBind.put("java.naming.security.principal", this.authUser);
                initialDirContext = new InitialDirContext(authenticatedBind);
            }
            String resolveUser = resolveUser(str, initialDirContext);
            if (resolveUser == null) {
                return false;
            }
            try {
                new InitialDirContext(authenticatedBind(resolveUser, str2));
                return true;
            } catch (NamingException e) {
                ModelUtil.logWarning(MessageFormat.format(Messages.LDAPVerifier_LoginFailed, this.ldapBase), e);
                return false;
            }
        } catch (NamingException e2) {
            ModelUtil.logWarning(MessageFormat.format(Messages.LDAPVerifier_LDAPDirectoryNotFound, this.ldapUrl), e2);
            return false;
        }
    }

    private Properties anonymousBind() {
        Properties properties = new Properties();
        properties.put("java.naming.ldap.version", "3");
        properties.put("java.naming.factory.initial", DEFAULT_CTX);
        properties.put("java.naming.provider.url", this.ldapUrl);
        if (useSSL()) {
            properties.put("java.naming.ldap.factory.socket", LDAPSSLSocketFactory.class.getCanonicalName());
            properties.put("java.naming.security.protocol", "ssl");
        }
        return properties;
    }

    private boolean useSSL() {
        return this.useSSL;
    }

    private Properties authenticatedBind(String str, String str2) {
        Properties anonymousBind = anonymousBind();
        anonymousBind.put("java.naming.security.authentication", "simple");
        anonymousBind.put("java.naming.security.principal", String.valueOf(str) + ServerConfiguration.MULTI_PROPERTY_SEPERATOR + this.ldapBase);
        anonymousBind.put("java.naming.security.credentials", str2);
        return anonymousBind;
    }

    private String resolveUser(String str, DirContext dirContext) {
        SearchResult searchResult;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            NamingEnumeration search = dirContext.search(this.ldapBase, "(& (" + this.searchDn + "=" + str + ") (objectclass=*))", searchControls);
            if (search == null) {
                return null;
            }
            String str2 = null;
            try {
                if (search.hasMoreElements() && (searchResult = (SearchResult) search.next()) != null) {
                    str2 = searchResult.getName();
                }
                if (str2 != null) {
                    return str2;
                }
                ModelUtil.logWarning(MessageFormat.format(Messages.LDAPVerifier_DistinguishedNameNotFound, this.ldapBase));
                return null;
            } catch (NamingException e) {
                ModelUtil.logException(MessageFormat.format(Messages.LDAPVerifier_InvalidResults, this.ldapBase), e);
                return null;
            }
        } catch (NamingException e2) {
            ModelUtil.logWarning(MessageFormat.format(Messages.LDAPVerifier_SearchFailed, this.ldapBase), e2);
            return null;
        }
    }

    @Override // org.eclipse.emf.emfstore.server.auth.ESUserVerifier
    public void init(ESOrgUnitProvider eSOrgUnitProvider) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.Throwable, java.lang.Object] */
    @Override // org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers.UserVerifier
    public ACUser findUser(String str) throws AccessControlException {
        Boolean valueOf = Boolean.valueOf(Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(ServerConfiguration.AUTHENTICATION_MATCH_USERS_IGNORE_CASE, Boolean.FALSE.toString())));
        Boolean valueOf2 = Boolean.valueOf(Boolean.parseBoolean(ServerConfiguration.getProperties().getProperty(ServerConfiguration.AUTHENTICATION_CREATE_AUTHENTICATED_USERS, Boolean.FALSE.toString())));
        synchronized (MonitorProvider.getInstance().getMonitor()) {
            Optional<ACUser> findExistingUser = findExistingUser(this.orgUnitProvider, str, valueOf);
            if (findExistingUser.isPresent()) {
                return (ACUser) findExistingUser.get();
            }
            if (!valueOf2.booleanValue()) {
                throw new AccessControlException();
            }
            ACUser createACUser = AccesscontrolFactory.eINSTANCE.createACUser();
            createACUser.setName(str);
            createACUser.setDescription(ServerConfiguration.VALIDATION_PROJECT_EXCLUDE_DEFAULT);
            this.orgUnitProvider.addUser((ESUser) createACUser.toAPI());
            return createACUser;
        }
    }
}
