package org.glassfish.soteria.identitystores;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
import javax.security.enterprise.identitystore.LdapIdentityStoreDefinition;

/* loaded from: input_file:org/glassfish/soteria/identitystores/LdapIdentityStore.class */
public class LdapIdentityStore implements IdentityStore {
    private final LdapIdentityStoreDefinition ldapIdentityStoreDefinition;
    private final Set<IdentityStore.ValidationType> validationTypes;

    public LdapIdentityStore(LdapIdentityStoreDefinition ldapIdentityStoreDefinition) {
        this.ldapIdentityStoreDefinition = ldapIdentityStoreDefinition;
        this.validationTypes = Collections.unmodifiableSet(new HashSet(Arrays.asList(ldapIdentityStoreDefinition.useFor())));
    }

    public CredentialValidationResult validate(Credential credential) {
        return credential instanceof UsernamePasswordCredential ? validate((UsernamePasswordCredential) credential) : CredentialValidationResult.NOT_VALIDATED_RESULT;
    }

    public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
        return this.ldapIdentityStoreDefinition.baseDn().isEmpty() ? checkDirectBinding(usernamePasswordCredential) : checkThroughSearch(usernamePasswordCredential);
    }

    public Set<String> getCallerGroups(CredentialValidationResult credentialValidationResult) {
        LdapContext createLdapContext = createLdapContext(this.ldapIdentityStoreDefinition.url(), this.ldapIdentityStoreDefinition.baseDn(), this.ldapIdentityStoreDefinition.password());
        if (createLdapContext == null) {
            return Collections.emptySet();
        }
        try {
            HashSet hashSet = new HashSet(retrieveGroupInformation(credentialValidationResult.getCallerPrincipal().getName(), createLdapContext));
            closeContext(createLdapContext);
            return hashSet;
        } catch (Throwable th) {
            closeContext(createLdapContext);
            throw th;
        }
    }

    private CredentialValidationResult checkThroughSearch(UsernamePasswordCredential usernamePasswordCredential) {
        LdapContext createLdapContext = createLdapContext(this.ldapIdentityStoreDefinition.url(), this.ldapIdentityStoreDefinition.baseDn(), this.ldapIdentityStoreDefinition.password());
        if (createLdapContext == null) {
            return CredentialValidationResult.INVALID_RESULT;
        }
        String searchCaller = searchCaller(createLdapContext, this.ldapIdentityStoreDefinition.searchBase(), String.format(this.ldapIdentityStoreDefinition.searchExpression(), usernamePasswordCredential.getCaller()));
        LdapContext ldapContext = null;
        if (searchCaller != null) {
            ldapContext = createLdapContext(this.ldapIdentityStoreDefinition.url(), searchCaller, new String(usernamePasswordCredential.getPassword().getValue()));
        }
        if (ldapContext == null) {
            closeContext(createLdapContext);
            return CredentialValidationResult.INVALID_RESULT;
        }
        Set<String> retrieveGroupInformation = retrieveGroupInformation(searchCaller, createLdapContext);
        closeContext(createLdapContext);
        return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), retrieveGroupInformation);
    }

    private String searchCaller(LdapContext ldapContext, String str, String str2) {
        String str3 = null;
        List<SearchResult> search = search(ldapContext, str, str2);
        if (search.size() > 1) {
        }
        if (search.size() == 1) {
            str3 = search.get(0).getNameInNamespace();
        }
        return str3;
    }

    private CredentialValidationResult checkDirectBinding(UsernamePasswordCredential usernamePasswordCredential) {
        String createCallerDn = createCallerDn(this.ldapIdentityStoreDefinition.callerNameAttribute(), usernamePasswordCredential.getCaller(), this.ldapIdentityStoreDefinition.callerBaseDn());
        LdapContext createLdapContext = createLdapContext(this.ldapIdentityStoreDefinition.url(), createCallerDn, new String(usernamePasswordCredential.getPassword().getValue()));
        if (createLdapContext == null) {
            return CredentialValidationResult.INVALID_RESULT;
        }
        Set<String> retrieveGroupInformation = retrieveGroupInformation(createCallerDn, createLdapContext);
        closeContext(createLdapContext);
        return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), retrieveGroupInformation);
    }

    private void closeContext(LdapContext ldapContext) {
        try {
            ldapContext.close();
        } catch (NamingException e) {
        }
    }

    private Set<String> retrieveGroupInformation(String str, LdapContext ldapContext) {
        List<SearchResult> search = search(ldapContext, this.ldapIdentityStoreDefinition.groupBaseDn(), this.ldapIdentityStoreDefinition.groupCallerDnAttribute(), str, this.ldapIdentityStoreDefinition.groupNameAttribute());
        HashSet hashSet = new HashSet();
        Iterator<SearchResult> it = search.iterator();
        while (it.hasNext()) {
            Iterator<?> it2 = get(it.next(), this.ldapIdentityStoreDefinition.groupNameAttribute()).iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().toString());
            }
        }
        return hashSet;
    }

    private static String createCallerDn(String str, String str2, String str3) {
        return String.format("%s=%s,%s", str, str2, str3);
    }

    private static LdapContext createLdapContext(String str, String str2, String str3) {
        try {
            return new InitialLdapContext(getConnectionEnvironment(str, str2, str3), (Control[]) null);
        } catch (NamingException e) {
            throw new IllegalStateException((Throwable) e);
        } catch (AuthenticationException e2) {
            return null;
        }
    }

    private static Hashtable<String, String> getConnectionEnvironment(String str, String str2, String str3) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str2);
        hashtable.put("java.naming.security.credentials", str3);
        return hashtable;
    }

    private static List<SearchResult> search(LdapContext ldapContext, String str, String str2, String str3, String str4) {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{str4});
        try {
            return Collections.list(ldapContext.search(str, String.format("(%s={0})", str2), new Object[]{str3}, searchControls));
        } catch (NamingException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    private static List<SearchResult> search(LdapContext ldapContext, String str, String str2) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            return Collections.list(ldapContext.search(str, str2, searchControls));
        } catch (NamingException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    private static List<?> get(SearchResult searchResult, String str) {
        try {
            return Collections.list(searchResult.getAttributes().get(str).getAll());
        } catch (NamingException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    public int priority() {
        return this.ldapIdentityStoreDefinition.priority();
    }

    public Set<IdentityStore.ValidationType> validationTypes() {
        return this.validationTypes;
    }
}
