package org.jboss.security.auth.spi;

import java.security.acl.Group;
import java.util.Map;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/security/auth/spi/LdapLoginModule.class */
public class LdapLoginModule extends UsernamePasswordLoginModule {
    private static final String USE_OBJECT_CREDENTIAL_OPT = "useObjectCredential";
    private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
    private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
    private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
    private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT = "userRolesCtxDNAttributeName";
    private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
    private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
    private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
    private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
    private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
    private transient SimpleGroup userRoles = new SimpleGroup("Roles");

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return "";
    }

    @Override // org.jboss.security.auth.spi.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        return new Group[]{this.userRoles};
    }

    @Override // org.jboss.security.auth.spi.UsernamePasswordLoginModule
    protected boolean validatePassword(String str, String str2) {
        boolean z = false;
        if (str != null) {
            if (str.length() == 0) {
                boolean z2 = true;
                String str3 = (String) this.options.get("allowEmptyPasswords");
                if (str3 != null) {
                    z2 = Boolean.valueOf(str3).booleanValue();
                }
                if (!z2) {
                    this.log.trace("Rejecting empty password due to allowEmptyPasswords");
                    return false;
                }
            }
            try {
                createLdapInitContext(getUsername(), str);
                z = true;
            } catch (NamingException e) {
                this.log.debug("Failed to validate password", e);
            }
        }
        return z;
    }

    private void createLdapInitContext(String str, Object obj) throws NamingException {
        Properties properties = new Properties();
        for (Map.Entry entry : this.options.entrySet()) {
            properties.put(entry.getKey(), entry.getValue());
        }
        if (properties.getProperty("java.naming.factory.initial") == null) {
            properties.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (properties.getProperty("java.naming.security.authentication") == null) {
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        String property = properties.getProperty("java.naming.security.protocol");
        String str2 = (String) this.options.get("java.naming.provider.url");
        if (str2 == null) {
            str2 = new StringBuffer().append("ldap://localhost:").append((property == null || !property.equals("ssl")) ? "389" : "636").toString();
        }
        String str3 = (String) this.options.get(PRINCIPAL_DN_PREFIX_OPT);
        if (str3 == null) {
            str3 = "";
        }
        String str4 = (String) this.options.get(PRINCIPAL_DN_SUFFIX_OPT);
        if (str4 == null) {
            str4 = "";
        }
        boolean booleanValue = Boolean.valueOf((String) this.options.get(MATCH_ON_USER_DN_OPT)).booleanValue();
        String stringBuffer = new StringBuffer().append(str3).append(str).append(str4).toString();
        properties.setProperty("java.naming.provider.url", str2);
        properties.setProperty("java.naming.security.principal", stringBuffer);
        properties.put("java.naming.security.credentials", obj);
        this.log.trace(new StringBuffer().append("Logging into LDAP server, env=").append(properties).toString());
        InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
        this.log.trace(new StringBuffer().append("Logged into LDAP server, ").append(initialLdapContext).toString());
        String str5 = (String) this.options.get(ROLES_CTX_DN_OPT);
        String str6 = (String) this.options.get(USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT);
        if (str6 != null) {
            try {
                Attributes attributes = initialLdapContext.getAttributes(stringBuffer, new String[]{str6});
                if (attributes.get(str6) != null) {
                    str5 = attributes.get(str6).get().toString();
                    this.log.trace(new StringBuffer().append("Found user roles context DN: ").append(str5).toString());
                }
            } catch (NamingException e) {
                this.log.debug("Failed to query userRolesCtxDNAttributeName", e);
            }
        }
        if (str5 != null) {
            String str7 = (String) this.options.get(UID_ATTRIBUTE_ID_OPT);
            if (str7 == null) {
                str7 = "uid";
            }
            String str8 = (String) this.options.get(ROLE_ATTRIBUTE_ID_OPT);
            if (str8 == null) {
                str8 = "roles";
            }
            BasicAttributes basicAttributes = new BasicAttributes(true);
            if (booleanValue) {
                basicAttributes.put(str7, stringBuffer);
            } else {
                basicAttributes.put(str7, str);
            }
            String[] strArr = {str8};
            boolean booleanValue2 = Boolean.valueOf((String) this.options.get(ROLE_ATTRIBUTE_IS_DN_OPT)).booleanValue();
            String str9 = (String) this.options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
            if (str9 == null) {
                str9 = "name";
            }
            try {
                NamingEnumeration search = initialLdapContext.search(str5, basicAttributes, strArr);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str8);
                    for (int i = 0; i < attribute.size(); i++) {
                        Object obj2 = attribute.get(i);
                        if (booleanValue2) {
                            String obj3 = obj2.toString();
                            String[] strArr2 = {str9};
                            this.log.trace(new StringBuffer().append("Using roleDN: ").append(obj3).toString());
                            try {
                                Attributes attributes2 = initialLdapContext.getAttributes(obj3, strArr2);
                                r35 = attributes2.get(str9) != null ? attributes2.get(str9).get().toString() : null;
                            } catch (NamingException e2) {
                                this.log.trace("Failed to query roleNameAttrName", e2);
                            }
                        } else {
                            r35 = obj2.toString();
                        }
                        if (r35 != null) {
                            this.log.trace(new StringBuffer().append("Assign user to role ").append(r35).toString());
                            this.userRoles.addMember(new SimplePrincipal(r35));
                        }
                    }
                }
            } catch (NamingException e3) {
                this.log.trace("Failed to locate roles", e3);
            }
        }
        initialLdapContext.close();
    }
}
