package org.apereo.cas.shell.commands;

import java.util.Arrays;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Pair;
import org.quartz.impl.StdSchedulerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/apereo/cas/shell/commands/ValidateLdapConnectionCommand.class */
public class ValidateLdapConnectionCommand implements CommandMarker {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ValidateLdapConnectionCommand.class);
    private static final int TIMEOUT = 5000;

    @CliCommand(value = {"validate-ldap"}, help = "Test connections to an LDAP server to verify connectivity, SSL, etc")
    public void validateEndpoint(@CliOption(key = {"url"}, mandatory = true, help = "LDAP URL to test, comma-separated.", optionContext = "LDAP URL to test, comma-separated.", specifiedDefaultValue = "false", unspecifiedDefaultValue = "false") String str, @CliOption(key = {"bindDn"}, help = "bindDn to use when testing the LDAP server", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = true, optionContext = "Proxy address to use when testing the endpoint url") String str2, @CliOption(key = {"bindCredential"}, help = "bindCredential to use when testing the LDAP server", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = true, optionContext = "bindCredential to use when testing the LDAP server") String str3, @CliOption(key = {"baseDn"}, help = "baseDn to use when testing the LDAP server, searching for accounts (i.e. OU=some,DC=org,DC=edu)", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = true, optionContext = "baseDn to use when testing the LDAP server, searching for accounts (i.e. OU=some,DC=org,DC=edu)") String str4, @CliOption(key = {"searchFilter"}, help = "Filter to use when searching for accounts (i.e. (&(objectClass=*) (sAMAccountName=user)))", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = false, optionContext = "Filter to use when searching for accounts (i.e. (&(objectClass=*) (sAMAccountName=user)))") String str5, @CliOption(key = {"userPassword"}, help = "Password for the user found in the search result, to attempt authentication", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = false, optionContext = "Password for the user found in the search result, to attempt authentication") String str6, @CliOption(key = {"userAttributes"}, help = "User attributes, comma-separated, to fetch for the user found in the search result", specifiedDefaultValue = "", unspecifiedDefaultValue = "", mandatory = false, optionContext = "User attributes, comma-separated, to fetch for the user found in the search result") String str7) {
        try {
            connect(str, str2, str3, str4, str5, str7, str6);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
        }
    }

    private void connect(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        Pair<String, DirContext> context = getContext(str, str2, str3);
        if (context == null) {
            LOGGER.error("Could not connect to any of the provided LDAP urls based on the given credentials.");
            return;
        }
        DirContext dirContext = null;
        try {
            dirContext = context.getValue();
            String str8 = "Successfully connected to the LDAP url [" + context.getKey() + "] ";
            if (dirContext.getNameInNamespace() != null && !dirContext.getNameInNamespace().isEmpty()) {
                str8 = str8 + "with namespace [" + dirContext.getNameInNamespace() + "].";
            }
            LOGGER.info(str8);
            if (!StringUtils.hasText(str5)) {
                if (dirContext != null) {
                    dirContext.close();
                    return;
                }
                return;
            }
            String[] split = str6.split(",");
            LOGGER.info("******* Ldap Search *******");
            LOGGER.info("Ldap filter: [{}]", str5);
            LOGGER.info("Ldap search base: [{}]", str4);
            LOGGER.info("Returning attributes: [{}]\n", Arrays.toString(split));
            NamingEnumeration search = dirContext.search(str4, str5, getSearchControls(split));
            if (search.hasMoreElements()) {
                LOGGER.info("******* Ldap Search Results *******");
                while (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.nextElement();
                    LOGGER.info("User name: [{}]", searchResult.getName());
                    LOGGER.info("User full name: [{}]", searchResult.getNameInNamespace());
                    if (str7 != null) {
                        LOGGER.info("Attempting to authenticate [{}] with password [{}]", searchResult.getName(), str7);
                        new InitialDirContext(getLdapDirectoryContextSettings(searchResult.getNameInNamespace(), str7, context.getKey()));
                        LOGGER.info("Successfully authenticated [{}] with password [{}]", searchResult.getName(), str7);
                    }
                    NamingEnumeration iDs = searchResult.getAttributes().getIDs();
                    while (iDs.hasMoreElements()) {
                        String str9 = (String) iDs.nextElement();
                        LOGGER.info("[{}] => [{}]", str9, searchResult.getAttributes().get(str9));
                    }
                }
            } else {
                LOGGER.info("No search results could be found.");
            }
            LOGGER.info("Ldap search completed successfully.");
            if (dirContext != null) {
                dirContext.close();
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                dirContext.close();
            }
            throw th;
        }
    }

    private SearchControls getSearchControls(String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setDerefLinkFlag(true);
        searchControls.setTimeLimit(5000);
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        return searchControls;
    }

    private Pair<String, DirContext> getContext(String str, String str2, String str3) {
        for (String str4 : StringUtils.commaDelimitedListToSet(str)) {
            if (str != null && !str.isEmpty()) {
                LOGGER.info("Attempting connect to LDAP instance [{}]", str4);
                try {
                    return Pair.of(str, new InitialDirContext(getLdapDirectoryContextSettings(str2, str3, str4)));
                } catch (Exception e) {
                    LOGGER.error("Failed to connect to ldap instance [{}]", str);
                }
            }
        }
        return null;
    }

    private Hashtable<String, String> getLdapDirectoryContextSettings(String str, String str2, String str3) {
        Hashtable<String, String> hashtable = new Hashtable<>(6);
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_INITIAL, "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PROVDER, str3.trim());
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PRINCIPAL, str);
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_CREDENTIALS, str2);
        hashtable.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(5000));
        return hashtable;
    }
}
