package org.dspace.authenticate;

import java.io.IOException;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.Context;
import org.dspace.core.LogHelper;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.EPersonService;
import org.dspace.eperson.service.GroupService;
import org.dspace.services.ConfigurationService;
import org.dspace.services.factory.DSpaceServicesFactory;

/* loaded from: input_file:org/dspace/authenticate/LDAPAuthentication.class */
public class LDAPAuthentication implements AuthenticationMethod {
    private static final Logger log = LogManager.getLogger(LDAPAuthentication.class);
    protected AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
    protected EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
    protected GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
    protected ConfigurationService configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
    private static final String LDAP_AUTHENTICATED = "ldap.authenticated";

    /* loaded from: input_file:org/dspace/authenticate/LDAPAuthentication$SpeakerToLDAP.class */
    private static class SpeakerToLDAP {
        private Logger log;
        protected String ldapEmail = null;
        protected String ldapGivenName = null;
        protected String ldapSurname = null;
        protected String ldapPhone = null;
        protected String ldapGroup = null;
        final String ldap_provider_url;
        final String ldap_id_field;
        final String ldap_search_context;
        final String ldap_search_scope;
        final String ldap_email_field;
        final String ldap_givenname_field;
        final String ldap_surname_field;
        final String ldap_phone_field;
        final String ldap_group_field;
        final boolean useTLS;

        SpeakerToLDAP(Logger logger) {
            this.log = null;
            ConfigurationService configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
            this.log = logger;
            this.ldap_provider_url = configurationService.getProperty("authentication-ldap.provider_url");
            this.ldap_id_field = configurationService.getProperty("authentication-ldap.id_field");
            this.ldap_search_context = configurationService.getProperty("authentication-ldap.search_context");
            this.ldap_search_scope = configurationService.getProperty("authentication-ldap.search_scope");
            this.ldap_email_field = configurationService.getProperty("authentication-ldap.email_field");
            this.ldap_givenname_field = configurationService.getProperty("authentication-ldap.givenname_field");
            this.ldap_surname_field = configurationService.getProperty("authentication-ldap.surname_field");
            this.ldap_phone_field = configurationService.getProperty("authentication-ldap.phone_field");
            this.ldap_group_field = configurationService.getProperty("authentication-ldap.login.groupmap.attribute");
            this.useTLS = configurationService.getBooleanProperty("authentication-ldap.starttls", false);
        }

        /* JADX WARN: Can't wrap try/catch for region: R(21:5|6|(3:101|102|(18:108|(1:110)(1:111)|9|(1:11)|12|13|14|(1:16)(1:83)|17|(15:20|(1:22)(1:68)|23|(1:27)|28|(1:32)|33|(1:37)|38|(1:42)|43|(1:47)|48|(2:50|51)(9:52|53|54|(2:65|66)|56|(1:58)|64|61|62)|18)|69|70|71|(2:81|82)|73|(1:75)|79|80))|8|9|(0)|12|13|14|(0)(0)|17|(1:18)|69|70|71|(0)|73|(0)|79|80|(2:(1:86)|(0))) */
        /* JADX WARN: Code restructure failed: missing block: B:84:0x02e3, code lost:
        
            r19 = move-exception;
         */
        /* JADX WARN: Code restructure failed: missing block: B:85:0x02e5, code lost:
        
            r8.log.warn(org.dspace.core.LogHelper.getHeader(r11, "ldap_attribute_lookup", "type=failed_search " + r19));
         */
        /* JADX WARN: Removed duplicated region for block: B:11:0x00f7 A[Catch: NamingException | IOException -> 0x0319, NamingException | IOException -> 0x0319, all -> 0x034f, TryCatch #7 {NamingException | IOException -> 0x0319, blocks: (B:102:0x005c, B:102:0x005c, B:106:0x006c, B:106:0x006c, B:108:0x0078, B:108:0x0078, B:110:0x007f, B:110:0x007f, B:11:0x00f7, B:11:0x00f7, B:12:0x0103, B:12:0x0103, B:14:0x0122, B:14:0x0122, B:16:0x0139, B:16:0x0139, B:17:0x0151, B:17:0x0151, B:18:0x0170, B:18:0x0170, B:20:0x017a, B:20:0x017a, B:22:0x0190, B:22:0x0190, B:23:0x01aa, B:23:0x01aa, B:25:0x01e1, B:25:0x01e1, B:27:0x01f3, B:27:0x01f3, B:28:0x0201, B:28:0x0201, B:30:0x0208, B:30:0x0208, B:32:0x021a, B:32:0x021a, B:33:0x0228, B:33:0x0228, B:35:0x022f, B:35:0x022f, B:37:0x0241, B:37:0x0241, B:38:0x024f, B:38:0x024f, B:40:0x0256, B:40:0x0256, B:42:0x0268, B:42:0x0268, B:43:0x0276, B:43:0x0276, B:45:0x027d, B:45:0x027d, B:47:0x028f, B:47:0x028f, B:48:0x029d, B:48:0x029d, B:53:0x02aa, B:53:0x02aa, B:68:0x019a, B:68:0x019a, B:83:0x0142, B:83:0x0142, B:85:0x02e5, B:111:0x00c9, B:111:0x00c9, B:8:0x00e8, B:8:0x00e8), top: B:101:0x005c, outer: #6 }] */
        /* JADX WARN: Removed duplicated region for block: B:16:0x0139 A[Catch: NamingException -> 0x02e3, NamingException | IOException -> 0x0319, NamingException | IOException -> 0x0319, all -> 0x034f, TryCatch #1 {NamingException -> 0x02e3, blocks: (B:14:0x0122, B:16:0x0139, B:17:0x0151, B:18:0x0170, B:20:0x017a, B:22:0x0190, B:23:0x01aa, B:25:0x01e1, B:27:0x01f3, B:28:0x0201, B:30:0x0208, B:32:0x021a, B:33:0x0228, B:35:0x022f, B:37:0x0241, B:38:0x024f, B:40:0x0256, B:42:0x0268, B:43:0x0276, B:45:0x027d, B:47:0x028f, B:48:0x029d, B:53:0x02aa, B:68:0x019a, B:83:0x0142), top: B:13:0x0122 }] */
        /* JADX WARN: Removed duplicated region for block: B:20:0x017a A[Catch: NamingException -> 0x02e3, NamingException | IOException -> 0x0319, NamingException | IOException -> 0x0319, all -> 0x034f, TryCatch #1 {NamingException -> 0x02e3, blocks: (B:14:0x0122, B:16:0x0139, B:17:0x0151, B:18:0x0170, B:20:0x017a, B:22:0x0190, B:23:0x01aa, B:25:0x01e1, B:27:0x01f3, B:28:0x0201, B:30:0x0208, B:32:0x021a, B:33:0x0228, B:35:0x022f, B:37:0x0241, B:38:0x024f, B:40:0x0256, B:42:0x0268, B:43:0x0276, B:45:0x027d, B:47:0x028f, B:48:0x029d, B:53:0x02aa, B:68:0x019a, B:83:0x0142), top: B:13:0x0122 }] */
        /* JADX WARN: Removed duplicated region for block: B:75:0x030a A[Catch: NamingException | IOException -> 0x0314, TryCatch #2 {NamingException | IOException -> 0x0314, blocks: (B:82:0x0300, B:75:0x030a), top: B:81:0x0300 }] */
        /* JADX WARN: Removed duplicated region for block: B:81:0x0300 A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:83:0x0142 A[Catch: NamingException -> 0x02e3, NamingException | IOException -> 0x0319, NamingException | IOException -> 0x0319, all -> 0x034f, TryCatch #1 {NamingException -> 0x02e3, blocks: (B:14:0x0122, B:16:0x0139, B:17:0x0151, B:18:0x0170, B:20:0x017a, B:22:0x0190, B:23:0x01aa, B:25:0x01e1, B:27:0x01f3, B:28:0x0201, B:30:0x0208, B:32:0x021a, B:33:0x0228, B:35:0x022f, B:37:0x0241, B:38:0x024f, B:40:0x0256, B:42:0x0268, B:43:0x0276, B:45:0x027d, B:47:0x028f, B:48:0x029d, B:53:0x02aa, B:68:0x019a, B:83:0x0142), top: B:13:0x0122 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        protected java.lang.String getDNOfUser(java.lang.String r9, java.lang.String r10, org.dspace.core.Context r11, java.lang.String r12) {
            /*
                Method dump skipped, instructions count: 881
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.dspace.authenticate.LDAPAuthentication.SpeakerToLDAP.getDNOfUser(java.lang.String, java.lang.String, org.dspace.core.Context, java.lang.String):java.lang.String");
        }

        protected boolean ldapAuthenticate(String str, String str2, Context context) {
            if (str2.equals("")) {
                return false;
            }
            LdapContext ldapContext = null;
            StartTlsResponse startTlsResponse = null;
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", this.ldap_provider_url);
            try {
                try {
                    if (this.useTLS) {
                        ldapContext = new InitialLdapContext(hashtable, (Control[]) null);
                        startTlsResponse = (StartTlsResponse) ldapContext.extendedOperation(new StartTlsRequest());
                        startTlsResponse.negotiate();
                        ldapContext.addToEnvironment("java.naming.security.authentication", "simple");
                        ldapContext.addToEnvironment("java.naming.security.principal", str);
                        ldapContext.addToEnvironment("java.naming.security.credentials", str2);
                        ldapContext.addToEnvironment("java.naming.authoritative", "true");
                        ldapContext.addToEnvironment("java.naming.referral", "follow");
                        ldapContext.getAttributes("");
                    } else if (!this.useTLS) {
                        hashtable.put("java.naming.security.authentication", "Simple");
                        hashtable.put("java.naming.security.principal", str);
                        hashtable.put("java.naming.security.credentials", str2);
                        hashtable.put("java.naming.authoritative", "true");
                        hashtable.put("java.naming.referral", "follow");
                        ldapContext = new InitialLdapContext(hashtable, (Control[]) null);
                    }
                    if (startTlsResponse != null) {
                        try {
                            startTlsResponse.close();
                        } catch (NamingException | IOException e) {
                            return true;
                        }
                    }
                    if (ldapContext != null) {
                        ldapContext.close();
                    }
                    return true;
                } catch (NamingException | IOException e2) {
                    this.log.warn(LogHelper.getHeader(context, "ldap_authentication", "type=failed_auth " + e2));
                    if (0 != 0) {
                        try {
                            startTlsResponse.close();
                        } catch (NamingException | IOException e3) {
                            return false;
                        }
                    }
                    if (0 != 0) {
                        ldapContext.close();
                    }
                    return false;
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        startTlsResponse.close();
                    } catch (NamingException | IOException e4) {
                        throw th;
                    }
                }
                if (0 != 0) {
                    ldapContext.close();
                }
                throw th;
            }
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return this.configurationService.getBooleanProperty("authentication-ldap.autoregister");
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public List<Group> getSpecialGroups(Context context, HttpServletRequest httpServletRequest) {
        String property;
        if (context.getCurrentUser() != null && context.getCurrentUser().getNetid() != null) {
            if (!context.getCurrentUser().getNetid().equals("") && (property = this.configurationService.getProperty("authentication-ldap.login.specialgroup")) != null && !property.trim().equals("")) {
                Group findByName = this.groupService.findByName(context, property);
                if (findByName != null) {
                    return Arrays.asList(findByName);
                }
                log.warn(LogHelper.getHeader(context, "ldap_specialgroup", "Group defined in login.specialgroup does not exist"));
                return Collections.EMPTY_LIST;
            }
            return Collections.EMPTY_LIST;
        }
        return Collections.EMPTY_LIST;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        log.info(LogHelper.getHeader(context, "auth", "attempting trivial auth of user=" + str));
        if (str == null || str2 == null) {
            return 5;
        }
        EPerson ePerson = null;
        try {
            ePerson = this.ePersonService.findByNetid(context, str.toLowerCase());
        } catch (SQLException e) {
        }
        SpeakerToLDAP speakerToLDAP = new SpeakerToLDAP(log);
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-ldap.search.anonymous");
        String property = this.configurationService.getProperty("authentication-ldap.search.user");
        String property2 = this.configurationService.getProperty("authentication-ldap.search.password");
        String dNOfUser = ((StringUtils.isBlank(property) || StringUtils.isBlank(property2)) && !booleanProperty) ? this.configurationService.getProperty("authentication-ldap.id_field") + "=" + str + "," + this.configurationService.getProperty("authentication-ldap.object_context") : speakerToLDAP.getDNOfUser(property, property2, context, str);
        if (dNOfUser == null || dNOfUser.trim().equals("")) {
            log.info(LogHelper.getHeader(context, "failed_login", "no DN found for user " + str));
            return 2;
        }
        if (ePerson != null) {
            if (ePerson.getRequireCertificate()) {
                return 3;
            }
            if (!ePerson.canLogIn()) {
                return 5;
            }
            if (!speakerToLDAP.ldapAuthenticate(dNOfUser, str2, context)) {
                return 2;
            }
            context.setCurrentUser(ePerson);
            httpServletRequest.setAttribute(LDAP_AUTHENTICATED, true);
            assignGroups(dNOfUser, speakerToLDAP.ldapGroup, context);
            log.info(LogHelper.getHeader(context, "authenticate", "type=ldap"));
            return 1;
        }
        if (!speakerToLDAP.ldapAuthenticate(dNOfUser, str2, context)) {
            return 5;
        }
        log.info(LogHelper.getHeader(context, "autoregister", "netid=" + str));
        String str4 = speakerToLDAP.ldapEmail;
        if (StringUtils.isEmpty(str4)) {
            if (this.configurationService.hasProperty("authentication-ldap.netid_email_domain")) {
                str4 = str + this.configurationService.getProperty("authentication-ldap.netid_email_domain");
            } else {
                log.warn(LogHelper.getHeader(context, "autoregister", "Unable to locate email address for account '" + str + "', so it has been set to '" + str + "'. Please check the LDAP 'email_field' OR consider configuring 'netid_email_domain'."));
                str4 = str;
            }
        }
        if (!StringUtils.isNotEmpty(str4)) {
            return 5;
        }
        try {
            EPerson findByEmail = this.ePersonService.findByEmail(context, str4);
            if (findByEmail != null) {
                log.info(LogHelper.getHeader(context, "type=ldap-login", "type=ldap_but_already_email"));
                context.turnOffAuthorisationSystem();
                findByEmail.setNetid(str.toLowerCase());
                this.ePersonService.update(context, findByEmail);
                context.dispatchEvents();
                context.restoreAuthSystemState();
                context.setCurrentUser(findByEmail);
                httpServletRequest.setAttribute(LDAP_AUTHENTICATED, true);
                assignGroups(dNOfUser, speakerToLDAP.ldapGroup, context);
                context.restoreAuthSystemState();
                return 1;
            }
            if (!canSelfRegister(context, httpServletRequest, str)) {
                log.info(LogHelper.getHeader(context, "failed_login", "type=ldap_but_no_record"));
                context.restoreAuthSystemState();
                return 4;
            }
            try {
                context.turnOffAuthorisationSystem();
                EPerson create = this.ePersonService.create(context);
                if (StringUtils.isNotEmpty(str4)) {
                    create.setEmail(str4);
                }
                if (StringUtils.isNotEmpty(speakerToLDAP.ldapGivenName)) {
                    create.setFirstName(context, speakerToLDAP.ldapGivenName);
                }
                if (StringUtils.isNotEmpty(speakerToLDAP.ldapSurname)) {
                    create.setLastName(context, speakerToLDAP.ldapSurname);
                }
                if (StringUtils.isNotEmpty(speakerToLDAP.ldapPhone)) {
                    this.ePersonService.setMetadataSingleValue(context, create, EPersonService.MD_PHONE, speakerToLDAP.ldapPhone, null);
                }
                create.setNetid(str.toLowerCase());
                create.setCanLogIn(true);
                this.authenticationService.initEPerson(context, httpServletRequest, create);
                this.ePersonService.update(context, create);
                context.dispatchEvents();
                context.setCurrentUser(create);
                httpServletRequest.setAttribute(LDAP_AUTHENTICATED, true);
                assignGroups(dNOfUser, speakerToLDAP.ldapGroup, context);
                context.restoreAuthSystemState();
                log.info(LogHelper.getHeader(context, "authenticate", "type=ldap-login, created ePerson"));
                context.restoreAuthSystemState();
                return 1;
            } catch (AuthorizeException e2) {
                context.restoreAuthSystemState();
                context.restoreAuthSystemState();
                return 4;
            } catch (Throwable th) {
                context.restoreAuthSystemState();
                throw th;
            }
        } catch (AuthorizeException e3) {
            context.restoreAuthSystemState();
            return 5;
        } catch (Throwable th2) {
            context.restoreAuthSystemState();
            throw th2;
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String getName() {
        return "ldap";
    }

    private void assignGroups(String str, String str2, Context context) {
        if (!StringUtils.isNotBlank(str)) {
            return;
        }
        System.out.println("dn:" + str);
        int i = 1;
        String property = this.configurationService.getProperty("authentication-ldap.login.groupmap." + 1);
        while (true) {
            String str3 = property;
            if (str3 == null) {
                return;
            }
            String[] split = str3.split(":");
            String str4 = split[0];
            String str5 = split[1];
            if (str2 == null ? StringUtils.containsIgnoreCase(str, str4 + ",") : StringUtils.equalsIgnoreCase(str2, str4)) {
                try {
                    Group findByName = this.groupService.findByName(context, str5);
                    if (findByName != null) {
                        this.groupService.addMember(context, findByName, context.getCurrentUser());
                        this.groupService.update(context, findByName);
                    } else {
                        log.warn(LogHelper.getHeader(context, "ldap_assignGroupsBasedOnLdapDn", "Group defined in authentication-ldap.login.groupmap." + i + " does not exist :: " + str5));
                    }
                } catch (SQLException e) {
                    log.debug(LogHelper.getHeader(context, "assignGroupsBasedOnLdapDn could not find group", str5));
                } catch (AuthorizeException e2) {
                    log.debug(LogHelper.getHeader(context, "assignGroupsBasedOnLdapDn could not authorize addition to group", str5));
                }
            }
            i++;
            property = this.configurationService.getProperty("authentication-ldap.login.groupmap." + i);
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isUsed(Context context, HttpServletRequest httpServletRequest) {
        return (httpServletRequest == null || context.getCurrentUser() == null || httpServletRequest.getAttribute(LDAP_AUTHENTICATED) == null) ? false : true;
    }
}
