package org.jasig.cas.adaptors.ldap;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.authentication.AbstractPasswordPolicyEnforcer;
import org.jasig.cas.authentication.LdapPasswordPolicyEnforcementException;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.util.LdapUtils;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.Days;
import org.joda.time.format.DateTimeFormat;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jasig/cas/adaptors/ldap/LdapPasswordPolicyEnforcer.class */
public class LdapPasswordPolicyEnforcer extends AbstractPasswordPolicyEnforcer {
    private static final int DEFAULT_MAX_NUMBER_OF_RESULTS = 10;
    private static final int DEFAULT_TIMEOUT = 1000;
    private static final long YEARS_FROM_1601_1970 = 369;
    private static final int PASSWORD_STATUS_PASS = -1;
    private static final long TOTAL_SECONDS_FROM_1601_1970 = 11644473600L;
    private String filter;
    private LdapTemplate ldapTemplate;
    private String noWarnAttribute;
    private List<String> noWarnValues;
    private String searchBase;
    protected String dateAttribute;
    protected String dateFormat;
    protected String validDaysAttribute;
    protected String warningDaysAttribute;
    private static final DateTimeZone DEFAULT_TIME_ZONE = DateTimeZone.UTC;
    private static final double PASSWORD_STATUS_NEVER_EXPIRE = Math.pow(2.0d, 63.0d) - 1.0d;
    private static final int[] VALID_SCOPE_VALUES = {0, 1, 2};
    private boolean ignorePartialResultException = false;
    private int maxNumberResults = DEFAULT_MAX_NUMBER_OF_RESULTS;
    private int scope = 2;
    private int timeout = DEFAULT_TIMEOUT;
    private int validDays = 180;
    private int warningDays = 30;
    protected Boolean warnAll = Boolean.FALSE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jasig/cas/adaptors/ldap/LdapPasswordPolicyEnforcer$LdapPasswordPolicyResult.class */
    public static final class LdapPasswordPolicyResult {
        private String userId;
        private String dateResult = null;
        private String noWarnAttributeResult = null;
        private String validDaysResult = null;
        private String warnDaysResult = null;

        public LdapPasswordPolicyResult(String str) {
            this.userId = null;
            this.userId = str;
        }

        public String getDateResult() {
            return this.dateResult;
        }

        public String getNoWarnAttributeResult() {
            return this.noWarnAttributeResult;
        }

        public String getUserId() {
            return this.userId;
        }

        public String getValidDaysResult() {
            return this.validDaysResult;
        }

        public String getWarnDaysResult() {
            return this.warnDaysResult;
        }

        public void setDateResult(String str) {
            this.dateResult = str;
        }

        public void setNoWarnAttributeResult(String str) {
            this.noWarnAttributeResult = str;
        }

        public void setValidDaysResult(String str) {
            this.validDaysResult = str;
        }

        public void setWarnDaysResult(String str) {
            this.warnDaysResult = str;
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.ldapTemplate, "ldapTemplate cannot be null");
        Assert.notNull(this.filter, "filter cannot be null");
        Assert.notNull(this.searchBase, "searchBase cannot be null");
        Assert.notNull(this.warnAll, "warnAll cannot be null");
        Assert.notNull(this.dateAttribute, "dateAttribute cannot be null");
        Assert.notNull(this.dateFormat, "dateFormat cannot be null");
        Assert.isTrue(this.filter.contains("%u") || this.filter.contains("%U"), "filter must contain %u");
        this.ldapTemplate.setIgnorePartialResultException(this.ignorePartialResultException);
        for (int i : VALID_SCOPE_VALUES) {
            if (this.scope == i) {
                return;
            }
        }
        throw new IllegalStateException("You must set a valid scope. Valid scope values are: " + Arrays.toString(VALID_SCOPE_VALUES));
    }

    @Override // org.jasig.cas.authentication.PasswordPolicyEnforcer
    public long getNumberOfDaysToPasswordExpirationDate(String str) throws LdapPasswordPolicyEnforcementException {
        LdapPasswordPolicyResult enforcedPasswordPolicy = getEnforcedPasswordPolicy(str);
        if (enforcedPasswordPolicy == null) {
            logDebug("Skipping all password policy checks...");
            return -1L;
        }
        if (!StringUtils.isEmpty(this.noWarnAttribute)) {
            logDebug("No warning attribute value for " + this.noWarnAttribute + " is set to: " + enforcedPasswordPolicy.getNoWarnAttributeResult());
        }
        if (isPasswordSetToNeverExpire(enforcedPasswordPolicy.getNoWarnAttributeResult())) {
            logDebug("Account password will never expire. Skipping password warning check...");
            return -1L;
        }
        if (StringUtils.isEmpty(enforcedPasswordPolicy.getWarnDaysResult())) {
            logDebug("No warning days value is found for " + str + ". Using system default of " + this.warningDays);
        } else {
            this.warningDays = Integer.parseInt(enforcedPasswordPolicy.getWarnDaysResult());
        }
        if (StringUtils.isEmpty(enforcedPasswordPolicy.getValidDaysResult())) {
            logDebug("No maximum password valid days found for " + enforcedPasswordPolicy.getUserId() + ". Using system default of " + this.validDays + " days");
        } else {
            this.validDays = Integer.parseInt(enforcedPasswordPolicy.getValidDaysResult());
        }
        DateTime expirationDateToUse = getExpirationDateToUse(enforcedPasswordPolicy.getDateResult());
        if (expirationDateToUse != null) {
            return getDaysToExpirationDate(str, expirationDateToUse);
        }
        String str2 = "Expiration date cannot be determined for date " + enforcedPasswordPolicy.getDateResult();
        AuthenticationException ldapPasswordPolicyEnforcementException = new LdapPasswordPolicyEnforcementException(str2);
        logError(str2, ldapPasswordPolicyEnforcementException);
        throw ldapPasswordPolicyEnforcementException;
    }

    public void setContextSource(ContextSource contextSource) {
        this.ldapTemplate = new LdapTemplate(contextSource);
    }

    public void setDateAttribute(String str) {
        this.dateAttribute = str;
        logDebug("Date attribute: " + str);
    }

    public void setDateFormat(String str) {
        this.dateFormat = str;
        logDebug("Date format: " + str);
    }

    public void setFilter(String str) {
        this.filter = str;
        logDebug("Search filter: " + str);
    }

    public void setIgnorePartialResultException(boolean z) {
        this.ignorePartialResultException = z;
    }

    public void setMaxNumberResults(int i) {
        this.maxNumberResults = i;
    }

    public void setNoWarnAttribute(String str) {
        this.noWarnAttribute = str;
        logDebug("Attribute to flag warning bypass: " + str);
    }

    public void setNoWarnValues(List<String> list) {
        this.noWarnValues = list;
        logDebug("Value to flag warning bypass: " + list.toString());
    }

    public void setScope(int i) {
        this.scope = i;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
        logDebug("Search base: " + str);
    }

    public void setTimeout(int i) {
        this.timeout = i;
        logDebug("Timeout: " + this.timeout);
    }

    public void setValidDays(int i) {
        this.validDays = i;
        logDebug("Password valid days: " + i);
    }

    public void setValidDaysAttribute(String str) {
        this.validDaysAttribute = str;
        logDebug("Valid days attribute: " + str);
    }

    public void setWarnAll(Boolean bool) {
        this.warnAll = bool;
        logDebug("warnAll: " + bool);
    }

    public void setWarningDays(int i) {
        this.warningDays = i;
        logDebug("Default warningDays: " + i);
    }

    public void setWarningDaysAttribute(String str) {
        this.warningDaysAttribute = str;
        logDebug("Warning days attribute: " + str);
    }

    private DateTime convertDateToActiveDirectoryFormat(String str) {
        DateTime dateTime = new DateTime(((Long.parseLong(str.trim()) / 10000000) - TOTAL_SECONDS_FROM_1601_1970) * 1000, DEFAULT_TIME_ZONE);
        logInfo("Recalculated " + this.dateFormat + " " + this.dateAttribute + " attribute to " + dateTime.toString());
        return dateTime;
    }

    private DateTime formatDateByPattern(String str) {
        return new DateTime(DateTime.parse(str, DateTimeFormat.forPattern(this.dateFormat)), DEFAULT_TIME_ZONE);
    }

    private DateTime getExpirationDateToUse(String str) {
        DateTime convertDateToActiveDirectoryFormat = isUsingActiveDirectory() ? convertDateToActiveDirectoryFormat(str) : formatDateByPattern(str);
        DateTime plusDays = convertDateToActiveDirectoryFormat.plusDays(this.validDays);
        logDebug("Retrieved date value " + convertDateToActiveDirectoryFormat.toString() + " for date attribute " + this.dateAttribute + " and added " + this.validDays + " days. The final expiration date is " + plusDays.toString());
        return plusDays;
    }

    private long getDaysToExpirationDate(String str, DateTime dateTime) throws LdapPasswordPolicyEnforcementException {
        logDebug("Calculating number of days left to the expiration date for user " + str);
        DateTime dateTime2 = new DateTime(DEFAULT_TIME_ZONE);
        logInfo("Current date is " + dateTime2.toString());
        logInfo("Expiration date is " + dateTime.toString());
        int days = Days.daysBetween(dateTime2, dateTime).getDays();
        if (dateTime.equals(dateTime2) || dateTime.isBefore(dateTime2)) {
            String str2 = String.valueOf("Authentication failed because account password has expired with " + days + " to expiration date. ") + "Verify the value of the " + this.dateAttribute + " attribute and make sure it's not before the current date, which is " + dateTime2.toString();
            AuthenticationException ldapPasswordPolicyEnforcementException = new LdapPasswordPolicyEnforcementException(str2);
            logError(str2, ldapPasswordPolicyEnforcementException);
            throw ldapPasswordPolicyEnforcementException;
        }
        DateTime minusDays = new DateTime(DateTime.parse(dateTime.toString()), DEFAULT_TIME_ZONE).minusDays(this.warningDays);
        logInfo("Warning period begins on " + minusDays.toString());
        if (this.warnAll.booleanValue()) {
            logInfo("Warning all. The password for " + str + " will expire in " + days + " days.");
        } else if (dateTime2.equals(minusDays) || dateTime2.isAfter(minusDays)) {
            logInfo("Password will expire in " + days + " days.");
        } else {
            logInfo("Password is not expiring. " + days + " days left to the warning");
            days = PASSWORD_STATUS_PASS;
        }
        return days;
    }

    private LdapPasswordPolicyResult getEnforcedPasswordPolicy(String str) {
        LdapPasswordPolicyResult resultsFromLdap = getResultsFromLdap(str);
        if (resultsFromLdap == null) {
            String str2 = String.valueOf(String.valueOf("No entry was found for user " + str + ". Verify your LPPE settings. ") + "If you are not using LPPE, set the 'enabled' property to false. ") + "Password policy enforcement is currently turned on but not configured.";
            if (this.logger.isWarnEnabled()) {
                this.logger.warn(str2);
            }
        }
        return resultsFromLdap;
    }

    private LdapPasswordPolicyResult getResultsFromLdap(final String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.dateAttribute);
        if (this.warningDaysAttribute != null) {
            arrayList.add(this.warningDaysAttribute);
        }
        if (this.validDaysAttribute != null) {
            arrayList.add(this.validDaysAttribute);
        }
        if (this.noWarnAttribute != null) {
            arrayList.add(this.noWarnAttribute);
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        String filterWithValues = LdapUtils.getFilterWithValues(this.filter, str);
        logDebug("Starting search with searchFilter: " + filterWithValues);
        String str2 = strArr[0];
        for (int i = 1; i < strArr.length; i++) {
            str2 = str2.concat(":" + strArr[i]);
        }
        logDebug("Returning attributes " + str2);
        try {
            List search = this.ldapTemplate.search(this.searchBase, filterWithValues, getSearchControls(strArr), new AttributesMapper() { // from class: org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer.1
                public Object mapFromAttributes(Attributes attributes) throws NamingException {
                    LdapPasswordPolicyResult ldapPasswordPolicyResult = new LdapPasswordPolicyResult(str);
                    if (LdapPasswordPolicyEnforcer.this.dateAttribute != null && attributes.get(LdapPasswordPolicyEnforcer.this.dateAttribute) != null) {
                        ldapPasswordPolicyResult.setDateResult((String) attributes.get(LdapPasswordPolicyEnforcer.this.dateAttribute).get());
                    }
                    if (LdapPasswordPolicyEnforcer.this.warningDaysAttribute != null && attributes.get(LdapPasswordPolicyEnforcer.this.warningDaysAttribute) != null) {
                        ldapPasswordPolicyResult.setWarnDaysResult((String) attributes.get(LdapPasswordPolicyEnforcer.this.warningDaysAttribute).get());
                    }
                    if (LdapPasswordPolicyEnforcer.this.noWarnAttribute != null && attributes.get(LdapPasswordPolicyEnforcer.this.noWarnAttribute) != null) {
                        ldapPasswordPolicyResult.setNoWarnAttributeResult((String) attributes.get(LdapPasswordPolicyEnforcer.this.noWarnAttribute).get());
                    }
                    if (attributes.get(LdapPasswordPolicyEnforcer.this.validDaysAttribute) != null) {
                        ldapPasswordPolicyResult.setValidDaysResult((String) attributes.get(LdapPasswordPolicyEnforcer.this.validDaysAttribute).get());
                    }
                    return ldapPasswordPolicyResult;
                }
            });
            if (search.size() > 0) {
                return (LdapPasswordPolicyResult) search.get(0);
            }
            return null;
        } catch (Exception e) {
            logError(e.getMessage(), e);
            return null;
        }
    }

    private SearchControls getSearchControls(String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(this.scope);
        searchControls.setReturningAttributes(strArr);
        searchControls.setTimeLimit(this.timeout);
        searchControls.setCountLimit(this.maxNumberResults);
        return searchControls;
    }

    private boolean isPasswordSetToNeverExpire(String str) {
        boolean contains = this.noWarnValues.contains(str);
        if (!contains && StringUtils.isNumeric(str)) {
            contains = Double.parseDouble(str) == PASSWORD_STATUS_NEVER_EXPIRE;
        }
        return contains;
    }

    private boolean isUsingActiveDirectory() {
        return this.dateFormat.equalsIgnoreCase("ActiveDirectory") || this.dateFormat.equalsIgnoreCase("AD");
    }

    private void logDebug(String str) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(str);
        }
    }

    private void logError(String str, Exception exc) {
        if (this.logger.isErrorEnabled()) {
            this.logger.error(exc.getMessage(), exc);
        }
    }

    private void logInfo(String str) {
        if (this.logger.isInfoEnabled()) {
            this.logger.info(str);
        }
    }
}
