package org.apache.archiva.redback.authentication.ldap;

import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.archiva.redback.authentication.AbstractAuthenticator;
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.Authenticator;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.common.ldap.connection.LdapConnection;
import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
import org.apache.archiva.redback.common.ldap.connection.LdapException;
import org.apache.archiva.redback.common.ldap.user.UserMapper;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticator#ldap")
/* loaded from: input_file:org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticator.class */
public class LdapBindAuthenticator extends AbstractAuthenticator implements Authenticator {
    private Logger log = LoggerFactory.getLogger(getClass());

    @Inject
    @Named("userMapper#ldap")
    private UserMapper mapper;

    @Inject
    @Named("ldapConnectionFactory#configurable")
    private LdapConnectionFactory connectionFactory;

    @Inject
    @Named("userConfiguration#default")
    private UserConfiguration config;

    @Inject
    private LdapCacheService ldapCacheService;

    public String getId() {
        return "LdapBindAuthenticator";
    }

    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        if (!this.config.getBoolean("ldap.bind.authenticator.enabled") || (!this.config.getBoolean("ldap.bind.authenticator.allowEmptyPasswords", false) && StringUtils.isEmpty(passwordBasedAuthenticationDataSource.getPassword()))) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getUsername(), (Exception) null);
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        String str = "(&(objectClass=" + this.mapper.getUserObjectClass() + ")" + (this.mapper.getUserFilter() != null ? this.mapper.getUserFilter() : "") + "(" + this.mapper.getUserIdAttribute() + "=" + passwordBasedAuthenticationDataSource.getUsername() + "))";
        this.log.debug("Searching for users with filter: '{}' from base dn: {}", str, this.mapper.getUserBaseDn());
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                try {
                    LdapConnection ldapConnection = getLdapConnection();
                    String ldapUserDn = this.ldapCacheService.getLdapUserDn(passwordBasedAuthenticationDataSource.getUsername());
                    if (ldapUserDn == null) {
                        this.log.debug("userDn for user {} not found in cache. Retrieving from ldap server..", passwordBasedAuthenticationDataSource.getUsername());
                        namingEnumeration = ldapConnection.getDirContext().search(this.mapper.getUserBaseDn(), str, searchControls);
                        this.log.debug("Found user '{}': {}", passwordBasedAuthenticationDataSource.getUsername(), Boolean.valueOf(namingEnumeration.hasMoreElements()));
                        if (!namingEnumeration.hasMoreElements()) {
                            AuthenticationResult authenticationResult = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getUsername(), (Exception) null);
                            closeNamingEnumeration(namingEnumeration);
                            closeLdapConnection(ldapConnection);
                            if (0 != 0) {
                                closeLdapConnection(null);
                            }
                            return authenticationResult;
                        }
                        ldapUserDn = ((SearchResult) namingEnumeration.nextElement()).getNameInNamespace();
                        this.log.debug("Adding userDn {} for user {} to the cache..", ldapUserDn, passwordBasedAuthenticationDataSource.getUsername());
                        this.ldapCacheService.addLdapUserDn(passwordBasedAuthenticationDataSource.getUsername(), ldapUserDn);
                    }
                    this.log.debug("Attempting Authenication: {}", ldapUserDn);
                    LdapConnection connection = this.connectionFactory.getConnection(ldapUserDn, passwordBasedAuthenticationDataSource.getPassword());
                    this.log.info("user '{}' authenticated", passwordBasedAuthenticationDataSource.getUsername());
                    AuthenticationResult authenticationResult2 = new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getUsername(), (Exception) null);
                    closeNamingEnumeration(namingEnumeration);
                    closeLdapConnection(ldapConnection);
                    if (connection != null) {
                        closeLdapConnection(connection);
                    }
                    return authenticationResult2;
                } catch (LdapException e) {
                    AuthenticationResult authenticationResult3 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getUsername(), e);
                    closeNamingEnumeration(null);
                    closeLdapConnection(null);
                    if (0 != 0) {
                        closeLdapConnection(null);
                    }
                    return authenticationResult3;
                }
            } catch (NamingException e2) {
                AuthenticationResult authenticationResult4 = new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getUsername(), e2);
                closeNamingEnumeration(null);
                closeLdapConnection(null);
                if (0 != 0) {
                    closeLdapConnection(null);
                }
                return authenticationResult4;
            }
        } catch (Throwable th) {
            closeNamingEnumeration(null);
            closeLdapConnection(null);
            if (0 != 0) {
                closeLdapConnection(null);
            }
            throw th;
        }
    }

    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }

    private LdapConnection getLdapConnection() throws LdapException {
        return this.connectionFactory.getConnection();
    }

    private void closeLdapConnection(LdapConnection ldapConnection) {
        if (ldapConnection != null) {
            ldapConnection.close();
        }
    }

    private void closeNamingEnumeration(NamingEnumeration<SearchResult> namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                this.log.warn("skip exception closing naming search result {}", e.getMessage());
            }
        }
    }
}
