package com.linecorp.centraldogma.server.support.shiro;

import com.google.common.base.Preconditions;
import java.time.Duration;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;

/* loaded from: input_file:com/linecorp/centraldogma/server/support/shiro/SearchFirstActiveDirectoryRealm.class */
public class SearchFirstActiveDirectoryRealm extends ActiveDirectoryRealm {
    private static final String DEFAULT_SEARCH_FILTER = "cn={0}";

    @Nullable
    private String searchFilter = DEFAULT_SEARCH_FILTER;
    private int searchTimeoutMillis = DEFAULT_SEARCH_TIMEOUT_MILLIS;
    private static final Pattern USERNAME_PLACEHOLDER = Pattern.compile("\\{0}");
    private static final int DEFAULT_SEARCH_TIMEOUT_MILLIS = (int) Duration.ofSeconds(10).toMillis();

    @Nullable
    protected String getSearchFilter() {
        return this.searchFilter;
    }

    protected void setSearchFilter(String str) {
        this.searchFilter = (String) Objects.requireNonNull(str, "searchFilter");
    }

    public int getSearchTimeoutMillis() {
        return this.searchTimeoutMillis;
    }

    protected void setSearchTimeoutMillis(int i) {
        Preconditions.checkArgument(i >= 0, "searchTimeoutMillis should be 0 or positive number");
        this.searchTimeoutMillis = i;
    }

    @Nullable
    protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        try {
            return queryForAuthenticationInfo0(authenticationToken, ldapContextFactory);
        } catch (ServiceUnavailableException e) {
            return queryForAuthenticationInfo0(authenticationToken, ldapContextFactory);
        }
    }

    @Nullable
    private AuthenticationInfo queryForAuthenticationInfo0(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
        UsernamePasswordToken ensureUsernamePasswordToken = ensureUsernamePasswordToken(authenticationToken);
        String findUserDn = findUserDn(ldapContextFactory, ensureUsernamePasswordToken.getUsername());
        if (findUserDn == null) {
            return null;
        }
        LdapContext ldapContext = null;
        try {
            ldapContext = ldapContextFactory.getLdapContext(findUserDn, ensureUsernamePasswordToken.getPassword());
            LdapUtils.closeContext(ldapContext);
            return buildAuthenticationInfo(ensureUsernamePasswordToken.getUsername(), ensureUsernamePasswordToken.getPassword());
        } catch (AuthenticationException e) {
            LdapUtils.closeContext(ldapContext);
            return null;
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    @Nullable
    protected String findUserDn(LdapContextFactory ldapContextFactory, String str) throws NamingException {
        LdapContext ldapContext = null;
        try {
            ldapContext = ldapContextFactory.getSystemLdapContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setCountLimit(1L);
            searchControls.setSearchScope(2);
            searchControls.setTimeLimit(this.searchTimeoutMillis);
            NamingEnumeration search = ldapContext.search(this.searchBase, this.searchFilter != null ? USERNAME_PLACEHOLDER.matcher(this.searchFilter).replaceAll(str) : str, searchControls);
            try {
                if (!search.hasMore()) {
                    LdapUtils.closeContext(ldapContext);
                    return null;
                }
                String nameInNamespace = ((SearchResult) search.next()).getNameInNamespace();
                search.close();
                LdapUtils.closeContext(ldapContext);
                return nameInNamespace;
            } finally {
                search.close();
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    private static UsernamePasswordToken ensureUsernamePasswordToken(AuthenticationToken authenticationToken) {
        if (authenticationToken instanceof UsernamePasswordToken) {
            return (UsernamePasswordToken) authenticationToken;
        }
        throw new IllegalArgumentException("Token '" + authenticationToken.getClass().getName() + "' is not supported.");
    }
}
