package org.apache.jetspeed.security.spi.impl;

import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang.StringUtils;
import org.apache.jetspeed.security.CredentialPasswordEncoder;
import org.apache.jetspeed.security.InvalidPasswordException;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
import org.apache.jetspeed.security.spi.UserPasswordCredentialAccessManager;
import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;
import org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.filter.HardcodedFilter;
import org.springframework.ldap.pool.factory.PoolingContextSource;
import org.springframework.ldap.support.LdapUtils;

/* loaded from: input_file:org/apache/jetspeed/security/spi/impl/LdapUserPasswordCredentialManagerImpl.class */
public class LdapUserPasswordCredentialManagerImpl implements UserPasswordCredentialManager {
    private static final long serialVersionUID = 1131764631931510796L;
    static final Logger log = LoggerFactory.getLogger(UserPasswordCredentialManager.class);
    private UserPasswordCredentialStorageManager upcsm;
    private UserPasswordCredentialAccessManager upcam;
    private UserPasswordCredentialPolicyManager upcpm;
    private UserManager um;
    private JetspeedSecuritySynchronizer synchronizer;
    private PoolingContextSource poolingContextsource;
    private String userEntryPrefix;
    private DistinguishedName userSearchPath;
    private SearchControls searchControls;
    private Filter userFilter;
    private CredentialPasswordEncoder cpe;
    private boolean persistCredentials;
    private boolean changePasswordByUser;

    public LdapUserPasswordCredentialManagerImpl(UserPasswordCredentialStorageManager userPasswordCredentialStorageManager, UserPasswordCredentialAccessManager userPasswordCredentialAccessManager, UserPasswordCredentialPolicyManager userPasswordCredentialPolicyManager, CredentialPasswordEncoder credentialPasswordEncoder, PoolingContextSource poolingContextSource, String str, String str2, String str3, String str4) {
        this.upcsm = userPasswordCredentialStorageManager;
        this.upcam = userPasswordCredentialAccessManager;
        this.upcpm = userPasswordCredentialPolicyManager;
        this.cpe = (credentialPasswordEncoder == null || (userPasswordCredentialPolicyManager != null && userPasswordCredentialPolicyManager.getCredentialPasswordEncoder() == credentialPasswordEncoder)) ? null : credentialPasswordEncoder;
        this.poolingContextsource = poolingContextSource;
        this.userEntryPrefix = str3;
        this.userSearchPath = new DistinguishedName(str);
        if (!StringUtils.isEmpty(str2)) {
            this.userFilter = new HardcodedFilter(str2);
        }
        this.searchControls = new SearchControls();
        this.searchControls.setReturningAttributes(new String[0]);
        this.searchControls.setReturningObjFlag(false);
        this.searchControls.setSearchScope(Integer.parseInt(str4));
    }

    protected String getUserDn(String str) throws SecurityException {
        DirContext dirContext = null;
        try {
            try {
                Filter equalsFilter = new EqualsFilter(this.userEntryPrefix, str);
                if (this.userFilter != null) {
                    equalsFilter = new AndFilter().and(this.userFilter).and(equalsFilter);
                }
                dirContext = this.poolingContextsource.getReadOnlyContext();
                NamingEnumeration search = dirContext.search(this.userSearchPath, equalsFilter.encode(), this.searchControls);
                String str2 = null;
                if (null != search && search.hasMore()) {
                    str2 = ((SearchResult) search.next()).getNameInNamespace();
                }
                if (str2 == null) {
                    throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
                }
                String str3 = str2;
                LdapUtils.closeContext(dirContext);
                return str3;
            } catch (NamingException e) {
                throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", e.getMessage()), e);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    protected void authenticateUser(String str, String str2, String str3) throws SecurityException {
        DirContext dirContext = null;
        try {
            try {
                this.poolingContextsource.getContextSource().getContext(str2, str3).close();
                dirContext = null;
                LdapUtils.closeContext((DirContext) null);
            } catch (AuthenticationException e) {
                if (e.getMessage() != null && e.getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]")) {
                    throw new InvalidPasswordException();
                }
                throw new SecurityException(e);
            } catch (NamingException e2) {
                throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", e2.getMessage()), e2);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    protected void setPassword(String str, String str2, String str3, String str4, boolean z) throws SecurityException {
        DirContext dirContext = null;
        try {
            try {
                dirContext = z ? this.poolingContextsource.getContextSource().getContext(str2, str3) : this.poolingContextsource.getReadWriteContext();
                DistinguishedName distinguishedName = new DistinguishedName(str2);
                distinguishedName.removeFirst(new DistinguishedName(dirContext.getNameInNamespace()));
                dirContext.modifyAttributes(distinguishedName, new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userPassword", str4))});
                LdapUtils.closeContext(dirContext);
            } catch (NamingException e) {
                throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "setPassword", e.getMessage()), e);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    public void setUserManager(UserManager userManager) {
        this.um = userManager;
    }

    public void setJetspeedSecuritySynchronizer(JetspeedSecuritySynchronizer jetspeedSecuritySynchronizer) {
        this.synchronizer = jetspeedSecuritySynchronizer;
    }

    public void setPersistCredentials(boolean z) {
        this.persistCredentials = z;
    }

    public boolean isPersistCredentials() {
        return this.persistCredentials;
    }

    public void setChangePasswordByUser(boolean z) {
        this.changePasswordByUser = z;
    }

    public boolean isChangePasswordByUser() {
        return this.changePasswordByUser;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager
    public PasswordCredential getPasswordCredential(User user) throws SecurityException {
        if (!isPersistCredentials()) {
            PasswordCredentialImpl passwordCredentialImpl = new PasswordCredentialImpl();
            passwordCredentialImpl.setUser(user);
            return passwordCredentialImpl;
        }
        PasswordCredential passwordCredential = this.upcsm.getPasswordCredential(user);
        if (!passwordCredential.isNew() && this.upcpm != null && this.upcpm.onLoad(passwordCredential, user.getName())) {
            this.upcsm.storePasswordCredential(passwordCredential);
        }
        return passwordCredential;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialStorageManager
    public void storePasswordCredential(PasswordCredential passwordCredential) throws SecurityException {
        String str = null;
        boolean z = false;
        boolean isNewPasswordSet = passwordCredential.isNewPasswordSet();
        String newPassword = passwordCredential.getNewPassword();
        String oldPassword = passwordCredential.getOldPassword();
        String password = passwordCredential.getPassword();
        boolean isEncoded = passwordCredential.isEncoded();
        if (SynchronizationStateAccess.isSynchronizing()) {
            z = true;
        } else if (isNewPasswordSet) {
            str = getUserDn(passwordCredential.getUserName());
            if (oldPassword != null) {
                authenticateUser(passwordCredential.getUserName(), str, oldPassword);
                z = true;
            }
        }
        if (this.upcpm != null) {
            this.upcpm.onStore(passwordCredential, z);
        }
        if (isPersistCredentials()) {
            this.upcsm.storePasswordCredential(passwordCredential);
        }
        if (!isNewPasswordSet || SynchronizationStateAccess.isSynchronizing()) {
            return;
        }
        String password2 = passwordCredential.getPassword();
        if ((this.cpe != null && newPassword != null) || !isEncoded) {
            password2 = this.cpe.encode(passwordCredential.getUserName(), newPassword != null ? newPassword : password);
        }
        setPassword(passwordCredential.getUserName(), str, oldPassword, password2, oldPassword != null ? this.changePasswordByUser : false);
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialManager
    public PasswordCredential getAuthenticatedPasswordCredential(String str, String str2) throws SecurityException {
        if (!SynchronizationStateAccess.isSynchronizing()) {
            authenticateUser(str, getUserDn(str), str2);
            if (this.synchronizer != null) {
                this.synchronizer.synchronizeUserPrincipal(str);
            }
        }
        PasswordCredential passwordCredential = isPersistCredentials() ? this.upcam.getPasswordCredential(str) : new PasswordCredentialImpl();
        if (passwordCredential == null) {
            passwordCredential = new PasswordCredentialImpl();
            if (this.um == null) {
                log.error("New User PasswordCredential cannot be persisted: requires UserManager to be set!!!");
            } else {
                ((PasswordCredentialImpl) passwordCredential).setUser(this.um.getUser(str));
            }
        }
        boolean z = false;
        if (isPersistCredentials() && (!passwordCredential.isNew() || passwordCredential.getUser() != null)) {
            if (passwordCredential.isNew()) {
                z = true;
            } else {
                String str3 = str2;
                if (this.upcpm != null && this.upcpm.getCredentialPasswordEncoder() != null && passwordCredential.isEncoded()) {
                    CredentialPasswordEncoder credentialPasswordEncoder = this.upcpm.getCredentialPasswordEncoder();
                    str3 = this.upcpm.getCredentialPasswordEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder ? ((AlgorithmUpgradeCredentialPasswordEncoder) credentialPasswordEncoder).encode(passwordCredential, str2) : credentialPasswordEncoder.encode(str, str2);
                }
                if (!passwordCredential.getPassword().equals(str3)) {
                    z = true;
                }
            }
            if (z) {
                passwordCredential.setPassword((String) null, str2);
                boolean isSynchronizing = SynchronizationStateAccess.isSynchronizing();
                try {
                    SynchronizationStateAccess.setSynchronizing(Boolean.TRUE);
                    storePasswordCredential(passwordCredential);
                    SynchronizationStateAccess.setSynchronizing(isSynchronizing ? Boolean.TRUE : Boolean.FALSE);
                } catch (Throwable th) {
                    SynchronizationStateAccess.setSynchronizing(isSynchronizing ? Boolean.TRUE : Boolean.FALSE);
                    throw th;
                }
            }
            if (this.upcpm != null) {
                if (this.upcpm.onLoad(passwordCredential, str)) {
                    this.upcsm.storePasswordCredential(passwordCredential);
                }
                if (passwordCredential.isEnabled() && !passwordCredential.isExpired()) {
                    if (this.upcpm.authenticate(passwordCredential, str, str2, true)) {
                        this.upcsm.storePasswordCredential(passwordCredential);
                    }
                    if (!passwordCredential.isEnabled() || passwordCredential.isExpired()) {
                        throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
                    }
                    if (passwordCredential.getAuthenticationFailures() != 0) {
                        throw new SecurityException(SecurityException.INVALID_PASSWORD);
                    }
                }
            }
        }
        if (passwordCredential.getUser() == null) {
            if (passwordCredential.isNew()) {
                ((PasswordCredentialImpl) passwordCredential).setUserName(str);
            } else {
                try {
                    this.upcam.loadPasswordCredentialUser(passwordCredential);
                } catch (Exception e) {
                    throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str), e);
                }
            }
        }
        return passwordCredential;
    }
}
