package com.gitblit;

import com.gitblit.Keys;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.StringUtils;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/gitblit/LdapUserService.class */
public class LdapUserService extends GitblitUserService {
    public static final Logger logger = LoggerFactory.getLogger(LdapUserService.class);
    private IStoredSettings settings;

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public void setup(IStoredSettings iStoredSettings) {
        this.settings = iStoredSettings;
        this.serviceImpl = createUserService(GitBlit.getFileOrFolder(iStoredSettings.getString(Keys.realm.ldap.backingUserService, "users.conf")));
        logger.info("LDAP User Service backed by " + this.serviceImpl.toString());
    }

    private LDAPConnection getLdapConnection() {
        try {
            URI uri = new URI(this.settings.getRequiredString(Keys.realm.ldap.server));
            String string = this.settings.getString(Keys.realm.ldap.username, "");
            String string2 = this.settings.getString(Keys.realm.ldap.password, "");
            int port = uri.getPort();
            if (uri.getScheme().equalsIgnoreCase("ldaps")) {
                if (port == -1) {
                    port = 636;
                }
                return new LDAPConnection(new SSLUtil(new TrustAllTrustManager()).createSSLSocketFactory(), uri.getHost(), port, string, string2);
            }
            if (port == -1) {
                port = 389;
            }
            LDAPConnection lDAPConnection = new LDAPConnection(uri.getHost(), port, string, string2);
            if (uri.getScheme().equalsIgnoreCase("ldap+tls")) {
                ExtendedResult processExtendedOperation = lDAPConnection.processExtendedOperation(new StartTLSExtendedRequest(new SSLUtil(new TrustAllTrustManager()).createSSLContext()));
                if (processExtendedOperation.getResultCode() != ResultCode.SUCCESS) {
                    throw new LDAPException(processExtendedOperation.getResultCode());
                }
            }
            return lDAPConnection;
        } catch (URISyntaxException e) {
            logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
            return null;
        } catch (GeneralSecurityException e2) {
            logger.error("Unable to create SSL Connection", e2);
            return null;
        } catch (LDAPException e3) {
            logger.error("Error Connecting to LDAP", e3);
            return null;
        }
    }

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public boolean supportsCredentialChanges() {
        return false;
    }

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public boolean supportsDisplayNameChanges() {
        return StringUtils.isEmpty(this.settings.getString(Keys.realm.ldap.displayName, ""));
    }

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public boolean supportsEmailAddressChanges() {
        return StringUtils.isEmpty(this.settings.getString(Keys.realm.ldap.email, ""));
    }

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public boolean supportsTeamMembershipChanges() {
        return !this.settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
    }

    @Override // com.gitblit.GitblitUserService, com.gitblit.IUserService
    public UserModel authenticate(String str, char[] cArr) {
        String simpleUsername = getSimpleUsername(str);
        LDAPConnection ldapConnection = getLdapConnection();
        if (ldapConnection == null) {
            return null;
        }
        try {
            SearchResult doSearch = doSearch(ldapConnection, this.settings.getString(Keys.realm.ldap.accountBase, ""), StringUtils.replace(this.settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))"), "${username}", escapeLDAPSearchFilter(simpleUsername)));
            if (doSearch != null && doSearch.getEntryCount() == 1) {
                SearchResultEntry searchResultEntry = (SearchResultEntry) doSearch.getSearchEntries().get(0);
                if (isAuthenticated(ldapConnection, searchResultEntry.getDN(), new String(cArr))) {
                    logger.debug("LDAP authenticated: " + str);
                    UserModel userModel = getUserModel(simpleUsername);
                    if (userModel == null) {
                        userModel = new UserModel(simpleUsername);
                    }
                    if (StringUtils.isEmpty(userModel.cookie) && !ArrayUtils.isEmpty(cArr)) {
                        userModel.cookie = StringUtils.getSHA1(userModel.username + new String(cArr));
                    }
                    if (!supportsTeamMembershipChanges()) {
                        getTeamsFromLdap(ldapConnection, simpleUsername, searchResultEntry, userModel);
                    }
                    setUserAttributes(userModel, searchResultEntry);
                    super.updateUserModel(userModel);
                    if (!supportsTeamMembershipChanges()) {
                        Iterator<TeamModel> it = userModel.teams.iterator();
                        while (it.hasNext()) {
                            updateTeamModel(it.next());
                        }
                    }
                    return userModel;
                }
            }
            ldapConnection.close();
            return null;
        } finally {
            ldapConnection.close();
        }
    }

    private void setAdminAttribute(UserModel userModel) {
        if (supportsTeamMembershipChanges()) {
            return;
        }
        List<String> strings = this.settings.getStrings(Keys.realm.ldap.admins);
        if (ArrayUtils.isEmpty(strings)) {
            return;
        }
        userModel.canAdmin = false;
        for (String str : strings) {
            if (str.startsWith("@")) {
                if (userModel.getTeam(str.substring(1)) != null) {
                    userModel.canAdmin = true;
                }
            } else if (userModel.getName().equalsIgnoreCase(str)) {
                userModel.canAdmin = true;
            }
        }
    }

    private void setUserAttributes(UserModel userModel, SearchResultEntry searchResultEntry) {
        setAdminAttribute(userModel);
        userModel.password = "StoredInLDAP";
        String string = this.settings.getString(Keys.realm.ldap.displayName, "");
        if (!StringUtils.isEmpty(string)) {
            if (string.contains("${")) {
                for (Attribute attribute : searchResultEntry.getAttributes()) {
                    string = StringUtils.replace(string, "${" + attribute.getName() + "}", attribute.getValue());
                }
                userModel.displayName = string;
            } else {
                Attribute attribute2 = searchResultEntry.getAttribute(string);
                if (attribute2 != null && attribute2.hasValue()) {
                    userModel.displayName = attribute2.getValue();
                }
            }
        }
        String string2 = this.settings.getString(Keys.realm.ldap.email, "");
        if (StringUtils.isEmpty(string2)) {
            return;
        }
        if (string2.contains("${")) {
            for (Attribute attribute3 : searchResultEntry.getAttributes()) {
                string2 = StringUtils.replace(string2, "${" + attribute3.getName() + "}", attribute3.getValue());
            }
            userModel.emailAddress = string2;
            return;
        }
        Attribute attribute4 = searchResultEntry.getAttribute(string2);
        if (attribute4 == null || !attribute4.hasValue()) {
            return;
        }
        userModel.emailAddress = attribute4.getValue();
    }

    private void getTeamsFromLdap(LDAPConnection lDAPConnection, String str, SearchResultEntry searchResultEntry, UserModel userModel) {
        String dn = searchResultEntry.getDN();
        userModel.teams.clear();
        String string = this.settings.getString(Keys.realm.ldap.groupBase, "");
        String replace = StringUtils.replace(StringUtils.replace(this.settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))"), "${dn}", escapeLDAPSearchFilter(dn)), "${username}", escapeLDAPSearchFilter(str));
        for (Attribute attribute : searchResultEntry.getAttributes()) {
            replace = StringUtils.replace(replace, "${" + attribute.getName() + "}", escapeLDAPSearchFilter(attribute.getValue()));
        }
        SearchResult doSearch = doSearch(lDAPConnection, string, replace);
        if (doSearch == null || doSearch.getEntryCount() <= 0) {
            return;
        }
        for (int i = 0; i < doSearch.getEntryCount(); i++) {
            SearchResultEntry searchResultEntry2 = (SearchResultEntry) doSearch.getSearchEntries().get(i);
            TeamModel teamModel = getTeamModel(searchResultEntry2.getAttribute("cn").getValue());
            if (teamModel == null) {
                teamModel = createTeamFromLdap(searchResultEntry2);
            }
            userModel.teams.add(teamModel);
            teamModel.addUser(userModel.getName());
        }
    }

    private TeamModel createTeamFromLdap(SearchResultEntry searchResultEntry) {
        return new TeamModel(searchResultEntry.getAttributeValue("cn"));
    }

    private SearchResult doSearch(LDAPConnection lDAPConnection, String str, String str2) {
        try {
            return lDAPConnection.search(str, SearchScope.SUB, str2, new String[0]);
        } catch (LDAPSearchException e) {
            logger.error("Problem Searching LDAP", e);
            return null;
        }
    }

    private boolean isAuthenticated(LDAPConnection lDAPConnection, String str, String str2) {
        try {
            lDAPConnection.bind(str, str2);
            return true;
        } catch (LDAPException e) {
            logger.error("Error authenticating user", e);
            return false;
        }
    }

    protected String getSimpleUsername(String str) {
        int lastIndexOf = str.lastIndexOf(92);
        if (lastIndexOf > -1) {
            str = str.substring(lastIndexOf + 1);
        }
        return str;
    }

    public static final String escapeLDAPSearchFilter(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }
}
