package org.apache.dolphinscheduler.api.security.impl.ldap;

import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.ldap.support.filter.EqualsFilter;
import org.springframework.stereotype.Component;

@Configuration
@Component
/* loaded from: input_file:org/apache/dolphinscheduler/api/security/impl/ldap/LdapService.class */
public class LdapService {
    private static final Logger logger = LoggerFactory.getLogger(LdapService.class);

    @Value("${security.authentication.ldap.user.admin:#{null}}")
    private String adminUserId;

    @Value("${security.authentication.ldap.urls:#{null}}")
    private String ldapUrls;

    @Value("${security.authentication.ldap.base-dn:#{null}}")
    private String ldapBaseDn;

    @Value("${security.authentication.ldap.username:#{null}}")
    private String ldapSecurityPrincipal;

    @Value("${security.authentication.ldap.password:#{null}}")
    private String ldapPrincipalPassword;

    @Value("${security.authentication.ldap.user.identity-attribute:#{null}}")
    private String ldapUserIdentifyingAttribute;

    @Value("${security.authentication.ldap.user.email-attribute:#{null}}")
    private String ldapEmailAttribute;

    public UserType getUserType(String str) {
        return this.adminUserId.equalsIgnoreCase(str) ? UserType.ADMIN_USER : UserType.GENERAL_USER;
    }

    public String ldapLogin(String str, String str2) {
        Properties managerLdapEnv = getManagerLdapEnv();
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(managerLdapEnv, (Control[]) null);
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.ldapEmailAttribute});
            searchControls.setSearchScope(2);
            NamingEnumeration search = initialLdapContext.search(this.ldapBaseDn, new EqualsFilter(this.ldapUserIdentifyingAttribute, str).toString(), searchControls);
            if (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                NamingEnumeration all = searchResult.getAttributes().getAll();
                while (all.hasMore()) {
                    managerLdapEnv.put("java.naming.security.principal", searchResult.getNameInNamespace());
                    managerLdapEnv.put("java.naming.security.credentials", str2);
                    try {
                        new InitialDirContext(managerLdapEnv);
                        Attribute attribute = (Attribute) all.next();
                        if (attribute.getID().equals(this.ldapEmailAttribute)) {
                            return (String) attribute.get();
                        }
                    } catch (Exception e) {
                        logger.warn("invalid ldap credentials or ldap search error", e);
                        return null;
                    }
                }
            }
            return null;
        } catch (NamingException e2) {
            logger.error("ldap search error", e2);
            return null;
        }
    }

    Properties getManagerLdapEnv() {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.security.authentication", "simple");
        properties.put("java.naming.security.principal", this.ldapSecurityPrincipal);
        properties.put("java.naming.security.credentials", this.ldapPrincipalPassword);
        properties.put("java.naming.provider.url", this.ldapUrls);
        return properties;
    }
}
