package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.domain.management.AuthenticationMechanism;
import org.jboss.as.domain.management.DomainManagementLogger;
import org.jboss.as.domain.management.DomainManagementMessages;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.connections.ConnectionManager;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.jboss.sasl.callback.VerifyPasswordCallback;

/* loaded from: input_file:org/jboss/as/domain/management/security/UserLdapCallbackHandler.class */
public class UserLdapCallbackHandler implements Service<CallbackHandlerService>, CallbackHandlerService, CallbackHandler {
    public static final String SERVICE_SUFFIX = "ldap";
    public static final String DEFAULT_USER_DN = "dn";
    private final String baseDn;
    private final String usernameAttribute;
    private final String advancedFilter;
    private final boolean recursive;
    private final String userDn;
    private final boolean allowEmptyPassword;
    private final InjectedValue<ConnectionManager> connectionManager = new InjectedValue<>();
    protected final int searchTimeLimit = 10000;

    public UserLdapCallbackHandler(String str, String str2, String str3, boolean z, String str4, boolean z2) {
        this.baseDn = str;
        if (str2 == null && str3 == null) {
            throw DomainManagementMessages.MESSAGES.oneOfRequired("username-attribute", "advanced-filter");
        }
        this.usernameAttribute = str2;
        this.advancedFilter = str3;
        this.recursive = z;
        this.userDn = str4;
        this.allowEmptyPassword = z2;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthenticationMechanism getPreferredMechanism() {
        return AuthenticationMechanism.PLAIN;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthenticationMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return Collections.singletonMap(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReady() {
        return true;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        return this;
    }

    public void start(StartContext startContext) throws StartException {
    }

    public void stop(StopContext stopContext) {
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public CallbackHandlerService m53getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    public InjectedValue<ConnectionManager> getConnectionManagerInjector() {
        return this.connectionManager;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        Attribute attribute;
        if (callbackArr.length == 1 && (callbackArr[0] instanceof AuthorizeCallback)) {
            AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[0];
            authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
            return;
        }
        ConnectionManager connectionManager = (ConnectionManager) this.connectionManager.getValue();
        String str = null;
        VerifyPasswordCallback verifyPasswordCallback = null;
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                str = ((NameCallback) callback).getDefaultName();
            } else if (callback instanceof RealmCallback) {
                continue;
            } else {
                if (!(callback instanceof VerifyPasswordCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                verifyPasswordCallback = (VerifyPasswordCallback) callback;
            }
        }
        if (str == null || str.length() == 0) {
            throw DomainManagementMessages.MESSAGES.noUsername();
        }
        if (verifyPasswordCallback == null) {
            throw DomainManagementMessages.MESSAGES.noPassword();
        }
        String password = verifyPasswordCallback.getPassword();
        if (password == null || (!this.allowEmptyPassword && password.length() == 0)) {
            throw DomainManagementMessages.MESSAGES.noPassword();
        }
        try {
            try {
                InitialDirContext initialDirContext = (InitialDirContext) connectionManager.getConnection();
                SearchControls searchControls = new SearchControls();
                if (this.recursive) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(new String[]{this.userDn});
                searchControls.setTimeLimit(10000);
                NamingEnumeration search = initialDirContext.search(this.baseDn, this.usernameAttribute != null ? "(" + this.usernameAttribute + "={0})" : this.advancedFilter, new Object[]{str}, searchControls);
                if (!search.hasMore()) {
                    throw DomainManagementMessages.MESSAGES.userNotFoundInDirectory(str);
                }
                String str2 = null;
                SearchResult searchResult = (SearchResult) search.next();
                Attributes attributes = searchResult.getAttributes();
                if (attributes != null && (attribute = attributes.get(this.userDn)) != null) {
                    str2 = (String) attribute.get();
                }
                if (str2 == null) {
                    if (!searchResult.isRelative()) {
                        throw DomainManagementMessages.MESSAGES.nameNotFound(searchResult.getName());
                    }
                    str2 = searchResult.getName() + ("".equals(this.baseDn) ? "" : "," + this.baseDn);
                }
                InitialDirContext initialDirContext2 = (InitialDirContext) connectionManager.getConnection(str2, password);
                if (initialDirContext2 != null) {
                    verifyPasswordCallback.setVerified(true);
                }
                safeClose(search);
                safeClose((Context) initialDirContext);
                safeClose((Context) initialDirContext2);
            } catch (Exception e) {
                DomainManagementLogger.ROOT_LOGGER.trace("Unable to verify identity.", e);
                throw DomainManagementMessages.MESSAGES.cannotPerformVerification(e);
            }
        } catch (Throwable th) {
            safeClose((NamingEnumeration) null);
            safeClose((Context) null);
            safeClose((Context) null);
            throw th;
        }
    }

    private void safeClose(Context context) {
        if (context != null) {
            try {
                context.close();
            } catch (Exception e) {
            }
        }
    }

    private void safeClose(NamingEnumeration namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (Exception e) {
            }
        }
    }
}
