package com.zimbra.cs.account.auth;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.auth.PasswordUtil;
import com.zimbra.cs.account.krb5.Krb5Login;
import com.zimbra.cs.account.krb5.Krb5Principal;
import com.zimbra.cs.account.ldap.LdapEntry;
import com.zimbra.cs.account.ldap.LdapProvisioning;
import com.zimbra.cs.account.ldap.ZimbraLdapContext;
import com.zimbra.cs.mailbox.OperationContextData;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism.class */
public abstract class AuthMechanism {
    protected String mAuthMech;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism$CustomAuth.class */
    public static class CustomAuth extends AuthMechanism {
        private String mHandlerName;
        private ZimbraCustomAuth mHandler;
        List<String> mArgs;

        CustomAuth(String str) {
            super(str);
            this.mHandlerName = OperationContextData.GranteeNames.EMPTY_NAME;
            int indexOf = this.mAuthMech.indexOf(58);
            if (indexOf != -1) {
                int indexOf2 = this.mAuthMech.indexOf(32);
                if (indexOf2 != -1) {
                    this.mHandlerName = this.mAuthMech.substring(indexOf + 1, indexOf2);
                    this.mArgs = new QuotedStringParser(this.mAuthMech.substring(indexOf2 + 1)).parse();
                    if (this.mArgs.size() == 0) {
                        this.mArgs = null;
                    }
                } else {
                    this.mHandlerName = this.mAuthMech.substring(indexOf + 1);
                }
                if (!StringUtil.isNullOrEmpty(this.mHandlerName)) {
                    this.mHandler = ZimbraCustomAuth.getHandler(this.mHandlerName);
                }
            }
            if (ZimbraLog.account.isDebugEnabled()) {
                StringBuffer stringBuffer = null;
                if (this.mArgs != null) {
                    stringBuffer = new StringBuffer();
                    Iterator<String> it = this.mArgs.iterator();
                    while (it.hasNext()) {
                        stringBuffer.append("[" + it.next() + "] ");
                    }
                }
                ZimbraLog.account.debug("CustomAuth: handlerName=" + this.mHandlerName + ", args=" + ((Object) stringBuffer));
            }
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public void doAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException {
            if (this.mHandler == null) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), "handler " + this.mHandlerName + " for custom auth for domain " + domain.getName() + " not found");
            }
            try {
                this.mHandler.authenticate(account, str, map, this.mArgs);
            } catch (Exception e) {
                if (e instanceof ServiceException) {
                    throw e;
                }
                String message = e.getMessage();
                String str2 = StringUtil.isNullOrEmpty(message) ? OperationContextData.GranteeNames.EMPTY_NAME : " (" + message + ")";
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map) + str2, str2, e);
            }
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public boolean checkPasswordAging() throws ServiceException {
            if (this.mHandler == null) {
                throw ServiceException.FAILURE("custom auth handler " + this.mHandlerName + " not found", (Throwable) null);
            }
            return this.mHandler.checkPasswordAging();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism$Kerberos5Auth.class */
    public static class Kerberos5Auth extends AuthMechanism {
        Kerberos5Auth(String str) {
            super(str);
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public void doAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException {
            String krb5Principal = Krb5Principal.getKrb5Principal(domain, account);
            if (krb5Principal == null) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), "cannot obtain principal for " + this.mAuthMech + " auth");
            }
            if (krb5Principal != null) {
                try {
                    Krb5Login.verifyPassword(krb5Principal, str);
                } catch (LoginException e) {
                    throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map) + "(kerberos5 principal: " + krb5Principal + ")", e.getMessage(), e);
                }
            }
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public boolean checkPasswordAging() throws ServiceException {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism$LdapAuth.class */
    public static class LdapAuth extends AuthMechanism {
        LdapAuth(String str) {
            super(str);
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public void doAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException {
            ldapProvisioning.externalLdapAuth(domain, this.mAuthMech, account, str, map);
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public boolean checkPasswordAging() throws ServiceException {
            return false;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism$QuotedStringParser.class */
    static class QuotedStringParser {
        private String mInput;
        private static final String DELIM_WHITESPACE_AND_QUOTES = " \t\r\n\"";
        private static final String DELIM_QUOTES_ONLY = "\"";

        public QuotedStringParser(String str) {
            if (str == null) {
                throw new IllegalArgumentException("Search Text cannot be null.");
            }
            this.mInput = str;
        }

        public List<String> parse() {
            ArrayList arrayList = new ArrayList();
            String str = DELIM_WHITESPACE_AND_QUOTES;
            StringTokenizer stringTokenizer = new StringTokenizer(this.mInput, str, true);
            boolean z = false;
            boolean z2 = false;
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken(str);
                if (isDoubleQuote(nextToken)) {
                    str = flipDelimiters(str);
                    if (z && !z2) {
                        arrayList.add(OperationContextData.GranteeNames.EMPTY_NAME);
                    }
                    z = !z;
                    z2 = false;
                } else if (!str.contains(nextToken)) {
                    arrayList.add(nextToken);
                    z2 = true;
                }
            }
            return arrayList;
        }

        private boolean isDoubleQuote(String str) {
            return str.equals(DELIM_QUOTES_ONLY);
        }

        private String flipDelimiters(String str) {
            return str.equals(DELIM_WHITESPACE_AND_QUOTES) ? DELIM_QUOTES_ONLY : DELIM_WHITESPACE_AND_QUOTES;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/auth/AuthMechanism$ZimbraAuth.class */
    public static class ZimbraAuth extends AuthMechanism {
        ZimbraAuth(String str) {
            super(str);
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public boolean isZimbraAuth() {
            return true;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public void doAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException {
            String attr = account.getAttr(ZAttrProvisioning.A_userPassword);
            if (attr == null) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), "missing userPassword");
            }
            if (PasswordUtil.SSHA.isSSHA(attr)) {
                if (!PasswordUtil.SSHA.verifySSHA(attr, str)) {
                    throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), "invalid password");
                }
                return;
            }
            if (!(account instanceof LdapEntry)) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map));
            }
            try {
                ZimbraLdapContext.ldapAuthenticate(((LdapEntry) account).getDN(), str);
            } catch (NamingException e) {
                throw ServiceException.FAILURE(e.getMessage(), e);
            } catch (AuthenticationNotSupportedException e2) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), e2.getMessage(), e2);
            } catch (AuthenticationException e3) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), namePassedIn(map), e3.getMessage(), e3);
            } catch (IOException e4) {
                throw ServiceException.FAILURE(e4.getMessage(), e4);
            }
        }

        @Override // com.zimbra.cs.account.auth.AuthMechanism
        public boolean checkPasswordAging() throws ServiceException {
            return true;
        }
    }

    protected AuthMechanism(String str) {
        this.mAuthMech = str;
    }

    public static AuthMechanism makeInstance(Account account) throws ServiceException {
        String attr;
        String str = "zimbra";
        Domain domain = Provisioning.getInstance().getDomain(account);
        if (domain != null && (attr = domain.getAttr(ZAttrProvisioning.A_zimbraAuthMech)) != null) {
            str = attr;
        }
        if (str.equals("zimbra")) {
            return new ZimbraAuth(str);
        }
        if (str.equals(Provisioning.AM_LDAP) || str.equals(Provisioning.AM_AD)) {
            return new LdapAuth(str);
        }
        if (str.equals("kerberos5")) {
            return new Kerberos5Auth(str);
        }
        if (str.startsWith(Provisioning.AM_CUSTOM)) {
            return new CustomAuth(str);
        }
        ZimbraLog.account.warn("unknown value for zimbraAuthMech: " + str + ", falling back to default mech");
        return new ZimbraAuth(str);
    }

    public static void doZimbraAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException {
        new ZimbraAuth("zimbra").doAuth(ldapProvisioning, domain, account, str, map);
    }

    public boolean isZimbraAuth() {
        return false;
    }

    public abstract boolean checkPasswordAging() throws ServiceException;

    public abstract void doAuth(LdapProvisioning ldapProvisioning, Domain domain, Account account, String str, Map<String, Object> map) throws ServiceException;

    public String getMechanism() {
        return this.mAuthMech;
    }

    public static String namePassedIn(Map<String, Object> map) {
        String str;
        if (map != null) {
            str = (String) map.get(AuthContext.AC_ACCOUNT_NAME_PASSEDIN);
            if (str == null) {
                str = OperationContextData.GranteeNames.EMPTY_NAME;
            }
        } else {
            str = OperationContextData.GranteeNames.EMPTY_NAME;
        }
        return str;
    }

    public static void main(String[] strArr) {
        int i = 0;
        Iterator<String> it = new QuotedStringParser("http://blah.com:123    green \" ocean blue   \"  \"\" yelllow \"\"").parse().iterator();
        while (it.hasNext()) {
            i++;
            System.out.format("%d [%s]\n", Integer.valueOf(i), it.next());
        }
        new CustomAuth("custom:sample http://blah.com:123    green \" ocean blue   \"  \"\" yelllow \"\"");
    }
}
