package org.ow2.proactive.authentication;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
import org.ow2.proactive.authentication.principals.GroupNamePrincipal;
import org.ow2.proactive.authentication.principals.UserNamePrincipal;

/* loaded from: input_file:org/ow2/proactive/authentication/LDAP2LoginModule.class */
public abstract class LDAP2LoginModule extends FileLoginModule implements Loggable {
    private final Logger logger = getLogger();
    private LDAP2Properties ldapProperties = new LDAP2Properties(getLDAPConfigFileName());
    private final String ANONYMOUS_LDAP_CONNECTION = "none";
    private final String SSL_KEYSTORE_PATH_PROPERTY = "javax.net.ssl.keyStore";
    private final String SSL_KEYSTORE_PASSWD_PROPERTY = "javax.net.ssl.keyStorePassword";
    private final String SSL_TRUSTSTORE_PATH_PROPERTY = "javax.net.ssl.trustStore";
    private final String SSL_TRUSTSTORE_PASSWD_PROPERTY = "javax.net.ssl.trustStorePassword";
    private final String LDAP_URL = this.ldapProperties.getProperty(LDAP2Properties.LDAP_URL);
    private final String BASE_DN = this.ldapProperties.getProperty(LDAP2Properties.LDAP_USERS_SUBTREE);
    private final String AUTHENTICATION_METHOD = this.ldapProperties.getProperty(LDAP2Properties.LDAP_AUTHENTICATION_METHOD);
    private final String BIND_LOGIN = this.ldapProperties.getProperty(LDAP2Properties.LDAP_BIND_LOGIN);
    private String BIND_PASSWD = this.ldapProperties.getProperty(LDAP2Properties.LDAP_BIND_PASSWD);
    private boolean fallbackUserAuth = Boolean.valueOf(this.ldapProperties.getProperty(LDAP2Properties.FALLBACK_USER_AUTH)).booleanValue();
    private boolean fallbackGroupMembership = Boolean.valueOf(this.ldapProperties.getProperty(LDAP2Properties.FALLBACK_GROUP_MEMBERSHIP)).booleanValue();
    private boolean succeeded = false;

    public LDAP2LoginModule() {
        if (this.fallbackUserAuth) {
            checkLoginFile();
            checkGroupFile();
            this.logger.info("Using Login file for fall back authentication at : " + this.loginFile);
            this.logger.info("Using Group file for fall back group membership at : " + this.groupFile);
        } else if (this.fallbackGroupMembership) {
            checkGroupFile();
            this.logger.info("Using Group file for fall back group membership at : " + this.groupFile);
        }
        String property = this.ldapProperties.getProperty(LDAP2Properties.LDAP_KEYSTORE_PATH);
        if (property != null && !alreadyDefined("javax.net.ssl.keyStore", property)) {
            System.setProperty("javax.net.ssl.keyStore", property);
            System.setProperty("javax.net.ssl.keyStorePassword", this.ldapProperties.getProperty(LDAP2Properties.LDAP_KEYSTORE_PASSWD));
        }
        String property2 = this.ldapProperties.getProperty(LDAP2Properties.LDAP_TRUSTSTORE_PATH);
        if (property2 == null || alreadyDefined("javax.net.ssl.trustStore", property2)) {
            return;
        }
        System.setProperty("javax.net.ssl.trustStore", property2);
        System.setProperty("javax.net.ssl.trustStorePassword", this.ldapProperties.getProperty(LDAP2Properties.LDAP_TRUSTSTORE_PASSWD));
    }

    private boolean alreadyDefined(String str, String str2) {
        if (str == null || str.length() == 0) {
            return false;
        }
        String property = System.getProperty(str);
        if (System.getProperty(str) == null || property.equals(str2)) {
            return false;
        }
        this.logger.warn("Property " + str + " is already defined");
        this.logger.warn("Using old value " + str2);
        return true;
    }

    @Override // org.ow2.proactive.authentication.FileLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Using LDAP : " + this.LDAP_URL);
        }
    }

    @Override // org.ow2.proactive.authentication.FileLoginModule
    public boolean login() throws LoginException {
        this.succeeded = false;
        if (this.callbackHandler == null) {
            throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
        }
        try {
            Callback[] callbackArr = {new NoCallback()};
            this.callbackHandler.handle(callbackArr);
            Map<String, Object> map = ((NoCallback) callbackArr[0]).get();
            String str = (String) map.get("username");
            String str2 = (String) map.get("pw");
            map.clear();
            ((NoCallback) callbackArr[0]).clear();
            if (str == null) {
                this.logger.info("No username has been specified for authentication");
                throw new FailedLoginException("No username has been specified for authentication");
            }
            this.succeeded = logUser(str, str2);
            return this.succeeded;
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("Error: " + e2.getCallback().toString() + " not available to garner authentication information from the user");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.ow2.proactive.authentication.FileLoginModule
    public boolean logUser(String str, String str2) throws LoginException {
        try {
            String lDAPUserDN = getLDAPUserDN(str);
            if (lDAPUserDN == null) {
                this.logger.info("user entry not found in subtree " + this.BASE_DN + " for user " + str);
                if (!this.fallbackUserAuth) {
                    throw new FailedLoginException("User name doesn't exists");
                }
                this.logger.info("fall back to file authentication for user : " + str);
                return super.logUser(str, str2);
            }
            if (!checkLDAPPassword(lDAPUserDN, str2)) {
                this.logger.info("password verification failed for user : " + str);
                throw new FailedLoginException("Password Incorrect");
            }
            if (!this.logger.isDebugEnabled()) {
                return true;
            }
            this.logger.debug("authentication succeeded, checking group");
            return true;
        } catch (NamingException e) {
            this.logger.error("", e);
            throw new FailedLoginException("Cannot connect to LDAP server");
        }
    }

    @Override // org.ow2.proactive.authentication.FileLoginModule
    public boolean commit() throws LoginException {
        return this.succeeded;
    }

    @Override // org.ow2.proactive.authentication.FileLoginModule
    public boolean abort() throws LoginException {
        boolean z = this.succeeded;
        this.succeeded = false;
        return z;
    }

    @Override // org.ow2.proactive.authentication.FileLoginModule
    public boolean logout() throws LoginException {
        this.succeeded = false;
        return true;
    }

    private boolean checkLDAPPassword(String str, String str2) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("check password for user : " + str);
        }
        hashtable.put("java.naming.provider.url", this.LDAP_URL);
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        try {
            try {
                new InitialDirContext(hashtable).close();
                return true;
            } catch (NamingException e) {
                this.logger.error("Problem closing secure connection : " + e);
                return true;
            }
        } catch (NamingException e2) {
            this.logger.error("Problem checkin user password, user password may be wrong : " + e2);
            return false;
        }
    }

    private String getLDAPUserDN(String str) throws NamingException {
        String str2 = null;
        DirContext dirContext = null;
        try {
            try {
                DirContext connectAndGetContext = connectAndGetContext();
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = connectAndGetContext.search(this.BASE_DN, String.format(this.ldapProperties.getProperty(LDAP2Properties.LDAP_USER_FILTER), str), searchControls);
                if (search.hasMoreElements()) {
                    str2 = ((SearchResult) search.next()).getNameInNamespace();
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("User " + str + " has LDAP entry " + str2);
                    }
                    this.subject.getPrincipals().add(new UserNamePrincipal(str));
                    NamingEnumeration search2 = connectAndGetContext.search(this.BASE_DN, String.format(this.ldapProperties.getProperty(LDAP2Properties.LDAP_GROUP_FILTER), str2), searchControls);
                    while (search2.hasMoreElements()) {
                        Attribute attribute = ((SearchResult) search2.next()).getAttributes().get(this.ldapProperties.getProperty(LDAP2Properties.LDAP_GROUPNAME_ATTR));
                        if (attribute != null) {
                            String obj = attribute.get().toString();
                            this.subject.getPrincipals().add(new GroupNamePrincipal(obj));
                            if (this.logger.isDebugEnabled()) {
                                this.logger.debug("User " + str + " is a member of group " + obj);
                            }
                        }
                    }
                } else if (this.logger.isDebugEnabled()) {
                    this.logger.debug("User DN not found");
                }
                if (connectAndGetContext != null) {
                    try {
                        connectAndGetContext.close();
                    } catch (NamingException e) {
                        this.logger.error("", e);
                        this.logger.error("Problem closing LDAP connection : " + e.getMessage());
                    }
                }
                return str2;
            } catch (NamingException e2) {
                this.logger.error("Problem with the search in mode : " + this.AUTHENTICATION_METHOD + e2);
                throw e2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                    this.logger.error("", e3);
                    this.logger.error("Problem closing LDAP connection : " + e3.getMessage());
                    throw th;
                }
            }
            throw th;
        }
    }

    private DirContext connectAndGetContext() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.security.authentication", this.AUTHENTICATION_METHOD);
        hashtable.put("java.naming.provider.url", this.LDAP_URL);
        if (!this.AUTHENTICATION_METHOD.equals("none")) {
            hashtable.put("java.naming.security.principal", this.BIND_LOGIN);
            hashtable.put("java.naming.security.credentials", this.BIND_PASSWD);
        }
        return new InitialDirContext(hashtable);
    }

    protected abstract String getLDAPConfigFileName();

    public static void main(String[] strArr) {
    }
}
