package org.hesperides.core.infrastructure.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.OperationNotSupportedException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.Rdn;
import org.hesperides.core.domain.security.AuthenticationProvider;
import org.hesperides.core.domain.security.UserRole;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.SpringSecurityLdapTemplate;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:BOOT-INF/lib/infrastructure-4.0.3.jar:org/hesperides/core/infrastructure/security/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends AbstractLdapAuthenticationProvider implements AuthenticationProvider {
    private LdapConfiguration ldapConfiguration;

    public LdapAuthenticationProvider(LdapConfiguration ldapConfiguration) {
        this.ldapConfiguration = ldapConfiguration;
    }

    @Override // org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        String name = usernamePasswordAuthenticationToken.getName();
        return searchUser(buildSearchContext(name, (String) usernamePasswordAuthenticationToken.getCredentials()), name);
    }

    private DirContext buildSearchContext(String str, String str2) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.ldapConfiguration.getUrl());
        hashtable.put("java.naming.factory.object", DefaultDirObjectFactory.class.getName());
        hashtable.put("com.sun.jndi.ldap.connect.timeout", this.ldapConfiguration.getConnectTimeout());
        hashtable.put("com.sun.jndi.ldap.read.timeout", this.ldapConfiguration.getReadTimeout());
        hashtable.put("java.naming.security.principal", String.format("%s\\%s", this.ldapConfiguration.getDomain(), str));
        hashtable.put("java.naming.security.credentials", str2);
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (NamingException e) {
            throw LdapUtils.convertLdapException(e);
        } catch (AuthenticationException | OperationNotSupportedException e2) {
            throw badCredentials(e2);
        }
    }

    private DirContextOperations searchUser(DirContext dirContext, String str) {
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                DirContextOperations searchForSingleEntryInternal = SpringSecurityLdapTemplate.searchForSingleEntryInternal(dirContext, searchControls, this.ldapConfiguration.getUserSearchBase(), String.format("(%s=%s)", this.ldapConfiguration.getUsernameAttribute(), str), new Object[]{str});
                LdapUtils.closeContext(dirContext);
                return searchForSingleEntryInternal;
            } catch (NamingException e) {
                throw badCredentials(e);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    private BadCredentialsException badCredentials(Throwable th) {
        return (BadCredentialsException) badCredentials().initCause(th);
    }

    private BadCredentialsException badCredentials() {
        return new BadCredentialsException(this.messages.getMessage("LdapAuthenticationProvider.badCredentials", "Bad credentials"));
    }

    @Override // org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations dirContextOperations, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        String[] stringAttributes = dirContextOperations.getStringAttributes("memberOf");
        if (hasGroup(stringAttributes, this.ldapConfiguration.getProdGroupName())) {
            arrayList.add(new SimpleGrantedAuthority(UserRole.PROD));
        }
        if (hasGroup(stringAttributes, this.ldapConfiguration.getTechGroupName())) {
            arrayList.add(new SimpleGrantedAuthority(UserRole.TECH));
        }
        return arrayList;
    }

    private boolean hasGroup(String[] strArr, String str) {
        boolean z = false;
        if (strArr != null && StringUtils.hasText(str)) {
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.equalsIgnoreCase(getCommonName(strArr[i]))) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private String getCommonName(String str) {
        String str2 = null;
        Rdn rdn = LdapUtils.getRdn(LdapUtils.newLdapName(str), "cn");
        if (rdn != null && rdn.getValue() != null) {
            str2 = rdn.getValue().toString();
        }
        return str2;
    }
}
