package com.gentics.portalnode.auth.manager;

import com.gentics.api.lib.auth.GenticsUser;
import com.gentics.api.lib.datasource.Datasource;
import com.gentics.api.lib.datasource.DatasourceNotAvailableException;
import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.ParserException;
import com.gentics.lib.datasource.LDAPDatasourceRow;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.parser.rule.DefaultRuleTree;
import com.gentics.portalnode.auth.AbstractAuthenticationManager;
import com.gentics.portalnode.auth.AuthenticationSTRUCT;
import com.gentics.portalnode.auth.FieldMapping;
import com.gentics.portalnode.user.LDAPUser;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.json.util.JSONUtils;

/* loaded from: input_file:WEB-INF/lib/node-lib-1.18.2.jar:com/gentics/portalnode/auth/manager/LDAPAuthenticationManager.class */
public class LDAPAuthenticationManager extends AbstractAuthenticationManager implements Serializable {
    private String userDNAttribute;
    private String userPasswordAttribute;
    private String ldapDatasourceName;
    private Datasource ldapDatasource;
    private String ldapHost;
    private String filterRule;
    private int ldapPort;
    private int ldapVersion;

    @Override // com.gentics.portalnode.auth.AbstractAuthenticationManager, com.gentics.portalnode.auth.AuthenticationSystem
    public boolean init(AuthenticationSTRUCT authenticationSTRUCT) {
        super.init(authenticationSTRUCT);
        Map parameterMap = authenticationSTRUCT.getParameterMap();
        this.userDNAttribute = ObjectTransformer.getString(parameterMap.get("userDNAttribute"), "");
        this.userPasswordAttribute = ObjectTransformer.getString(parameterMap.get("userPasswordAttribute"), "");
        this.ldapDatasourceName = ObjectTransformer.getString(parameterMap.get("ldapDatasourceName"), "");
        this.ldapHost = ObjectTransformer.getString(parameterMap.get("ldapHost"), "localhost");
        this.ldapVersion = parameterMap.get("ldapVersion") == null ? 3 : Integer.parseInt((String) parameterMap.get("ldapVersion"));
        this.ldapPort = parameterMap.get("ldapPort") == null ? 389 : Integer.parseInt((String) parameterMap.get("ldapPort"));
        this.filterRule = ObjectTransformer.getString(parameterMap.get("filterRule"), "");
        return true;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public GenticsUser checkAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GenticsUser genticsUser, HashMap hashMap) {
        Collection result;
        String replaceAll;
        String parameter = httpServletRequest.getParameter("p." + getLoginRequestParameter());
        String parameter2 = httpServletRequest.getParameter("p." + getPasswordRequestParameter());
        HttpSession session = httpServletRequest.getSession();
        String str = "LDAPUser." + getClass().toString();
        Object attribute = session.getAttribute(str);
        if (attribute instanceof LDAPUser) {
            String parameter3 = httpServletRequest.getParameter("p." + getLogoutRequestParameter());
            if (parameter3 == null || !parameter3.equals(getLogoutRequestValue())) {
                return (GenticsUser) attribute;
            }
            session.removeAttribute(str);
            return null;
        }
        if (StringUtils.isEmpty(parameter)) {
            return null;
        }
        this.ldapDatasource = getProvider().createDatasource(this.ldapDatasourceName);
        if (null == this.ldapDatasource) {
            this.logger.error("Configured ldapDatasource `" + this.ldapDatasourceName + "` is not a valid LDAPDatasource.");
            return null;
        }
        DefaultRuleTree defaultRuleTree = new DefaultRuleTree();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("name", parameter);
        hashMap2.put("pass", parameter2);
        defaultRuleTree.addResolver(AbstractAuthenticationManager.LOGIN_ATTRIBUTE, hashMap2);
        try {
            if (StringUtils.isEmpty(this.filterRule)) {
                replaceAll = "object." + this.userDNAttribute + " == login.name";
            } else {
                if (this.filterRule.indexOf("$loginName") >= 0 || this.filterRule.indexOf("$loginPass") >= 0) {
                    this.logger.warn("Your filterRule {" + this.filterRule + "} contains $loginName or $loginPass, which are deprecated. Use the variables login.name and/or login.pass instead.");
                }
                replaceAll = this.filterRule.replaceAll("\\$loginName", parameter).replaceAll("\\$loginPass", parameter2);
            }
            defaultRuleTree.parse(replaceAll);
        } catch (ParserException e) {
            this.logger.error("Unable to parse login filter rule", e);
        }
        this.ldapDatasource.setRuleTree(defaultRuleTree);
        FieldMapping[] mappings = this.authenticationStruct.getMappings();
        if (mappings.length > 0) {
            String[] strArr = new String[mappings.length];
            for (int i = 0; i < mappings.length; i++) {
                strArr[i] = mappings[i].FieldName;
            }
            this.ldapDatasource.setAttributeNames(strArr);
        }
        HashMap hashMap3 = null;
        try {
            result = this.ldapDatasource.getResult();
        } catch (DatasourceNotAvailableException e2) {
            this.logger.error("LDAP datasource is not availabe", e2);
        }
        if (result == null || 0 == result.size()) {
            this.logger.warn("LDAP result is null.");
            return null;
        }
        Iterator it = result.iterator();
        LDAPDatasourceRow lDAPDatasourceRow = it.hasNext() ? (LDAPDatasourceRow) it.next() : null;
        if (lDAPDatasourceRow == null) {
            this.logger.warn("LDAP row is null - could not find a corresponding user for loginName `" + parameter + "`");
            return null;
        }
        hashMap3 = lDAPDatasourceRow.getMap();
        String ldapBind = ldapBind((String) hashMap3.get("name"), parameter2);
        if (ldapBind == null || hashMap3 == null) {
            return null;
        }
        LDAPUser lDAPUser = new LDAPUser(ldapBind, parameter, hashMap3, this);
        session.setAttribute(str, lDAPUser);
        hashMap.put(str, lDAPUser);
        return lDAPUser;
    }

    public Datasource getLDAPDS() {
        return this.ldapDatasource;
    }

    public String getUserDNAttribute() {
        return this.userDNAttribute;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public boolean validateUser(GenticsUser genticsUser) {
        return genticsUser instanceof LDAPUser;
    }

    private String ldapBind(String str, String str2) {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            return null;
        }
        String str3 = null;
        LDAPConnection lDAPConnection = new LDAPConnection();
        try {
            lDAPConnection.connect(this.ldapHost, this.ldapPort);
        } catch (LDAPException e) {
            this.logger.fatal("LDAP server unreachable", e);
        }
        try {
            lDAPConnection.bind(this.ldapVersion, str, str2.getBytes("UTF8"));
            str3 = str;
        } catch (LDAPException e2) {
            if (this.logger.isInfoEnabled()) {
                this.logger.info("wrong LDAP password specified", e2);
            }
        } catch (UnsupportedEncodingException e3) {
            this.logger.error("LDAP password conversion failed '" + str2 + JSONUtils.SINGLE_QUOTE, e3);
        }
        try {
            lDAPConnection.disconnect();
        } catch (LDAPException e4) {
            this.logger.error("LDAP disconnect failed", e4);
        }
        return str3;
    }
}
