package com.inet.authentication.ldap;

import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.LoginRoles;
import com.inet.authentication.base.BasicLoginProcessor;
import com.inet.config.ConfigurationManager;
import com.inet.lib.json.Json;
import com.inet.lib.json.JsonParameterizedType;
import com.inet.lib.util.Encryption;
import com.inet.lib.util.NetworkFunctions;
import com.inet.lib.util.StringFunctions;
import com.inet.shared.utils.TrustAllSSLSocketFactory;
import com.inet.usersandgroups.UsersAndGroups;
import com.inet.usersandgroups.api.user.MutableUserData;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserManager;
import java.lang.reflect.Type;
import java.net.InetAddress;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapName;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@SuppressFBWarnings(value = {"LDAP_INJECTION"}, justification = "user input is escaped via LdapUtils.escapeLDAPSearchFilter")
/* loaded from: input_file:com/inet/authentication/ldap/b.class */
public class b extends BasicLoginProcessor implements LoginRoles {
    private static Set<String> b;
    private final String c;
    private final Set<String> d;
    private final boolean e;
    private String f;
    private HashSet<String> g;
    private HashSet<String> h;
    private Hashtable<String, String> i;
    private String j;
    private String k;
    private String l;
    private String m;
    private String n;
    private String o;
    private String p;
    private String q;

    public b(AuthenticationDescription authenticationDescription, String str, boolean z, String str2, String str3, String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7) {
        super(authenticationDescription);
        this.d = a(str);
        this.e = z;
        this.c = (str2 == null || str2.trim().isEmpty()) ? "" : str2.trim() + "\\";
        this.m = str3;
        this.n = str4;
        this.o = str5;
        this.p = str6;
        this.q = str7;
    }

    @Nonnull
    public static Set<String> a(String str) {
        if (StringFunctions.isEmpty(str) || "[]".equals(str)) {
            return b();
        }
        if (!str.startsWith("[[")) {
            return str.startsWith("[") ? (Set) new Json().fromJson(str, LinkedHashSet.class) : Collections.singleton(str);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator it = ((List) new Json().fromJson(str, new JsonParameterizedType(List.class, new Type[]{List.class}))).iterator();
        while (it.hasNext()) {
            linkedHashSet.add((String) ((List) it.next()).get(0));
        }
        return linkedHashSet;
    }

    @Nonnull
    public String getLoginSource() {
        return "system";
    }

    @Nonnull
    @SuppressFBWarnings(value = {"LDAP_ANONYMOUS"}, justification = "only base settings")
    public Hashtable<String, String> b(String str) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        if (StringFunctions.isEmpty(this.m)) {
            hashtable.put("java.naming.security.authentication", "none");
        } else {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", this.m);
            hashtable.put("java.naming.security.credentials", Encryption.decrypt(this.n));
        }
        hashtable.put("com.sun.jndi.ldap.read.timeout", "5000");
        if (this.e && str.startsWith("ldaps:")) {
            hashtable.put("java.naming.ldap.factory.socket", TrustAllSSLSocketFactory.class.getName());
        }
        hashtable.put("java.naming.ldap.attributes.binary", "objectSid");
        return hashtable;
    }

    protected boolean transferClientLoginData(@Nonnull String str, @Nonnull String str2, @Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse) throws Exception {
        if (str2.isEmpty()) {
            requestLoginData(httpServletRequest, httpServletResponse);
            return false;
        }
        String replace = str.replace('/', '\\');
        if (!replace.contains("\\")) {
            replace = this.c + replace;
        }
        InitialLdapContext initialLdapContext = null;
        for (String str3 : this.d) {
            LOGGER.debug(str3);
            this.i = b(str3);
            this.i.put("java.naming.security.authentication", "simple");
            this.i.put("java.naming.security.principal", replace);
            this.i.put("java.naming.security.credentials", str2);
            try {
                initialLdapContext = a();
                break;
            } catch (AuthenticationException e) {
                LOGGER.debug(e);
                this.i = null;
                return true;
            } catch (CommunicationException e2) {
                LOGGER.debug(e2);
                this.i = null;
            }
        }
        if (initialLdapContext == null) {
            return true;
        }
        this.f = replace;
        a(initialLdapContext);
        initialLdapContext.close();
        return true;
    }

    @Nonnull
    public InitialLdapContext a() throws NamingException {
        String str;
        if (this.i == null) {
            throw new AuthenticationException("Authentication not done yet");
        }
        try {
            return new InitialLdapContext(this.i, (Control[]) null);
        } catch (InvalidNameException e) {
            String str2 = this.i.get("java.naming.security.principal");
            String[] split = str2.split("\\\\", 2);
            if (split.length == 2) {
                str = split[0];
                str2 = split[1];
            } else {
                str = null;
            }
            if (str2.contains("=")) {
                LOGGER.debug(e);
                throw new AuthenticationException("Qualified name is invalid");
            }
            InitialLdapContext initialLdapContext = new InitialLdapContext(b(this.i.get("java.naming.provider.url")), (Control[]) null);
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[0]);
            searchControls.setSearchScope(2);
            boolean z = false;
            for (String str3 : c.a(initialLdapContext, this.o)) {
                if (str == null || a(str3, str)) {
                    z = true;
                    if (!StringFunctions.isEmpty(this.p)) {
                        str3 = this.p + "," + str3;
                    }
                    String str4 = "(&(objectClass=person)(uid=" + c.d(str2) + "))";
                    LOGGER.debug("LDAP search: " + str4 + " in " + str3);
                    NamingEnumeration search = initialLdapContext.search(str3, str4, searchControls);
                    if (search.hasMoreElements()) {
                        String nameInNamespace = ((SearchResult) search.nextElement()).getNameInNamespace();
                        LOGGER.debug("Retrieved fullname via search: " + nameInNamespace);
                        if (nameInNamespace != null) {
                            this.i.put("java.naming.security.principal", nameInNamespace);
                            InitialLdapContext initialLdapContext2 = new InitialLdapContext(this.i, (Control[]) null);
                            if (StringFunctions.isEmpty(this.m)) {
                                return initialLdapContext2;
                            }
                            initialLdapContext2.close();
                            return initialLdapContext;
                        }
                    } else {
                        continue;
                    }
                }
            }
            if (z) {
                throw new AuthenticationException("UID not found");
            }
            throw new AuthenticationException("No matching LDAP root found for domain: " + str);
        }
    }

    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.f = null;
        super.requestLoginData(httpServletRequest, httpServletResponse);
    }

    public String getLoginID() {
        return this.f;
    }

    public boolean isWebUserInRole(String str) {
        if (this.h == null) {
            this.h = new HashSet<>();
            Iterator<String> it = getRoles().iterator();
            while (it.hasNext()) {
                this.h.add(it.next().toLowerCase());
            }
        }
        return this.h.contains(str.toLowerCase());
    }

    @Nonnull
    public Set<String> getRoles() {
        if (this.g == null) {
            this.g = new HashSet<>();
        }
        return this.g;
    }

    private void a(InitialLdapContext initialLdapContext) {
        Object obj;
        String c;
        if (this.g == null) {
            this.g = new HashSet<>();
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{"memberOf", "primaryGroupId", "sAMAccountName", "mail", "givenName", "sn", "objectSid", "msDS-PrincipalName"});
                searchControls.setSearchScope(2);
                int indexOf = this.f.indexOf(92);
                String substring = indexOf >= 0 ? this.f.substring(indexOf + 1) : this.f;
                String substring2 = indexOf >= 0 ? this.f.substring(0, indexOf) : null;
                SearchResult searchResult = null;
                String d = c.d(substring);
                String str = "(|(&(objectCategory=person)(sAMAccountName=" + d + "))(&(objectClass=person)(uid=" + d + "))(&(objectClass=person)(userPrincipalName=" + d + ")))";
                for (String str2 : c.a(initialLdapContext, this.o)) {
                    HashSet hashSet = new HashSet();
                    String str3 = str2;
                    if (!StringFunctions.isEmpty(this.p)) {
                        str3 = this.p + "," + str3;
                    }
                    LOGGER.debug("LDAP search: " + str + " in " + str3);
                    NamingEnumeration search = initialLdapContext.search(str3, str, searchControls);
                    if (search.hasMoreElements()) {
                        searchResult = (SearchResult) search.nextElement();
                        Attributes attributes = searchResult.getAttributes();
                        Attribute attribute = attributes.get("msDS-PrincipalName");
                        if (attribute != null) {
                            Object obj2 = attribute.get();
                            if (obj2 != null) {
                                this.f = obj2.toString();
                            }
                        } else {
                            Attribute attribute2 = attributes.get("sAMAccountName");
                            if (attribute2 != null && (obj = attribute2.get()) != null && (c = c(str2)) != null && c.equalsIgnoreCase(substring2)) {
                                this.f = c + "\\" + obj;
                            }
                        }
                        Attribute attribute3 = attributes.get("memberOf");
                        if (attribute3 != null) {
                            NamingEnumeration all = attribute3.getAll();
                            while (all.hasMoreElements()) {
                                String obj3 = all.nextElement().toString();
                                LOGGER.debug("memberOf group: " + obj3);
                                hashSet.add(obj3);
                            }
                        }
                        Attribute attribute4 = attributes.get("primaryGroupId");
                        if (attribute4 != null) {
                            String obj4 = attribute4.get().toString();
                            Attribute attribute5 = attributes.get("objectSid");
                            if (attribute5 != null) {
                                String a = a(initialLdapContext, str2, Integer.parseInt(obj4), (byte[]) attribute5.get());
                                LOGGER.debug("primaryGroup: " + a);
                                if (a != null) {
                                    hashSet.add(a);
                                }
                            }
                        }
                    } else {
                        LOGGER.debug("User data not found for: '" + str + "' in '" + str3 + "'");
                    }
                    String b2 = substring.contains("=") ? b(substring, "uid") : substring;
                    if (b2 != null) {
                        str = "(&(objectClass=posixGroup)(memberUid=" + c.d(b2) + "))";
                        LOGGER.debug("LDAP search: " + str + " in " + str2);
                        NamingEnumeration search2 = initialLdapContext.search(str2, str, searchControls);
                        while (search2.hasMoreElements()) {
                            hashSet.add(((SearchResult) search2.nextElement()).getNameInNamespace());
                        }
                    }
                    a(initialLdapContext, str2, hashSet, this.g);
                }
                if (searchResult != null) {
                    a(searchResult);
                }
            } catch (Exception e) {
                LOGGER.debug(e);
            }
            if (LOGGER.isDebug()) {
                LOGGER.debug("Groups: " + this.g);
            }
        }
    }

    private void a(@Nonnull SearchResult searchResult) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        String c = c(searchResult.getName());
        if (c != null && !StringFunctions.isEmpty(c)) {
            int lastIndexOf = c.lastIndexOf(32);
            if (lastIndexOf >= 0) {
                this.j = c.substring(0, lastIndexOf).trim();
                this.k = c.substring(lastIndexOf).trim();
            } else {
                this.k = c;
            }
        }
        Attribute attribute = attributes.get("givenName");
        if (attribute != null) {
            this.j = attribute.get().toString();
        }
        Attribute attribute2 = attributes.get("sn");
        if (attribute2 != null) {
            this.k = attribute2.get().toString();
        }
        Attribute attribute3 = attributes.get("mail");
        if (attribute3 != null) {
            this.l = attribute3.get().toString();
        }
    }

    protected UserAccount getOrCreateUserAccount(String str) {
        UserAccount orCreateUserAccount = super.getOrCreateUserAccount(str);
        if (orCreateUserAccount != null && isNewUser()) {
            MutableUserData mutableUserData = new MutableUserData();
            if (this.l != null) {
                mutableUserData.put(UsersAndGroups.FIELD_EMAIL, this.l);
            }
            if (this.j != null) {
                mutableUserData.put(UsersAndGroups.FIELD_FIRSTNAME, this.j);
            }
            if (this.k != null) {
                mutableUserData.put(UsersAndGroups.FIELD_LASTNAME, this.k);
            }
            UserManager.getInstance().updateUserData(orCreateUserAccount.getID(), mutableUserData);
        }
        return orCreateUserAccount;
    }

    private boolean a(String str, String str2) {
        if (!str.toLowerCase().startsWith("dc=")) {
            return false;
        }
        int indexOf = str.indexOf(44);
        return (indexOf == -1 ? str.substring(3) : str.substring(3, indexOf)).equalsIgnoreCase(str2);
    }

    private void a(InitialLdapContext initialLdapContext, String str, Set<String> set, Set<String> set2) throws NamingException {
        SearchControls searchControls = new SearchControls();
        String[] strArr = {"memberOf", "cn"};
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet(set);
        String lowerCase = StringFunctions.isEmpty(this.q) ? null : (this.q + "," + str).toLowerCase();
        LOGGER.debug("Using group suffix: " + lowerCase);
        while (!hashSet2.isEmpty()) {
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                it.remove();
                LOGGER.debug("Fetching LDAP attributes for: " + str2);
                Attributes attributes = initialLdapContext.getAttributes(str2, strArr);
                if (lowerCase == null || str2.toLowerCase().endsWith(lowerCase)) {
                    a(str2, set2);
                    a(c(str2), set2);
                    Attribute attribute = attributes.get("cn");
                    if (attribute != null) {
                        String obj = attribute.get().toString();
                        if (StringFunctions.isEmpty(obj)) {
                            LOGGER.debug("cn is empty for group " + str2);
                        } else {
                            a(obj, set2);
                        }
                    } else {
                        LOGGER.debug("cn is null for group " + str2);
                    }
                }
                Attribute attribute2 = attributes.get("memberOf");
                if (attribute2 != null) {
                    NamingEnumeration all = attribute2.getAll();
                    while (all.hasMoreElements()) {
                        String obj2 = all.nextElement().toString();
                        if (set.contains(obj2)) {
                            LOGGER.debug("memberOf recursion found: " + obj2);
                        } else {
                            LOGGER.debug("memberOf group: " + obj2);
                            hashSet.add(obj2);
                            set.add(obj2);
                        }
                    }
                } else {
                    LOGGER.debug("memberOf is null for group " + str2);
                }
            }
            hashSet2.addAll(hashSet);
            hashSet.clear();
        }
    }

    private void a(String str, Set<String> set) {
        if (str.length() <= 100) {
            set.add(str);
        }
    }

    @Nullable
    private String b(String str, String str2) throws InvalidNameException {
        LdapName ldapName = new LdapName(str);
        String str3 = str2 + "=";
        for (int size = ldapName.size() - 1; size >= 0; size--) {
            String str4 = ldapName.get(size);
            if (str4.toLowerCase().startsWith(str3)) {
                return str4.substring(str3.length());
            }
        }
        return null;
    }

    private String a(InitialLdapContext initialLdapContext, String str, int i, byte[] bArr) throws NamingException {
        StringBuilder sb = new StringBuilder("S-");
        sb.append((int) bArr[0]);
        int i2 = bArr[1] & 255;
        long j = 0;
        for (int i3 = 2; i3 <= 7; i3++) {
            j |= bArr[i3] << (8 * (5 - (i3 - 2)));
        }
        sb.append("-").append(j);
        int i4 = 8;
        for (int i5 = 0; i5 < i2 - 1; i5++) {
            long j2 = 0;
            for (int i6 = 0; i6 < 4; i6++) {
                int i7 = i4;
                i4++;
                j2 |= (bArr[i7] & 255) << (8 * i6);
            }
            sb.append("-").append(j2);
        }
        sb.append("-").append(i);
        String str2 = "(&(objectCategory=group)(objectSID=" + sb + "))";
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{"distinguishedName"});
        searchControls.setSearchScope(2);
        LOGGER.debug("LDAP search: " + str2 + " in " + str);
        NamingEnumeration search = initialLdapContext.search(str, str2, searchControls);
        if (search.hasMoreElements()) {
            return ((SearchResult) search.nextElement()).getAttributes().get("distinguishedName").get().toString();
        }
        return null;
    }

    @Nonnull
    public static Set<String> b() {
        if (b != null) {
            return b;
        }
        Set<String> c = c();
        if (c.isEmpty()) {
            String str = System.getenv("LOGONSERVER");
            c.add(str != null ? "ldap:" + str.replace('\\', '/') + "/" : "ldap://localhost:389/");
        }
        LOGGER.debug("Default LDAP urls: " + c);
        b = c;
        return c;
    }

    @Nonnull
    static Set<String> c() {
        String str;
        String str2;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            for (InetAddress inetAddress : ConfigurationManager.getInstance().getAvailableIPAddresses()) {
                String canonicalHostName = NetworkFunctions.getCanonicalHostName(inetAddress);
                LOGGER.debug("Canonical Host Name: " + canonicalHostName);
                if (canonicalHostName.equals(inetAddress.getHostAddress())) {
                    canonicalHostName = a((DirContext) initialDirContext, inetAddress);
                    LOGGER.debug("DNS PTR: " + canonicalHostName);
                }
                int indexOf = canonicalHostName.indexOf(46);
                if (indexOf < 0) {
                    canonicalHostName = a((DirContext) initialDirContext, inetAddress);
                    LOGGER.debug("DNS PTR: " + canonicalHostName);
                    indexOf = canonicalHostName.indexOf(46);
                    if (indexOf < 0) {
                        return null;
                    }
                }
                String substring = canonicalHostName.substring(indexOf + 1);
                for (String str3 : new String[]{"_ldaps._tcp.", "_ldap._tcp."}) {
                    try {
                        NamingEnumeration all = ((Attribute) initialDirContext.getAttributes(str3 + substring, new String[]{"SRV"}).getAll().nextElement()).getAll();
                        while (all.hasMoreElements()) {
                            String[] split = all.nextElement().toString().split(" ");
                            String str4 = split[3];
                            if (str4.endsWith(".")) {
                                str4 = str4.substring(0, str4.length() - 1);
                            }
                            if (!linkedHashMap.containsKey(str4)) {
                                if (str3.equals("_ldaps._tcp.")) {
                                    str = "ldaps";
                                    str2 = "636";
                                } else {
                                    str = "ldap";
                                    str2 = "389";
                                }
                                StringBuilder append = new StringBuilder(str).append("://").append(str4);
                                if (!str2.equals(split[2])) {
                                    append.append(':').append(split[2]);
                                }
                                append.append('/');
                                linkedHashMap.put(str4, append.toString());
                            }
                        }
                    } catch (NameNotFoundException e) {
                        LOGGER.debug(e);
                    }
                }
            }
        } catch (Exception e2) {
            LOGGER.error(e2);
        }
        return new LinkedHashSet(linkedHashMap.values());
    }

    private static String a(DirContext dirContext, InetAddress inetAddress) throws Exception {
        String canonicalHostName = inetAddress.getCanonicalHostName();
        if (!canonicalHostName.equals(inetAddress.getHostAddress()) && canonicalHostName.indexOf(46) > 0) {
            return canonicalHostName;
        }
        String[] split = inetAddress.getHostAddress().split("\\.");
        if (split.length != 4) {
            return canonicalHostName;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(split[3]).append('.');
        sb.append(split[2]).append('.');
        sb.append(split[1]).append('.');
        sb.append(split[0]).append(".in-addr.arpa.");
        return dirContext.getAttributes(sb.toString(), new String[]{"PTR"}).get("PTR").get().toString();
    }

    private static String c(String str) throws InvalidNameException {
        LdapName ldapName = new LdapName(str);
        String str2 = null;
        String str3 = null;
        for (int size = ldapName.size() - 1; size >= 0; size--) {
            String str4 = ldapName.get(size);
            String lowerCase = str4.toLowerCase();
            if (str2 == null && lowerCase.startsWith("cn=")) {
                str2 = str4.substring(3);
            } else if (lowerCase.startsWith("dc=")) {
                String substring = str4.substring(3);
                if (str3 == null) {
                    str3 = substring;
                } else {
                    if (substring.equals("local")) {
                        break;
                    }
                    str3 = str3 + "." + substring;
                }
            } else {
                continue;
            }
        }
        return str3 != null ? str2 != null ? str3 + "\\" + str2 : str3 : str2;
    }
}
