package de.deepamehta.ldap.profile.repository.jndi;

import de.deepamehta.ldap.Configuration;
import de.deepamehta.ldap.PluginLog;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.constants.JndiPropertyConstants;

/* loaded from: input_file:de/deepamehta/ldap/profile/repository/jndi/ContextManager.class */
class ContextManager {
    private final Configuration configuration;
    private final PluginLog pluginLog;

    /* loaded from: input_file:de/deepamehta/ldap/profile/repository/jndi/ContextManager$LoadRunner.class */
    interface LoadRunner<T> {
        T invoke() throws NamingException;
    }

    /* loaded from: input_file:de/deepamehta/ldap/profile/repository/jndi/ContextManager$StoreRunner.class */
    interface StoreRunner {
        void invoke() throws NamingException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContextManager(Configuration configuration, PluginLog pluginLog) {
        this.configuration = configuration;
        this.pluginLog = pluginLog;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapContext openConnection(String str) {
        this.pluginLog.actionHint("Checking credentials for user %s", str);
        try {
            LdapContext connect = connect(this.configuration.getConnectionUrl(), this.configuration.manager, this.configuration.password, false);
            if (lookupUserCn(connect, str) != null) {
                return connect;
            }
            this.pluginLog.actionHint("User %s not found in LDAP", str);
            return null;
        } catch (NamingException e) {
            throw new RuntimeException("Checking LDAP credentials lead to exception", e);
        }
    }

    private LdapContext connect(String str, String str2, String str3, boolean z) {
        this.pluginLog.actionHint("creating LDAP connection using URL %s and username %s", str, str2);
        Hashtable hashtable = new Hashtable();
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_AUTHENTICATION, "simple");
        hashtable.put(JndiPropertyConstants.JNDI_PROVIDER_URL, str);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, str2);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_CREDENTIALS, str3);
        hashtable.put(JndiPropertyConstants.JNDI_FACTORY_INITIAL, "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put(JndiPropertyConstants.JNDI_LDAP_ATTRIBUTES_BINARY, "objectSID");
        if (this.configuration.loggingMode == Configuration.LoggingMode.DEBUG) {
            this.pluginLog.actionHint("Enabling detailed SSL logging", new Object[0]);
            System.setProperty("javax.net.debug", "all");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, new Control[0]);
            this.pluginLog.actionHint("Initial context created", new Object[0]);
            if (this.configuration.protocol == Configuration.ProtocolType.STARTTLS) {
                this.pluginLog.actionHint("Attempting TLS negotiation (StartTLS protocol)", new Object[0]);
                initialLdapContext.extendedOperation(new StartTlsRequest()).negotiate();
                this.pluginLog.actionHint("TLS negotiated successfully.", new Object[0]);
            }
            this.pluginLog.actionHint("Initial context usable", new Object[0]);
            return initialLdapContext;
        } catch (IOException e) {
            throw new RuntimeException("Could not establish TLS connection. Connecting failed.", e);
        } catch (NamingException e2) {
            if (!z) {
                throw new RuntimeException("Attempting to connect to LDAP server lead to Exception", e2);
            }
            this.pluginLog.actionWarning("Attempting to connect to LDAP server lead to Exception", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String dnByUid(String str) {
        return String.format("%s=%s,%s", this.configuration.userAttribute, str, this.configuration.userBase);
    }

    private String lookupUserCn(LdapContext ldapContext, String str) throws NamingException {
        String format = StringUtils.isEmpty(this.configuration.userFilter) ? String.format("(%s=%s)", this.configuration.userAttribute, str) : String.format("(&(%s)(%s=%s))", this.configuration.userFilter, this.configuration.userAttribute, str);
        this.pluginLog.actionHint("Complete filter expression for user lookup: %s", format);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(this.configuration.userBase, format, searchControls);
        this.pluginLog.actionHint("Search base is: %s", this.configuration.userBase);
        if (!search.hasMoreElements()) {
            this.pluginLog.actionWarning("Lookup using search filter was empty.", null);
            return null;
        }
        this.pluginLog.actionHint("Lookup using search filter returned non-empty result", new Object[0]);
        SearchResult searchResult = (SearchResult) search.nextElement();
        if (search.hasMoreElements()) {
            throw new RuntimeException("Ambiguity in LDAP CN query: Matched multiple users for the accountName");
        }
        return searchResult.getNameInNamespace();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeQuietly(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                this.pluginLog.actionWarning("Exception while closing connection", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean store(StoreRunner storeRunner) {
        try {
            storeRunner.invoke();
            return true;
        } catch (NamingException e) {
            this.pluginLog.actionWarning("LDAP access failed.", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T> T load(LoadRunner<T> loadRunner) {
        try {
            return loadRunner.invoke();
        } catch (NamingException e) {
            this.pluginLog.actionWarning("LDAP access failed.", e);
            return null;
        }
    }
}
