package org.apache.jetspeed.security.impl;

import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang.StringUtils;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticatedUserImpl;
import org.apache.jetspeed.security.InvalidPasswordException;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.filter.AbstractFilter;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.filter.HardcodedFilter;
import org.springframework.ldap.pool.factory.PoolingContextSource;
import org.springframework.ldap.support.LdapUtils;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-security-2.2.2.jar:org/apache/jetspeed/security/impl/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends BaseAuthenticationProvider {
    private JetspeedSecuritySynchronizer synchronizer;
    private UserPasswordCredentialManager upcm;
    private UserManager manager;
    private PoolingContextSource poolingContextsource;
    private String userEntryPrefix;
    private DistinguishedName userSearchPath;
    private SearchControls searchControls;
    private Filter userFilter;

    public LdapAuthenticationProvider(String str, String str2, String str3, UserPasswordCredentialManager userPasswordCredentialManager, UserManager userManager, JetspeedSecuritySynchronizer jetspeedSecuritySynchronizer, PoolingContextSource poolingContextSource, String str4, String str5, String str6, String str7) {
        super(str, str2, str3);
        this.upcm = userPasswordCredentialManager;
        this.manager = userManager;
        this.synchronizer = jetspeedSecuritySynchronizer;
        this.poolingContextsource = poolingContextSource;
        this.userEntryPrefix = str6;
        this.userSearchPath = new DistinguishedName(str4);
        if (!StringUtils.isEmpty(str5)) {
            this.userFilter = new HardcodedFilter(str5);
        }
        this.searchControls = new SearchControls();
        this.searchControls.setReturningAttributes(new String[0]);
        this.searchControls.setReturningObjFlag(true);
        this.searchControls.setSearchScope(Integer.parseInt(str7));
    }

    @Override // org.apache.jetspeed.security.AuthenticationProvider
    public AuthenticatedUser authenticate(String str, String str2) throws SecurityException {
        if (StringUtils.isEmpty(str)) {
            throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
        }
        if (str2 == null) {
            throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
        }
        authenticateUser(str, str2);
        if (this.synchronizer != null) {
            this.synchronizer.synchronizeUserPrincipal(str);
        }
        User user = this.manager.getUser(str);
        return new AuthenticatedUserImpl(user, new UserCredentialImpl(this.upcm.getPasswordCredential(user)));
    }

    private void authenticateUser(String str, String str2) throws SecurityException {
        try {
            try {
                AbstractFilter equalsFilter = new EqualsFilter(this.userEntryPrefix, str);
                if (this.userFilter != null) {
                    equalsFilter = new AndFilter().and(this.userFilter).and(equalsFilter);
                }
                DirContext readOnlyContext = this.poolingContextsource.getReadOnlyContext();
                NamingEnumeration search = readOnlyContext.search(this.userSearchPath, equalsFilter.encode(), this.searchControls);
                String str3 = null;
                if (null != search && search.hasMore()) {
                    str3 = ((SearchResult) search.next()).getNameInNamespace();
                }
                if (str3 == null) {
                    throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped("user", str));
                }
                LdapUtils.closeContext(readOnlyContext);
                LdapUtils.closeContext(this.poolingContextsource.getContextSource().getContext(str3, str2));
            } catch (AuthenticationException e) {
                if (e.getMessage() != null && e.getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid Credentials]")) {
                    throw new InvalidPasswordException();
                }
                throw new SecurityException((Throwable) e);
            } catch (NamingException e2) {
                throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(), "authenticateUser", e2.getMessage()), e2);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(null);
            throw th;
        }
    }
}
