package com.sun.enterprise.security.auth.realm.ldap;

import com.sun.appserv.security.AppservRealm;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.IASRealm;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.jndi.ldap.obj.GroupOfURLs;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import java.util.regex.Matcher;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import org.glassfish.internal.api.RelativePathResolver;
import org.jvnet.hk2.annotations.Service;
import sun.security.x509.X500Name;

@Service
/* loaded from: input_file:com/sun/enterprise/security/auth/realm/ldap/LDAPRealm.class */
public final class LDAPRealm extends IASRealm {
    public static final String AUTH_TYPE = "ldap";
    public static final String PARAM_DIRURL = "directory";
    public static final String PARAM_USERDN = "base-dn";
    public static final String PARAM_SEARCH_FILTER = "search-filter";
    public static final String PARAM_GRPDN = "group-base-dn";
    public static final String PARAM_GRP_SEARCH_FILTER = "group-search-filter";
    public static final String PARAM_GRP_TARGET = "group-target";
    public static final String PARAM_MODE = "mode";
    public static final String PARAM_JNDICF = "jndiCtxFactory";
    public static final String PARAM_POOLSIZE = "pool-size";
    public static final String PARAM_BINDDN = "search-bind-dn";
    public static final String PARAM_BINDPWD = "search-bind-password";
    public static final String MODE_FIND_BIND = "find-bind";
    public static final String SUBST_SUBJECT_NAME = "%s";
    public static final String SUBST_SUBJECT_DN = "%d";
    private static final String SEARCH_FILTER_DEFAULT = "uid=%s";
    private static final String GRP_SEARCH_FILTER_DEFAULT = "uniquemember=%d";
    private static final String GRP_TARGET_DEFAULT = "cn";
    private static final String MODE_DEFAULT = "find-bind";
    private static final String JNDICF_DEFAULT = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final int POOLSIZE_DEFAULT = 5;
    private static final String SUN_JNDI_POOL = "com.sun.jndi.ldap.connect.pool";
    private static final String SUN_JNDI_POOL_ = "com.sun.jndi.ldap.connect.pool.";
    private static final String SUN_JNDI_POOL_PROTOCOL = "com.sun.jndi.ldap.connect.pool.protocol";
    private static final String SUN_JNDI_POOL_MAXSIZE = "com.sun.jndi.ldap.connect.pool.maxsize";
    private static final String DYNAMIC_GROUP_OBJECT_FACTORY = "com.sun.jndi.ldap.obj.LdapGroupFactory";
    public static final String DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY = "java.naming.factory.object";
    private static final String DYNAMIC_GROUP_STATE_FACTORY = "com.sun.jndi.ldap.obj.LdapGroupFactory";
    public static final String DYNAMIC_GROUP_STATE_FACTORY_PROPERTY = "java.naming.factory.state";
    public static final String LDAP_SOCKET_FACTORY = "java.naming.ldap.factory.socket";
    public static final String DEFAULT_SSL_LDAP_SOCKET_FACTORY = "com.sun.enterprise.security.auth.realm.ldap.CustomSocketFactory";
    public static final String LDAPS_URL = "ldaps://";
    public static final String DEFAULT_POOL_PROTOCOL = "plain ssl";
    public static final String DYNAMIC_GROUP_FILTER = "(&(objectclass=groupofuniquenames)(objectclass=*groupofurls*))";
    public static final String SSL = "SSL";
    private HashMap groupCache;
    private Vector emptyVector;
    private final String[] _dnOnly = {"dn"};
    private Properties ldapBindProps = new Properties();

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public synchronized void init(Properties properties) throws BadRealmException, NoSuchRealmException {
        String str;
        super.init(properties);
        String property = properties.getProperty("directory");
        String property2 = properties.getProperty(PARAM_USERDN);
        String property3 = properties.getProperty(AppservRealm.JAAS_CONTEXT_PARAM);
        if (property == null || property2 == null || property3 == null) {
            throw new BadRealmException(sm.getString("ldaprealm.badconfig", property, property2, property3));
        }
        setProperty("directory", property);
        this.ldapBindProps.setProperty("java.naming.provider.url", property);
        setProperty(PARAM_USERDN, property2);
        setProperty(AppservRealm.JAAS_CONTEXT_PARAM, property3);
        String property4 = properties.getProperty(PARAM_MODE, "find-bind");
        if (!"find-bind".equals(property4)) {
            throw new BadRealmException(sm.getString("ldaprealm.badmode", property4));
        }
        setProperty(PARAM_MODE, property4);
        String property5 = properties.getProperty(PARAM_JNDICF, JNDICF_DEFAULT);
        setProperty(PARAM_JNDICF, property5);
        this.ldapBindProps.setProperty("java.naming.factory.initial", property5);
        setProperty(PARAM_SEARCH_FILTER, properties.getProperty(PARAM_SEARCH_FILTER, SEARCH_FILTER_DEFAULT));
        setProperty(PARAM_GRPDN, properties.getProperty(PARAM_GRPDN, property2));
        setProperty(PARAM_GRP_SEARCH_FILTER, properties.getProperty(PARAM_GRP_SEARCH_FILTER, GRP_SEARCH_FILTER_DEFAULT));
        setProperty(PARAM_GRP_TARGET, properties.getProperty(PARAM_GRP_TARGET, GRP_TARGET_DEFAULT));
        String property6 = properties.getProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, "com.sun.jndi.ldap.obj.LdapGroupFactory");
        setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, property6);
        this.ldapBindProps.setProperty(DYNAMIC_GROUP_FACTORY_OBJECT_PROPERTY, property6);
        String property7 = properties.getProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, "com.sun.jndi.ldap.obj.LdapGroupFactory");
        setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, property7);
        this.ldapBindProps.setProperty(DYNAMIC_GROUP_STATE_FACTORY_PROPERTY, property7);
        String property8 = properties.getProperty(PARAM_BINDDN);
        if (property8 != null) {
            setProperty(PARAM_BINDDN, property8);
            this.ldapBindProps.setProperty("java.naming.security.principal", property8);
        }
        String property9 = properties.getProperty(PARAM_BINDPWD);
        if (property9 != null) {
            try {
                property9 = RelativePathResolver.getRealPasswordFromAlias(property9);
            } catch (Exception e) {
                _logger.log(Level.WARNING, "ldaprealm.pwd.dealiasing.failed", (Throwable) e);
            }
            setProperty(PARAM_BINDPWD, property9);
            this.ldapBindProps.setProperty("java.naming.security.credentials", property9);
        }
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str2 = (String) propertyNames.nextElement();
            if (str2.startsWith("java.naming.") || str2.startsWith("javax.security.") || str2.startsWith("com.sun.jndi.ldap.")) {
                this.ldapBindProps.setProperty(str2, properties.getProperty(str2));
            } else if (str2.startsWith(SUN_JNDI_POOL_) && !SUN_JNDI_POOL_MAXSIZE.equals(str2) && System.getProperty(str2) == null) {
                System.setProperty(str2, properties.getProperty(str2));
            }
        }
        String num = Integer.getInteger(PARAM_POOLSIZE, 5).toString();
        try {
            str = Integer.valueOf(properties.getProperty(SUN_JNDI_POOL_MAXSIZE, num)).toString();
        } catch (Exception e2) {
            str = num;
        }
        if (System.getProperty(SUN_JNDI_POOL_MAXSIZE) == null) {
            System.setProperty(SUN_JNDI_POOL_MAXSIZE, str);
        }
        setProperty(PARAM_POOLSIZE, str);
        this.ldapBindProps.setProperty(SUN_JNDI_POOL, properties.getProperty(SUN_JNDI_POOL, "true"));
        if (property != null && property.startsWith("ldaps://")) {
            this.ldapBindProps.setProperty("java.naming.ldap.factory.socket", "com.sun.enterprise.security.auth.realm.ldap.CustomSocketFactory");
            if (System.getProperty(SUN_JNDI_POOL_PROTOCOL) == null) {
                System.setProperty(SUN_JNDI_POOL_PROTOCOL, DEFAULT_POOL_PROTOCOL);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "LDAPRealm : Using custom socket factory for SSL with pooling");
            }
        }
        if (_logger.isLoggable(Level.FINE)) {
            Properties properties2 = (Properties) this.ldapBindProps.clone();
            properties2.remove("java.naming.security.credentials");
            _logger.log(Level.FINE, "LDAPRealm : " + properties2);
        }
        this.groupCache = new HashMap();
        this.emptyVector = new Vector();
    }

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public String getAuthType() {
        return "ldap";
    }

    private String[] addMappedGroupNames(String[] strArr) {
        if (this.groupMapper == null) {
            return strArr;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            ArrayList<String> arrayList2 = new ArrayList<>();
            this.groupMapper.getMappedGroups(str, arrayList2);
            arrayList.add(str);
            if (!arrayList2.isEmpty()) {
                arrayList.addAll(arrayList2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private Properties getLdapBindProps() {
        return (Properties) this.ldapBindProps.clone();
    }

    private List<String> getGroups(String str) {
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(getLdapBindProps());
                String commonName = new X500Name(str).getCommonName();
                if (commonName == null && str != null && str.startsWith("uid")) {
                    int indexOf = str.indexOf("uid=");
                    int indexOf2 = str.indexOf(",");
                    if (indexOf != -1 && indexOf2 != -1) {
                        commonName = str.substring(indexOf + 4, indexOf2);
                    }
                }
                StringBuffer stringBuffer = new StringBuffer(getProperty(PARAM_GRP_SEARCH_FILTER));
                substitute(stringBuffer, SUBST_SUBJECT_NAME, commonName);
                substitute(stringBuffer, SUBST_SUBJECT_DN, str);
                String stringBuffer2 = stringBuffer.toString();
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(groupSearch(dirContext, getProperty(PARAM_GRPDN), stringBuffer2, getProperty(PARAM_GRP_TARGET)));
                arrayList.addAll(dynamicGroupSearch(dirContext, getProperty(PARAM_GRPDN), getProperty(PARAM_GRP_TARGET), str));
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        _logger.log(Level.WARNING, "ldaprealm.exception", e);
                    }
                }
                return arrayList;
            } catch (Exception e2) {
                _logger.log(Level.WARNING, "ldaprealm.groupsearcherror", (Throwable) e2);
                if (dirContext == null) {
                    return null;
                }
                try {
                    dirContext.close();
                    return null;
                } catch (NamingException e3) {
                    _logger.log(Level.WARNING, "ldaprealm.exception", e3);
                    return null;
                }
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e4) {
                    _logger.log(Level.WARNING, "ldaprealm.exception", e4);
                }
            }
            throw th;
        }
    }

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public Enumeration getGroupNames(String str) throws InvalidOperationException, NoSuchUserException {
        Vector vector = (Vector) this.groupCache.get(str);
        if (vector == null) {
            List<String> groups = getGroups(str);
            if (groups != null) {
                return Collections.enumeration(groups);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "No groups available for: " + str);
            }
            return this.emptyVector.elements();
        }
        if (this.groupMapper == null) {
            return vector.elements();
        }
        Vector vector2 = new Vector();
        vector2.addAll(vector);
        ArrayList arrayList = new ArrayList();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            arrayList.addAll(getMappedGroupNames((String) it.next()));
        }
        vector2.addAll(arrayList);
        return vector2.elements();
    }

    private void setGroupNames(String str, String[] strArr) {
        Vector vector = new Vector(strArr.length);
        for (String str2 : strArr) {
            vector.add(str2);
        }
        this.groupCache.put(str, vector);
    }

    public String[] findAndBind(String str, char[] cArr) throws LoginException {
        StringBuffer stringBuffer = new StringBuffer(getProperty(PARAM_SEARCH_FILTER));
        substitute(stringBuffer, SUBST_SUBJECT_NAME, str);
        String stringBuffer2 = stringBuffer.toString();
        DirContext dirContext = null;
        String str2 = null;
        String[] strArr = new String[0];
        try {
            try {
                InitialDirContext initialDirContext = new InitialDirContext(getLdapBindProps());
                String userSearch = userSearch(initialDirContext, getProperty(PARAM_USERDN), stringBuffer2);
                if (userSearch == null) {
                    throw new LoginException(sm.getString("ldaprealm.usernotfound", str));
                }
                if (!bindAsUser(userSearch, cArr)) {
                    throw new LoginException(sm.getString("ldaprealm.bindfailed", userSearch));
                }
                if (!Boolean.getBoolean("com.oracle.enterprise.security.auth.realm.ldap.DISABLEGROUP_SEARCH")) {
                    StringBuffer stringBuffer3 = new StringBuffer(getProperty(PARAM_GRP_SEARCH_FILTER));
                    substitute(stringBuffer3, SUBST_SUBJECT_NAME, str);
                    substitute(stringBuffer3, SUBST_SUBJECT_DN, userSearch);
                    str2 = stringBuffer3.toString();
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(groupSearch(initialDirContext, getProperty(PARAM_GRPDN), str2, getProperty(PARAM_GRP_TARGET)));
                    arrayList.addAll(dynamicGroupSearch(initialDirContext, getProperty(PARAM_GRPDN), getProperty(PARAM_GRP_TARGET), userSearch));
                    strArr = new String[arrayList.size()];
                    arrayList.toArray(strArr);
                }
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e) {
                    }
                }
                if (!Boolean.getBoolean("com.oracle.enterprise.security.auth.realm.ldap.DISABLEGROUP_SEARCH")) {
                    if (_logger.isLoggable(Level.FINE)) {
                        _logger.log(Level.FINE, "LDAP:Group search filter: " + str2);
                        StringBuffer stringBuffer4 = new StringBuffer();
                        stringBuffer4.append("Group memberships found: ");
                        if (strArr != null) {
                            for (String str3 : strArr) {
                                stringBuffer4.append(" " + str3);
                            }
                        } else {
                            stringBuffer4.append("(null)");
                        }
                        if (_logger.isLoggable(Level.FINE)) {
                            _logger.log(Level.FINE, "LDAP: " + stringBuffer4.toString());
                        }
                    }
                    strArr = addMappedGroupNames(addAssignGroups(strArr));
                    setGroupNames(str, strArr);
                    if (_logger.isLoggable(Level.FINE)) {
                        _logger.log(Level.FINE, "LDAP: login succeeded for: " + str);
                    }
                }
                return strArr;
            } catch (Exception e2) {
                LoginException loginException = new LoginException(e2.toString());
                loginException.initCause(e2);
                _logger.log(Level.SEVERE, "ldaprealm.exception", (Throwable) loginException);
                throw loginException;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    private String userSearch(DirContext dirContext, String str, String str2) {
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINE, "search: baseDN: " + str + "  filter: " + str2);
        }
        String str3 = null;
        NamingEnumeration namingEnumeration = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(this._dnOnly);
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(1L);
        try {
            try {
                namingEnumeration = dirContext.search(str, str2, searchControls);
                if (namingEnumeration.hasMore()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(new CompositeName(searchResult.getName()).get(0));
                    if (searchResult.isRelative()) {
                        stringBuffer.append(",");
                        stringBuffer.append(str);
                    }
                    str3 = stringBuffer.toString();
                    if (_logger.isLoggable(Level.FINEST)) {
                        _logger.log(Level.FINE, "Found user DN: " + str3);
                    }
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                _logger.log(Level.WARNING, "ldaprealm.searcherror", str2);
                _logger.log(Level.WARNING, "security.exception", (Throwable) e2);
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return str3;
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    private boolean bindAsUser(String str, char[] cArr) {
        boolean z = false;
        Properties ldapBindProps = getLdapBindProps();
        ldapBindProps.put("java.naming.security.principal", str);
        ldapBindProps.put("java.naming.security.credentials", new String(cArr));
        ldapBindProps.put(SUN_JNDI_POOL, "false");
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(ldapBindProps);
                z = true;
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                    }
                }
            } catch (Exception e2) {
                if (_logger.isLoggable(Level.FINEST)) {
                    _logger.finest("Error binding to directory as: " + str);
                    _logger.finest("Exception from JNDI: " + e2.toString());
                }
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e3) {
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e4) {
                }
            }
            throw th;
        }
    }

    private List dynamicGroupSearch(DirContext dirContext, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        String[] strArr = {str2, "memberUrl"};
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(2);
            searchControls.setReturningObjFlag(true);
            NamingEnumeration search = dirContext.search(str, DYNAMIC_GROUP_FILTER, searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Object object = searchResult.getObject();
                if ((object instanceof GroupOfURLs) && ((GroupOfURLs) object).isMember(new X500Principal(str3))) {
                    Attribute attribute = searchResult.getAttributes().get(str2);
                    int size = attribute.size();
                    for (int i = 0; i < size; i++) {
                        arrayList.add((String) attribute.get(i));
                    }
                }
                if (object instanceof Context) {
                    ((Context) object).close();
                }
            }
        } catch (Exception e) {
            _logger.log(Level.WARNING, "ldaprealm.searcherror", DYNAMIC_GROUP_FILTER);
            _logger.log(Level.WARNING, "security.exception", (Throwable) e);
        }
        return arrayList;
    }

    private List groupSearch(DirContext dirContext, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{str3});
            searchControls.setSearchScope(2);
            NamingEnumeration search = dirContext.search(str, str2.replaceAll(Matcher.quoteReplacement("\\"), Matcher.quoteReplacement("\\\\")), searchControls);
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str3);
                int size = attribute.size();
                for (int i = 0; i < size; i++) {
                    arrayList.add((String) attribute.get(i));
                }
            }
        } catch (Exception e) {
            _logger.log(Level.WARNING, "ldaprealm.searcherror", str2);
            _logger.log(Level.WARNING, "security.exception", (Throwable) e);
        }
        return arrayList;
    }

    private static void substitute(StringBuffer stringBuffer, String str, String str2) {
        int indexOf = stringBuffer.indexOf(str);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return;
            }
            stringBuffer.replace(i, i + str.length(), str2);
            indexOf = stringBuffer.indexOf(str);
        }
    }
}
