package com.xpn.xwiki.user.impl.LDAP;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchResults;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.objects.classes.BaseClass;
import com.xpn.xwiki.plugin.charts.params.AbstractChartParam;
import com.xpn.xwiki.plugin.lucene.IndexFields;
import com.xpn.xwiki.plugin.usertools.XWikiUserManagementToolsImpl;
import com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.securityfilter.realm.SimplePrincipal;

/* loaded from: input_file:com/xpn/xwiki/user/impl/LDAP/LDAPAuthServiceImpl.class */
public class LDAPAuthServiceImpl extends XWikiAuthServiceImpl {
    private static final Log log;
    static Class class$com$xpn$xwiki$user$impl$LDAP$LDAPAuthServiceImpl;

    @Override // com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl, com.xpn.xwiki.user.impl.xwiki.AbstractXWikiAuthService, com.xpn.xwiki.user.api.XWikiAuthService
    public Principal authenticate(String str, String str2, XWikiContext xWikiContext) throws XWikiException {
        Principal principal = null;
        String replaceAll = str.replaceAll(" ", "");
        if (replaceAll == null || replaceAll.equals("") || str2 == null || str2.trim().equals("")) {
            return null;
        }
        if (isSuperAdmin(replaceAll)) {
            return authenticateSuperAdmin(str2, xWikiContext);
        }
        if (xWikiContext != null) {
            String str3 = replaceAll;
            int indexOf = replaceAll.indexOf(".");
            if (indexOf != -1) {
                str3 = replaceAll.substring(indexOf + 1);
            }
            String ldap_dn = getLDAP_DN(str, xWikiContext);
            if (ldap_dn == null || ldap_dn.length() == 0) {
                HashMap hashMap = new HashMap();
                if (checkUserPassword(str, str2, hashMap, xWikiContext)) {
                    if (log.isDebugEnabled()) {
                        log.debug("User authenticated successfully");
                    }
                    principal = GetUserPrincipal(str3, xWikiContext);
                    if (principal == null && hashMap.size() > 0) {
                        if (log.isDebugEnabled()) {
                            log.debug("Ready to create user from LDAP");
                        }
                        if (xWikiContext.isVirtual()) {
                            String database = xWikiContext.getDatabase();
                            try {
                                if (xWikiContext.getWiki().getXWikiPreference("ldap_server", xWikiContext) == null || xWikiContext.getWiki().getXWikiPreference("ldap_server", xWikiContext).length() == 0) {
                                    xWikiContext.setDatabase(xWikiContext.getWiki().getDatabase());
                                }
                                try {
                                    CreateUserFromLDAP(hashMap, xWikiContext);
                                    log.debug(new StringBuffer().append("Looking for user again ").append(str3).toString());
                                    principal = GetUserPrincipal(str3, xWikiContext);
                                } catch (Exception e) {
                                }
                            } finally {
                                xWikiContext.setDatabase(database);
                            }
                        } else {
                            CreateUserFromLDAP(hashMap, xWikiContext);
                            log.debug(new StringBuffer().append("Looking for user again ").append(str3).toString());
                            principal = GetUserPrincipal(str3, xWikiContext);
                        }
                        xWikiContext.getWiki().flushCache();
                    }
                    if (principal == null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Accept user even without account");
                        }
                        principal = new SimplePrincipal(new StringBuffer().append("XWiki.").append(str3).toString());
                    }
                }
            } else if (checkDNPassword(ldap_dn, str, str2, xWikiContext)) {
                principal = GetUserPrincipal(str3, xWikiContext);
            }
        }
        return principal;
    }

    private void CreateUserFromLDAP(HashMap hashMap, XWikiContext xWikiContext) throws XWikiException {
        String param = getParam("ldap_fields_mapping", xWikiContext);
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Ready to create user from LDAP with field ").append(param).toString());
        }
        if (param == null || param.length() <= 0) {
            return;
        }
        String[] split = param.split(AbstractChartParam.LIST_SEPARATOR);
        BaseClass userClass = xWikiContext.getWiki().getUserClass(xWikiContext);
        BaseObject baseObject = new BaseObject();
        baseObject.setClassName(userClass.getName());
        String str = null;
        String str2 = null;
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            if (2 == split2.length) {
                String str4 = split2[0];
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Create user from LDAP looking at field ").append(str4).toString());
                }
                if (hashMap.containsKey(split2[1])) {
                    String str5 = (String) hashMap.get(split2[1]);
                    if (str4.equals(IndexFields.DOCUMENT_NAME)) {
                        str = str5.replaceAll(" ", "");
                        str2 = new StringBuffer().append("XWiki.").append(str).toString();
                        baseObject.setName(str2);
                    } else {
                        log.debug(new StringBuffer().append("Create user from LDAP setting field ").append(str4).toString());
                        baseObject.setStringValue(str4, str5);
                    }
                }
            }
        }
        if (str == null || str.length() <= 0) {
            return;
        }
        XWikiDocument document = xWikiContext.getWiki().getDocument(str2, xWikiContext);
        XWikiDocument xWikiDocument = (XWikiDocument) document.clone();
        document.setParent("");
        document.addObject(userClass.getName(), baseObject);
        document.setContent("#includeForm(\"XWiki.XWikiUserSheet\")");
        xWikiContext.getWiki().protectUserPage(str2, "edit", document, xWikiContext);
        xWikiContext.getWiki().saveDocument(document, xWikiDocument, xWikiContext.getMessageTool().get("core.comment.createdUser"), xWikiContext);
        xWikiContext.getWiki().setUserDefaultGroup(str2, xWikiContext);
    }

    protected Principal GetUserPrincipal(String str, XWikiContext xWikiContext) {
        SimplePrincipal simplePrincipal = null;
        try {
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Finding user ").append(str).toString());
            }
            String findUser = findUser(str, xWikiContext);
            if (findUser != null) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Found user ").append(str).toString());
                }
                simplePrincipal = new SimplePrincipal(findUser);
            }
        } catch (Exception e) {
        }
        if (xWikiContext.isVirtual() && simplePrincipal == null) {
            String database = xWikiContext.getDatabase();
            try {
                xWikiContext.setDatabase(xWikiContext.getWiki().getDatabase());
                try {
                    String findUser2 = findUser(str, xWikiContext);
                    if (findUser2 != null) {
                        simplePrincipal = new SimplePrincipal(new StringBuffer().append(xWikiContext.getDatabase()).append(AbstractChartParam.MAP_ASSIGNMENT).append(findUser2).toString());
                    }
                } catch (Exception e2) {
                }
            } finally {
                xWikiContext.setDatabase(database);
            }
        }
        return simplePrincipal;
    }

    public String getLDAP_DN(String str, XWikiContext xWikiContext) {
        String str2 = null;
        if (xWikiContext != null) {
            try {
                String findUser = findUser(str, xWikiContext);
                if (findUser != null && findUser.length() != 0) {
                    str2 = readLDAP_DN(findUser, xWikiContext);
                }
            } catch (Exception e) {
            }
            if (xWikiContext.isVirtual() && (str2 == null || str2.length() == 0)) {
                String database = xWikiContext.getDatabase();
                try {
                    xWikiContext.setDatabase(xWikiContext.getWiki().getDatabase());
                    try {
                        String findUser2 = findUser(str, xWikiContext);
                        if (findUser2 != null && findUser2.length() != 0) {
                            str2 = readLDAP_DN(findUser2, xWikiContext);
                        }
                    } catch (Exception e2) {
                    }
                } finally {
                    xWikiContext.setDatabase(database);
                }
            }
        }
        return str2;
    }

    private String readLDAP_DN(String str, XWikiContext xWikiContext) {
        String str2 = null;
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(str, xWikiContext);
            if (document.getObject(XWikiUserManagementToolsImpl.DEFAULT_USER_CLASS) != null) {
                str2 = document.getStringValue(XWikiUserManagementToolsImpl.DEFAULT_USER_CLASS, "ldap_dn");
            }
        } catch (Throwable th) {
        }
        return str2;
    }

    protected boolean checkUserPassword(String str, String str2, HashMap hashMap, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Password check for user ").append(str).toString());
                    }
                    int lDAPPort = getLDAPPort(xWikiContext);
                    String param = getParam("ldap_server", xWikiContext);
                    String param2 = getParam("ldap_bind_DN", xWikiContext);
                    String param3 = getParam("ldap_bind_pass", xWikiContext);
                    int GetCheckLevel = GetCheckLevel(xWikiContext);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Check level is ").append(GetCheckLevel).toString());
                    }
                    Object[] objArr = {str, str2};
                    String format = MessageFormat.format(param2, objArr);
                    String format2 = MessageFormat.format(param3, objArr);
                    String param4 = getParam("ldap_base_DN", xWikiContext);
                    lDAPConnection.connect(param, lDAPPort);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Connect successfull to host ").append(param).append(" and port ").append(lDAPPort).toString());
                    }
                    z = Bind(format, format2, lDAPConnection, 3);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Bind returned with result ").append(z).toString());
                    }
                    if (z && GetCheckLevel > 0) {
                        if (log.isDebugEnabled()) {
                            log.debug("LDAP searching user");
                        }
                        LDAPSearchResults search = lDAPConnection.search(param4, 2, new StringBuffer().append("(").append(getParam("ldap_UID_attr", xWikiContext)).append("=").append(str).append(")").toString(), (String[]) null, false);
                        if (search.hasMore()) {
                            if (log.isDebugEnabled()) {
                                log.debug("LDAP searching found user");
                            }
                            LDAPEntry next = search.next();
                            String dn = next.getDN();
                            if (log.isDebugEnabled()) {
                                log.debug(new StringBuffer().append("LDAP searching found DN: ").append(dn).toString());
                            }
                            if (GetCheckLevel > 1) {
                                if (log.isDebugEnabled()) {
                                    log.debug("LDAP comparing password");
                                }
                                z = lDAPConnection.compare(dn, new LDAPAttribute("userPassword", str2));
                            }
                            if (z) {
                                if (log.isDebugEnabled()) {
                                    log.debug("LDAP adding user attributes");
                                }
                                Iterator it = next.getAttributeSet().iterator();
                                while (it.hasNext()) {
                                    LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
                                    String name = lDAPAttribute.getName();
                                    Enumeration stringValues = lDAPAttribute.getStringValues();
                                    if (stringValues != null) {
                                        while (stringValues.hasMoreElements()) {
                                            if (log.isDebugEnabled()) {
                                                log.debug(new StringBuffer().append("LDAP adding user attribute ").append(name).toString());
                                            }
                                            hashMap.put(name, (String) stringValues.nextElement());
                                        }
                                    }
                                }
                                hashMap.put("dn", dn);
                            }
                        } else {
                            if (log.isDebugEnabled()) {
                                log.debug("LDAP search user failed");
                            }
                            z2 = true;
                        }
                    }
                    if (log.isInfoEnabled()) {
                        if (z) {
                            log.info(new StringBuffer().append("LDAP Password check for user ").append(str).append(" successfull").toString());
                        } else {
                            log.info(new StringBuffer().append("LDAP Password check for user ").append(str).append(" failed").toString());
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("LDAP check in finally block");
                    }
                    try {
                        lDAPConnection.disconnect();
                    } catch (LDAPException e) {
                        e.printStackTrace();
                    }
                } catch (Throwable th) {
                    if (log.isDebugEnabled()) {
                        log.debug("LDAP check in finally block");
                    }
                    try {
                        lDAPConnection.disconnect();
                    } catch (LDAPException e2) {
                        e2.printStackTrace();
                    }
                    throw th;
                }
            } catch (LDAPException e3) {
                if (log.isInfoEnabled()) {
                    log.info(new StringBuffer().append("LDAP Password check for user ").append(str).append(" failed with exception ").append(e3.getMessage()).toString());
                }
                if (e3.getResultCode() == 32) {
                    z2 = true;
                } else if (e3.getResultCode() == 16) {
                    z2 = true;
                }
                if (log.isDebugEnabled()) {
                    log.debug("LDAP check in finally block");
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e4) {
                    e4.printStackTrace();
                }
            }
        } catch (Throwable th2) {
            z2 = true;
            if (log.isErrorEnabled()) {
                log.error(new StringBuffer().append("LDAP Password check for user ").append(str).append(" failed with exception ").append(th2.getMessage()).toString());
            }
            if (log.isDebugEnabled()) {
                log.debug("LDAP check in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e5) {
                e5.printStackTrace();
            }
        }
        if (z2) {
            if (log.isDebugEnabled()) {
                log.debug("LDAP Password check reverting to XWiki");
            }
            z = checkPassword(findUser(str, xWikiContext), str2, xWikiContext);
        }
        return z;
    }

    @Override // com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
    protected String getParam(String str, XWikiContext xWikiContext) {
        String str2 = "";
        try {
            str2 = xWikiContext.getWiki().getXWikiPreference(str, xWikiContext);
        } catch (Exception e) {
        }
        if (str2 == null || "".equals(str2)) {
            try {
                str2 = xWikiContext.getWiki().Param(new StringBuffer().append("xwiki.authentication.").append(StringUtils.replace(str, "ldap_", "ldap.")).toString());
            } catch (Exception e2) {
            }
        }
        if (str2 == null) {
            str2 = "";
        }
        return str2;
    }

    protected int GetCheckLevel(XWikiContext xWikiContext) {
        String param = getParam("ldap_check_level", xWikiContext);
        String trim = param == null ? "" : param.trim();
        int i = 2;
        if ("1".equals(trim)) {
            i = 1;
        } else if ("0".equals(trim)) {
            i = 0;
        }
        return i;
    }

    private int getLDAPPort(XWikiContext xWikiContext) {
        try {
            return xWikiContext.getWiki().getXWikiPreferenceAsInt("ldap_port", xWikiContext);
        } catch (Exception e) {
            return (int) xWikiContext.getWiki().ParamAsLong("xwiki.authentication.ldap.port", 389L);
        }
    }

    protected boolean checkDNPassword(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                int lDAPPort = getLDAPPort(xWikiContext);
                String param = getParam("ldap_server", xWikiContext);
                getParam("ldap_bind_DN", xWikiContext);
                getParam("ldap_bind_pass", xWikiContext);
                getParam("ldap_base_DN", xWikiContext);
                lDAPConnection.connect(param, lDAPPort);
                z = Bind(str, str3, lDAPConnection, 3);
                if (log.isDebugEnabled()) {
                    if (z) {
                        log.debug(new StringBuffer().append("(debug) Password check for user ").append(str).append(" successfull").toString());
                    } else {
                        log.debug(new StringBuffer().append("(debug) Password check for user ").append(str).append(" failed").toString());
                    }
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e) {
                    e.printStackTrace();
                }
            } catch (Throwable th) {
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e2) {
                    e2.printStackTrace();
                }
                throw th;
            }
        } catch (LDAPException e3) {
            if (e3.getResultCode() == 32) {
                z2 = true;
            } else if (e3.getResultCode() == 16) {
                z2 = true;
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e4) {
                e4.printStackTrace();
            }
        } catch (Throwable th2) {
            th2.printStackTrace();
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e5) {
                e5.printStackTrace();
            }
        }
        if (z2) {
            z = checkPassword(str2, str3, xWikiContext);
        }
        return z;
    }

    private boolean Bind(String str, String str2, LDAPConnection lDAPConnection, int i) throws UnsupportedEncodingException {
        boolean z = false;
        if (log.isDebugEnabled()) {
            log.debug("LDAP Bind starting");
        }
        if (str != null && str.length() > 0 && str2 != null) {
            try {
                lDAPConnection.bind(i, str, str2.getBytes("UTF8"));
                z = true;
                if (log.isDebugEnabled()) {
                    log.debug("LDAP Bind successfull");
                }
            } catch (LDAPException e) {
                if (log.isErrorEnabled()) {
                    log.error(new StringBuffer().append("LDAP Bind failed with Exception ").append(e.getMessage()).toString());
                }
            }
        } else if (log.isDebugEnabled()) {
            log.debug("LDAP Bind does not have binding info");
        }
        return z;
    }

    public boolean createUserFromLDAP(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        HashMap hashMap = new HashMap();
        try {
            try {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Password check for user ").append(str2).toString());
                    }
                    int lDAPPort = getLDAPPort(xWikiContext);
                    String param = getParam("ldap_server", xWikiContext);
                    String param2 = getParam("ldap_bind_DN", xWikiContext);
                    String param3 = getParam("ldap_bind_pass", xWikiContext);
                    Object[] objArr = {str2, str3};
                    String format = MessageFormat.format(param2, objArr);
                    String format2 = MessageFormat.format(param3, objArr);
                    String param4 = getParam("ldap_base_DN", xWikiContext);
                    lDAPConnection.connect(param, lDAPPort);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Connect successfull to host ").append(param).append(" and port ").append(lDAPPort).toString());
                    }
                    z = Bind(format, format2, lDAPConnection, 3);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("LDAP Bind returned with result ").append(z).toString());
                    }
                    if (z) {
                        LDAPSearchResults search = lDAPConnection.search(param4, 2, new StringBuffer().append("(").append(getParam("ldap_UID_attr", xWikiContext)).append("=").append(str).append(")").toString(), (String[]) null, false);
                        if (search.hasMore()) {
                            if (log.isDebugEnabled()) {
                                log.debug("LDAP searching found user");
                            }
                            LDAPEntry next = search.next();
                            String dn = next.getDN();
                            if (log.isDebugEnabled()) {
                                log.debug(new StringBuffer().append("LDAP searching found DN: ").append(dn).toString());
                            }
                            if (z) {
                                if (log.isDebugEnabled()) {
                                    log.debug("LDAP adding user attributes");
                                }
                                Iterator it = next.getAttributeSet().iterator();
                                while (it.hasNext()) {
                                    LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
                                    String name = lDAPAttribute.getName();
                                    Enumeration stringValues = lDAPAttribute.getStringValues();
                                    if (stringValues != null) {
                                        while (stringValues.hasMoreElements()) {
                                            if (log.isDebugEnabled()) {
                                                log.debug(new StringBuffer().append("LDAP adding user attribute ").append(name).toString());
                                            }
                                            hashMap.put(name, (String) stringValues.nextElement());
                                        }
                                    }
                                }
                                hashMap.put("dn", dn);
                                CreateUserFromLDAP(hashMap, xWikiContext);
                            } else if (log.isDebugEnabled()) {
                                log.debug("LDAP search user failed");
                            }
                        }
                    }
                    if (log.isInfoEnabled()) {
                        if (z) {
                            log.info(new StringBuffer().append("LDAP create user for user ").append(str).append(" successfull").toString());
                        } else {
                            log.info(new StringBuffer().append("LDAP create user for user ").append(str).append(" failed").toString());
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("LDAP create user in finally block");
                    }
                    try {
                        lDAPConnection.disconnect();
                    } catch (LDAPException e) {
                        e.printStackTrace();
                    }
                } catch (Throwable th) {
                    if (log.isDebugEnabled()) {
                        log.debug("LDAP create user in finally block");
                    }
                    try {
                        lDAPConnection.disconnect();
                    } catch (LDAPException e2) {
                        e2.printStackTrace();
                    }
                    throw th;
                }
            } catch (LDAPException e3) {
                if (log.isInfoEnabled()) {
                    log.info(new StringBuffer().append("LDAP create user for user ").append(str).append(" failed with exception ").append(e3.getMessage()).toString());
                }
                if (log.isDebugEnabled()) {
                    log.debug("LDAP create user in finally block");
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e4) {
                    e4.printStackTrace();
                }
            }
        } catch (Throwable th2) {
            if (log.isErrorEnabled()) {
                log.error(new StringBuffer().append("LDAP create user for user ").append(str).append(" failed with exception ").append(th2.getMessage()).toString());
            }
            if (log.isDebugEnabled()) {
                log.debug("LDAP create user in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e5) {
                e5.printStackTrace();
            }
        }
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$xpn$xwiki$user$impl$LDAP$LDAPAuthServiceImpl == null) {
            cls = class$("com.xpn.xwiki.user.impl.LDAP.LDAPAuthServiceImpl");
            class$com$xpn$xwiki$user$impl$LDAP$LDAPAuthServiceImpl = cls;
        } else {
            cls = class$com$xpn$xwiki$user$impl$LDAP$LDAPAuthServiceImpl;
        }
        log = LogFactory.getLog(cls);
    }
}
