package com.xpn.xwiki.user.impl.LDAP;

import com.novell.ldap.LDAPException;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.objects.classes.BaseClass;
import com.xpn.xwiki.plugin.ldap.XWikiLDAPConfig;
import com.xpn.xwiki.plugin.ldap.XWikiLDAPConnection;
import com.xpn.xwiki.plugin.ldap.XWikiLDAPSearchAttribute;
import com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils;
import com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.securityfilter.realm.SimplePrincipal;

/* loaded from: input_file:com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.class */
public class XWikiLDAPAuthServiceImpl extends XWikiAuthServiceImpl {
    private static final String XWIKI_USER_SPACE = "XWiki";
    private static final String XWIKI_GROUP_MEMBERFIELD = "member";
    private static final String XWIKI_SPACE_NAME_SEP = ".";
    private static final String LDAP_DEFAULT_UID = "cn";
    private static final Log LOG = LogFactory.getLog(XWikiLDAPAuthServiceImpl.class);
    static /* synthetic */ Class class$0;

    @Override // com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl, com.xpn.xwiki.user.api.XWikiAuthService
    public Principal authenticate(String str, String str2, XWikiContext xWikiContext) throws XWikiException {
        Principal principal = null;
        if (str != null && str.length() > 0 && str2 != null && str2.trim().length() > 0) {
            Exception exc = null;
            try {
                principal = ldapAuthenticate(str, str2, xWikiContext);
            } catch (Exception e) {
                exc = e;
            }
            if (principal == null) {
                principal = xwikiAuthenticate(str, str2, xWikiContext);
                if (LOG.isWarnEnabled() && principal == null && exc != null) {
                    xWikiContext.put("message", "loginfailed");
                    LOG.warn("LDAP authentication failed.", exc);
                }
            }
        }
        return principal;
    }

    protected Principal ldapAuthenticate(String str, String str2, XWikiContext xWikiContext) throws XWikiException, UnsupportedEncodingException, LDAPException {
        String str3 = str;
        int indexOf = str3.indexOf(".");
        if (indexOf != -1) {
            str3 = str3.substring(indexOf + 1);
        }
        XWikiLDAPConfig xWikiLDAPConfig = XWikiLDAPConfig.getInstance();
        XWikiLDAPConnection xWikiLDAPConnection = new XWikiLDAPConnection();
        XWikiLDAPUtils xWikiLDAPUtils = new XWikiLDAPUtils(xWikiLDAPConnection);
        xWikiLDAPUtils.setUidAttributeName(xWikiLDAPConfig.getLDAPParam(XWikiLDAPConfig.PREF_LDAP_UID, LDAP_DEFAULT_UID, xWikiContext));
        if (isSuperAdmin(str3)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Superadmin logged in.");
            }
            return authenticateSuperAdmin(str2, xWikiContext);
        }
        if (!xWikiLDAPConfig.isLDAPEnabled(xWikiContext)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("LDAP authentication failed: LDAP not activ");
            }
            return null;
        }
        if (!xWikiLDAPConnection.open(str3, str2, xWikiContext)) {
            throw new XWikiException(8, XWikiException.ERROR_XWIKI_USER_INIT, "Bind to LDAP server failed.");
        }
        String str4 = null;
        String lDAPParam = xWikiLDAPConfig.getLDAPParam("ldap_user_group", "", xWikiContext);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking if the user belongs to the user group: " + lDAPParam);
        }
        if (lDAPParam.length() > 0) {
            str4 = xWikiLDAPUtils.isUserInGroup(str3, lDAPParam, xWikiContext);
            if (str4 == null) {
                throw new XWikiException(8, XWikiException.ERROR_XWIKI_USER_INIT, "LDAP user {0} does not belong to LDAP group {1}.", null, new Object[]{str3, lDAPParam});
            }
        }
        if (str4 == null) {
            str4 = getUserDNFromXWiki(str3, xWikiContext);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Found user dn with the user object: " + str4);
            }
        }
        List list = null;
        if (str4 == null) {
            String lDAPParam2 = xWikiLDAPConfig.getLDAPParam(XWikiLDAPConfig.PREF_LDAP_UID, LDAP_DEFAULT_UID, xWikiContext);
            String format = MessageFormat.format("({0}={1})", lDAPParam2, str3);
            String lDAPParam3 = xWikiLDAPConfig.getLDAPParam("ldap_base_DN", "", xWikiContext);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Searching for the user in LDAP: user:" + str3 + " base:" + lDAPParam3 + " query:" + format + " uid:" + lDAPParam2);
            }
            list = xWikiLDAPConnection.searchLDAP(lDAPParam3, format, getAttributeNameTable(xWikiContext), 2);
            Iterator it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                XWikiLDAPSearchAttribute xWikiLDAPSearchAttribute = (XWikiLDAPSearchAttribute) it.next();
                if ("dn".equals(xWikiLDAPSearchAttribute.name)) {
                    str4 = xWikiLDAPSearchAttribute.value;
                    break;
                }
            }
        }
        if (str4 == null) {
            throw new XWikiException(8, XWikiException.ERROR_XWIKI_USER_INIT, "Can't find LDAP user DN.");
        }
        if ("1".equals(xWikiLDAPConfig.getLDAPParam("ldap_validate_password", "0", xWikiContext))) {
            if (!xWikiLDAPConnection.checkPassword(str4, str2)) {
                throw new XWikiException(8, XWikiException.ERROR_XWIKI_USER_INIT, "LDAP authentication failed: could not validate the password: wrong password for " + str4);
            }
        } else if (!str4.equals(MessageFormat.format(xWikiLDAPConfig.getLDAPParam("ldap_bind_DN", "{0}", xWikiContext), str3))) {
            xWikiLDAPConnection.getConnection().bind(3, str4, str2.getBytes("UTF8"));
        }
        boolean syncUser = syncUser(str3, str4, list, xWikiLDAPUtils, xWikiContext);
        Principal userPrincipal = getUserPrincipal(str3, xWikiContext);
        if (userPrincipal == null) {
            throw new XWikiException(8, XWikiException.ERROR_XWIKI_USER_INIT, "Could not create authenticated principal.");
        }
        syncGroupsMembership(str3, str4, syncUser, xWikiLDAPUtils, xWikiContext);
        return userPrincipal;
    }

    protected Principal xwikiAuthenticate(String str, String str2, XWikiContext xWikiContext) throws XWikiException {
        Principal principal = null;
        if ("1".equals(XWikiLDAPConfig.getInstance().getLDAPParam("ldap_trylocal", "0", xWikiContext))) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Trying authentication against XWiki DB");
            }
            principal = super.authenticate(str, str2, xWikiContext);
        }
        return principal;
    }

    protected String[] getAttributeNameTable(XWikiContext xWikiContext) {
        String[] strArr = (String[]) null;
        XWikiLDAPConfig xWikiLDAPConfig = XWikiLDAPConfig.getInstance();
        ArrayList arrayList = new ArrayList();
        xWikiLDAPConfig.getUserMappings(arrayList, xWikiContext);
        int size = arrayList.size();
        if (size > 0) {
            strArr = (String[]) arrayList.toArray(new String[size]);
        }
        return strArr;
    }

    protected boolean syncUser(String str, String str2, List list, XWikiLDAPUtils xWikiLDAPUtils, XWikiContext xWikiContext) throws XWikiException {
        String findUser = findUser(str, xWikiContext);
        boolean z = findUser == null;
        XWikiLDAPConfig xWikiLDAPConfig = XWikiLDAPConfig.getInstance();
        if (z || xWikiLDAPConfig.getLDAPParam("ldap_update_user", "0", xWikiContext).equals("1")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("LDAP attributes will be used to update XWiki attributes.");
            }
            List list2 = list;
            if (list2 == null) {
                list2 = xWikiLDAPUtils.getConnection().searchLDAP(str2, null, getAttributeNameTable(xWikiContext), 0);
            }
            if (z) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Creating new XWiki user based on LDAP attribues located at " + str2);
                }
                createUserFromLDAP(str, list2, xWikiContext);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("New XWiki user created: " + findUser);
                }
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Updating existing user with LDAP attribues located at " + str2);
                }
                updateUserFromLDAP(findUser, list2, xWikiContext);
            }
        }
        return z;
    }

    protected void syncGroupsMembership(String str, String str2, boolean z, XWikiLDAPUtils xWikiLDAPUtils, XWikiContext xWikiContext) throws XWikiException {
        XWikiLDAPConfig xWikiLDAPConfig = XWikiLDAPConfig.getInstance();
        Map groupMappings = xWikiLDAPConfig.getGroupMappings(xWikiContext);
        if (groupMappings.size() > 0) {
            String lDAPParam = xWikiLDAPConfig.getLDAPParam("ldap_mode_group_sync", "", xWikiContext);
            if ((lDAPParam.equalsIgnoreCase("create") && z) || lDAPParam.equalsIgnoreCase("always")) {
                syncGroupsMembership(str, str2, groupMappings, xWikiLDAPUtils, xWikiContext);
                xWikiContext.getWiki().getGroupService(xWikiContext).flushCache();
            }
        }
    }

    protected void syncGroupsMembership(String str, String str2, Map map, XWikiLDAPUtils xWikiLDAPUtils, XWikiContext xWikiContext) throws XWikiException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Updating group membership for the user: " + str);
        }
        Collection allGroupsNamesForMember = xWikiContext.getWiki().getGroupService(xWikiContext).getAllGroupsNamesForMember(str, 0, 0, xWikiContext);
        if (LOG.isDebugEnabled()) {
            LOG.debug("The user belongs to following XWiki groups: ");
            Iterator it = allGroupsNamesForMember.iterator();
            while (it.hasNext()) {
                LOG.debug(it.next().toString());
            }
        }
        List allMatchedGroups = xWikiContext.getWiki().getGroupService(xWikiContext).getAllMatchedGroups(null, false, 0, 0, null, xWikiContext);
        if (LOG.isDebugEnabled()) {
            LOG.debug("All defined XWiki groups: ");
            Iterator it2 = allMatchedGroups.iterator();
            while (it2.hasNext()) {
                LOG.debug(it2.next().toString());
            }
        }
        for (Map.Entry entry : map.entrySet()) {
            String str3 = (String) entry.getKey();
            String str4 = (String) entry.getValue();
            if (allMatchedGroups.contains(str4)) {
                syncGroupMembership(str, str2, str4, allGroupsNamesForMember, xWikiLDAPUtils.getGroupMembers(str3, xWikiContext), xWikiContext);
            } else if (LOG.isWarnEnabled()) {
                LOG.warn("XWiki group not found:" + str4);
            }
        }
    }

    protected void syncGroupMembership(String str, String str2, String str3, Collection collection, Map map, XWikiContext xWikiContext) {
        if (map.containsKey(str2)) {
            if (collection.contains(str3)) {
                return;
            }
            addUserToXWikiGroup(str, str3, xWikiContext);
        } else if (collection.contains(str3)) {
            removeUserFromGroup(str, str3, xWikiContext);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Finished removing xwiki group " + str3 + " from user " + str);
            }
        }
    }

    protected void addUserToXWikiGroup(String str, String str2, XWikiContext xWikiContext) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("Adding user {0} to xwiki group {1}", str, str2));
            }
            String str3 = "XWiki." + str;
            BaseClass groupClass = xWikiContext.getWiki().getGroupClass(xWikiContext);
            XWikiDocument document = xWikiContext.getWiki().getDocument(str2, xWikiContext);
            BaseObject newObject = document.newObject(groupClass.getName(), xWikiContext);
            HashMap hashMap = new HashMap();
            hashMap.put(XWIKI_GROUP_MEMBERFIELD, str3);
            groupClass.fromMap(hashMap, newObject);
            xWikiContext.getWiki().saveDocument(document, xWikiContext);
            xWikiContext.getWiki().getGroupService(xWikiContext).addUserToGroup(str3, xWikiContext.getDatabase(), str2, xWikiContext);
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("Finished adding user {0} to xwiki group {1}", str, str2));
            }
        } catch (Exception e) {
            LOG.error(String.format("Failed to add a user [{0}] to a group [{1}]", str, str2), e);
        }
    }

    protected void removeUserFromGroup(String str, String str2, XWikiContext xWikiContext) {
        try {
            String name = xWikiContext.getWiki().getGroupClass(xWikiContext).getName();
            XWikiDocument document = xWikiContext.getWiki().getDocument(str2, xWikiContext);
            document.removeObject(document.getObject(name, XWIKI_GROUP_MEMBERFIELD, "XWiki." + str));
            xWikiContext.getWiki().saveDocument(document, xWikiContext);
        } catch (Exception e) {
            LOG.error("Failed to remove a user from a group " + str + " group: " + str2, e);
        }
    }

    protected Principal getUserPrincipal(String str, XWikiContext xWikiContext) {
        Principal userPrincipal = getUserPrincipal(xWikiContext.getDatabase(), str, xWikiContext);
        if (!xWikiContext.isMainWiki() && userPrincipal == null) {
            userPrincipal = getUserPrincipal(xWikiContext.getMainXWiki(), str, xWikiContext);
        }
        return userPrincipal;
    }

    protected Principal getUserPrincipal(String str, String str2, XWikiContext xWikiContext) {
        SimplePrincipal simplePrincipal = null;
        String database = xWikiContext.getDatabase();
        try {
            xWikiContext.setDatabase(str);
            try {
                String findUser = findUser(str2, xWikiContext);
                if (findUser != null) {
                    simplePrincipal = new SimplePrincipal(String.valueOf(xWikiContext.getDatabase()) + ":" + findUser);
                }
            } catch (Exception e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Failed creating a Principal for user " + str2, e);
                }
            }
            xWikiContext.setDatabase(database);
            return simplePrincipal;
        } catch (Throwable th) {
            xWikiContext.setDatabase(database);
            throw th;
        }
    }

    protected void updateUserFromLDAP(String str, List list, XWikiContext xWikiContext) throws XWikiException {
        Map userMappings = XWikiLDAPConfig.getInstance().getUserMappings(null, xWikiContext);
        BaseClass userClass = xWikiContext.getWiki().getUserClass(xWikiContext);
        XWikiDocument document = xWikiContext.getWiki().getDocument(str, xWikiContext);
        BaseObject object = document.getObject(userClass.getName());
        HashMap hashMap = new HashMap();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            XWikiLDAPSearchAttribute xWikiLDAPSearchAttribute = (XWikiLDAPSearchAttribute) it.next();
            String str2 = xWikiLDAPSearchAttribute.value;
            String str3 = (String) userMappings.get(xWikiLDAPSearchAttribute.name);
            if (str3 != null) {
                hashMap.put(str3, str2);
            }
        }
        userClass.fromMap(hashMap, object);
        xWikiContext.getWiki().saveDocument(document, xWikiContext);
    }

    protected void createUserFromLDAP(String str, List list, XWikiContext xWikiContext) throws XWikiException {
        Map userMappings = XWikiLDAPConfig.getInstance().getUserMappings(null, xWikiContext);
        BaseClass userClass = xWikiContext.getWiki().getUserClass(xWikiContext);
        HashMap hashMap = new HashMap();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            XWikiLDAPSearchAttribute xWikiLDAPSearchAttribute = (XWikiLDAPSearchAttribute) it.next();
            String str2 = xWikiLDAPSearchAttribute.value;
            String str3 = (String) userMappings.get(xWikiLDAPSearchAttribute.name);
            if (str3 != null) {
                hashMap.put(str3, str2);
            }
        }
        hashMap.put("active", "1");
        xWikiContext.getWiki().createUser(str, hashMap, userClass.getName(), "#includeForm(\"XWiki.XWikiUserTemplate\")", "edit", xWikiContext);
    }

    protected String getUserDNFromXWiki(String str, XWikiContext xWikiContext) {
        String str2 = null;
        if (xWikiContext != null) {
            str2 = getUserDNFromXWiki(xWikiContext.getDatabase(), str, xWikiContext);
            if (!xWikiContext.isMainWiki() && (str2 == null || str2.length() == 0)) {
                str2 = getUserDNFromXWiki(xWikiContext.getMainXWiki(), str, xWikiContext);
            }
        }
        return str2;
    }

    protected String getUserDNFromXWiki(String str, String str2, XWikiContext xWikiContext) {
        String str3 = null;
        String database = xWikiContext.getDatabase();
        try {
            xWikiContext.setDatabase(str);
            try {
                String findUser = findUser(str2, xWikiContext);
                if (findUser != null && findUser.length() != 0) {
                    XWikiDocument document = xWikiContext.getWiki().getDocument(str2, xWikiContext);
                    BaseClass userClass = xWikiContext.getWiki().getUserClass(xWikiContext);
                    if (document.getObject(userClass.getName()) != null) {
                        str3 = document.getStringValue(userClass.getName(), "ldap_dn");
                    }
                }
            } catch (Exception e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Faild finding LDAP DN stored in the user object (virtual).", e);
                }
            }
            xWikiContext.setDatabase(database);
            return str3;
        } catch (Throwable th) {
            xWikiContext.setDatabase(database);
            throw th;
        }
    }
}
