package de.devbrain.bw.app.jaas;

import de.devbrain.bw.app.jaas.AbstractLoginModule;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NamingSecurityException;
import javax.naming.PartialResultException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:de/devbrain/bw/app/jaas/LDAPLoginModule.class */
public class LDAPLoginModule extends AbstractLoginModule {
    public static final String USER_FILTER = "userFilter";
    private static final Set<String> RECOGNIZED_OPTIONS = new HashSet(Collections.singleton(USER_FILTER));
    private String userFilter;
    private Properties jndiProperties;
    private String userDN;

    @Override // de.devbrain.bw.app.jaas.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        Objects.requireNonNull(map2);
        Set set = (Set) map2.keySet().stream().filter(str -> {
            return !RECOGNIZED_OPTIONS.contains(str);
        }).filter(str2 -> {
            return !str2.startsWith(LdapEnvironmentBuilder.PREFIX);
        }).collect(Collectors.toSet());
        if (!set.isEmpty()) {
            throw new IllegalArgumentException(MessageFormat.format("Unrecognized options {0} for LoginModule {1}", set, getClass().getName()));
        }
        super.initialize(subject, callbackHandler, map, map2);
        this.userFilter = getMandatoryOption(USER_FILTER, map2).toString();
        this.jndiProperties = new LdapEnvironmentBuilder().from(map2);
        this.userDN = null;
    }

    public boolean login() throws LoginException {
        AbstractLoginModule.Credentials askCredentials = askCredentials();
        try {
            this.userDN = searchDN(askCredentials.getName());
            if (this.userDN == null) {
                throw new AccountNotFoundException("No user '" + askCredentials.getName() + "' found.");
            }
            Properties properties = (Properties) this.jndiProperties.clone();
            properties.put("java.naming.security.principal", this.userDN);
            properties.put("java.naming.security.credentials", new String(askCredentials.getPassword()));
            try {
                InitialDirContext initialDirContext = new InitialDirContext(properties);
                try {
                    initialDirContext.getNameInNamespace();
                    initialDirContext.close();
                    return true;
                } catch (Throwable th) {
                    initialDirContext.close();
                    throw th;
                }
            } catch (NamingException e) {
                throw new NonRecoverableErrorException(e.getMessage(), e);
            } catch (NamingSecurityException e2) {
                throw new FailedLoginException(e2.getMessage() + " (" + this.userDN + ")");
            }
        } catch (NamingException e3) {
            throw new NonRecoverableErrorException("Could not search user '" + askCredentials.getName() + "': " + e3.getMessage(), e3);
        }
    }

    private String searchDN(String str) throws NamingException {
        InitialLdapContext initialLdapContext = new InitialLdapContext(this.jndiProperties, (Control[]) null);
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration<SearchResult> search = initialLdapContext.search("", this.userFilter, new Object[]{str}, searchControls);
            try {
                String nameOf = nameOf(search);
                search.close();
                initialLdapContext.close();
                return nameOf;
            } catch (Throwable th) {
                search.close();
                throw th;
            }
        } catch (Throwable th2) {
            initialLdapContext.close();
            throw th2;
        }
    }

    private String nameOf(NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        try {
            if (namingEnumeration.hasMore()) {
                return ((SearchResult) namingEnumeration.next()).getNameInNamespace();
            }
            return null;
        } catch (PartialResultException e) {
            return null;
        }
    }

    public boolean commit() throws LoginException {
        if (this.userDN == null) {
            return false;
        }
        getSubject().getPrincipals().add(new X500Principal(this.userDN));
        return true;
    }

    public boolean abort() throws LoginException {
        this.userDN = null;
        return true;
    }

    public boolean logout() throws LoginException {
        Iterator<Principal> it = getSubject().getPrincipals().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof X500Principal) {
                it.remove();
            }
        }
        this.userDN = null;
        return true;
    }
}
