package org.exist.security;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.log4j.Logger;
import org.exist.security.xacml.ExistPDP;
import org.exist.security.xacml.XACMLConstants;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;

/* loaded from: input_file:WEB-INF/lib/exist-1.2.4.jar:org/exist/security/LDAPSecurityManager.class */
public class LDAPSecurityManager implements SecurityManager {
    private static final Logger LOG;
    protected Map userByNameCache = new HashMap();
    protected Map userByIdCache = new HashMap();
    protected Map groupByNameCache = new HashMap();
    protected Map groupByIdCache = new HashMap();
    protected String contextFactory = getProperty("security.ldap.contextFactory", "com.sun.jndi.ldap.LdapCtxFactory");
    protected String connectionURL = getProperty("security.ldap.connection.url", null);
    protected String userPasswordAttr = getProperty("security.ldap.attr.userPassword", "userPassword");
    protected String userDigestPasswordAttr = getProperty("security.ldap.attr.userDigestPassword", "digestPassword");
    protected String uidAttr = getProperty("security.ldap.attr.uid", "uid");
    protected String uidNumberAttr = getProperty("security.ldap.attr.uidNumber", "uidNumber");
    protected String gidNumberAttr = getProperty("security.ldap.attr.gidNumber", "gidNumber");
    protected String groupNameAttr = getProperty("security.ldap.attr.groupName", "cn");
    protected String groupMemberName = getProperty("security.ldap.attr.groupMemberName", "uniqueMember");
    protected String groupClassName = getProperty("security.ldap.groupClass", "posixGroup");
    protected String userClassName = getProperty("security.ldap.userClass", "posixAccount");
    protected String userBase = getProperty("security.ldap.dn.user", null);
    protected String groupBase = getProperty("security.ldap.dn.group", null);
    protected DirContext context = null;
    protected String userByNamePattern = null;
    protected String userByIdPattern = null;
    protected MessageFormat userByNamePatternFormat = null;
    protected MessageFormat userByIdPatternFormat = null;
    protected String groupByIdPattern = null;
    protected String groupByNamePattern = null;
    protected MessageFormat groupByIdPatternFormat = null;
    protected MessageFormat groupByNamePatternFormat = null;
    protected ExistPDP pdp = null;
    static Class class$org$exist$security$SecurityManager;

    static String getProperty(String str, String str2) {
        String property = System.getProperty(str);
        return property == null ? str2 : property;
    }

    public LDAPSecurityManager() {
        setUserByNamePattern(new StringBuffer().append(this.uidAttr).append("={0},").append(this.userBase).toString());
        setUserByIdPattern(new StringBuffer().append(this.uidNumberAttr).append("={0},").append(this.userBase).toString());
        setGroupByIdPattern(new StringBuffer().append(this.gidNumberAttr).append("={0},").append(this.groupBase).toString());
        setGroupByNamePattern(new StringBuffer().append(this.groupNameAttr).append("={0},").append(this.groupBase).toString());
    }

    public void setUserByNamePattern(String str) {
        this.userByNamePattern = str;
        this.userByNamePatternFormat = new MessageFormat(this.userByNamePattern);
    }

    public void setUserByIdPattern(String str) {
        this.userByIdPattern = str;
        this.userByIdPatternFormat = new MessageFormat(this.userByIdPattern);
    }

    public void setGroupByIdPattern(String str) {
        this.groupByIdPattern = str;
        this.groupByIdPatternFormat = new MessageFormat(this.groupByIdPattern);
    }

    public void setGroupByNamePattern(String str) {
        this.groupByNamePattern = str;
        this.groupByNamePatternFormat = new MessageFormat(this.groupByNamePattern);
    }

    private String getAttributeValue(String str, Attributes attributes) throws NamingException {
        Attribute attribute;
        Object obj;
        if (str == null || attributes == null || (attribute = attributes.get(str)) == null || (obj = attribute.get()) == null) {
            return null;
        }
        return obj instanceof byte[] ? new String((byte[]) obj) : obj.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Hashtable getDirectoryEnvironment() {
        if (this.connectionURL == null) {
            throw new IllegalStateException("The security.ldap.connection.url property is not set.");
        }
        if (this.userBase == null) {
            throw new IllegalStateException("The security.ldap.dn.user property is not set.");
        }
        if (this.groupBase == null) {
            throw new IllegalStateException("The security.ldap.dn.group property is not set.");
        }
        Hashtable hashtable = new Hashtable();
        LOG.info(new StringBuffer().append("security.ldap.contextFactory=").append(this.contextFactory).toString());
        hashtable.put("java.naming.factory.initial", this.contextFactory);
        LOG.info(new StringBuffer().append("security.ldap.connection.url=").append(this.connectionURL).toString());
        hashtable.put("java.naming.provider.url", this.connectionURL);
        return hashtable;
    }

    @Override // org.exist.security.SecurityManager
    public void attach(BrokerPool brokerPool, DBBroker dBBroker) {
        try {
            this.context = new InitialDirContext(getDirectoryEnvironment());
            Boolean bool = (Boolean) dBBroker.getConfiguration().getProperty(XACMLConstants.ENABLE_XACML_PROPERTY);
            if (bool != null && bool.booleanValue()) {
                this.pdp = new ExistPDP(brokerPool);
                LOG.debug("XACML enabled");
            }
        } catch (NamingException e) {
            LOG.warn(new StringBuffer().append("Connecting to context failed for LDAP-based security: ").append(this.connectionURL).toString(), e);
        }
    }

    protected User getUserByName(DirContext dirContext, String str) throws NamingException {
        String format = this.userByNamePatternFormat.format(new String[]{str});
        LOG.info(new StringBuffer().append("Attempting to get user by: ").append(format).toString());
        return getUser(dirContext, format);
    }

    protected User getUserById(DirContext dirContext, int i) throws NamingException {
        LOG.info(new StringBuffer().append("Searching for ").append(this.uidNumberAttr).append("=").append(i).append(" in ").append(this.userBase).toString());
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(1);
        NamingEnumeration search = dirContext.search(this.userBase, new StringBuffer().append("(").append(this.uidNumberAttr).append("=").append(i).append(")").toString(), searchControls);
        if (search.hasMore()) {
            return newUserFromAttributes(dirContext, ((SearchResult) search.next()).getAttributes());
        }
        return null;
    }

    protected Group getGroupById(DirContext dirContext, int i) throws NamingException {
        LOG.info(new StringBuffer().append("Searching for ").append(this.gidNumberAttr).append("=").append(i).append(" in ").append(this.groupBase).toString());
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(1);
        NamingEnumeration search = dirContext.search(this.groupBase, new StringBuffer().append("(").append(this.gidNumberAttr).append("=").append(i).append(")").toString(), searchControls);
        if (!search.hasMore()) {
            return null;
        }
        String attributeValue = getAttributeValue(this.groupNameAttr, ((SearchResult) search.next()).getAttributes());
        LOG.info(new StringBuffer().append("Constructing group ").append(attributeValue).toString());
        return new Group(attributeValue, i);
    }

    protected Group getGroupByName(DirContext dirContext, String str) throws NamingException {
        String format = this.groupByNamePatternFormat.format(new String[]{str});
        LOG.info(new StringBuffer().append("Attempting to get group by: ").append(format).toString());
        try {
            Attributes attributes = dirContext.getAttributes(format);
            return new Group(getAttributeValue(this.groupNameAttr, attributes), Integer.parseInt(getAttributeValue(this.gidNumberAttr, attributes)));
        } catch (NameNotFoundException e) {
            return null;
        }
    }

    protected User newUserFromAttributes(DirContext dirContext, Attributes attributes) throws NamingException {
        String attributeValue = getAttributeValue(this.uidAttr, attributes);
        String attributeValue2 = getAttributeValue(this.userPasswordAttr, attributes);
        String attributeValue3 = getAttributeValue(this.userDigestPasswordAttr, attributes);
        String attributeValue4 = getAttributeValue(this.gidNumberAttr, attributes);
        LOG.info(new StringBuffer().append("Searching for ").append(this.gidNumberAttr).append("=").append(attributeValue4).append(" in ").append(this.groupBase).toString());
        String str = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(1);
        NamingEnumeration search = dirContext.search(this.groupBase, new StringBuffer().append("(").append(this.gidNumberAttr).append("=").append(attributeValue4).append(")").toString(), searchControls);
        while (str == null && search.hasMore()) {
            str = getAttributeValue(this.groupNameAttr, ((SearchResult) search.next()).getAttributes());
        }
        if (str == null || str.length() == 0) {
            throw new IllegalStateException(new StringBuffer().append("Main group ").append(attributeValue4).append(" for user ").append(attributeValue).append(" is not able to be found in LDAP for group property ").append(this.gidNumberAttr).toString());
        }
        int parseInt = Integer.parseInt(getAttributeValue(this.uidNumberAttr, attributes));
        LOG.info(new StringBuffer().append("Constructing user ").append(attributeValue).append("/").append(parseInt).append(" in group ").append(str == null ? "<none>" : str).toString());
        User user = new User(attributeValue, (String) null, str);
        user.setUID(parseInt);
        if (attributeValue2 != null) {
            if (attributeValue2.charAt(0) == '{') {
                int indexOf = attributeValue2.indexOf(125);
                String substring = attributeValue2.substring(0, indexOf + 1);
                String substring2 = attributeValue2.substring(indexOf + 1);
                LOG.info(new StringBuffer().append("  digest: ").append(substring).append(", ").append(substring2).toString());
                if (!substring.equals("{MD5}")) {
                    throw new IllegalStateException(new StringBuffer().append("User ").append(attributeValue).append(" has a non-md5 digested password: ").append(substring).toString());
                }
                user.setEncodedPassword(substring2);
            } else {
                user.setPassword(attributeValue2);
            }
        }
        if (attributeValue3 != null) {
            user.setPasswordDigest(attributeValue3);
        }
        LOG.info("Finding additional groups...");
        NamingEnumeration search2 = dirContext.search(this.groupBase, new StringBuffer().append("(").append(this.groupMemberName).append("=").append(new StringBuffer().append(this.uidAttr).append("=").append(attributeValue).append(",").append(this.userBase).toString()).append(")").toString(), searchControls);
        while (search2.hasMore()) {
            String attributeValue5 = getAttributeValue(this.groupNameAttr, ((SearchResult) search2.next()).getAttributes());
            if (attributeValue5 == null || attributeValue5.length() == 0) {
                throw new IllegalStateException(new StringBuffer().append("Group associated with ").append(attributeValue).append(" does not have a valid name for attribute ").append(this.groupNameAttr).toString());
            }
            if (!attributeValue5.equals(str)) {
                LOG.info(new StringBuffer().append("   ...adding: ").append(attributeValue5).toString());
                user.addGroup(attributeValue5);
            }
        }
        return user;
    }

    protected User getUser(DirContext dirContext, String str) throws NamingException {
        try {
            Attributes attributes = dirContext.getAttributes(str);
            if (attributes == null) {
                return null;
            }
            LOG.info(new StringBuffer().append("User ").append(str).append(" found, attempting to find group and construct...").toString());
            return newUserFromAttributes(dirContext, attributes);
        } catch (NameNotFoundException e) {
            LOG.warn(new StringBuffer().append("Cannot find user ").append(str).toString(), e);
            return null;
        }
    }

    @Override // org.exist.security.SecurityManager
    public void addGroup(String str) {
    }

    @Override // org.exist.security.SecurityManager
    public void deleteUser(String str) throws PermissionDeniedException {
    }

    @Override // org.exist.security.SecurityManager
    public void deleteUser(User user) throws PermissionDeniedException {
    }

    @Override // org.exist.security.SecurityManager
    public int getCollectionDefaultPerms() {
        return 493;
    }

    @Override // org.exist.security.SecurityManager
    public Group getGroup(int i) {
        Integer num = new Integer(i);
        Group group = (Group) this.groupByIdCache.get(num);
        if (group == null) {
            try {
                group = getGroupById(this.context, i);
                if (group != null) {
                    this.groupByIdCache.put(num, group);
                }
            } catch (NamingException e) {
                LOG.warn(new StringBuffer().append("Cannot get group by #").append(i).append(" due to exception.").toString(), e);
            }
        }
        return group;
    }

    @Override // org.exist.security.SecurityManager
    public Group getGroup(String str) {
        Group group = (Group) this.groupByIdCache.get(str);
        if (group == null) {
            try {
                group = getGroupByName(this.context, str);
                if (group != null) {
                    this.groupByNameCache.put(str, group);
                }
            } catch (NamingException e) {
                LOG.warn(new StringBuffer().append("Cannot get group ").append(str).append(" due to exception.").toString(), e);
            }
        }
        return group;
    }

    @Override // org.exist.security.SecurityManager
    public String[] getGroups() {
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(1);
            NamingEnumeration search = this.context.search(this.groupBase, new StringBuffer().append("(objectClass=").append(this.groupClassName).append(")").toString(), searchControls);
            ArrayList arrayList = new ArrayList();
            while (search.hasMore()) {
                arrayList.add(getAttributeValue(this.groupNameAttr, ((SearchResult) search.next()).getAttributes()));
            }
            String[] strArr = new String[arrayList.size()];
            System.arraycopy(arrayList.toArray(), 0, strArr, 0, strArr.length);
            return strArr;
        } catch (NamingException e) {
            LOG.warn("Cannot get a list of all groups due to exception.", e);
            return null;
        }
    }

    @Override // org.exist.security.SecurityManager
    public boolean isXACMLEnabled() {
        return this.pdp != null;
    }

    @Override // org.exist.security.SecurityManager
    public ExistPDP getPDP() {
        return this.pdp;
    }

    @Override // org.exist.security.SecurityManager
    public int getResourceDefaultPerms() {
        return 493;
    }

    @Override // org.exist.security.SecurityManager
    public User getUser(int i) {
        Integer num = new Integer(i);
        User user = (User) this.userByIdCache.get(num);
        if (user == null) {
            try {
                user = getUserById(this.context, i);
                if (user != null) {
                    this.userByIdCache.put(num, user);
                }
            } catch (NamingException e) {
                LOG.warn(new StringBuffer().append("Cannot get user by #").append(i).append(" due to exception.").toString(), e);
            }
        }
        return user;
    }

    @Override // org.exist.security.SecurityManager
    public User getUser(String str) {
        User user = (User) this.userByNameCache.get(str);
        if (user == null) {
            try {
                user = getUserByName(this.context, str);
                if (user != null) {
                    this.userByNameCache.put(str, user);
                }
            } catch (NamingException e) {
                LOG.warn(new StringBuffer().append("Cannot get user ").append(str).append(" due to exception.").toString(), e);
            }
        }
        return user;
    }

    @Override // org.exist.security.SecurityManager
    public User[] getUsers() {
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(1);
            NamingEnumeration search = this.context.search(this.userBase, new StringBuffer().append("(objectClass=").append(this.userClassName).append(")").toString(), searchControls);
            ArrayList arrayList = new ArrayList();
            while (search.hasMore()) {
                arrayList.add(newUserFromAttributes(this.context, ((SearchResult) search.next()).getAttributes()));
            }
            User[] userArr = new User[arrayList.size()];
            System.arraycopy(arrayList.toArray(), 0, userArr, 0, userArr.length);
            return userArr;
        } catch (NamingException e) {
            LOG.warn("Cannot get the list of users due to exception.", e);
            return null;
        }
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasAdminPrivileges(User user) {
        return user.hasDbaRole();
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasUser(String str) {
        try {
            return getUserByName(this.context, str) != null;
        } catch (NamingException e) {
            LOG.warn(new StringBuffer().append("Cannot check for user ").append(str).append(" due to exception").toString(), e);
            return false;
        }
    }

    @Override // org.exist.security.SecurityManager
    public synchronized boolean hasGroup(String str) {
        try {
            return getGroupByName(this.context, str) != null;
        } catch (NamingException e) {
            LOG.warn(new StringBuffer().append("Cannot check for group ").append(str).append(" due to exception").toString(), e);
            return false;
        }
    }

    @Override // org.exist.security.SecurityManager
    public void setUser(User user) {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$exist$security$SecurityManager == null) {
            cls = class$("org.exist.security.SecurityManager");
            class$org$exist$security$SecurityManager = cls;
        } else {
            cls = class$org$exist$security$SecurityManager;
        }
        LOG = Logger.getLogger(cls);
    }
}
