package sernet.gs.server.security;

import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.Authentication;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.providers.ldap.LdapAuthenticator;
import org.springframework.security.ui.digestauth.DigestProcessingFilter;
import org.springframework.security.userdetails.UsernameNotFoundException;
import sernet.gs.service.ServerInitializer;
import sernet.hui.common.connect.Entity;

/* loaded from: input_file:sernet/gs/server/security/LdapAuthenticatorImpl.class */
public class LdapAuthenticatorImpl extends UserLoader implements LdapAuthenticator {
    private static final Logger LOG = Logger.getLogger(LdapAuthenticatorImpl.class);
    private DefaultSpringSecurityContextSource contextFactory;
    private String principalPrefix = "";
    private String principalSuffix = "";
    private String guestUser = "";
    private String adminuser = "";
    private String passwordRealm = "";
    private String adminpass = "";

    public void setPasswordRealm(String str) {
        this.passwordRealm = str;
    }

    public void setAdminuser(String str) {
        this.adminuser = str;
    }

    public void setAdminpass(String str) {
        this.adminpass = str;
    }

    public DirContextOperations authenticate(Authentication authentication) {
        List<Entity> loadUserEntites;
        String name = authentication.getName();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication start, username: \"" + name + "\"");
        }
        String str = String.valueOf(this.principalPrefix) + name + this.principalSuffix;
        String obj = authentication.getCredentials() != null ? authentication.getCredentials().toString() : "";
        if ("".equals(str.trim()) || "".equals(obj.trim())) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Blank username and/or password entered.");
            }
            throw new BadCredentialsException("Blank username and/or password!");
        }
        if (!this.adminuser.isEmpty() && !this.adminpass.isEmpty() && name.equals(this.adminuser)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Administrative username entered");
            }
            checkAdminPassword(name, obj);
            return defaultAdministrator();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authenticating against AD or LDAP, user-dn: \"" + str + "\"");
        }
        try {
            this.contextFactory.getReadWriteContext(str, obj);
            if (LOG.isDebugEnabled()) {
                LOG.debug("AD or LDAP authentication was successful");
            }
            ServerInitializer.inheritVeriniceContextState();
            List<Entity> loadUserEntites2 = loadUserEntites(name);
            if (loadUserEntites2 != null && loadUserEntites2.size() > 0) {
                for (Entity entity : loadUserEntites2) {
                    if (DbUserDetailsService.isUser(name, entity)) {
                        if (!"1".equals(entity.getSimpleValue("configuration_deactivated"))) {
                            return ldapUser(entity);
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("User " + name + " is deactivated");
                        }
                        throw new UsernameNotFoundException(Messages.getString("DbUserDetailsService.5"));
                    }
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("Username not found in verinice DB: " + name);
            }
            if (this.guestUser != null && this.guestUser.length() > 0 && (loadUserEntites = loadUserEntites(this.guestUser)) != null && loadUserEntites.size() > 0) {
                for (Entity entity2 : loadUserEntites) {
                    if (DbUserDetailsService.isUser(this.guestUser, entity2)) {
                        return ldapUser(entity2, new String[]{"ROLE_GUEST"});
                    }
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authentication fails: Username and guest account not found in verinice DB.");
            }
            throw new UsernameNotFoundException("No matching account or guest account found for authenticated directory user " + name + " in the verinice database. Create an account for the user in verinice first, matching the directory's account name.");
        } catch (RuntimeException e) {
            if (LOG.isInfoEnabled()) {
                LOG.info("AD or LDAP authentication failed.");
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Stacktrace: ", e);
            }
            throw e;
        }
    }

    private DirContextOperations ldapUser(Entity entity, String[] strArr) {
        DirContextAdapter dirContextAdapter = new DirContextAdapter();
        ArrayList arrayList = new ArrayList();
        if (!entity.isSelected("configuration_rcp", "configuration_rcp_no")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("User Desktop: yes");
            }
            arrayList.add("ROLE_USER");
        }
        if (!entity.isSelected("configuration_web", "configuration_web_no")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Web Desktop: yes");
            }
            arrayList.add("ROLE_WEB");
        }
        if (entity.isSelected("configuration_isadmin", "configuration_isadmin_yes")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Administrator: yes");
            }
            arrayList.add("ROLE_ADMIN");
        }
        if (strArr != null && strArr.length > 0) {
            for (String str : strArr) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Additional role: " + str);
                }
                arrayList.add(str);
            }
        }
        dirContextAdapter.setAttributeValues(LdapAuthenticationProvider.ROLES_ATTRIBUTE, (String[]) arrayList.toArray(new String[arrayList.size()]));
        return dirContextAdapter;
    }

    private DirContextOperations defaultAdministrator() {
        DirContextAdapter dirContextAdapter = new DirContextAdapter();
        ArrayList arrayList = new ArrayList();
        arrayList.add("ROLE_USER");
        arrayList.add("ROLE_ADMIN");
        arrayList.add("ROLE_WEB");
        dirContextAdapter.setAttributeValues(LdapAuthenticationProvider.ROLES_ATTRIBUTE, (String[]) arrayList.toArray(new String[arrayList.size()]));
        return dirContextAdapter;
    }

    private void checkAdminPassword(String str, String str2) {
        if (DigestProcessingFilter.encodePasswordInA1Format(str, this.passwordRealm, str2).equals(this.adminpass)) {
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Wrong password for administrative user");
        }
        throw new BadCredentialsException("Wrong username / password for administrative user.");
    }

    public void setGuestUser(String str) {
        this.guestUser = str;
    }

    private DirContextOperations ldapUser(Entity entity) {
        return ldapUser(entity, null);
    }

    public DefaultSpringSecurityContextSource getContextFactory() {
        return this.contextFactory;
    }

    public void setContextFactory(DefaultSpringSecurityContextSource defaultSpringSecurityContextSource) {
        this.contextFactory = defaultSpringSecurityContextSource;
    }

    public String getPrincipalPrefix() {
        return this.principalPrefix;
    }

    public void setPrincipalPrefix(String str) {
        if (str != null) {
            this.principalPrefix = str;
        } else {
            this.principalPrefix = "";
        }
    }

    public String getPrincipalSuffix() {
        return this.principalSuffix;
    }

    public void setPrincipalSuffix(String str) {
        this.principalSuffix = str;
    }
}
