package com.axelor.auth;

import com.axelor.auth.db.Group;
import com.axelor.auth.db.User;
import com.axelor.auth.db.repo.GroupRepository;
import com.axelor.auth.db.repo.UserRepository;
import com.axelor.db.Query;
import com.google.common.base.MoreObjects;
import com.google.common.collect.Sets;
import com.google.inject.persist.Transactional;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.UUID;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/axelor/auth/AuthLdap.class */
public class AuthLdap {
    public static final String LDAP_SERVER_URL = "ldap.server.url";
    public static final String LDAP_AUTH_TYPE = "ldap.auth.type";
    public static final String LDAP_SYSTEM_USER = "ldap.system.user";
    public static final String LDAP_SYSTEM_PASSWORD = "ldap.system.password";
    public static final String LDAP_GROUP_BASE = "ldap.group.base";
    public static final String LDAP_GROUP_OBJECT_CLASS = "ldap.group.object.class";
    public static final String LDAP_GROUP_FILTER = "ldap.group.filter";
    public static final String LDAP_USER_BASE = "ldap.user.base";
    public static final String LDAP_USER_FILTER = "ldap.user.filter";
    public static final String DEFAULT_AUTH_TYPE = "simple";
    private String ldapServerUrl;
    private String ldapAuthType;
    private String ldapSysUser;
    private String ldapSysPassword;
    private String ldapGroupsDn;
    private String ldapUsersDn;
    private String ldapGroupFilter;
    private String ldapUserFilter;
    private String ldapGroupObjectClass;
    private AuthService authService;

    @Inject
    private UserRepository users;

    @Inject
    private GroupRepository groups;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private JndiLdapContextFactory factory = new JndiLdapContextFactory();

    @Inject
    public AuthLdap(@Named("auth.ldap.config") Properties properties, AuthService authService) {
        this.ldapServerUrl = properties.getProperty(LDAP_SERVER_URL);
        this.ldapAuthType = properties.getProperty(LDAP_AUTH_TYPE, DEFAULT_AUTH_TYPE);
        this.ldapSysUser = properties.getProperty(LDAP_SYSTEM_USER);
        this.ldapSysPassword = properties.getProperty(LDAP_SYSTEM_PASSWORD);
        this.ldapGroupsDn = properties.getProperty(LDAP_GROUP_BASE);
        this.ldapUsersDn = properties.getProperty(LDAP_USER_BASE);
        this.ldapGroupFilter = properties.getProperty(LDAP_GROUP_FILTER);
        this.ldapUserFilter = properties.getProperty(LDAP_USER_FILTER);
        this.ldapGroupObjectClass = properties.getProperty(LDAP_GROUP_OBJECT_CLASS);
        this.factory.setUrl(this.ldapServerUrl);
        this.factory.setSystemUsername(this.ldapSysUser);
        this.factory.setSystemPassword(this.ldapSysPassword);
        this.factory.setAuthenticationMechanism(this.ldapAuthType);
        this.authService = authService;
    }

    public boolean isEnabled() {
        return (this.ldapServerUrl == null || "".equals(this.ldapServerUrl.trim())) ? false : true;
    }

    public boolean ldapUserExists(String str, String str2) {
        try {
            return search(this.ldapUsersDn, str, str2).hasMore();
        } catch (NamingException e) {
            return false;
        }
    }

    public boolean ldapGroupExists(String str, String str2) {
        try {
            return search(this.ldapGroupsDn, str, str2).hasMore();
        } catch (NamingException e) {
            return false;
        }
    }

    @Transactional
    public boolean login(String str, String str2) throws AuthenticationException {
        if (!isEnabled()) {
            throw new IllegalStateException("LDAP is not enabled.");
        }
        try {
            return doLogin(str, str2);
        } catch (NamingException e) {
            throw new AuthenticationException(e);
        }
    }

    private boolean doLogin(String str, String str2) throws NamingException {
        NamingEnumeration<?> search = search(this.ldapUsersDn, this.ldapUserFilter, str);
        if (!search.hasMore()) {
            throw new NamingException("LDAP user does not exist: " + str);
        }
        if (!search.hasMore()) {
            return false;
        }
        SearchResult searchResult = (SearchResult) search.next();
        LdapContext ldapContext = null;
        try {
            ldapContext = this.factory.getLdapContext(searchResult.getNameInNamespace(), str2);
            LdapUtils.closeContext(ldapContext);
            findOrCreateUser(str, searchResult);
            return true;
        } catch (Throwable th) {
            LdapUtils.closeContext(ldapContext);
            throw th;
        }
    }

    private NamingEnumeration<?> search(String str, String str2, String str3) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        String replaceAll = str2.replaceAll("\\{0\\}", str3);
        LdapContext systemLdapContext = this.factory.getSystemLdapContext();
        try {
            NamingEnumeration<?> search = systemLdapContext.search(str, replaceAll, searchControls);
            LdapUtils.closeContext(systemLdapContext);
            return search;
        } catch (Throwable th) {
            LdapUtils.closeContext(systemLdapContext);
            throw th;
        }
    }

    private User findOrCreateUser(String str, SearchResult searchResult) throws NamingException {
        User findByCode = this.users.findByCode(str);
        if (findByCode != null) {
            return findByCode;
        }
        String str2 = str;
        try {
            str2 = (String) searchResult.getAttributes().get("cn").get();
        } catch (NamingException e) {
        }
        User user = new User(str, str2);
        user.setPassword(UUID.randomUUID().toString());
        this.authService.encrypt(user);
        try {
            user.setGroup(findOrCreateGroup(user));
        } catch (Exception e2) {
        }
        try {
            createLdapGroups();
        } catch (Exception e3) {
            this.log.warn("unable to create ldap groups", e3);
        }
        return this.users.save(user);
    }

    private Group findOrCreateGroup(User user) throws NamingException {
        Group group = user.getGroup();
        if (group != null) {
            return group;
        }
        NamingEnumeration<?> search = search(this.ldapGroupsDn, this.ldapGroupFilter, user.getCode());
        if (search.hasMore()) {
            String str = (String) ((SearchResult) search.next()).getAttributes().get("cn").get();
            group = this.groups.findByCode(str);
            if (group == null) {
                group = new Group(str, str.substring(0, 1).toUpperCase() + str.substring(1));
            }
        }
        if (search.hasMore()) {
            this.log.warn("more then one groups defined.");
        }
        return group;
    }

    private void uploadGroup(Group group) throws NamingException {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add(this.ldapGroupObjectClass);
        BasicAttribute basicAttribute2 = new BasicAttribute("cn");
        basicAttribute2.add(group.getCode());
        BasicAttribute basicAttribute3 = new BasicAttribute("uniqueMember");
        basicAttribute3.add("uid=admin");
        basicAttributes.put(basicAttribute);
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute3);
        LdapContext systemLdapContext = this.factory.getSystemLdapContext();
        try {
            systemLdapContext.createSubcontext("cn=" + group.getCode() + "," + this.ldapGroupsDn, basicAttributes);
            LdapUtils.closeContext(systemLdapContext);
        } catch (Throwable th) {
            LdapUtils.closeContext(systemLdapContext);
            throw th;
        }
    }

    private void createLdapGroups() throws NamingException {
        if (this.ldapGroupObjectClass == null || "".equals(this.ldapGroupObjectClass.trim())) {
            return;
        }
        HashSet newHashSet = Sets.newHashSet();
        NamingEnumeration<?> search = search(this.ldapGroupsDn, this.ldapGroupFilter, "*");
        while (search.hasMore()) {
            newHashSet.add((String) ((SearchResult) search.next()).getAttributes().get("cn").get());
        }
        Iterator it = Query.of(Group.class).filter("self.code not in (:names)").bind("names", newHashSet).fetch().iterator();
        while (it.hasNext()) {
            uploadGroup((Group) it.next());
        }
    }

    public String toString() {
        return MoreObjects.toStringHelper(getClass()).add("url", this.ldapServerUrl).toString();
    }
}
