package id.onyx.obdp.server.security.authorization;

import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.ldap.domain.OBDPLdapConfiguration;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticator;
import org.springframework.security.ldap.search.LdapUserSearch;

/* loaded from: input_file:id/onyx/obdp/server/security/authorization/AmbariLdapBindAuthenticator.class */
public class AmbariLdapBindAuthenticator extends AbstractLdapAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariLdapBindAuthenticator.class);
    private static final String AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY = "ambari_admin";
    private final OBDPLdapConfiguration ldapConfiguration;

    public AmbariLdapBindAuthenticator(BaseLdapPathContextSource baseLdapPathContextSource, OBDPLdapConfiguration oBDPLdapConfiguration) {
        super(baseLdapPathContextSource);
        this.ldapConfiguration = oBDPLdapConfiguration;
    }

    public DirContextOperations authenticate(Authentication authentication) {
        String str;
        if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
            LOG.info("Unexpected authentication token type encountered ({}) - failing authentication.", authentication.getClass().getName());
            throw new BadCredentialsException("Unexpected authentication token type encountered.");
        }
        DirContextOperations authenticate = authenticate((UsernamePasswordAuthenticationToken) authentication);
        LdapServerProperties ldapServerProperties = this.ldapConfiguration.getLdapServerProperties();
        if (StringUtils.isNotEmpty(ldapServerProperties.getAdminGroupMappingRules())) {
            setAmbariAdminAttr(authenticate, ldapServerProperties);
        }
        String stringAttribute = authenticate.getStringAttribute(ldapServerProperties.getUsernameAttribute());
        String name = authentication.getName();
        if (stringAttribute == null) {
            LOG.warn("The user data does not contain a value for {}.", ldapServerProperties.getUsernameAttribute());
        } else if (stringAttribute.isEmpty()) {
            LOG.warn("The user data contains an empty value for {}.", ldapServerProperties.getUsernameAttribute());
        } else {
            LOG.info("User with {}='{}' logged in with login alias '{}'", new Object[]{ldapServerProperties.getUsernameAttribute(), stringAttribute, name});
            if (ldapServerProperties.isForceUsernameToLowercase()) {
                str = stringAttribute.toLowerCase();
                LOG.info("Forcing ldap username to be lowercase characters: {} ==> {}", stringAttribute, str);
            } else {
                str = stringAttribute;
            }
            if (!str.equals(name.toLowerCase())) {
                AuthorizationHelper.addLoginNameAlias(str, name.toLowerCase());
            }
        }
        return authenticate;
    }

    private DirContextOperations authenticate(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        DirContextOperations dirContextOperations = null;
        String name = usernamePasswordAuthenticationToken.getName();
        Object credentials = usernamePasswordAuthenticationToken.getCredentials();
        String str = credentials instanceof String ? (String) credentials : null;
        if (StringUtils.isEmpty(name)) {
            LOG.debug("Empty username encountered - failing authentication.");
            throw new BadCredentialsException("Empty username encountered.");
        }
        LOG.debug("Authenticating {}", name);
        if (StringUtils.isEmpty(str)) {
            LOG.debug("Empty password encountered - failing authentication.");
            throw new BadCredentialsException("Empty password encountered.");
        }
        LdapUserSearch userSearch = getUserSearch();
        if (userSearch == null) {
            LOG.debug("The user search facility has not been set - failing authentication.");
            throw new BadCredentialsException("The user search facility has not been set.");
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("Searching for user with username {}: {}", name, userSearch);
        }
        DirContextOperations searchForUser = userSearch.searchForUser(name);
        if (searchForUser == null) {
            LOG.debug("LDAP user object not found for {}", name);
        } else {
            LOG.debug("Found LDAP user for {}: {}", name, searchForUser.getDn());
            dirContextOperations = bind(searchForUser, str);
            if (LOG.isTraceEnabled()) {
                Attributes attributes = dirContextOperations.getAttributes();
                if (attributes != null) {
                    StringBuilder sb = new StringBuilder();
                    NamingEnumeration iDs = attributes.getIDs();
                    while (iDs.hasMore()) {
                        try {
                            String str2 = (String) iDs.next();
                            sb.append("\n\t");
                            sb.append(attributes.get(str2));
                        } catch (NamingException e) {
                        }
                    }
                    LOG.trace("User Attributes: {}", sb);
                } else {
                    LOG.trace("User Attributes: not available");
                }
            }
        }
        if (dirContextOperations == null) {
            LOG.debug("Invalid credentials for {} - failing authentication.", name);
            throw new BadCredentialsException("Invalid credentials.");
        }
        LOG.debug("Successfully authenticated {}", name);
        return dirContextOperations;
    }

    private DirContextOperations bind(DirContextOperations dirContextOperations, String str) {
        BaseLdapPathContextSource contextSource = getContextSource();
        if (contextSource == null) {
            LOG.debug("Missing ContextSource - failing authentication.");
            throw new InternalAuthenticationServiceException("Missing ContextSource - failing authentication.");
        }
        if (!(contextSource instanceof BaseLdapPathContextSource)) {
            String format = String.format("Unexpected ContextSource type (%s) - failing authentication.", contextSource.getClass().getName());
            LOG.debug(format);
            throw new InternalAuthenticationServiceException(format);
        }
        BaseLdapPathContextSource baseLdapPathContextSource = contextSource;
        Name dn = dirContextOperations.getDn();
        Name fullDn = OBDPLdapUtils.getFullDn(dn, (Name) baseLdapPathContextSource.getBaseLdapName());
        LOG.debug("Attempting to bind as {}", fullDn);
        DirContext dirContext = null;
        try {
            try {
                dirContext = baseLdapPathContextSource.getContext(fullDn.toString(), str);
                DirContextAdapter dirContextAdapter = new DirContextAdapter(dirContextOperations.getAttributes(), dn, baseLdapPathContextSource.getBaseLdapName());
                LdapUtils.closeContext(dirContext);
                return dirContextAdapter;
            } catch (AuthenticationException e) {
                String format2 = String.format("Failed to bind as %s - %s", dirContextOperations.getDn().toString(), e.getMessage());
                if (LOG.isTraceEnabled()) {
                    LOG.trace(format2, e);
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug(format2);
                }
                throw new BadCredentialsException("The username or password is incorrect.");
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    private DirContextOperations setAmbariAdminAttr(DirContextOperations dirContextOperations, LdapServerProperties ldapServerProperties) {
        String lowerCase = ldapServerProperties.getBaseDN().toLowerCase();
        String lowerCase2 = ldapServerProperties.getGroupBase().toLowerCase();
        String groupNamingAttr = ldapServerProperties.getGroupNamingAttr();
        String adminGroupMappingMemberAttr = ldapServerProperties.getAdminGroupMappingMemberAttr();
        int indexOf = lowerCase2.indexOf(lowerCase);
        String substring = indexOf <= 0 ? Configuration.JDBC_IN_MEMORY_PASSWORD : lowerCase2.substring(0, indexOf - 1);
        String stringAttribute = StringUtils.isNotEmpty(adminGroupMappingMemberAttr) ? dirContextOperations.getStringAttribute(adminGroupMappingMemberAttr) : dirContextOperations.getNameInNamespace();
        LOG.debug("LDAP login - set '{}' as member attribute for adminGroupMappingRules", stringAttribute);
        String resolveAmbariAdminAttrFilter = resolveAmbariAdminAttrFilter(ldapServerProperties, stringAttribute);
        LOG.debug("LDAP login - set admin attr filter: {}", resolveAmbariAdminAttrFilter);
        AttributesMapper attributesMapper = attributes -> {
            return attributes.get(groupNamingAttr).get();
        };
        LdapTemplate ldapTemplate = new LdapTemplate(getContextSource());
        ldapTemplate.setIgnorePartialResultException(true);
        ldapTemplate.setIgnoreNameNotFoundException(true);
        if (ldapTemplate.search(substring, resolveAmbariAdminAttrFilter, attributesMapper).size() > 0) {
            dirContextOperations.setAttributeValue(AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY, true);
        }
        return dirContextOperations;
    }

    private String resolveAmbariAdminAttrFilter(LdapServerProperties ldapServerProperties, String str) {
        String groupMembershipAttr = ldapServerProperties.getGroupMembershipAttr();
        String groupObjectClass = ldapServerProperties.getGroupObjectClass();
        String adminGroupMappingRules = ldapServerProperties.getAdminGroupMappingRules();
        String groupNamingAttr = ldapServerProperties.getGroupNamingAttr();
        String groupSearchFilter = ldapServerProperties.getGroupSearchFilter();
        return StringUtils.isEmpty(groupSearchFilter) ? String.format("(&(%s=%s)(objectclass=%s)(|%s))", groupMembershipAttr, str, groupObjectClass, createAdminGroupMappingRegex(adminGroupMappingRules, groupNamingAttr)) : String.format("(&(%s=%s)%s)", groupMembershipAttr, str, groupSearchFilter);
    }

    private String createAdminGroupMappingRegex(String str, String str2) {
        String[] split = str.split(",");
        StringBuilder sb = new StringBuilder(Configuration.JDBC_IN_MEMORY_PASSWORD);
        for (String str3 : split) {
            sb.append(String.format("(%s=%s)", str2, str3));
        }
        return sb.toString();
    }
}
