package io.inugami.security.ldap;

import io.inugami.api.loggers.Loggers;
import io.inugami.configuration.models.app.SecurityConfiguration;
import io.inugami.core.security.commons.exceptions.SecurityException;
import io.inugami.core.security.commons.services.LoginPasswordAuthentificator;
import io.inugami.security.ldap.mapper.LdapMapper;
import java.lang.reflect.Method;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.basic.User;

@Priority(100)
/* loaded from: input_file:WEB-INF/lib/inugami_core_security_ldap-3.3.5.jar:io/inugami/security/ldap/LdapLoginPasswordAuthentificator.class */
public class LdapLoginPasswordAuthentificator implements LoginPasswordAuthentificator {

    @Inject
    private LdapConfigurationProvider ldapConfiguration;
    private final LdapBuilders builder = new LdapBuilders();
    private final LdapRolesFinder rolesFinder = new LdapRolesFinder();
    private LdapConnectorData connectorData;
    private SecurityConfiguration securityConfig;
    private LdapMapper mapper;

    @PostConstruct
    private void init() {
        this.mapper = this.ldapConfiguration.getMapper();
        this.connectorData = this.ldapConfiguration.getConnectorData();
        this.securityConfig = this.ldapConfiguration.getSecurityConfig();
    }

    @Override // io.inugami.core.security.commons.services.LoginPasswordAuthentificator
    public Credentials authentificate(String str, Password password) {
        Credentials credentials = null;
        DirContext dirContext = null;
        try {
            try {
                dirContext = connect(str, password);
                credentials = loadUser(str, password, dirContext);
                close(dirContext);
            } catch (SecurityException e) {
                Loggers.SECURITY.error(e.getMessage());
                close(dirContext);
            }
            return credentials;
        } catch (Throwable th) {
            close(dirContext);
            throw th;
        }
    }

    protected Credentials loadUser(String str, Password password, DirContext dirContext) throws SecurityException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        List<SearchResult> search = search(dirContext, searchControls, this.connectorData.getRootDn(), this.connectorData.getSearchFilter(), new Object[]{str});
        if (search.isEmpty() || search.size() > 1) {
            throw new SecurityException("error on loading user information (" + str + ")");
        }
        SearchResult searchResult = search.get(0);
        Account buildAccount = buildAccount(str, searchResult, loadGroups(dirContext, buildLdapDn(searchResult)));
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(str, password);
        usernamePasswordCredentials.setValidatedAccount(buildAccount);
        usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
        return usernamePasswordCredentials;
    }

    protected List<Object> loadGroups(DirContext dirContext, Name name) throws SecurityException {
        ArrayList arrayList = new ArrayList();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            NamingEnumeration search = dirContext.search(name.getPrefix(2), MessageFormat.format(this.connectorData.getRoleSearch(), name), searchControls);
            while (search.hasMoreElements()) {
                arrayList.add(((SearchResult) search.next()).getNameInNamespace());
            }
            return arrayList;
        } catch (NamingException e) {
            throw new SecurityException(e.getMessage(), (Throwable) e);
        }
    }

    protected Account buildAccount(String str, SearchResult searchResult, List<Object> list) {
        User mapping = this.mapper.mapping(searchResult);
        mapping.setLoginName(str);
        ArrayList arrayList = new ArrayList();
        Stream<R> map = list.stream().map(String::valueOf);
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        mapping.setAttribute(new Attribute<>(ConstraintHelper.GROUPS, arrayList, true));
        mapping.setAttribute(new Attribute<>("roles", (ArrayList) this.rolesFinder.find(arrayList, this.securityConfig.getRoles()), true));
        return mapping;
    }

    private DirContext connect(String str, Password password) {
        return new LdapConnector().connect(this.builder.buildUserBinding(str, new String(password.getValue()), this.connectorData));
    }

    private void close(DirContext dirContext) {
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e) {
                Loggers.DEBUG.error(e.getMessage(), e);
            }
        }
    }

    private List<SearchResult> search(DirContext dirContext, SearchControls searchControls, String str, String str2, Object[] objArr) throws SecurityException {
        ArrayList arrayList = new ArrayList();
        try {
            NamingEnumeration<?> search = dirContext.search(str, str2, objArr, buildControls(searchControls));
            while (search.hasMoreElements()) {
                arrayList.add((SearchResult) search.nextElement());
            }
            closeEnumeration(search);
            return arrayList;
        } catch (NamingException e) {
            throw new SecurityException(e.getMessage(), (Throwable) e);
        }
    }

    private SearchControls buildControls(SearchControls searchControls) {
        return new SearchControls(searchControls.getSearchScope(), searchControls.getCountLimit(), searchControls.getTimeLimit(), searchControls.getReturningAttributes(), true, searchControls.getDerefLinkFlag());
    }

    private void closeEnumeration(NamingEnumeration<?> namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                if (Loggers.SECURITY.isDebugEnabled()) {
                    Loggers.SECURITY.error("Failed to close enumeration.", e);
                }
            }
        }
    }

    private Name buildLdapDn(SearchResult searchResult) {
        LdapName ldapName = null;
        try {
            ldapName = new LdapName(invoke(searchResult.getObject(), "getNameInNamespace()"));
        } catch (InvalidNameException e) {
            if (Loggers.SECURITY.isDebugEnabled()) {
                Loggers.SECURITY.error(e.getMessage(), e);
            }
        }
        return ldapName;
    }

    private String invoke(Object obj, String str) {
        Object obj2 = null;
        Method method = null;
        if (obj != null) {
            try {
                method = obj.getClass().getDeclaredMethod(str, new Class[0]);
            } catch (NoSuchMethodException e) {
                Loggers.DEBUG.error(e.getMessage(), (Throwable) e);
            }
        }
        if (method != null) {
            try {
                method.setAccessible(true);
                obj2 = method.invoke(obj, new Object[0]);
            } catch (Exception e2) {
                Loggers.DEBUG.error(e2.getMessage(), (Throwable) e2);
            }
        }
        if (obj2 == null) {
            return null;
        }
        return String.valueOf(obj2);
    }
}
