package org.hsqldb.auth;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.hsqldb.lib.FrameworkLogger;

/* loaded from: input_file:hsqldb_2-3-4.jar:org/hsqldb/auth/LdapAuthBean.class */
public class LdapAuthBean implements AuthFunctionBean {
    private static FrameworkLogger logger = FrameworkLogger.getLog(LdapAuthBean.class);
    private Integer ldapPort;
    private String ldapHost;
    private String principalTemplate;
    private String saslRealm;
    private String parentDn;
    private Pattern roleSchemaValuePattern;
    private Pattern accessValuePattern;
    private boolean tls;
    private boolean initialized;
    private String rolesSchemaAttribute;
    private String accessAttribute;
    protected String[] attributeUnion;
    private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private String mechanism = "SIMPLE";
    private String rdnAttribute = "uid";

    public void setStartTls(boolean z) {
        this.tls = z;
    }

    public void setLdapPort(int i) {
        this.ldapPort = Integer.valueOf(i);
    }

    public void init() {
        if (this.ldapHost == null) {
            throw new IllegalStateException("Required property 'ldapHost' not set");
        }
        if (this.parentDn == null) {
            throw new IllegalStateException("Required property 'parentDn' not set");
        }
        if (this.initialContextFactory == null) {
            throw new IllegalStateException("Required property 'initialContextFactory' not set");
        }
        if (this.mechanism == null) {
            throw new IllegalStateException("Required property 'mechanism' not set");
        }
        if (this.rdnAttribute == null) {
            throw new IllegalStateException("Required property 'rdnAttribute' not set");
        }
        if (this.rolesSchemaAttribute == null && this.accessAttribute == null) {
            throw new IllegalStateException("You must set property 'rolesSchemaAttribute' and/or property 'accessAttribute'");
        }
        if (this.roleSchemaValuePattern != null && this.rolesSchemaAttribute == null) {
            throw new IllegalStateException("If property 'roleSchemaValuePattern' is set, then you must also set property 'rolesSchemaAttribute' to indicate which attribute to evaluate");
        }
        if (this.accessValuePattern != null && this.accessAttribute == null) {
            throw new IllegalStateException("If property 'accessValuePattern' is set, then you must also set property 'accessAttribute' to indicate which attribute to evaluate");
        }
        if (this.rolesSchemaAttribute != null && this.accessAttribute != null) {
            this.attributeUnion = new String[]{this.rolesSchemaAttribute, this.accessAttribute};
        } else if (this.rolesSchemaAttribute != null) {
            this.attributeUnion = new String[]{this.rolesSchemaAttribute};
        } else {
            this.attributeUnion = new String[]{this.accessAttribute};
        }
        this.initialized = true;
    }

    public void setAccessValuePattern(Pattern pattern) {
        this.accessValuePattern = pattern;
    }

    public void setAccessValuePatternString(String str) {
        setAccessValuePattern(Pattern.compile(str));
    }

    public void setRoleSchemaValuePattern(Pattern pattern) {
        this.roleSchemaValuePattern = pattern;
    }

    public void setRoleSchemaValuePatternString(String str) {
        setRoleSchemaValuePattern(Pattern.compile(str));
    }

    public void setSecurityMechanism(String str) {
        this.mechanism = str;
    }

    public void setLdapHost(String str) {
        this.ldapHost = str;
    }

    public void setPrincipalTemplate(String str) {
        this.principalTemplate = str;
    }

    public void setInitialContextFactory(String str) {
        this.initialContextFactory = str;
    }

    public void setSaslRealm(String str) {
        this.saslRealm = str;
    }

    public void setParentDn(String str) {
        this.parentDn = str;
    }

    public void setRdnAttribute(String str) {
        this.rdnAttribute = str;
    }

    public void setRolesSchemaAttribute(String str) {
        this.rolesSchemaAttribute = str;
    }

    public void setAccessAttribute(String str) {
        this.accessAttribute = str;
    }

    @Override // org.hsqldb.auth.AuthFunctionBean
    public String[] authenticate(String str, String str2) throws DenyException {
        if (!this.initialized) {
            throw new IllegalStateException("You must invoke the 'init' method to initialize the " + LdapAuthBean.class.getName() + " instance.");
        }
        Hashtable hashtable = new Hashtable(5, 0.75f);
        hashtable.put("java.naming.factory.initial", this.initialContextFactory);
        hashtable.put("java.naming.provider.url", "ldap://" + this.ldapHost + (this.ldapPort == null ? "" : ":" + this.ldapPort));
        StartTlsResponse startTlsResponse = null;
        LdapContext ldapContext = null;
        try {
            try {
                try {
                    try {
                        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                        if (this.tls) {
                            startTlsResponse = (StartTlsResponse) initialLdapContext.extendedOperation(new StartTlsRequest());
                            startTlsResponse.negotiate();
                        }
                        initialLdapContext.addToEnvironment("java.naming.security.authentication", this.mechanism);
                        initialLdapContext.addToEnvironment("java.naming.security.principal", this.principalTemplate == null ? str : this.principalTemplate.replace("${username}", str));
                        initialLdapContext.addToEnvironment("java.naming.security.credentials", str2);
                        if (this.saslRealm != null) {
                            hashtable.put("java.naming.security.sasl.realm", this.saslRealm);
                        }
                        try {
                            NamingEnumeration search = initialLdapContext.search(this.parentDn, new BasicAttributes(this.rdnAttribute, str), this.attributeUnion);
                            if (!search.hasMore()) {
                                throw new DenyException();
                            }
                            SearchResult searchResult = (SearchResult) search.next();
                            if (search.hasMore()) {
                                throw new RuntimeException("> 1 result");
                            }
                            Attributes attributes = searchResult.getAttributes();
                            if (this.accessAttribute != null) {
                                Attribute attribute = attributes.get(this.accessAttribute);
                                if (attribute == null) {
                                    throw new DenyException();
                                }
                                if (attribute.size() != 1) {
                                    throw new RuntimeException("Access attribute '" + this.accessAttribute + "' has unexpected value count: " + attribute.size());
                                }
                                if (this.accessValuePattern != null) {
                                    Object obj = attribute.get(0);
                                    if (obj == null) {
                                        throw new RuntimeException("Access Attr. value is null");
                                    }
                                    if (!(obj instanceof String)) {
                                        throw new RuntimeException("Access Attr. value not a String: " + obj.getClass().getName());
                                    }
                                    if (!this.accessValuePattern.matcher((String) obj).matches()) {
                                        throw new DenyException();
                                    }
                                }
                            }
                            if (this.rolesSchemaAttribute == null) {
                                if (startTlsResponse != null) {
                                    try {
                                        startTlsResponse.close();
                                    } catch (IOException e) {
                                        logger.error("Failed to close TLS Response", e);
                                    }
                                }
                                if (initialLdapContext != null) {
                                    try {
                                        initialLdapContext.close();
                                    } catch (NamingException e2) {
                                        logger.error("Failed to close LDAP Context", e2);
                                    }
                                }
                                return null;
                            }
                            ArrayList arrayList = new ArrayList();
                            Attribute attribute2 = attributes.get(this.rolesSchemaAttribute);
                            if (attribute2 != null) {
                                int size = attribute2.size();
                                for (int i = 0; i < size; i++) {
                                    Object obj2 = attribute2.get(i);
                                    if (obj2 == null) {
                                        throw new RuntimeException("R/S Attr value #" + i + " is null");
                                    }
                                    if (!(obj2 instanceof String)) {
                                        throw new RuntimeException("R/S Attr value #" + i + " not a String: " + obj2.getClass().getName());
                                    }
                                    if (this.roleSchemaValuePattern == null) {
                                        arrayList.add((String) obj2);
                                    } else {
                                        Matcher matcher = this.roleSchemaValuePattern.matcher((String) obj2);
                                        if (matcher.matches()) {
                                            arrayList.add(matcher.groupCount() > 0 ? matcher.group(1) : (String) obj2);
                                        }
                                    }
                                }
                            }
                            if (arrayList.size() >= 1) {
                                String[] strArr = (String[]) arrayList.toArray(new String[0]);
                                if (startTlsResponse != null) {
                                    try {
                                        startTlsResponse.close();
                                    } catch (IOException e3) {
                                        logger.error("Failed to close TLS Response", e3);
                                    }
                                }
                                if (initialLdapContext != null) {
                                    try {
                                        initialLdapContext.close();
                                    } catch (NamingException e4) {
                                        logger.error("Failed to close LDAP Context", e4);
                                    }
                                }
                                return strArr;
                            }
                            if (this.accessAttribute == null) {
                                throw new DenyException();
                            }
                            String[] strArr2 = new String[0];
                            if (startTlsResponse != null) {
                                try {
                                    startTlsResponse.close();
                                } catch (IOException e5) {
                                    logger.error("Failed to close TLS Response", e5);
                                }
                            }
                            if (initialLdapContext != null) {
                                try {
                                    initialLdapContext.close();
                                } catch (NamingException e6) {
                                    logger.error("Failed to close LDAP Context", e6);
                                }
                            }
                            return strArr2;
                        } catch (Exception e7) {
                            throw new RuntimeException(e7);
                        } catch (AuthenticationException e8) {
                            throw new DenyException();
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                startTlsResponse.close();
                            } catch (IOException e9) {
                                logger.error("Failed to close TLS Response", e9);
                            }
                        }
                        if (0 != 0) {
                            try {
                                ldapContext.close();
                            } catch (NamingException e10) {
                                logger.error("Failed to close LDAP Context", e10);
                            }
                        }
                        throw th;
                    }
                } catch (NamingException e11) {
                    throw new RuntimeException((Throwable) e11);
                }
            } catch (IOException e12) {
                throw new RuntimeException(e12);
            }
        } catch (RuntimeException e13) {
            throw e13;
        } catch (DenyException e14) {
            throw e14;
        }
    }
}
