package com.sun.slamd.realm;

import com.embarcadero.uml.ui.products.ad.application.selection.ActionExpression;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.slamd.example.JSSEBlindTrustSocketFactory;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Hashtable;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPDN;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPUrl;
import netscape.ldap.factory.JSSESocketFactory;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;

/* JADX WARN: Classes with same name are omitted:
  input_file:118641-05/profiler.nbm:netbeans/modules/profiler/slamd/slamd.war:WEB-INF/lib/slamd_server.jar:com/sun/slamd/realm/LDAPRealm.class
 */
/* loaded from: input_file:118641-05/profiler.nbm:netbeans/modules/profiler/slamd/slamd_server.jar:com/sun/slamd/realm/LDAPRealm.class */
public class LDAPRealm extends RealmBase {
    public static final int CACHE_CLEANUP_INTERVAL = 300000;
    public static final int CACHE_EXPIRATION_TIME = 1800000;
    public static final int MEMBERSHIP_TYPE_UNKNOWN = -1;
    public static final int MEMBERSHIP_TYPE_NONE = 0;
    public static final int MEMBERSHIP_TYPE_STATIC = 1;
    public static final int MEMBERSHIP_TYPE_DYNAMIC = 2;
    public static final int MEMBERSHIP_TYPE_ROLE = 3;
    public static final String MEMBER_URL_ATTRIBUTE = "memberURL";
    public static final String ROLE_ATTRIBUTE = "nsRole";
    public static final String SSL_KEY_STORE_PROPERTY = "javax.net.ssl.keyStore";
    public static final String SSL_KEY_PASSWORD_PROPERTY = "javax.net.ssl.keyStorePassword";
    public static final String SSL_TRUST_STORE_PROPERTY = "javax.net.ssl.trustStore";
    public static final String SSL_TRUST_PASSWORD_PROPERTY = "javax.net.ssl.trustStorePassword";
    public static final String[] ROLE_ATTRS = {"nsRole"};
    public static final String[] NO_ATTRS = {"1.1"};
    long nextCleanupTime;
    protected boolean useSSL = false;
    protected boolean blindTrust = true;
    protected Hashtable userCache = null;
    protected String bindDN = null;
    protected String bindPassword = null;
    protected String ldapHost = null;
    protected String ldapPort = "389";
    protected String loginIDAttribute = "uid";
    protected String membershipDN = null;
    protected String sslKeyPassword = null;
    protected String sslKeyStore = null;
    protected String sslTrustPassword = null;
    protected String sslTrustStore = null;
    protected String userBase = null;
    int membershipType = -1;
    int port = 389;
    LDAPConnection bindConnection = null;
    LDAPConnection searchConnection = null;
    String membershipURLBase = null;
    String membershipURLFilter = null;

    public String getBindDN() {
        return this.bindDN;
    }

    public void setBindDN(String str) {
        this.bindDN = str;
    }

    public String getBindPassword() {
        return this.bindPassword;
    }

    public void setBindPassword(String str) {
        this.bindPassword = str;
    }

    public String getLdapHost() {
        return this.ldapHost;
    }

    public void setLdapHost(String str) {
        this.ldapHost = str;
    }

    public int getLdapPort() {
        return this.port;
    }

    public void setLdapPort(int i) {
        this.port = i;
        this.ldapPort = new StringBuffer().append("").append(i).toString();
    }

    public void setLdapPort(String str) {
        try {
            this.port = Integer.parseInt(str);
            this.ldapPort = str;
        } catch (Exception e) {
        }
    }

    public String getLoginIDAttribute() {
        return this.loginIDAttribute;
    }

    public void setLoginIDAttribute(String str) {
        this.loginIDAttribute = str;
    }

    public String getUserBase() {
        return this.userBase;
    }

    public void setUserBase(String str) {
        this.userBase = str;
    }

    public String getMembershipDN() {
        return this.membershipDN;
    }

    public void setMembershipDN(String str) {
        this.membershipDN = str;
        this.membershipType = -1;
    }

    public boolean getUseSSL() {
        return this.useSSL;
    }

    public void setUseSSL(String str) {
        this.useSSL = str.equalsIgnoreCase("true");
    }

    public boolean getBlindTrust() {
        return this.blindTrust;
    }

    public void setBlindTrust(String str) {
        this.blindTrust = str.equalsIgnoreCase("true");
    }

    public void setSslKeyStore(String str) {
        this.sslKeyStore = str;
        if (str == null || str.length() <= 0) {
            return;
        }
        System.setProperty("javax.net.ssl.keyStore", str);
    }

    public String getSslKeyStore() {
        return this.sslKeyStore;
    }

    public void setSslKeyPassword(String str) {
        this.sslKeyPassword = str;
        if (str == null || str.length() <= 0) {
            return;
        }
        System.setProperty("javax.net.ssl.keyStorePassword", str);
    }

    public String getSslKeyPassword() {
        return this.sslKeyPassword;
    }

    public void setSslTrustStore(String str) {
        this.sslTrustStore = str;
        if (str == null || str.length() <= 0) {
            return;
        }
        System.setProperty("javax.net.ssl.trustStore", str);
    }

    public String getSslTrustStore() {
        return this.sslTrustStore;
    }

    public void setSslTrustPassword(String str) {
        this.sslTrustPassword = str;
        if (str == null || str.length() <= 0) {
            return;
        }
        System.setProperty("javax.net.ssl.trustStorePassword", str);
    }

    public String getSslTrustPassword() {
        return this.sslTrustPassword;
    }

    public synchronized Principal authenticate(String str, String str2) {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.userCache == null) {
            this.userCache = new Hashtable();
            this.nextCleanupTime = currentTimeMillis + 300000;
        } else if (currentTimeMillis > this.nextCleanupTime) {
            cleanUserCache();
        }
        if (str2 == null || str2.length() == 0) {
            return null;
        }
        CachedUser cachedUser = (CachedUser) this.userCache.get(str);
        if (cachedUser != null) {
            if (!str2.equals(cachedUser.getUserPassword())) {
                return null;
            }
            if (currentTimeMillis < cachedUser.getExpirationTime()) {
                return cachedUser.getUserPrincipal();
            }
            this.userCache.remove(str);
        }
        LDAPEntry userEntry = getUserEntry(str);
        if (userEntry == null) {
            return null;
        }
        String dn = userEntry.getDN();
        if (!credentialsAreValid(dn, str2)) {
            return null;
        }
        if (this.membershipType == -1) {
            determineMembershipType();
        }
        if (this.membershipType != 0 && !isMember(userEntry)) {
            return null;
        }
        GenericPrincipal genericPrincipal = new GenericPrincipal(this, str, str2);
        this.userCache.put(str, new CachedUser(str, dn, str2, genericPrincipal, currentTimeMillis + 1800000));
        return genericPrincipal;
    }

    private LDAPEntry getUserEntry(String str) {
        if (this.searchConnection == null) {
            try {
                this.port = Integer.parseInt(this.ldapPort);
                if (this.port < 1 || this.port > 65535) {
                    log("The port number must be between 1 and 65535.");
                    return null;
                }
                try {
                    if (!this.useSSL) {
                        this.searchConnection = new LDAPConnection();
                    } else if (this.blindTrust) {
                        this.searchConnection = new LDAPConnection(new JSSEBlindTrustSocketFactory());
                    } else {
                        this.searchConnection = new LDAPConnection(new JSSESocketFactory(null));
                    }
                    this.searchConnection.connect(3, this.ldapHost, this.port, this.bindDN, this.bindPassword);
                } catch (LDAPException e) {
                    log(new StringBuffer().append("Could not establish the search connection:  ").append(e).toString());
                    this.searchConnection = null;
                    return null;
                }
            } catch (NumberFormatException e2) {
                log(new StringBuffer().append("Cannot interpret ").append(this.ldapPort).append(" as an integer value.").toString());
                return null;
            }
        }
        try {
            LDAPSearchResults search = this.searchConnection.search(this.userBase, 2, new StringBuffer().append(JavaClassWriterHelper.parenleft_).append(this.loginIDAttribute).append("=").append(str).append(JavaClassWriterHelper.parenright_).toString(), ROLE_ATTRS, false);
            while (search.hasMoreElements()) {
                Object nextElement = search.nextElement();
                if (nextElement instanceof LDAPEntry) {
                    return (LDAPEntry) nextElement;
                }
            }
            return null;
        } catch (LDAPException e3) {
            log(new StringBuffer().append("Could not perform a search in the user directory:  ").append(e3).toString());
            try {
                this.searchConnection.disconnect();
            } catch (Exception e4) {
            }
            this.searchConnection = null;
            return null;
        }
    }

    private boolean credentialsAreValid(String str, String str2) {
        if (this.bindConnection == null) {
            try {
                this.port = Integer.parseInt(this.ldapPort);
                if (this.port < 1 || this.port > 65535) {
                    log("The port number must be between 1 and 65535.");
                    return false;
                }
                try {
                    if (!this.useSSL) {
                        this.bindConnection = new LDAPConnection();
                    } else if (this.blindTrust) {
                        this.bindConnection = new LDAPConnection(new JSSEBlindTrustSocketFactory());
                    } else {
                        this.bindConnection = new LDAPConnection(new JSSESocketFactory(null));
                    }
                    this.bindConnection.connect(this.ldapHost, this.port);
                } catch (LDAPException e) {
                    log(new StringBuffer().append("Could not establish the bind connection:  ").append(e).toString());
                    this.bindConnection = null;
                    return false;
                }
            } catch (NumberFormatException e2) {
                log(new StringBuffer().append("Cannot interpret ").append(this.ldapPort).append(" as an integer value.").toString());
                return false;
            }
        }
        try {
            this.bindConnection.bind(3, str, str2);
            return true;
        } catch (LDAPException e3) {
            switch (e3.getLDAPResultCode()) {
                case 19:
                case 32:
                case 48:
                case 49:
                    return false;
                default:
                    log(new StringBuffer().append("Could not perform the bind:  ").append(e3).toString());
                    try {
                        this.bindConnection.disconnect();
                    } catch (Exception e4) {
                    }
                    this.bindConnection = null;
                    return false;
            }
        }
    }

    private void determineMembershipType() {
        if (this.membershipDN == null || this.membershipDN.length() == 0) {
            this.membershipType = 0;
            return;
        }
        try {
            LDAPEntry read = this.searchConnection.read(this.membershipDN, new String[]{ActionExpression.EXP_TYPE_OBJECT_CLASS, "memberURL"});
            LDAPAttribute attribute = read.getAttribute(ActionExpression.EXP_TYPE_OBJECT_CLASS);
            if (attribute == null) {
                log(new StringBuffer().append("Unable to retrieve objectClass values from entry ").append(this.membershipDN).toString());
                this.membershipType = -1;
                return;
            }
            String[] stringValueArray = attribute.getStringValueArray();
            if (stringValueArray == null || stringValueArray.length == 0) {
                log(new StringBuffer().append("Unable to retrieve objectClass values from entry ").append(this.membershipDN).toString());
                this.membershipType = -1;
                return;
            }
            this.membershipType = 3;
            for (String str : stringValueArray) {
                String lowerCase = str.toLowerCase();
                if (lowerCase.equals("groupofnames") || lowerCase.equals("groupofuniquenames")) {
                    this.membershipType = 1;
                    return;
                }
                if (lowerCase.equals("groupofurls")) {
                    LDAPAttribute attribute2 = read.getAttribute("memberURL");
                    if (attribute2 == null) {
                        log(new StringBuffer().append("Unable to retrieve memberURL attribute from groupOfURLs entry ").append(this.membershipDN).toString());
                        this.membershipType = -1;
                        return;
                    }
                    String[] stringValueArray2 = attribute2.getStringValueArray();
                    if (stringValueArray2 == null || stringValueArray2.length == 0) {
                        log(new StringBuffer().append("Unable to retrieve memberURL attribute from groupOfURLs entry ").append(this.membershipDN).toString());
                        this.membershipType = -1;
                        return;
                    }
                    try {
                        LDAPUrl lDAPUrl = new LDAPUrl(stringValueArray2[1]);
                        this.membershipURLBase = lDAPUrl.getDN();
                        this.membershipURLFilter = lDAPUrl.getFilter();
                        this.membershipType = 2;
                        return;
                    } catch (Exception e) {
                        log(new StringBuffer().append("Unable to parse value '").append(stringValueArray2[1]).append("' as an LDAP URL.").toString());
                        this.membershipType = -1;
                        return;
                    }
                }
            }
        } catch (LDAPException e2) {
            log(new StringBuffer().append("Unable to retrieve membership entry ").append(this.membershipDN).append(":  ").append(e2).toString());
            this.membershipType = -1;
        }
    }

    private boolean isMember(LDAPEntry lDAPEntry) {
        String[] stringValueArray;
        switch (this.membershipType) {
            case 1:
                String dn = lDAPEntry.getDN();
                try {
                    LDAPSearchResults search = this.searchConnection.search(this.membershipDN, 0, new StringBuffer().append("(|(&(objectclass=groupOfNames)(member=").append(dn).append("))(&(objectClass=groupOfUniqueNames)(uniqueMember=").append(dn).append(")))").toString(), NO_ATTRS, false);
                    while (search.hasMoreElements()) {
                        if (search.nextElement() instanceof LDAPEntry) {
                            return true;
                        }
                    }
                    return false;
                } catch (Exception e) {
                    return false;
                }
            case 2:
                String normalize = LDAPDN.normalize(lDAPEntry.getDN());
                if (!normalize.endsWith(this.membershipURLBase)) {
                    return false;
                }
                try {
                    LDAPSearchResults search2 = this.searchConnection.search(normalize, 0, this.membershipURLFilter, NO_ATTRS, false);
                    while (search2.hasMoreElements()) {
                        if (search2.nextElement() instanceof LDAPEntry) {
                            return true;
                        }
                    }
                    return false;
                } catch (Exception e2) {
                    return false;
                }
            case 3:
                LDAPAttribute attribute = lDAPEntry.getAttribute("nsRole");
                if (attribute == null || (stringValueArray = attribute.getStringValueArray()) == null || stringValueArray.length == 0) {
                    return false;
                }
                for (String str : stringValueArray) {
                    if (LDAPDN.normalize(str).equals(this.membershipDN)) {
                        return true;
                    }
                }
                return false;
            default:
                return false;
        }
    }

    private void cleanUserCache() {
        long currentTimeMillis = System.currentTimeMillis();
        Enumeration keys = this.userCache.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            if (((CachedUser) this.userCache.get(str)).getExpirationTime() < currentTimeMillis) {
                this.userCache.remove(str);
            }
        }
        this.nextCleanupTime = currentTimeMillis + 300000;
    }

    public void stop() {
        try {
            super.stop();
        } catch (Exception e) {
        }
        try {
            this.searchConnection.disconnect();
        } catch (LDAPException e2) {
        }
        try {
            this.bindConnection.disconnect();
        } catch (LDAPException e3) {
        }
    }

    protected String getName() {
        return "LDAPRealm";
    }

    protected String getPassword(String str) {
        return null;
    }

    protected Principal getPrincipal(String str) {
        return null;
    }
}
