package weblogic.security.ldaprealmv1;

import java.lang.reflect.InvocationTargetException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.CommunicationException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import weblogic.deployment.jms.JMSSessionPool;
import weblogic.logging.LogOutputStream;
import weblogic.management.configuration.LDAPRealmMBean;
import weblogic.marathon.ejb.model.EJBLocalRefCMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.ClosableEnumeration;
import weblogic.security.utils.Factory;
import weblogic.security.utils.Pool;
import weblogic.server.Server;
import weblogic.utils.encoders.BASE64Encoder;
import weblogic.utils.enumerations.EnumerationUtils;

/* loaded from: input_file:weblogic.jar:weblogic/security/ldaprealmv1/LDAPDelegate.class */
class LDAPDelegate {
    private static final int POOL_SIZE = 6;
    private static String url;
    private static String auth;
    private static boolean ssl;
    private static String factory;
    private static String userDN;
    private static String ndresu;
    private static String userNameAttr;
    private static String userPwdAttr;
    private static boolean authUsingBind;
    private static String groupDN;
    private static String groupNameAttr;
    private static String groupUserAttr;
    private static boolean groupIsContext;
    private Pool ctxPool = new Pool(new DFactory(configureProps(), this), 6);
    private LDAPRealm owner;
    LogOutputStream log;

    /* loaded from: input_file:weblogic.jar:weblogic/security/ldaprealmv1/LDAPDelegate$DFactory.class */
    static class DFactory implements Factory {
        private Properties props;
        private LDAPDelegate owner;

        DFactory(Properties properties, LDAPDelegate lDAPDelegate) {
            this.props = properties;
            this.owner = lDAPDelegate;
        }

        @Override // weblogic.security.utils.Factory
        public Object newInstance() throws InvocationTargetException {
            try {
                if (this.owner.log != null) {
                    this.owner.log.debug("new JNDI context");
                }
                return new InitialDirContext(this.props);
            } catch (NamingException e) {
                throw new InvocationTargetException(e);
            }
        }

        @Override // weblogic.security.utils.Factory
        public void destroyInstance(Object obj) {
            try {
                if (this.owner.log != null) {
                    this.owner.log.debug("destroy JNDI context");
                }
                ((DirContext) obj).close();
            } catch (NamingException e) {
            }
        }
    }

    /* loaded from: input_file:weblogic.jar:weblogic/security/ldaprealmv1/LDAPDelegate$LDAPEnumeration.class */
    private class LDAPEnumeration implements ClosableEnumeration {
        boolean closed = false;
        NamingEnumeration list;
        LDAPNextHandler handler;
        private final LDAPDelegate this$0;

        LDAPEnumeration(LDAPDelegate lDAPDelegate, NamingEnumeration namingEnumeration, LDAPNextHandler lDAPNextHandler) {
            this.this$0 = lDAPDelegate;
            this.list = namingEnumeration;
            this.handler = lDAPNextHandler;
        }

        @Override // java.util.Enumeration
        public boolean hasMoreElements() {
            if (this.closed) {
                return false;
            }
            try {
                if (this.list.hasMore()) {
                    return true;
                }
                close();
                return false;
            } catch (NamingException e) {
                throw new LDAPException("LDAPEnumeration.hasMoreElements failed", e);
            }
        }

        @Override // java.util.Enumeration
        public Object nextElement() {
            if (this.closed) {
                throw new NoSuchElementException("LDAPEnumeration.nextElement");
            }
            try {
                Object handle = this.handler.handle(this.list.next());
                if (!this.list.hasMore()) {
                    close();
                }
                return handle;
            } catch (NamingException e) {
                throw new LDAPException("LDAPEnumeration.nextElement failed", e);
            }
        }

        @Override // weblogic.security.acl.ClosableEnumeration
        public void close() {
            if (this.closed) {
                return;
            }
            try {
                this.closed = true;
                this.list.close();
            } catch (NamingException e) {
                throw new LDAPException("LDAPEnumeration.close failed", e);
            }
        }
    }

    /* loaded from: input_file:weblogic.jar:weblogic/security/ldaprealmv1/LDAPDelegate$LDAPNextHandler.class */
    private interface LDAPNextHandler {
        Object handle(Object obj) throws NamingException;
    }

    static Properties configureProps() {
        LDAPRealmMBean lDAPRealmMBean = (LDAPRealmMBean) Server.getSecurityConfig().getRealm().getCachingRealm().getBasicRealm();
        url = lDAPRealmMBean.getLDAPURL();
        auth = lDAPRealmMBean.getAuthProtocol();
        ssl = lDAPRealmMBean.getSSLEnable();
        factory = lDAPRealmMBean.getLdapProvider();
        userDN = lDAPRealmMBean.getUserDN();
        userNameAttr = lDAPRealmMBean.getUserNameAttribute();
        ndresu = reverseDN(userDN);
        String userAuthentication = lDAPRealmMBean.getUserAuthentication();
        if (userAuthentication.equals(EJBLocalRefCMBean.LOCAL)) {
            userPwdAttr = lDAPRealmMBean.getUserPasswordAttribute();
            authUsingBind = false;
        } else {
            if (!userAuthentication.equals("bind")) {
                throw new LDAPException(new StringBuffer().append("invalid user authentication mechanism \"").append(userAuthentication).append("\"").toString());
            }
            authUsingBind = true;
        }
        groupDN = lDAPRealmMBean.getGroupDN();
        groupNameAttr = lDAPRealmMBean.getGroupNameAttribute();
        groupUserAttr = lDAPRealmMBean.getGroupUsernameAttribute();
        groupIsContext = lDAPRealmMBean.getGroupIsContext();
        if (auth.equals("none")) {
            return makeProperties();
        }
        if (auth.equals("EXTERNAL")) {
            if (ssl) {
                return makeProperties();
            }
            throw new LDAPException("must use SSL if specifying external authentication");
        }
        if (auth.equals("simple") || auth.equals("CRAM-MD5")) {
            return makeProperties(lDAPRealmMBean.getPrincipal(), lDAPRealmMBean.getCredential());
        }
        throw new LDAPException(new StringBuffer().append("authentication mechanism \"").append(auth).append("\" is unknown or unsupported").toString());
    }

    private static String reverseDN(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        Vector vector = new Vector();
        while (stringTokenizer.hasMoreTokens()) {
            vector.insertElementAt(stringTokenizer.nextToken().trim(), 0);
        }
        return EnumerationUtils.toString(vector.elements(), ",");
    }

    private static Properties makeProperties() {
        Properties properties = new Properties();
        properties.put("java.naming.security.authentication", auth);
        properties.put(JMSSessionPool.INITIAL_CONTEXT_FACTORY_PROP, factory);
        properties.put(JMSSessionPool.JNDI_URL_PROP, url);
        if (ssl) {
            properties.put("java.naming.ldap.factory.socket", "weblogic.security.SSL.SSLSocketFactory");
        }
        return properties;
    }

    private static Properties makeProperties(String str, Object obj) {
        Properties makeProperties = makeProperties();
        if (str == null || obj == null) {
            throw new LDAPException("missing properties for simple authentication");
        }
        makeProperties.put("java.naming.security.principal", str);
        makeProperties.put("java.naming.security.credentials", obj);
        return makeProperties;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LDAPDelegate(LDAPRealm lDAPRealm) {
        this.owner = lDAPRealm;
        this.log = lDAPRealm.log;
    }

    private DirContext getContext() {
        try {
            return (DirContext) this.ctxPool.getInstance();
        } catch (InvocationTargetException e) {
            throw new LDAPException("could not get context", e);
        }
    }

    private void returnContext(DirContext dirContext) {
        if (dirContext != null) {
            this.ctxPool.returnInstance(dirContext);
        }
    }

    private DirContext lookup(String str) throws NamingException {
        if (this.log != null) {
            this.log.debug(new StringBuffer().append("lookup(\"").append(str).append("\")").toString());
        }
        DirContext context = getContext();
        try {
            try {
                return (DirContext) context.lookup(reverseDN(str));
            } catch (CommunicationException e) {
                throw new LDAPException("communication failed", e);
            }
        } finally {
            returnContext(context);
        }
    }

    private Stack reverseMatchDNs(String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ",");
        StringTokenizer stringTokenizer2 = new StringTokenizer(str, ",");
        Stack stack = new Stack();
        while (stringTokenizer2.hasMoreTokens()) {
            stack.push(stringTokenizer2.nextToken().trim());
        }
        while (stringTokenizer.hasMoreTokens() && !stack.empty()) {
            if (!((String) stack.pop()).equalsIgnoreCase(stringTokenizer.nextToken().trim())) {
                return null;
            }
        }
        if (stringTokenizer.hasMoreTokens()) {
            return null;
        }
        return stack;
    }

    private String getAttributeFromDN(String str, Stack stack) {
        String str2;
        String str3;
        String str4 = (String) stack.pop();
        if (!stack.empty()) {
            String stringBuffer = new StringBuffer().append("unexpectedly long DN: ").append(str4).toString();
            while (true) {
                str3 = stringBuffer;
                if (stack.empty() || str3.length() >= 128) {
                    break;
                }
                stringBuffer = new StringBuffer().append(str3).append(", ").append((String) stack.pop()).toString();
            }
            throw new LDAPException(str3);
        }
        String stringBuffer2 = new StringBuffer().append(str).append("=").toString();
        int length = stringBuffer2.length();
        if (str4.regionMatches(true, 0, stringBuffer2, 0, length)) {
            return str4.substring(length);
        }
        String stringBuffer3 = new StringBuffer().append("unexpected DN head \"").append(str4).append("\" on DN: ").append(str4).toString();
        while (true) {
            str2 = stringBuffer3;
            if (stack.empty() || str2.length() >= 128) {
                break;
            }
            stringBuffer3 = new StringBuffer().append(str2).append(", ").append((String) stack.pop()).toString();
        }
        throw new LDAPException(str2);
    }

    private NamingEnumeration search(String str, String str2, String str3) throws NamingException {
        if (this.log != null) {
            this.log.debug(new StringBuffer().append("search(\"").append(str).append("\", \"").append(str2).append("\", \"").append(str3).append("\")").toString());
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(1);
        return lookup(str).search("", new StringBuffer().append("(").append(str2).append("=").append(str3).append(")").toString(), searchControls);
    }

    private NamingEnumeration search(String str, String str2) throws NamingException {
        return search(str, str2, "*");
    }

    private Attributes getUserAttrs(String str) {
        try {
            DirContext lookup = lookup(userDN);
            if (lookup != null) {
                return lookup.getAttributes(new StringBuffer().append(userNameAttr).append("=").append(str).toString());
            }
            if (this.log == null) {
                return null;
            }
            this.log.debug(new StringBuffer().append("user: UNPERSON ").append(str).toString());
            return null;
        } catch (NameNotFoundException e) {
            if (this.log == null) {
                return null;
            }
            this.log.debug(new StringBuffer().append("user: UNPERSON ").append(str).toString());
            return null;
        } catch (NamingException e2) {
            throw new LDAPException(new StringBuffer().append("search error: user ").append(str).toString(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean userExists(String str) {
        return getUserAttrs(str) != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean authenticate(String str, String str2) {
        return authUsingBind ? authBind(str, str2) : authLocal(str, str2);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:6:0x0072
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private boolean authBind(java.lang.String r6, java.lang.String r7) {
        /*
            r5 = this;
            java.lang.StringBuffer r0 = new java.lang.StringBuffer
            r1 = r0
            r1.<init>()
            java.lang.String r1 = weblogic.security.ldaprealmv1.LDAPDelegate.userNameAttr
            java.lang.StringBuffer r0 = r0.append(r1)
            java.lang.String r1 = "="
            java.lang.StringBuffer r0 = r0.append(r1)
            r1 = r6
            java.lang.StringBuffer r0 = r0.append(r1)
            java.lang.String r1 = ","
            java.lang.StringBuffer r0 = r0.append(r1)
            java.lang.String r1 = weblogic.security.ldaprealmv1.LDAPDelegate.ndresu
            java.lang.StringBuffer r0 = r0.append(r1)
            java.lang.String r0 = r0.toString()
            r8 = r0
            r0 = r8
            r1 = r7
            java.util.Properties r0 = makeProperties(r0, r1)
            r9 = r0
            r0 = 0
            r10 = r0
            javax.naming.directory.InitialDirContext r0 = new javax.naming.directory.InitialDirContext     // Catch: javax.naming.NamingSecurityException -> L40 javax.naming.NamingException -> L4b java.lang.Throwable -> L59
            r1 = r0
            r2 = r9
            r1.<init>(r2)     // Catch: javax.naming.NamingSecurityException -> L40 javax.naming.NamingException -> L4b java.lang.Throwable -> L59
            r10 = r0
            r0 = jsr -> L61
        L3d:
            goto L79
        L40:
            r11 = move-exception
            r0 = 0
            r12 = r0
            r0 = jsr -> L61
        L48:
            r1 = r12
            return r1
        L4b:
            r12 = move-exception
            weblogic.security.ldaprealmv1.LDAPException r0 = new weblogic.security.ldaprealmv1.LDAPException     // Catch: java.lang.Throwable -> L59
            r1 = r0
            java.lang.String r2 = "unexpected naming exception"
            r3 = r12
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L59
            throw r0     // Catch: java.lang.Throwable -> L59
        L59:
            r13 = move-exception
            r0 = jsr -> L61
        L5e:
            r1 = r13
            throw r1
        L61:
            r14 = r0
            r0 = r10
            if (r0 == 0) goto L77
            r0 = r10
            r0.close()     // Catch: javax.naming.NamingException -> L72
            goto L77
        L72:
            r15 = move-exception
            goto L77
        L77:
            ret r14
        L79:
            r1 = 1
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.ldaprealmv1.LDAPDelegate.authBind(java.lang.String, java.lang.String):boolean");
    }

    private boolean authLocal(String str, String str2) {
        Attributes userAttrs = getUserAttrs(str);
        if (userAttrs == null) {
            if (this.log == null) {
                return false;
            }
            this.log.debug(new StringBuffer().append("auth: UNPERSON ").append(str).toString());
            return false;
        }
        Attribute attribute = userAttrs.get(userPwdAttr);
        if (attribute == null) {
            throw new SecurityException(new StringBuffer().append("no password found for ").append(str).toString());
        }
        try {
            String trim = new String((byte[]) attribute.get()).trim();
            try {
                if (str.equals(((String) userAttrs.get(userNameAttr).get()).trim())) {
                    if (checkPassword(trim, str2)) {
                        return true;
                    }
                }
                return false;
            } catch (NamingException e) {
                return false;
            }
        } catch (NamingException e2) {
            throw new LDAPException("password get failed", e2);
        }
    }

    protected boolean checkPassword(String str, String str2) {
        if (str == null) {
            return str2 == null;
        }
        int indexOf = str.indexOf("}");
        if (str.charAt(0) != '{' || indexOf <= 0) {
            return str.equals(str2);
        }
        return str.substring(indexOf + 1).equals(hash(str.substring(1, indexOf), str2));
    }

    protected String hash(String str, String str2) {
        try {
            return new BASE64Encoder().encodeBuffer(MessageDigest.getInstance(str.toUpperCase()).digest(str2.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            return new String(str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Group getGroup(String str) {
        return getGroup(str, new Stack());
    }

    public Hashtable getGroupMembers(String str) {
        return getGroupMembers(str, new Stack());
    }

    Group getGroup(String str, Stack stack) {
        Hashtable groupMembers = getGroupMembers(str, stack);
        if (groupMembers != null) {
            return new LDAPGroup(str, this.owner, groupMembers);
        }
        return null;
    }

    Hashtable getGroupMembers(String str, Stack stack) {
        NamingEnumeration all;
        Hashtable hashtable = new Hashtable();
        try {
            if (groupIsContext) {
                NamingEnumeration search = search(new StringBuffer().append(groupDN).append(", ").append(groupNameAttr).append("=").append(str).toString(), groupNameAttr);
                if (search == null) {
                    if (this.log == null) {
                        return null;
                    }
                    this.log.debug(new StringBuffer().append("group: UNGROUP ").append(str).toString());
                    return null;
                }
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(groupUserAttr);
                    if (attribute != null) {
                        addGroupMember(str, ((String) attribute.get()).trim(), hashtable, stack);
                    }
                }
            } else {
                Attribute attribute2 = lookup(groupDN).getAttributes(new StringBuffer().append(groupNameAttr).append("=").append(str).toString()).get(groupUserAttr);
                if (attribute2 != null && (all = attribute2.getAll()) != null) {
                    while (all.hasMore()) {
                        addGroupMember(str, (String) all.next(), hashtable, stack);
                    }
                }
            }
            if (this.log != null) {
                this.log.debug(new StringBuffer().append("group: FOUND ").append(str).toString());
            }
            return hashtable;
        } catch (NameNotFoundException e) {
            if (this.log == null) {
                return null;
            }
            this.log.debug(new StringBuffer().append("group: UNGROUP ").append(str).toString());
            return null;
        } catch (NamingException e2) {
            throw new LDAPException("group lookup failed", e2);
        }
    }

    private void addGroupMember(String str, String str2, Hashtable hashtable, Stack stack) {
        Stack reverseMatchDNs = reverseMatchDNs(str2, userDN);
        if (reverseMatchDNs != null) {
            String attributeFromDN = getAttributeFromDN(userNameAttr, reverseMatchDNs);
            hashtable.put(attributeFromDN, new LDAPUser(attributeFromDN, this.owner));
            return;
        }
        Stack reverseMatchDNs2 = reverseMatchDNs(str2, groupDN);
        if (reverseMatchDNs2 == null) {
            return;
        }
        String attributeFromDN2 = getAttributeFromDN(groupNameAttr, reverseMatchDNs2);
        stack.push(str);
        if (!stack.contains(attributeFromDN2)) {
            hashtable.put(attributeFromDN2, getGroup(attributeFromDN2, stack));
            stack.pop();
            return;
        }
        if (this.log != null) {
            SecurityLogger.logUnsupportedCircularGroup(attributeFromDN2);
        }
        StringBuffer stringBuffer = new StringBuffer("unsupported circular group definition: ");
        stringBuffer.append(attributeFromDN2);
        while (!stack.empty()) {
            stringBuffer.append(new StringBuffer().append(" -> ").append(stack.pop()).toString());
        }
        throw new LDAPException(stringBuffer.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Enumeration getGroups() {
        try {
            NamingEnumeration search = search(groupDN, groupNameAttr);
            if (search == null) {
                throw new LDAPException("could not get group list");
            }
            return new LDAPEnumeration(this, search, new LDAPNextHandler(this) { // from class: weblogic.security.ldaprealmv1.LDAPDelegate.1
                private final LDAPDelegate this$0;

                {
                    this.this$0 = this;
                }

                @Override // weblogic.security.ldaprealmv1.LDAPDelegate.LDAPNextHandler
                public Object handle(Object obj) throws NamingException {
                    return new LDAPGroup(((String) ((SearchResult) obj).getAttributes().get(LDAPDelegate.groupNameAttr).get()).trim(), this.this$0.owner);
                }
            });
        } catch (NamingException e) {
            throw new LDAPException("could not get group list", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Enumeration getUsers() {
        try {
            NamingEnumeration search = search(userDN, userNameAttr);
            if (search == null) {
                throw new LDAPException("could not get user list");
            }
            return new LDAPEnumeration(this, search, new LDAPNextHandler(this) { // from class: weblogic.security.ldaprealmv1.LDAPDelegate.2
                private final LDAPDelegate this$0;

                {
                    this.this$0 = this;
                }

                @Override // weblogic.security.ldaprealmv1.LDAPDelegate.LDAPNextHandler
                public Object handle(Object obj) throws NamingException {
                    return new LDAPUser(((String) ((SearchResult) obj).getAttributes().get(LDAPDelegate.userNameAttr).get()).trim(), this.this$0.owner);
                }
            });
        } catch (NamingException e) {
            throw new LDAPException("could not get user list", e);
        }
    }

    void close() {
        this.ctxPool.close();
        this.ctxPool = null;
    }

    public void setDebugLog(LogOutputStream logOutputStream) {
        this.log = logOutputStream;
    }

    public LogOutputStream getDebugLog() {
        return this.log;
    }
}
