package com.xpn.xwiki.user.impl.LDAP;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchResults;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.objects.classes.BaseClass;
import com.xpn.xwiki.plugin.ldap.XWikiLDAPConfig;
import com.xpn.xwiki.plugin.watchlist.WatchListNotifier;
import com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.securityfilter.realm.SimplePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xwiki.rendering.syntax.Syntax;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-4.4.1.jar:com/xpn/xwiki/user/impl/LDAP/LDAPAuthServiceImpl.class */
public class LDAPAuthServiceImpl extends XWikiAuthServiceImpl {
    private static final Logger LOGGER = LoggerFactory.getLogger(LDAPAuthServiceImpl.class);

    @Override // com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl, com.xpn.xwiki.user.api.XWikiAuthService
    public Principal authenticate(String str, String str2, XWikiContext xWikiContext) throws XWikiException {
        Principal principal = null;
        String replaceAll = str == null ? null : str.replaceAll(" ", "");
        if (replaceAll == null || replaceAll.equals("") || str2 == null || str2.trim().equals("")) {
            return null;
        }
        if (isSuperAdmin(replaceAll)) {
            return authenticateSuperAdmin(str2, xWikiContext);
        }
        if (xWikiContext != null) {
            String str3 = replaceAll;
            int indexOf = replaceAll.indexOf(".");
            if (indexOf != -1) {
                str3 = replaceAll.substring(indexOf + 1);
            }
            String ldap_dn = getLDAP_DN(str, xWikiContext);
            if (ldap_dn == null || ldap_dn.length() == 0) {
                HashMap hashMap = new HashMap();
                if (checkUserPassword(str, str2, hashMap, xWikiContext)) {
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("User authenticated successfully");
                    }
                    principal = GetUserPrincipal(str3, xWikiContext);
                    if (principal == null && hashMap.size() > 0) {
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("Ready to create user from LDAP");
                        }
                        if (xWikiContext.getWiki().isVirtualMode()) {
                            String database = xWikiContext.getDatabase();
                            try {
                                if (xWikiContext.getWiki().getXWikiPreference("ldap_server", xWikiContext) == null || xWikiContext.getWiki().getXWikiPreference("ldap_server", xWikiContext).length() == 0) {
                                    xWikiContext.setDatabase(xWikiContext.getWiki().getDatabase());
                                }
                                try {
                                    CreateUserFromLDAP(hashMap, xWikiContext);
                                    LOGGER.debug("Looking for user again " + str3);
                                    principal = GetUserPrincipal(str3, xWikiContext);
                                } catch (Exception unused) {
                                }
                            } finally {
                                xWikiContext.setDatabase(database);
                            }
                        } else {
                            CreateUserFromLDAP(hashMap, xWikiContext);
                            LOGGER.debug("Looking for user again " + str3);
                            principal = GetUserPrincipal(str3, xWikiContext);
                        }
                        xWikiContext.getWiki().flushCache(xWikiContext);
                    }
                    if (principal == null) {
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("Accept user even without account");
                        }
                        principal = new SimplePrincipal("XWiki." + str3);
                    }
                }
            } else if (checkDNPassword(ldap_dn, str, str2, xWikiContext)) {
                principal = GetUserPrincipal(str3, xWikiContext);
            }
        }
        return principal;
    }

    private void CreateUserFromLDAP(HashMap hashMap, XWikiContext xWikiContext) throws XWikiException {
        String param = getParam("ldap_fields_mapping", xWikiContext);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Ready to create user from LDAP with field " + param);
        }
        if (param == null || param.length() <= 0) {
            return;
        }
        String[] split = param.split(",");
        BaseClass userClass = xWikiContext.getWiki().getUserClass(xWikiContext);
        BaseObject baseObject = new BaseObject();
        baseObject.setClassName(userClass.getName());
        String str = null;
        String str2 = null;
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            if (2 == split2.length) {
                String str4 = split2[0];
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Create user from LDAP looking at field " + str4);
                }
                if (hashMap.containsKey(split2[1])) {
                    String str5 = (String) hashMap.get(split2[1]);
                    if (str4.equals("name")) {
                        str = str5.replaceAll(" ", "");
                        str2 = "XWiki." + str;
                        baseObject.setName(str2);
                    } else {
                        LOGGER.debug("Create user from LDAP setting field " + str4);
                        baseObject.setStringValue(str4, str5);
                    }
                }
            }
        }
        if (str == null || str.length() <= 0) {
            return;
        }
        XWikiDocument document = xWikiContext.getWiki().getDocument(str2, xWikiContext);
        document.setParent("");
        document.addObject(userClass.getName(), baseObject);
        if (xWikiContext.getWiki().getDefaultDocumentSyntax().equals(Syntax.XWIKI_1_0.toIdString())) {
            document.setContent("#includeForm(\"XWiki.XWikiUserSheet\")");
            document.setSyntax(Syntax.XWIKI_1_0);
        } else {
            document.setContent("{{include document=\"XWiki.XWikiUserSheet\"/}}");
            document.setSyntax(Syntax.XWIKI_2_0);
        }
        xWikiContext.getWiki().protectUserPage(str2, "edit", document, xWikiContext);
        xWikiContext.getWiki().saveDocument(document, xWikiContext.getMessageTool().get("core.comment.createdUser"), xWikiContext);
        xWikiContext.getWiki().setUserDefaultGroup(str2, xWikiContext);
    }

    protected Principal GetUserPrincipal(String str, XWikiContext xWikiContext) {
        SimplePrincipal simplePrincipal = null;
        try {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Finding user " + str);
            }
            String findUser = findUser(str, xWikiContext);
            if (findUser != null) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Found user " + str);
                }
                simplePrincipal = new SimplePrincipal(findUser);
            }
        } catch (Exception unused) {
        }
        if (!xWikiContext.isMainWiki() && simplePrincipal == null) {
            String database = xWikiContext.getDatabase();
            try {
                xWikiContext.setDatabase(xWikiContext.getMainXWiki());
                try {
                    String findUser2 = findUser(str, xWikiContext);
                    if (findUser2 != null) {
                        simplePrincipal = new SimplePrincipal(String.valueOf(xWikiContext.getDatabase()) + ":" + findUser2);
                    }
                } catch (Exception unused2) {
                }
            } finally {
                xWikiContext.setDatabase(database);
            }
        }
        return simplePrincipal;
    }

    public String getLDAP_DN(String str, XWikiContext xWikiContext) {
        String str2 = null;
        if (xWikiContext != null) {
            try {
                String findUser = findUser(str, xWikiContext);
                if (findUser != null && findUser.length() != 0) {
                    str2 = readLDAP_DN(findUser, xWikiContext);
                }
            } catch (Exception unused) {
            }
            if (!xWikiContext.isMainWiki() && (str2 == null || str2.length() == 0)) {
                String database = xWikiContext.getDatabase();
                try {
                    xWikiContext.setDatabase(xWikiContext.getMainXWiki());
                    try {
                        String findUser2 = findUser(str, xWikiContext);
                        if (findUser2 != null && findUser2.length() != 0) {
                            str2 = readLDAP_DN(findUser2, xWikiContext);
                        }
                    } catch (Exception unused2) {
                    }
                } finally {
                    xWikiContext.setDatabase(database);
                }
            }
        }
        return str2;
    }

    private String readLDAP_DN(String str, XWikiContext xWikiContext) {
        String str2 = null;
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(str, xWikiContext);
            if (document.getObject(WatchListNotifier.XWIKI_USER_CLASS) != null) {
                str2 = document.getStringValue(WatchListNotifier.XWIKI_USER_CLASS, "ldap_dn");
            }
        } catch (Throwable unused) {
        }
        return str2;
    }

    protected boolean checkUserPassword(String str, String str2, HashMap hashMap, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Password check for user " + str);
                }
                int lDAPPort = getLDAPPort(xWikiContext);
                String param = getParam("ldap_server", xWikiContext);
                String param2 = getParam("ldap_bind_DN", xWikiContext);
                String param3 = getParam("ldap_bind_pass", xWikiContext);
                int GetCheckLevel = GetCheckLevel(xWikiContext);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Check level is " + GetCheckLevel);
                }
                Object[] objArr = {str, str2};
                String format = MessageFormat.format(param2, objArr);
                String format2 = MessageFormat.format(param3, objArr);
                String param4 = getParam("ldap_base_DN", xWikiContext);
                lDAPConnection.connect(param, lDAPPort);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Connect successfull to host " + param + " and port " + lDAPPort);
                }
                z = Bind(format, format2, lDAPConnection, 3);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Bind returned with result " + z);
                }
                if (z && GetCheckLevel > 0) {
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("LDAP searching user");
                    }
                    LDAPSearchResults search = lDAPConnection.search(param4, 2, "(" + getParam(XWikiLDAPConfig.PREF_LDAP_UID, xWikiContext) + "=" + str + ")", null, false);
                    if (search.hasMore()) {
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP searching found user");
                        }
                        LDAPEntry next = search.next();
                        String dn = next.getDN();
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP searching found DN: " + dn);
                        }
                        if (GetCheckLevel > 1) {
                            if (LOGGER.isDebugEnabled()) {
                                LOGGER.debug("LDAP comparing password");
                            }
                            z = lDAPConnection.compare(dn, new LDAPAttribute("userPassword", str2));
                        }
                        if (z) {
                            if (LOGGER.isDebugEnabled()) {
                                LOGGER.debug("LDAP adding user attributes");
                            }
                            Iterator it = next.getAttributeSet().iterator();
                            while (it.hasNext()) {
                                LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
                                String name = lDAPAttribute.getName();
                                Enumeration stringValues = lDAPAttribute.getStringValues();
                                if (stringValues != null) {
                                    while (stringValues.hasMoreElements()) {
                                        if (LOGGER.isDebugEnabled()) {
                                            LOGGER.debug("LDAP adding user attribute " + name);
                                        }
                                        hashMap.put(name, (String) stringValues.nextElement());
                                    }
                                }
                            }
                            hashMap.put(LDAPProfileXClass.LDAP_XFIELD_DN, dn);
                        }
                    } else {
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP search user failed");
                        }
                        z2 = true;
                    }
                }
                if (LOGGER.isInfoEnabled()) {
                    if (z) {
                        LOGGER.info("LDAP Password check for user " + str + " successfull");
                    } else {
                        LOGGER.info("LDAP Password check for user " + str + " failed");
                    }
                }
            } finally {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP check in finally block");
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e) {
                    e.printStackTrace();
                }
            }
        } catch (LDAPException e2) {
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("LDAP Password check for user " + str + " failed with exception " + e2.getMessage());
            }
            if (e2.getResultCode() == 32) {
                z2 = true;
            } else if (e2.getResultCode() == 16) {
                z2 = true;
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("LDAP check in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e3) {
                e3.printStackTrace();
            }
        } catch (Throwable th) {
            z2 = true;
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("LDAP Password check for user " + str + " failed with exception " + th.getMessage());
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("LDAP check in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e4) {
                e4.printStackTrace();
            }
        }
        if (z2) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("LDAP Password check reverting to XWiki");
            }
            z = checkPassword(findUser(str, xWikiContext), str2, xWikiContext);
        }
        return z;
    }

    @Override // com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
    protected String getParam(String str, XWikiContext xWikiContext) {
        String str2 = "";
        try {
            str2 = xWikiContext.getWiki().getXWikiPreference(str, xWikiContext);
        } catch (Exception unused) {
        }
        if (str2 == null || "".equals(str2)) {
            try {
                str2 = xWikiContext.getWiki().Param("xwiki.authentication." + StringUtils.replace(str, XWikiLDAPConfig.PREF_LDAP_SUFFIX, "ldap."));
            } catch (Exception unused2) {
            }
        }
        if (str2 == null) {
            str2 = "";
        }
        return str2;
    }

    protected int GetCheckLevel(XWikiContext xWikiContext) {
        String param = getParam("ldap_check_level", xWikiContext);
        String trim = param == null ? "" : param.trim();
        int i = 2;
        if ("1".equals(trim)) {
            i = 1;
        } else if ("0".equals(trim)) {
            i = 0;
        }
        return i;
    }

    private int getLDAPPort(XWikiContext xWikiContext) {
        try {
            return xWikiContext.getWiki().getXWikiPreferenceAsInt(XWikiLDAPConfig.PREF_LDAP_PORT, xWikiContext);
        } catch (Exception unused) {
            return (int) xWikiContext.getWiki().ParamAsLong(XWikiLDAPConfig.CFG_LDAP_PORT, 389L);
        }
    }

    protected boolean checkDNPassword(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                int lDAPPort = getLDAPPort(xWikiContext);
                String param = getParam("ldap_server", xWikiContext);
                getParam("ldap_bind_DN", xWikiContext);
                getParam("ldap_bind_pass", xWikiContext);
                getParam("ldap_base_DN", xWikiContext);
                lDAPConnection.connect(param, lDAPPort);
                z = Bind(str, str3, lDAPConnection, 3);
                if (LOGGER.isDebugEnabled()) {
                    if (z) {
                        LOGGER.debug("(debug) Password check for user " + str + " successfull");
                    } else {
                        LOGGER.debug("(debug) Password check for user " + str + " failed");
                    }
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e) {
                    e.printStackTrace();
                }
            } finally {
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e2) {
                    e2.printStackTrace();
                }
            }
        } catch (LDAPException e3) {
            if (e3.getResultCode() == 32) {
                z2 = true;
            } else if (e3.getResultCode() == 16) {
                z2 = true;
            }
        } catch (Throwable th) {
            th.printStackTrace();
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e4) {
                e4.printStackTrace();
            }
        }
        if (z2) {
            z = checkPassword(str2, str3, xWikiContext);
        }
        return z;
    }

    private boolean Bind(String str, String str2, LDAPConnection lDAPConnection, int i) throws UnsupportedEncodingException {
        boolean z = false;
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("LDAP Bind starting");
        }
        if (str != null && str.length() > 0 && str2 != null) {
            try {
                lDAPConnection.bind(i, str, str2.getBytes("UTF8"));
                z = true;
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Bind successfull");
                }
            } catch (LDAPException e) {
                if (LOGGER.isErrorEnabled()) {
                    LOGGER.error("LDAP Bind failed with Exception " + e.getMessage());
                }
            }
        } else if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("LDAP Bind does not have binding info");
        }
        return z;
    }

    public boolean createUserFromLDAP(String str, String str2, String str3, XWikiContext xWikiContext) throws XWikiException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        boolean z = false;
        HashMap hashMap = new HashMap();
        try {
            try {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Password check for user " + str2);
                }
                int lDAPPort = getLDAPPort(xWikiContext);
                String param = getParam("ldap_server", xWikiContext);
                String param2 = getParam("ldap_bind_DN", xWikiContext);
                String param3 = getParam("ldap_bind_pass", xWikiContext);
                Object[] objArr = {str2, str3};
                String format = MessageFormat.format(param2, objArr);
                String format2 = MessageFormat.format(param3, objArr);
                String param4 = getParam("ldap_base_DN", xWikiContext);
                lDAPConnection.connect(param, lDAPPort);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Connect successfull to host " + param + " and port " + lDAPPort);
                }
                z = Bind(format, format2, lDAPConnection, 3);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP Bind returned with result " + z);
                }
                if (z) {
                    LDAPSearchResults search = lDAPConnection.search(param4, 2, "(" + getParam(XWikiLDAPConfig.PREF_LDAP_UID, xWikiContext) + "=" + str + ")", null, false);
                    if (search.hasMore()) {
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP searching found user");
                        }
                        LDAPEntry next = search.next();
                        String dn = next.getDN();
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP searching found DN: " + dn);
                        }
                        if (z) {
                            if (LOGGER.isDebugEnabled()) {
                                LOGGER.debug("LDAP adding user attributes");
                            }
                            Iterator it = next.getAttributeSet().iterator();
                            while (it.hasNext()) {
                                LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
                                String name = lDAPAttribute.getName();
                                Enumeration stringValues = lDAPAttribute.getStringValues();
                                if (stringValues != null) {
                                    while (stringValues.hasMoreElements()) {
                                        if (LOGGER.isDebugEnabled()) {
                                            LOGGER.debug("LDAP adding user attribute " + name);
                                        }
                                        hashMap.put(name, (String) stringValues.nextElement());
                                    }
                                }
                            }
                            hashMap.put(LDAPProfileXClass.LDAP_XFIELD_DN, dn);
                            CreateUserFromLDAP(hashMap, xWikiContext);
                        } else if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("LDAP search user failed");
                        }
                    }
                }
                if (LOGGER.isInfoEnabled()) {
                    if (z) {
                        LOGGER.info("LDAP create user for user " + str + " successfull");
                    } else {
                        LOGGER.info("LDAP create user for user " + str + " failed");
                    }
                }
            } finally {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("LDAP create user in finally block");
                }
                try {
                    lDAPConnection.disconnect();
                } catch (LDAPException e) {
                    e.printStackTrace();
                }
            }
        } catch (LDAPException e2) {
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("LDAP create user for user " + str + " failed with exception " + e2.getMessage());
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("LDAP create user in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e3) {
                e3.printStackTrace();
            }
        } catch (Throwable th) {
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("LDAP create user for user " + str + " failed with exception " + th.getMessage());
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("LDAP create user in finally block");
            }
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e4) {
                e4.printStackTrace();
            }
        }
        return z;
    }
}
