package de.faustedition.security;

import com.google.common.base.Joiner;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.restlet.data.ClientInfo;
import org.restlet.security.Enroler;
import org.restlet.security.Role;
import org.restlet.security.SecretVerifier;
import org.restlet.security.User;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/faustedition/security/LdapSecurityStore.class */
public class LdapSecurityStore extends SecretVerifier implements Enroler {
    private static final String LDAP_SERVER_URL = "ldap://localhost/";

    @Autowired
    private Logger logger;
    private Map<String, UserData> cache = Collections.synchronizedMap(new HashMap());

    /* loaded from: input_file:de/faustedition/security/LdapSecurityStore$UserData.class */
    private static class UserData {
        private final char[] secret;
        private final Set<Role> roles;

        private UserData(char[] cArr, Set<Role> set) {
            this.secret = cArr;
            this.roles = set;
        }
    }

    public boolean verify(String str, char[] cArr) throws IllegalArgumentException {
        if (str == null || str.length() == 0 || cArr.length == 0) {
            return false;
        }
        UserData userData = this.cache.get(str);
        if (userData != null && compare(userData.secret, cArr)) {
            this.logger.debug("Verifier found cached user data for " + str);
            return true;
        }
        String format = String.format("uid=%s,ou=people,dc=faustedition,dc=uni-wuerzburg,dc=de", str);
        DirContext dirContext = null;
        try {
            try {
                this.logger.debug("Verifier authenticates " + format);
                Properties properties = new Properties();
                properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                properties.put("java.naming.provider.url", LDAP_SERVER_URL);
                properties.put("java.naming.security.authentication", "simple");
                properties.put("java.naming.security.principal", format);
                properties.put("java.naming.security.credentials", cArr);
                dirContext = new InitialDirContext(properties);
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{"cn"});
                searchControls.setSearchScope(1);
                NamingEnumeration search = dirContext.search("ou=groups,dc=faustedition,dc=uni-wuerzburg,dc=de", "(&(uniqueMember=" + format + "))", searchControls);
                this.logger.debug("Verifier authenticated " + format + "; getting group memberships ...");
                HashSet hashSet = new HashSet();
                while (search.hasMore()) {
                    String str2 = (String) ((SearchResult) search.next()).getAttributes().get("cn").get();
                    if ("admin".equals(str2)) {
                        hashSet.add(SecurityConstants.ADMIN_ROLE);
                        this.logger.debug("Giving role " + SecurityConstants.ADMIN_ROLE + " to " + str);
                    } else if ("staff".equals(str2) || "editors".equals(str2)) {
                        hashSet.add(SecurityConstants.EDITOR_ROLE);
                        this.logger.debug("Giving role " + SecurityConstants.EDITOR_ROLE + " to " + str);
                    } else if ("external".equals(str2)) {
                        hashSet.add(SecurityConstants.EXTERNAL_ROLE);
                        this.logger.debug("Giving role " + SecurityConstants.EXTERNAL_ROLE + " to " + str);
                    }
                }
                this.cache.put(str, new UserData(cArr, hashSet));
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            this.logger.warn("JNDI error while authenticating " + str + " against LDAP server", e3);
            if (dirContext == null) {
                return false;
            }
            try {
                dirContext.close();
                return false;
            } catch (NamingException e4) {
                return false;
            }
        } catch (AuthenticationException e5) {
            this.logger.debug("Verifier failed authenticating " + format, e5);
            if (dirContext == null) {
                return false;
            }
            try {
                dirContext.close();
                return false;
            } catch (NamingException e6) {
                return false;
            }
        }
    }

    public void enrole(ClientInfo clientInfo) {
        User user = clientInfo.getUser();
        if (user == null) {
            return;
        }
        String name = user.getName();
        this.logger.debug("Enroler checks for roles of " + name);
        UserData userData = this.cache.get(name);
        if (userData == null) {
            this.logger.debug("Enroler did not find user " + name);
        } else {
            this.logger.debug("Enroler assigns [" + Joiner.on(", ").join(userData.roles) + "] to user " + name);
            clientInfo.getRoles().addAll(userData.roles);
        }
    }
}
