package com.iplanet.ias.security.auth.login;

import com.iplanet.ias.security.auth.realm.ldap.LDAPRealm;
import com.sun.enterprise.security.auth.AuthenticationStatus;
import com.sun.enterprise.util.ORBManager;
import java.util.ArrayList;
import java.util.Properties;
import java.util.logging.Level;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:116286-20/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:com/iplanet/ias/security/auth/login/LDAPLoginModule.class */
public class LDAPLoginModule extends PasswordLoginModule {
    private String _ctxF;
    private String _url;
    private String _userDNbase;
    private String _searchFilter;
    private String _grpDNbase;
    private String _grpSearchFilter;
    private String _grpTarget;
    private String _authMechanism;
    private LDAPRealm _ldapRealm;
    private String[] _dnOnly = {"dn"};
    private static LdapConnectionPool _connectionPool = null;

    public static void createConnectionPool(Properties properties, int i) {
        _connectionPool = new LdapConnectionPool(properties, i);
    }

    @Override // com.iplanet.ias.security.auth.login.PasswordLoginModule
    protected AuthenticationStatus authenticate() throws LoginException {
        if (!(this._currentRealm instanceof LDAPRealm)) {
            throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.badrealm"));
        }
        this._ldapRealm = (LDAPRealm) this._currentRealm;
        if (this._password == null || this._password.length() == 0) {
            throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.emptypassword", this._username));
        }
        if (this._username == null || badChars(this._username)) {
            throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.baduname", this._username));
        }
        this._ctxF = this._currentRealm.getProperty(LDAPRealm.PARAM_JNDICF);
        this._url = this._currentRealm.getProperty(LDAPRealm.PARAM_DIRURL);
        this._userDNbase = this._currentRealm.getProperty(LDAPRealm.PARAM_USERDN);
        this._searchFilter = this._currentRealm.getProperty(LDAPRealm.PARAM_SEARCH_FILTER);
        this._grpDNbase = this._currentRealm.getProperty(LDAPRealm.PARAM_GRPDN);
        this._grpSearchFilter = this._currentRealm.getProperty(LDAPRealm.PARAM_GRP_SEARCH_FILTER);
        this._grpTarget = this._currentRealm.getProperty(LDAPRealm.PARAM_GRP_TARGET);
        this._authMechanism = this._currentRealm.getProperty(LDAPRealm.PARAM_AUTH_MECH);
        String property = this._currentRealm.getProperty(LDAPRealm.PARAM_MODE);
        if (LDAPRealm.MODE_FIND_BIND.equals(property)) {
            return findAndBind();
        }
        throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.badmode", property));
    }

    private boolean badChars(String str) {
        int length = str.length();
        if (length == 0) {
            return true;
        }
        for (int i = 0; i < length; i++) {
            if (LDAPRealm.LDAP_METACHARS.indexOf(str.charAt(i)) != -1) {
                return true;
            }
        }
        return false;
    }

    private AuthenticationStatus findAndBind() throws LoginException {
        StringBuffer stringBuffer = new StringBuffer(this._searchFilter);
        substitute(stringBuffer, LDAPRealm.SUBST_SUBJECT_NAME, this._username);
        String userSearch = userSearch(this._userDNbase, stringBuffer.toString());
        if (userSearch == null) {
            throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.usernotfound", this._username));
        }
        DirContext bindAsUser = bindAsUser(this._ctxF, this._url, userSearch, this._password, this._authMechanism);
        if (bindAsUser == null) {
            throw new LoginException(PasswordLoginModule.sm.getString("ldaplm.bindfailed", userSearch));
        }
        StringBuffer stringBuffer2 = new StringBuffer(this._grpSearchFilter);
        substitute(stringBuffer2, LDAPRealm.SUBST_SUBJECT_NAME, this._username);
        substitute(stringBuffer2, LDAPRealm.SUBST_SUBJECT_DN, userSearch);
        String stringBuffer3 = stringBuffer2.toString();
        String[] groupSearch = groupSearch(bindAsUser, this._grpDNbase, stringBuffer3, this._grpTarget);
        try {
            bindAsUser.close();
        } catch (NamingException e) {
        }
        if (this._logger.isLoggable(Level.FINEST)) {
            this._logger.finest(new StringBuffer().append("Group search filter: ").append(stringBuffer3).toString());
            StringBuffer stringBuffer4 = new StringBuffer();
            stringBuffer4.append("Group memberships found: ");
            if (groupSearch != null) {
                for (String str : groupSearch) {
                    stringBuffer4.append(new StringBuffer().append(" ").append(str).toString());
                }
            } else {
                stringBuffer4.append("(null)");
            }
            this._logger.finest(stringBuffer4.toString());
        }
        this._ldapRealm.setGroupNames(this._username, groupSearch);
        this._logger.finest(new StringBuffer().append("LDAP login succeeded for: ").append(this._username).toString());
        return commitAuthentication(this._username, this._password, this._currentRealm, groupSearch);
    }

    private String userSearch(String str, String str2) {
        if (this._logger.isLoggable(Level.FINEST)) {
            this._logger.finest(new StringBuffer().append("search: baseDN: ").append(str).append("  filter: ").append(str2).toString());
        }
        this._ldapRealm.getLdapBindProp();
        String str3 = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(this._dnOnly);
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(1L);
        int i = 0;
        do {
            i++;
            boolean z = false;
            try {
                DirContext ldapCtx = _connectionPool.getLdapCtx();
                try {
                    NamingEnumeration search = ldapCtx.search(str, str2, searchControls);
                    if (search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append(searchResult.getName());
                        if (searchResult.isRelative()) {
                            stringBuffer.append(",");
                            stringBuffer.append(str);
                        }
                        str3 = stringBuffer.toString();
                        this._logger.finest(new StringBuffer().append("Found user DN: ").append(str3).toString());
                    }
                    _connectionPool.releaseLdapCtx(ldapCtx);
                } catch (Exception e) {
                    if (e instanceof CommunicationException) {
                        _connectionPool.remove(ldapCtx);
                        z = true;
                    } else {
                        this._logger.log(Level.WARNING, "ldaplm.searcherror", str2);
                        this._logger.log(Level.WARNING, "security.exception", (Throwable) e);
                    }
                }
                if (!z) {
                    break;
                }
            } catch (NamingException e2) {
                this._logger.log(Level.WARNING, "security.exception", e2);
            }
        } while (i < _connectionPool.getMaxPoolSize());
        return str3;
    }

    private DirContext bindAsUser(String str, String str2, String str3, String str4, String str5) {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", str);
        properties.put(ORBManager.JNDI_PROVIDER_URL_PROPERTY, str2);
        properties.put("java.naming.security.principal", str3);
        properties.put("java.naming.security.credentials", str4);
        properties.put("java.naming.security.authentication", str5);
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = new InitialDirContext(properties);
        } catch (Exception e) {
            if (this._logger.isLoggable(Level.FINEST)) {
                this._logger.finest(new StringBuffer().append("Error binding to directory as: ").append(str3).toString());
                this._logger.finest(new StringBuffer().append("Exception from JNDI: ").append(e.toString()).toString());
            }
        }
        return initialDirContext;
    }

    private String[] groupSearch(DirContext dirContext, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{str3});
            searchControls.setSearchScope(2);
            NamingEnumeration search = dirContext.search(str, str2, searchControls);
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str3);
                int size = attribute.size();
                for (int i = 0; i < size; i++) {
                    arrayList.add((String) attribute.get(i));
                }
            }
        } catch (Exception e) {
            this._logger.log(Level.WARNING, "ldaplm.searcherror", str2);
            this._logger.log(Level.WARNING, "security.exception", (Throwable) e);
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        return strArr;
    }

    private static void substitute(StringBuffer stringBuffer, String str, String str2) {
        int indexOf = stringBuffer.indexOf(str);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return;
            }
            stringBuffer.replace(i, i + str.length(), str2);
            indexOf = stringBuffer.indexOf(str);
        }
    }
}
