package org.openanzo.security.ldap;

import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPReferralException;
import com.novell.ldap.LDAPSearchResults;
import com.sun.net.ssl.internal.ssl.Provider;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.text.MessageFormat;
import java.util.Dictionary;
import org.openanzo.client.cli.CommandLineInterface;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.EncryptionUtil;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.osgi.GenericObjectClassDef;
import org.openanzo.osgi.OsgiConfigurationUtils;
import org.openanzo.osgi.attributes.LDAPAttributes;
import org.openanzo.osgi.attributes.ServicesAttributes;
import org.openanzo.rdf.Constants;
import org.openanzo.security.keystore.KeyStoreDictionary;
import org.openanzo.security.ldap.attributes.LDAPAuthAttributes;
import org.openanzo.services.LDAPDictionary;
import org.osgi.framework.BundleContext;
import org.osgi.service.metatype.AttributeDefinition;

/* loaded from: input_file:org/openanzo/security/ldap/LdapAuthClassDef.class */
final class LdapAuthClassDef extends GenericObjectClassDef {
    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapAuthClassDef() {
        super(LdapAuthenticatorActivator.SERVICE_PID, "LDAP Authentication Provider", "Authentication provider that binds to an embedded or external LDAP server for authentication and user's roles.", new AttributeDefinition[]{ServicesAttributes.Enabled, LDAPAuthAttributes.UseEmbeddedServer, LDAPAttributes.Host, LDAPAttributes.Port, LDAPAuthAttributes.UserBaseDN, LDAPAuthAttributes.UserSearch, LDAPAuthAttributes.UserObjectClass, LDAPAuthAttributes.RoleBaseDN, LDAPAuthAttributes.RolesSearch, LDAPAuthAttributes.RoleObjectClass}, new AttributeDefinition[]{LDAPAttributes.UseSSL, LDAPAuthAttributes.UserIdAttribute, LDAPAuthAttributes.SysadminRole, LDAPAttributes.LdapServerUser, LDAPAttributes.LdapServerPassword, LDAPAuthAttributes.RoleSearchFilter, LDAPAuthAttributes.UserSearchFilter, LDAPAttributes.CacheInvalidationTimeout}, new AttributeDefinition[]{ServicesAttributes.Enabled, LDAPAuthAttributes.UseEmbeddedServer, LDAPAttributes.Host, LDAPAttributes.Port, LDAPAttributes.UseSSL, LDAPAttributes.LdapServerUser, LDAPAttributes.LdapServerPassword, LDAPAuthAttributes.UserBaseDN, LDAPAuthAttributes.UserIdAttribute, LDAPAuthAttributes.UserSearch, LDAPAuthAttributes.UserSearchFilter, LDAPAuthAttributes.UserObjectClass, LDAPAuthAttributes.RoleBaseDN, LDAPAuthAttributes.RolesSearch, LDAPAuthAttributes.RoleSearchFilter, LDAPAuthAttributes.RoleObjectClass, LDAPAuthAttributes.SysadminRole, LDAPAttributes.CacheInvalidationTimeout});
    }

    public boolean validateConfiguration(BundleContext bundleContext, Dictionary dictionary) throws AnzoException {
        LDAPConnection lDAPConnection;
        if (LDAPAuthDictionary.getUseEmbeddedServer(dictionary).booleanValue()) {
            return true;
        }
        String host = LDAPDictionary.getHost(dictionary, CommandLineInterface.DEFAULT_HOST);
        Integer port = LDAPDictionary.getPort(dictionary, 10389);
        String ldapServerUser = LDAPDictionary.getLdapServerUser(dictionary);
        String ldapServerPassword = LDAPDictionary.getLdapServerPassword(dictionary);
        String userSearch = LDAPAuthDictionary.getUserSearch(dictionary);
        String rolesSearch = LDAPAuthDictionary.getRolesSearch(dictionary);
        String str = (String) dictionary.get("org.openanzo.ldap.testUserId");
        String str2 = (String) dictionary.get("org.openanzo.ldap.testPassword");
        String userBaseDN = LDAPAuthDictionary.getUserBaseDN(dictionary);
        String roleBaseDN = LDAPAuthDictionary.getRoleBaseDN(dictionary);
        String clientTrustPassword = KeyStoreDictionary.getClientTrustPassword(dictionary);
        String clientTruststoreType = KeyStoreDictionary.getClientTruststoreType(dictionary);
        String preprocessString = OsgiConfigurationUtils.preprocessString(KeyStoreDictionary.getClientTrustFileLocation(dictionary), bundleContext);
        String keyPassword = KeyStoreDictionary.getKeyPassword(dictionary);
        String keystoreType = KeyStoreDictionary.getKeystoreType(dictionary);
        String preprocessString2 = OsgiConfigurationUtils.preprocessString(KeyStoreDictionary.getKeyFileLocation(dictionary), bundleContext);
        String sslProtocol = LDAPAuthDictionary.getSslProtocol(dictionary, "TLSv1.2");
        boolean z = false;
        Boolean useSSL = LDAPDictionary.getUseSSL(dictionary);
        if (useSSL != null) {
            z = useSSL.booleanValue();
        }
        try {
            String format = new MessageFormat(userSearch).format(new String[]{str});
            if (str == null || str.trim().length() == 0) {
                throw new AnzoException(ExceptionConstants.CORE.NULL_PARAMETER, "org.openanzo.ldap.testUserId");
            }
            if (str2 == null || str2.trim().length() == 0) {
                throw new AnzoException(ExceptionConstants.CORE.NULL_PARAMETER, "org.openanzo.ldap.testPassword");
            }
            LDAPConnection lDAPConnection2 = null;
            try {
                LdapAuthenticatorActivator.log.info("validateConfiguration - Creating LDAPConnection.");
                if (z) {
                    Security.addProvider(new Provider());
                    lDAPConnection2 = new LDAPConnection(new LDAPJSSESecureSocketFactory(Utils.getSSLSocketFactory(preprocessString2, keyPassword, keystoreType, preprocessString, clientTrustPassword, clientTruststoreType, sslProtocol)));
                } else {
                    lDAPConnection2 = new LDAPConnection();
                }
                try {
                    LdapAuthenticatorActivator.log.info("validateConfiguration - Connecting to LDAP server.");
                    lDAPConnection2.connect(host, port.intValue());
                    LdapAuthenticatorActivator.log.info("validateConfiguration - binding LDAP connection as configured LDAP Admin DN.");
                    try {
                        lDAPConnection2.bind(3, ldapServerUser, ldapServerPassword.getBytes(StandardCharsets.UTF_8));
                        try {
                            LdapAuthenticatorActivator.log.info("validateConfiguration - performing LDAP search - baseDN: {}, scope: LDAPConnection.SCOPE_SUB, filter: {}, attrs: null, typesOnly: false", userBaseDN, format);
                            LDAPSearchResults search = lDAPConnection2.search(userBaseDN, 2, format, (String[]) null, false);
                            LdapAuthenticatorActivator.log.info("validateConfiguration - traversing search results");
                            try {
                                if (!search.hasMore()) {
                                    throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_FAILED_TEST_SEARCH, new String[0]);
                                }
                                LDAPEntry next = search.next();
                                if (next == null) {
                                    throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_FAILED_TEST_SEARCH, new String[0]);
                                }
                                String dn = next.getDN();
                                LdapAuthenticatorActivator.log.info("validateConfiguration - found user entry with DN: {}. Starting test bind as the test user.", dn);
                                LDAPConnection lDAPConnection3 = null;
                                try {
                                    LdapAuthenticatorActivator.log.info("validateConfiguration - Creating LDAPConnection for test user bind.");
                                    if (z) {
                                        Security.addProvider(new Provider());
                                        lDAPConnection = new LDAPConnection(new LDAPJSSESecureSocketFactory(Utils.getSSLSocketFactory(preprocessString2, keyPassword, keystoreType, preprocessString, clientTrustPassword, clientTruststoreType, sslProtocol)));
                                    } else {
                                        lDAPConnection = new LDAPConnection();
                                    }
                                    lDAPConnection.connect(host, port.intValue());
                                    try {
                                        String password = EncryptionUtil.getPassword(str2);
                                        LdapAuthenticatorActivator.log.info("validateConfiguration - Attempting test user bind.");
                                        lDAPConnection.bind(3, dn, password.getBytes(StandardCharsets.UTF_8));
                                        String format2 = new MessageFormat(rolesSearch).format(new String[]{Utils.escapeDN(dn)});
                                        LdapAuthenticatorActivator.log.info("validateConfiguration - Performing roles search on test user LDAP connection - base: {}, scope: LDAPConnection.SCOPE_SUB, filter: {}, attrs: null, typesOnly: false", roleBaseDN, format2);
                                        LDAPSearchResults search2 = lDAPConnection.search(roleBaseDN, 2, format2, (String[]) null, false);
                                        try {
                                            if (search2.hasMore()) {
                                                Constants.valueFactory.createURI(Utils.encodeLdapUri("ldap:///" + search2.next().getDN()));
                                            }
                                        } catch (LDAPReferralException e) {
                                            LdapAuthenticatorActivator.log.debug("Error dereferencing referral", e);
                                        }
                                        if (lDAPConnection != null) {
                                            lDAPConnection.disconnect();
                                        }
                                        if (lDAPConnection2 == null) {
                                            return true;
                                        }
                                        try {
                                            lDAPConnection2.disconnect();
                                            return true;
                                        } catch (LDAPException e2) {
                                            LdapAuthenticatorActivator.log.error(LogUtils.SERVER_INTERNAL_MARKER, "Error disconnecting ldap connection", e2);
                                            return true;
                                        }
                                    } catch (Exception e3) {
                                        throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_USER_BIND, e3, str);
                                    }
                                } catch (Throwable th) {
                                    if (0 != 0) {
                                        lDAPConnection3.disconnect();
                                    }
                                    throw th;
                                }
                            } catch (LDAPReferralException e4) {
                                LdapAuthenticatorActivator.log.debug("Error dereferencing referral", e4);
                                throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_FAILED_TEST_SEARCH, new String[0]);
                            }
                        } catch (LDAPException e5) {
                            throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_ADMIN_SEARCH, (Throwable) e5, new String[0]);
                        }
                    } catch (LDAPException e6) {
                        throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_ADMIN_BIND, (Throwable) e6, ldapServerUser);
                    }
                } catch (AnzoRuntimeException | LDAPException e7) {
                    throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_INVALID_CONFIGURATION, e7, new String[0]);
                }
            } catch (Throwable th2) {
                if (lDAPConnection2 != null) {
                    try {
                        lDAPConnection2.disconnect();
                    } catch (LDAPException e8) {
                        LdapAuthenticatorActivator.log.error(LogUtils.SERVER_INTERNAL_MARKER, "Error disconnecting ldap connection", e8);
                    }
                }
                throw th2;
            }
        } catch (IllegalArgumentException e9) {
            throw new AnzoException(ExceptionConstants.SERVER.INSTALL_LDAP_INVALID_CONFIGURATION, e9, new String[0]);
        }
    }
}
