package org.apache.brooklyn.rest.security.provider;

import com.google.common.base.CharMatcher;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.function.Supplier;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.StringConfigMap;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.rest.security.provider.SecurityProvider;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.text.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.class */
public class LdapSecurityProvider extends AbstractSecurityProvider implements SecurityProvider {
    public static final String LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private final String ldapUrl;
    private final String ldapRealm;
    private final String organizationUnit;
    public static final Logger LOG = LoggerFactory.getLogger(LdapSecurityProvider.class);
    static boolean triedLoading = false;

    public LdapSecurityProvider(ManagementContext managementContext) {
        StringConfigMap config = managementContext.getConfig();
        this.ldapUrl = (String) config.getConfig(BrooklynWebConfig.LDAP_URL);
        Strings.checkNonEmpty(this.ldapUrl, "LDAP security provider configuration missing required property " + BrooklynWebConfig.LDAP_URL);
        this.ldapRealm = CharMatcher.isNot('\"').retainFrom((CharSequence) config.getConfig(BrooklynWebConfig.LDAP_REALM));
        Strings.checkNonEmpty(this.ldapRealm, "LDAP security provider configuration missing required property " + BrooklynWebConfig.LDAP_REALM);
        if (Strings.isBlank((CharSequence) config.getConfig(BrooklynWebConfig.LDAP_OU))) {
            LOG.info("Setting LDAP ou attribute to: Users");
            this.organizationUnit = "Users";
        } else {
            this.organizationUnit = CharMatcher.isNot('\"').retainFrom((CharSequence) config.getConfig(BrooklynWebConfig.LDAP_OU));
        }
        Strings.checkNonEmpty(this.ldapRealm, "LDAP security provider configuration missing required property " + BrooklynWebConfig.LDAP_OU);
    }

    public LdapSecurityProvider(String str, String str2, String str3) {
        this.ldapUrl = str;
        this.ldapRealm = str2;
        this.organizationUnit = str3;
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean authenticate(HttpServletRequest httpServletRequest, Supplier<HttpSession> supplier, String str, String str2) throws SecurityProvider.SecurityProviderDeniedAuthentication {
        if (str == null) {
            return false;
        }
        checkCanLoad();
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", LDAP_CONTEXT_FACTORY);
        hashtable.put("java.naming.provider.url", this.ldapUrl);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", getUserDN(str));
        hashtable.put("java.naming.security.credentials", str2);
        try {
            new InitialDirContext(hashtable);
            return allow(supplier.get(), str);
        } catch (NamingException e) {
            return false;
        }
    }

    protected String getUserDN(String str) {
        return "cn=" + str + ",ou=" + this.organizationUnit + "," + Joiner.on(",").join(Lists.transform(Arrays.asList(this.ldapRealm.split("\\.")), new Function<String, String>() { // from class: org.apache.brooklyn.rest.security.provider.LdapSecurityProvider.1
            public String apply(String str2) {
                return "dc=" + str2;
            }
        })).toLowerCase();
    }

    public static synchronized void checkCanLoad() {
        if (triedLoading) {
            return;
        }
        try {
            Class.forName(LDAP_CONTEXT_FACTORY);
            triedLoading = true;
        } catch (Throwable th) {
            throw Exceptions.propagate(new ClassNotFoundException("Unable to load LDAP classes (com.sun.jndi.ldap.LdapCtxFactory) required for Brooklyn LDAP security provider"));
        }
    }

    @Override // org.apache.brooklyn.rest.security.provider.SecurityProvider
    public boolean requiresUserPass() {
        return true;
    }
}
