package com.dtolabs.rundeck.jetty.jaas;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
import org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule;
import org.eclipse.jetty.plus.jaas.spi.UserInfo;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.Credential;
import org.quartz.impl.StdSchedulerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:lib/rundeck-jetty-server-2.6.11.jar:com/dtolabs/rundeck/jetty/jaas/JNDILoginModule.class */
public class JNDILoginModule extends AbstractLoginModule {
    private static final Logger log = Log.getLogger((Class<?>) JNDILoginModule.class);
    public static final String DEFAULT_FILENAME = "rundeck-jndi.properties";
    private HashMap fileMap = new HashMap();
    private String propertyFileName;
    public static final String CONNECTION_NAME_PROP = "rundeck.auth.jndi.connectionName";
    public static final String CONNECTION_PASS_PROP = "rundeck.auth.jndi.connectionPassword";
    public static final String CONNECTION_URL_PROP = "rundeck.auth.jndi.connectionUrl";
    public static final String CONNECTION_AUTH_TYPE = "rundeck.auth.jndi.authType";
    public static final String ROLEBASE_PROP = "rundeck.auth.jndi.roleBase";
    public static final String ROLENAMERDN_PROP = "rundeck.auth.jndi.roleNameRDN";
    public static final String ROLEMEMBERRDN_PROP = "rundeck.auth.jndi.roleMemberRDN";
    public static final String USERBASE_PROP = "rundeck.auth.jndi.userBase";
    public static final String USERNAMERDN_PROP = "rundeck.auth.jndi.userNameRDN";
    public static final String PROJECT_ROLE_NAME_PREFIX = "projectRole-";
    private String connectionUrl;
    private String connectionName;
    private String connectionPassword;
    private String connectionAuth;
    private String roleBase;
    private String roleNameRDN;
    private String roleMemberRDN;
    private String userBase;
    private String userNameRDN;
    private DirContext initialDirContext;
    public static final String RESTRICTED_PROJECTS_ROLE = "restrictedProjects";

    @Override // org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
    public UserInfo getUserInfo(String str) throws Exception {
        context();
        return new UserInfo(str, Credential.getCredential(getUserCredentials(str)), new ArrayList(getUserRoles(str)));
    }

    @Override // org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        initWithProps(loadProperties((String) map2.get("file")));
    }

    private void initWithProps(Properties properties) {
        this.connectionUrl = properties.getProperty(CONNECTION_URL_PROP);
        this.connectionName = properties.getProperty(CONNECTION_NAME_PROP);
        this.connectionPassword = properties.getProperty(CONNECTION_PASS_PROP);
        this.connectionAuth = properties.containsKey(CONNECTION_AUTH_TYPE) ? properties.getProperty(CONNECTION_AUTH_TYPE) : BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE;
        this.roleBase = properties.getProperty(ROLEBASE_PROP);
        this.roleNameRDN = properties.getProperty(ROLENAMERDN_PROP);
        this.roleMemberRDN = properties.getProperty(ROLEMEMBERRDN_PROP);
        this.userBase = properties.getProperty(USERBASE_PROP);
        this.userNameRDN = properties.getProperty(USERNAMERDN_PROP);
    }

    private synchronized DirContext context() throws NamingException {
        if (null == this.initialDirContext) {
            Hashtable hashtable = new Hashtable(11);
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_INITIAL, "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PROVDER, this.connectionUrl);
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PRINCIPAL, this.connectionName);
            hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_CREDENTIALS, this.connectionPassword);
            this.initialDirContext = new InitialDirContext(hashtable);
        }
        return this.initialDirContext;
    }

    private synchronized boolean authbindContext(String str, String str2) throws NamingException {
        String str3 = this.userNameRDN + "=" + str + "," + this.userBase;
        Hashtable hashtable = new Hashtable(11);
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_INITIAL, "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PROVDER, this.connectionUrl);
        hashtable.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_PRINCIPAL, str3);
        hashtable.put(StdSchedulerFactory.PROP_DATASOURCE_JNDI_CREDENTIALS, str2);
        log.debug("attempting bind with userDN: " + str3, new Object[0]);
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            initialDirContext.lookup(str3);
            initialDirContext.close();
            log.debug("bind succeeded", new Object[0]);
            return true;
        } catch (NamingException e) {
            log.debug("bind failed", e);
            e.printStackTrace();
            return false;
        }
    }

    @Override // org.eclipse.jetty.plus.jaas.spi.AbstractLoginModule
    public boolean login() throws LoginException {
        if (BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE.equals(this.connectionAuth)) {
            return super.login();
        }
        if (!"bind".equals(this.connectionAuth)) {
            throw new IllegalStateException("rundeck.auth.jndi.authType was an unrecognized value: " + this.connectionAuth);
        }
        log.debug("login using bind", new Object[0]);
        try {
            if (getCallbackHandler() == null) {
                throw new LoginException("No callback handler");
            }
            NameCallback[] configureCallbacks = configureCallbacks();
            getCallbackHandler().handle(configureCallbacks);
            String name = configureCallbacks[0].getName();
            Object object = ((ObjectCallback) configureCallbacks[1]).getObject();
            if (name == null || object == null) {
                setAuthenticated(false);
                return isAuthenticated();
            }
            ArrayList arrayList = new ArrayList(getUserRoles(name));
            UserInfo userInfo = new UserInfo(name, null, arrayList);
            log.debug("userRoles: " + arrayList, new Object[0]);
            if (userInfo == null) {
                setAuthenticated(false);
                return isAuthenticated();
            }
            setCurrentUser(new AbstractLoginModule.JAASUserInfo(userInfo));
            setAuthenticated(authbindContext(name, (String) object));
            log.debug("login returning: isAuthenticated? " + isAuthenticated(), new Object[0]);
            return isAuthenticated();
        } catch (IOException e) {
            log.warn(e);
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            log.warn(e2);
            throw new LoginException(e2.toString());
        } catch (Exception e3) {
            log.warn(e3);
            throw new LoginException(e3.toString());
        }
    }

    private Properties loadProperties(String str) {
        File file;
        if (str == null) {
            file = new File(System.getProperty("jetty.home"), DEFAULT_FILENAME);
        } else {
            file = new File(str);
            if (!file.exists()) {
                file = new File(System.getProperty("jetty.home"), str);
            }
        }
        if (!file.exists()) {
            log.warn("No property file found: " + file.getAbsolutePath(), new Object[0]);
            throw new IllegalStateException("No property file specified in login module configuration file, or it does not exist");
        }
        try {
            this.propertyFileName = file.getCanonicalPath();
            if (this.fileMap.get(this.propertyFileName) != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Properties file " + this.propertyFileName + " already in cache, skipping load", new Object[0]);
                }
                return (Properties) this.fileMap.get(this.propertyFileName);
            }
            Properties properties = new Properties();
            properties.load(new FileInputStream(file));
            this.fileMap.put(this.propertyFileName, properties);
            return properties;
        } catch (Exception e) {
            log.warn("Error loading properties from file", e);
            throw new RuntimeException(e);
        }
    }

    private Collection getUserRoles(String str) throws NamingException {
        log.debug("Obtaining roles for userName: " + str, new Object[0]);
        NamingEnumeration search = search(this.roleBase, "(" + this.roleMemberRDN + "=" + this.userNameRDN + "=" + str + "," + this.userBase + ")", new String[]{this.roleMemberRDN});
        ArrayList arrayList = new ArrayList();
        while (search != null && search.hasMore()) {
            String name = ((SearchResult) search.next()).getName();
            if (!"".equals(name)) {
                arrayList.add(name.split("=")[1]);
            }
        }
        return arrayList;
    }

    private String getUserCredentials(String str) throws NamingException {
        log.debug("Obtaining credentials for userName: " + str, new Object[0]);
        Object obj = context().getAttributes(this.userNameRDN + "=" + str + "," + this.userBase).get("userPassword").get();
        if (obj instanceof byte[]) {
            return new String((byte[]) obj);
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        throw new NamingException("unexpected datatype for password field");
    }

    private Map getUsers() throws NamingException {
        String str = "(" + this.roleNameRDN + "=*)";
        HashMap hashMap = new HashMap();
        NamingEnumeration search = search(this.roleBase, str, new String[]{this.roleMemberRDN});
        while (search != null && search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            String name = searchResult.getName();
            if (!"".equals(name)) {
                String str2 = name.split("=")[1];
                NamingEnumeration all = searchResult.getAttributes().get(this.roleMemberRDN).getAll();
                while (all != null && all.hasMore()) {
                    String str3 = (String) all.next();
                    if (str3.endsWith("," + this.userBase)) {
                        String str4 = str3.substring(0, (str3.length() - this.userBase.length()) - 1).split("=")[1];
                        if (hashMap.containsKey(str4)) {
                            ((HashSet) hashMap.get(str4)).add(str2);
                        } else {
                            HashSet hashSet = new HashSet();
                            hashSet.add(str2);
                            hashMap.put(str4, hashSet);
                        }
                    } else {
                        log.debug("found unrecognized DN: " + str3, new Object[0]);
                    }
                }
            }
        }
        return hashMap;
    }

    private NamingEnumeration search(String str, String str2, String[] strArr) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(strArr);
        return context().search(str, str2, searchControls);
    }
}
