package co.codewizards.cloudstore.rest.server.ldap;

import co.codewizards.cloudstore.core.util.IOUtil;
import co.codewizards.cloudstore.rest.server.auth.Auth;
import co.codewizards.cloudstore.rest.server.auth.NotAuthorizedException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:co/codewizards/cloudstore/rest/server/ldap/QueryLdapClient.class */
public class QueryLdapClient implements LdapClient {
    private static final String TEMPLATE_VARIABLE = "login";
    private final String query;
    private final String queryDn;
    private final String url;
    private final String adminDn;
    private final char[] adminPassword;

    public QueryLdapClient(String str, String str2, String str3, String str4, char[] cArr) {
        this.query = (String) Objects.requireNonNull(str, "query");
        this.queryDn = (String) Objects.requireNonNull(str2, "queryDn");
        this.url = (String) Objects.requireNonNull(str3, "url");
        this.adminDn = (String) Objects.requireNonNull(str4, "bindDn");
        this.adminPassword = (char[]) Objects.requireNonNull(cArr, "password");
    }

    @Override // co.codewizards.cloudstore.rest.server.ldap.LdapClient
    public String authenticate(Auth auth) {
        try {
            InitialDirContext initialDirContext = new InitialDirContext(new LdapConfig(this.url, this.adminDn, this.adminPassword));
            Iterator<String> it = findAllUsersThatMatchQuery(initialDirContext, auth).iterator();
            while (it.hasNext()) {
                if (tryAuthenticate(initialDirContext, it.next(), auth.getPassword())) {
                    return auth.getUserName();
                }
            }
            throw new NotAuthorizedException();
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private List<String> findAllUsersThatMatchQuery(DirContext dirContext, Auth auth) throws NamingException {
        NamingEnumeration<SearchResult> findUsersWithQuery = findUsersWithQuery(dirContext, auth.getUserName());
        ArrayList arrayList = new ArrayList();
        while (findUsersWithQuery.hasMore()) {
            arrayList.add(((SearchResult) findUsersWithQuery.next()).getNameInNamespace());
        }
        return arrayList;
    }

    private NamingEnumeration<SearchResult> findUsersWithQuery(DirContext dirContext, String str) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return dirContext.search(this.queryDn, convertTemplate(this.query, str), searchControls);
    }

    private boolean tryAuthenticate(DirContext dirContext, String str, char[] cArr) throws NamingException {
        try {
            dirContext.addToEnvironment("java.naming.security.principal", str);
            dirContext.addToEnvironment("java.naming.security.credentials", cArr);
            dirContext.lookup(str);
            return true;
        } catch (AuthenticationException e) {
            return false;
        }
    }

    private String convertTemplate(String str, String str2) {
        HashMap hashMap = new HashMap(1);
        hashMap.put(TEMPLATE_VARIABLE, str2);
        return IOUtil.replaceTemplateVariables(str, hashMap);
    }
}
