package tyrex.security.ldap;

import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import tyrex.security.NamePasswordCredentials;
import tyrex.security.container.RoleCredentials;
import tyrex.security.container.helper.EmailPrincipal;

/* loaded from: input_file:tyrex/security/ldap/LDAPLoginModule.class */
public class LDAPLoginModule implements LoginModule {
    private static final String ModuleName = "LDAPLoginModule";
    private Subject _subject;
    private LDAPRealm _realm;
    private Map _options;
    private LDAPCredentials _ldapCreds;
    private RoleCredentials _roleCreds;
    private Vector _princs = new Vector();
    static Class class$tyrex$security$ldap$LDAPCredentials;
    static Class class$tyrex$security$NamePasswordCredentials;

    /* loaded from: input_file:tyrex/security/ldap/LDAPLoginModule$Options.class */
    public static class Options {
        public static final String LDAPUrl = "ldap-url";
        public static final String DNMask = "dn-mask";
        public static final String RolesRDN = "roles-rdn";
        public static final String Realm = "realm";
        public static final String LogErrors = "log-errors";
    }

    public boolean abort() throws LoginException {
        if (this._subject == null) {
            return false;
        }
        if (this._roleCreds != null) {
            this._roleCreds.destroy();
            this._roleCreds = null;
        }
        if (this._ldapCreds != null) {
            this._ldapCreds.destroy();
            this._ldapCreds = null;
        }
        this._princs = null;
        this._subject = null;
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public boolean commit() throws LoginException {
        if (this._subject == null) {
            return false;
        }
        if (this._roleCreds != null) {
            this._subject.getPublicCredentials().add(this._roleCreds);
        }
        if (this._ldapCreds != null) {
            this._subject.getPrivateCredentials().add(this._ldapCreds);
        }
        this._subject.getPrincipals().addAll(this._princs);
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x00ce, code lost:
    
        ret jsr -> Lc9;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12, types: [tyrex.security.ldap.LDAPRealm] */
    /* JADX WARN: Type inference failed for: r0v19, types: [tyrex.security.ldap.LDAPLoginModule] */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.lang.Throwable] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void initialize(javax.security.auth.Subject r10, javax.security.auth.callback.CallbackHandler r11, java.util.Map r12, java.util.Map r13) {
        /*
            r9 = this;
            r0 = r9
            r1 = r10
            r0._subject = r1
            r0 = r9
            r1 = r13
            r0._options = r1
            r0 = r9
            java.util.Map r0 = r0._options
            java.lang.String r1 = "realm"
            java.lang.Object r0 = r0.get(r1)
            java.lang.String r0 = (java.lang.String) r0
            r14 = r0
            r0 = r14
            if (r0 != 0) goto L24
            java.lang.String r0 = "<default>"
            r14 = r0
        L24:
            r0 = r12
            r15 = r0
            r0 = r15
            monitor-enter(r0)
            r0 = r9
            r1 = r12
            r2 = r14
            java.lang.Object r1 = r1.get(r2)     // Catch: java.lang.Throwable -> Lc5
            tyrex.security.ldap.LDAPRealm r1 = (tyrex.security.ldap.LDAPRealm) r1     // Catch: java.lang.Throwable -> Lc5
            r0._realm = r1     // Catch: java.lang.Throwable -> Lc5
            r0 = r9
            tyrex.security.ldap.LDAPRealm r0 = r0._realm     // Catch: java.lang.Throwable -> Lc5
            if (r0 != 0) goto Lbf
            r0 = r9
            tyrex.security.ldap.LDAPRealm r1 = new tyrex.security.ldap.LDAPRealm     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            r2 = r1
            r3 = r14
            r4 = r9
            java.util.Map r4 = r4._options     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r5 = "ldap-url"
            java.lang.Object r4 = r4.get(r5)     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r4 = (java.lang.String) r4     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            r5 = r9
            java.util.Map r5 = r5._options     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r6 = "dn-mask"
            java.lang.Object r5 = r5.get(r6)     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r5 = (java.lang.String) r5     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            r6 = r9
            java.util.Map r6 = r6._options     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r7 = "roles-rdn"
            java.lang.Object r6 = r6.get(r7)     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            java.lang.String r6 = (java.lang.String) r6     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            r2.<init>(r3, r4, r5, r6)     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            r0._realm = r1     // Catch: java.lang.Exception -> L7a java.lang.Throwable -> Lc5
            goto Lb2
        L7a:
            r17 = move-exception
            r0 = r13
            java.lang.String r1 = "log-errors"
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Throwable -> Lc5
            if (r0 == 0) goto Lae
            java.io.PrintStream r0 = java.lang.System.out     // Catch: java.lang.Throwable -> Lc5
            java.lang.StringBuffer r1 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> Lc5
            r2 = r1
            java.lang.String r3 = "LDAPLoginModule error: cannot load LDAP realm "
            r2.<init>(r3)     // Catch: java.lang.Throwable -> Lc5
            r2 = r14
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.lang.Throwable -> Lc5
            java.lang.String r2 = ": "
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.lang.Throwable -> Lc5
            r2 = r17
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.lang.Throwable -> Lc5
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> Lc5
            r0.println(r1)     // Catch: java.lang.Throwable -> Lc5
            r0 = r17
            r0.printStackTrace()     // Catch: java.lang.Throwable -> Lc5
        Lae:
            r0 = jsr -> Lc9
        Lb1:
            return
        Lb2:
            r0 = r12
            r1 = r14
            r2 = r9
            tyrex.security.ldap.LDAPRealm r2 = r2._realm     // Catch: java.lang.Throwable -> Lc5
            java.lang.Object r0 = r0.put(r1, r2)     // Catch: java.lang.Throwable -> Lc5
        Lbf:
            r0 = r15
            monitor-exit(r0)
            goto Ld0
        Lc5:
            r1 = move-exception
            monitor-exit(r1)
            throw r0
        Lc9:
            r16 = r0
            r0 = r15
            monitor-exit(r0)
            ret r16
        Ld0:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: tyrex.security.ldap.LDAPLoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map):void");
    }

    public boolean login() throws LoginException {
        Class class$;
        Class class$2;
        if (this._subject == null || this._realm == null) {
            return false;
        }
        Subject subject = this._subject;
        if (class$tyrex$security$ldap$LDAPCredentials != null) {
            class$ = class$tyrex$security$ldap$LDAPCredentials;
        } else {
            class$ = class$("tyrex.security.ldap.LDAPCredentials");
            class$tyrex$security$ldap$LDAPCredentials = class$;
        }
        for (LDAPCredentials lDAPCredentials : subject.getPrivateCredentials(class$)) {
            if (lDAPCredentials.getHost().equals(this._realm.getLDAPHost()) && lDAPCredentials.getPort() == this._realm.getLDAPPort() && loginWithCred(lDAPCredentials)) {
                return true;
            }
        }
        Subject subject2 = this._subject;
        if (class$tyrex$security$NamePasswordCredentials != null) {
            class$2 = class$tyrex$security$NamePasswordCredentials;
        } else {
            class$2 = class$("tyrex.security.NamePasswordCredentials");
            class$tyrex$security$NamePasswordCredentials = class$2;
        }
        for (NamePasswordCredentials namePasswordCredentials : subject2.getPrivateCredentials(class$2)) {
            System.out.println(new StringBuffer("Realm ").append(namePasswordCredentials.getRealm()).append(" ").append(this._realm.isDefaultRealm()).toString());
            if ((namePasswordCredentials.getRealm() == null && this._realm.isDefaultRealm()) || (namePasswordCredentials.getRealm() != null && namePasswordCredentials.getRealm().equals(this._realm.getRealmName()))) {
                LDAPCredentials lDAPCredentials2 = new LDAPCredentials(this._realm.getLDAPHost(), this._realm.getLDAPPort(), this._realm.getDN(namePasswordCredentials.getName()), namePasswordCredentials.getPassword());
                if (loginWithCred(lDAPCredentials2)) {
                    this._ldapCreds = lDAPCredentials2;
                    return true;
                }
            }
        }
        return false;
    }

    private boolean loginWithCred(LDAPCredentials lDAPCredentials) throws LoginException {
        LDAPConnection lDAPConnection = new LDAPConnection();
        try {
            lDAPConnection.connect(lDAPCredentials.getHost(), lDAPCredentials.getPort());
            lDAPConnection.authenticate(lDAPCredentials.getDN(), new String(lDAPCredentials.getPassword()));
            LDAPEntry read = lDAPConnection.read(lDAPCredentials.getDN(), new String[]{"cn", "mail"});
            this._princs.add(new LDAPPrincipal(lDAPCredentials.getDN()));
            LDAPAttribute attribute = read.getAttribute("cn");
            if (attribute != null && attribute.getStringValueArray().length > 0) {
                this._princs.add(new CommonNamePrincipal(attribute.getStringValueArray()[0]));
            }
            LDAPAttribute attribute2 = read.getAttribute("email");
            if (attribute2 != null && attribute2.getStringValueArray().length > 0) {
                this._princs.add(new EmailPrincipal(attribute2.getStringValueArray()[0]));
            }
            lDAPConnection.disconnect();
            this._roleCreds = this._realm.getRoleCredentials(lDAPCredentials.getDN());
            return true;
        } catch (LDAPException e) {
            try {
                if (lDAPConnection.isConnected()) {
                    lDAPConnection.disconnect();
                }
            } catch (Exception unused) {
            }
            if (e.getLDAPResultCode() == 32) {
                return false;
            }
            if (e.getLDAPResultCode() == 48) {
                throw new LoginException(new StringBuffer("Account ").append(lDAPCredentials.getDN()).append(" has no password").toString());
            }
            if (e.getLDAPResultCode() == 49) {
                throw new LoginException(new StringBuffer("Account ").append(lDAPCredentials.getDN()).append(" has invalid password").toString());
            }
            if (e.getLDAPResultCode() == 50) {
                throw new FailedLoginException(new StringBuffer("No credentials to access account ").append(lDAPCredentials.getDN()).toString());
            }
            throw new LoginException(e.getMessage());
        }
    }

    public boolean logout() throws LoginException {
        if (this._subject == null) {
            return false;
        }
        if (this._roleCreds != null) {
            this._roleCreds.destroy();
            this._subject.getPublicCredentials().remove(this._roleCreds);
            this._roleCreds = null;
        }
        if (this._ldapCreds != null) {
            this._ldapCreds.destroy();
            this._subject.getPrivateCredentials().remove(this._ldapCreds);
            this._ldapCreds = null;
        }
        this._subject.getPrincipals().remove(this._princs);
        this._subject = null;
        return true;
    }
}
