package tigase.db.ldap;

import java.util.Hashtable;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.directory.InitialDirContext;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.db.AuthRepository;
import tigase.db.AuthorizationException;
import tigase.db.DBInitException;
import tigase.db.TigaseDBException;
import tigase.db.UserExistsException;
import tigase.db.UserNotFoundException;
import tigase.db.jdbc.TigaseCustomAuth;
import tigase.util.Base64;
import tigase.xmpp.BareJID;

/* loaded from: input_file:tigase/db/ldap/LdapAuthProvider.class */
public class LdapAuthProvider implements AuthRepository {
    private static final Logger log = Logger.getLogger(LdapAuthProvider.class.getName());
    protected static final String[] non_sasl_mechs = {"password"};
    protected static final String[] sasl_mechs = {TigaseCustomAuth.DEF_SASL_MECHS};
    public static final String USER_DN_PATTERN_KEY = "user-dn-pattern";
    private String providerUrl;
    private String userDnPattern;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/db/ldap/LdapAuthProvider$SaslPLAINLdap.class */
    public class SaslPLAINLdap implements SaslServer {
        private boolean authOk = false;
        private final String serverName;
        private BareJID userId;

        public SaslPLAINLdap(String str) {
            this.serverName = str;
        }

        public void dispose() throws SaslException {
        }

        public byte[] evaluateResponse(byte[] bArr) throws SaslException {
            int i = 0;
            while (bArr[i] != 0 && i < bArr.length) {
                i++;
            }
            int i2 = i + 1;
            int i3 = i2;
            while (bArr[i3] != 0 && i3 < bArr.length) {
                i3++;
            }
            String str = new String(bArr, i2, i3 - i2);
            if (LdapAuthProvider.log.isLoggable(Level.FINEST)) {
                LdapAuthProvider.log.finest("SASL userId: " + str);
            }
            int i4 = i3 + 1;
            String str2 = new String(bArr, i4, bArr.length - i4);
            if (LdapAuthProvider.log.isLoggable(Level.FINEST)) {
                LdapAuthProvider.log.finest("SASL password: " + str2);
            }
            try {
                this.userId = BareJID.bareJIDInstance(str, this.serverName);
                this.authOk = LdapAuthProvider.this.doBindAuthentication(this.userId, str2);
                return null;
            } catch (Exception e) {
                LdapAuthProvider.log.log(Level.WARNING, "Can't authenticate user", (Throwable) e);
                this.authOk = false;
                return null;
            }
        }

        public String getAuthorizationID() {
            return null;
        }

        public String getMechanismName() {
            return TigaseCustomAuth.DEF_SASL_MECHS;
        }

        public Object getNegotiatedProperty(String str) {
            return null;
        }

        public BareJID getUser_id() {
            return this.userId;
        }

        public boolean isComplete() {
            return this.authOk;
        }

        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            return null;
        }

        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            return null;
        }
    }

    @Override // tigase.db.AuthRepository
    public void addUser(BareJID bareJID, String str) throws UserExistsException, TigaseDBException {
        throw new TigaseDBException("Not available");
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean digestAuth(BareJID bareJID, String str, String str2, String str3) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        throw new AuthorizationException("Not supported.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean doBindAuthentication(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", this.providerUrl);
            if (log.isLoggable(Level.FINE)) {
                log.fine("Authenticating user '" + bareJID + "' with password ******");
            }
            String format = String.format(this.userDnPattern, bareJID.getLocalpart(), bareJID.getDomain(), bareJID.toString());
            if (log.isLoggable(Level.FINER)) {
                log.finer("Using DN:" + format);
            }
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", format);
            hashtable.put("java.naming.security.credentials", str);
            new InitialDirContext(hashtable).close();
            if (!log.isLoggable(Level.FINE)) {
                return true;
            }
            log.fine("User " + bareJID + " authenticated.");
            return true;
        } catch (AuthenticationException e) {
            if (!log.isLoggable(Level.FINE)) {
                return false;
            }
            log.log(Level.FINE, "Authentication error: " + e.getMessage());
            return false;
        } catch (Exception e2) {
            if (!log.isLoggable(Level.WARNING)) {
                return false;
            }
            log.log(Level.WARNING, "Can't authenticate user", (Throwable) e2);
            return false;
        }
    }

    @Override // tigase.db.AuthRepository
    public String getResourceUri() {
        return this.providerUrl;
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount() {
        return -1L;
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount(String str) {
        return -1L;
    }

    @Override // tigase.db.AuthRepository
    public void initRepository(String str, Map<String, String> map) throws DBInitException {
        this.userDnPattern = map.get(USER_DN_PATTERN_KEY);
        this.providerUrl = str;
        if (log.isLoggable(Level.CONFIG)) {
            log.config("User DN Pattern: " + this.userDnPattern);
            log.config("LDAP URL: " + this.providerUrl);
        }
    }

    @Override // tigase.db.AuthRepository
    public void logout(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
    }

    @Override // tigase.db.AuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            if (map.get(AuthRepository.MACHANISM_KEY).equals(TigaseCustomAuth.DEF_SASL_MECHS)) {
                return saslAuth(map);
            }
        } else if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            String str2 = (String) map.get("password");
            BareJID bareJID = (BareJID) map.get(AuthRepository.USER_ID_KEY);
            boolean doBindAuthentication = doBindAuthentication(bareJID, str2);
            if (doBindAuthentication) {
                map.put(AuthRepository.USER_ID_KEY, bareJID);
            }
            return doBindAuthentication;
        }
        throw new AuthorizationException("Protocol is not supported.");
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean plainAuth(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        throw new AuthorizationException("Not supported.");
    }

    @Override // tigase.db.AuthRepository
    public void queryAuth(Map<String, Object> map) {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            map.put(AuthRepository.RESULT_KEY, non_sasl_mechs);
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            map.put(AuthRepository.RESULT_KEY, sasl_mechs);
        }
    }

    @Override // tigase.db.AuthRepository
    public void removeUser(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        throw new TigaseDBException("Not available");
    }

    private boolean saslAuth(Map<String, Object> map) throws AuthorizationException {
        try {
            SaslPLAINLdap saslPLAINLdap = new SaslPLAINLdap((String) map.get(AuthRepository.SERVER_NAME_KEY));
            String str = (String) map.get("data");
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            if (log.isLoggable(Level.FINEST)) {
                log.finest("response: " + new String(decode));
            }
            byte[] evaluateResponse = saslPLAINLdap.evaluateResponse(decode);
            if (log.isLoggable(Level.FINEST)) {
                log.finest("challenge: " + (evaluateResponse != null ? new String(evaluateResponse) : "null"));
            }
            map.put(AuthRepository.RESULT_KEY, (evaluateResponse == null || evaluateResponse.length <= 0) ? null : Base64.encode(evaluateResponse));
            if (!saslPLAINLdap.isComplete()) {
                return false;
            }
            map.put(AuthRepository.USER_ID_KEY, saslPLAINLdap.getUser_id());
            return true;
        } catch (SaslException e) {
            throw new AuthorizationException("Sasl exception.", e);
        }
    }

    @Override // tigase.db.AuthRepository
    public void updatePassword(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException {
        throw new TigaseDBException("Not available");
    }
}
