package org.apache.catalina.realm;

import com.sun.enterprise.util.ORBManager;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.catalina.LifecycleException;

/* loaded from: input_file:116287-13/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:org/apache/catalina/realm/JNDIRealm.class */
public class JNDIRealm extends RealmBase {
    protected static final String info = "org.apache.catalina.realm.JNDIRealm/1.0";
    protected static final String name = "JNDIRealm";
    protected String connectionName = null;
    protected String connectionPassword = null;
    protected String connectionURL = null;
    protected DirContext context = null;
    protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    protected String roleBase = "";
    protected MessageFormat roleFormat = null;
    protected String[] roleName = null;
    protected String roleSearch = null;
    protected boolean roleSubtree = false;
    protected MessageFormat userFormat = null;
    protected String[] userPassword = null;
    protected String userPattern = null;

    public String getConnectionName() {
        return this.connectionName;
    }

    public void setConnectionName(String str) {
        this.connectionName = str;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public void setConnectionPassword(String str) {
        this.connectionPassword = str;
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public void setConnectionURL(String str) {
        this.connectionURL = str;
    }

    public String getContextFactory() {
        return this.contextFactory;
    }

    public void setContextFactory(String str) {
        this.contextFactory = str;
    }

    public String getRoleBase() {
        return this.roleBase;
    }

    public void setRoleBase(String str) {
        this.roleBase = str;
    }

    public String getRoleName() {
        if (this.roleName != null) {
            return this.roleName[0];
        }
        return null;
    }

    public void setRoleName(String str) {
        if (str != null) {
            this.roleName = new String[]{str};
        } else {
            this.roleName = null;
        }
    }

    public String getRoleSearch() {
        return this.roleSearch;
    }

    public void setRoleSearch(String str) {
        this.roleSearch = str;
        if (str == null) {
            this.roleFormat = null;
        } else {
            this.roleFormat = new MessageFormat(str);
        }
    }

    public boolean getRoleSubtree() {
        return this.roleSubtree;
    }

    public void setRoleSubtree(boolean z) {
        this.roleSubtree = z;
    }

    public String getUserPassword() {
        if (this.userPassword != null) {
            return this.userPassword[0];
        }
        return null;
    }

    public void setUserPassword(String str) {
        if (str != null) {
            this.userPassword = new String[]{str};
        } else {
            this.userPassword = null;
        }
    }

    public String getUserPattern() {
        return this.userPattern;
    }

    public void setUserPattern(String str) {
        this.userPattern = str;
        if (str == null) {
            this.userFormat = null;
        } else {
            this.userFormat = new MessageFormat(str);
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        DirContext dirContext = null;
        try {
            dirContext = open();
            Principal authenticate = authenticate(dirContext, str, str2);
            release(dirContext);
            return authenticate;
        } catch (NamingException e) {
            log(RealmBase.sm.getString("jndiRealm.exception"), e);
            if (dirContext == null) {
                return null;
            }
            close(dirContext);
            return null;
        }
    }

    public synchronized Principal authenticate(DirContext dirContext, String str, String str2) throws NamingException {
        String userDN = getUserDN(dirContext, str, str2);
        if (userDN == null) {
            return null;
        }
        return new GenericPrincipal(this, str, str2, getRoles(dirContext, str, userDN));
    }

    protected void close(DirContext dirContext) {
        if (dirContext == null) {
            return;
        }
        try {
            if (this.debug >= 1) {
                log("Closing directory context");
            }
            dirContext.close();
        } catch (NamingException e) {
            log(RealmBase.sm.getString("jndiRealm.close"), e);
        }
        this.context = null;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getName() {
        return name;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected String getPassword(String str) {
        return null;
    }

    @Override // org.apache.catalina.realm.RealmBase
    protected Principal getPrincipal(String str) {
        return null;
    }

    protected List getRoles(DirContext dirContext, String str, String str2) throws NamingException {
        Attribute attribute;
        if (this.debug >= 2) {
            log(new StringBuffer().append("getRoles(").append(str2).append(JavaClassWriterHelper.parenright_).toString());
        }
        ArrayList arrayList = new ArrayList();
        if (this.roleFormat == null || this.roleName == null) {
            return arrayList;
        }
        String format = this.roleFormat.format(new String[]{str2, str});
        SearchControls searchControls = new SearchControls();
        if (this.roleSubtree) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        searchControls.setReturningAttributes(this.roleName);
        if (this.debug >= 3) {
            log(new StringBuffer().append("  Searching role base '").append(this.roleBase).append("' for attribute '").append(this.roleName[0]).append("'").toString());
            log(new StringBuffer().append("  With filter expression '").append(format).append("'").toString());
        }
        NamingEnumeration search = dirContext.search(this.roleBase, format, searchControls);
        if (search == null) {
            return arrayList;
        }
        while (search.hasMore()) {
            Attributes attributes = ((SearchResult) search.next()).getAttributes();
            if (attributes != null && (attribute = attributes.get(this.roleName[0])) != null) {
                String str3 = (String) attribute.get();
                if (this.debug >= 3) {
                    log(new StringBuffer().append("  Found role '").append(str3).append("'").toString());
                }
                arrayList.add(str3);
            }
        }
        if (this.debug >= 2) {
            log(new StringBuffer().append("  Returning ").append(arrayList.size()).append(" roles").toString());
        }
        return arrayList;
    }

    protected String getUserDN(DirContext dirContext, String str, String str2) throws NamingException {
        if (this.debug >= 2) {
            log(new StringBuffer().append("getUserDN(").append(str).append(JavaClassWriterHelper.parenright_).toString());
        }
        if (str == null || this.userFormat == null || this.userPassword == null) {
            return null;
        }
        String format = this.userFormat.format(new String[]{str});
        if (this.debug >= 3) {
            log(new StringBuffer().append("  dn=").append(format).toString());
        }
        try {
            Attributes attributes = dirContext.getAttributes(format, this.userPassword);
            if (attributes == null) {
                return null;
            }
            if (this.debug >= 3) {
                log(new StringBuffer().append("  retrieving attribute ").append(this.userPassword[0]).toString());
            }
            Attribute attribute = attributes.get(this.userPassword[0]);
            if (attribute == null) {
                return null;
            }
            if (this.debug >= 3) {
                log("  retrieving value");
            }
            Object obj = attribute.get();
            if (obj == null) {
                return null;
            }
            String str3 = obj instanceof byte[] ? new String((byte[]) obj) : obj.toString();
            if (this.debug >= 3) {
                log("  validating credentials");
            }
            if (hasMessageDigest() ? digest(str2).equalsIgnoreCase(str3) : digest(str2).equals(str3)) {
                if (this.debug >= 2) {
                    log(RealmBase.sm.getString("jndiRealm.authenticateSuccess", str));
                }
                return format;
            }
            if (this.debug < 2) {
                return null;
            }
            log(RealmBase.sm.getString("jndiRealm.authenticateFailure", str));
            return null;
        } catch (NameNotFoundException e) {
            return null;
        }
    }

    protected DirContext open() throws NamingException {
        if (this.context != null) {
            return this.context;
        }
        if (this.debug >= 1) {
            log(new StringBuffer().append("Connecting to URL ").append(this.connectionURL).toString());
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.contextFactory);
        if (this.connectionName != null) {
            hashtable.put("java.naming.security.principal", this.connectionName);
        }
        if (this.connectionPassword != null) {
            hashtable.put("java.naming.security.credentials", this.connectionPassword);
        }
        if (this.connectionURL != null) {
            hashtable.put(ORBManager.JNDI_PROVIDER_URL_PROPERTY, this.connectionURL);
        }
        this.context = new InitialDirContext(hashtable);
        return this.context;
    }

    protected void release(DirContext dirContext) {
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        try {
            open();
            super.start();
        } catch (NamingException e) {
            throw new LifecycleException(RealmBase.sm.getString("jndiRealm.open"), e);
        }
    }

    @Override // org.apache.catalina.realm.RealmBase, org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        super.stop();
        close(this.context);
    }
}
