package com.ibm.it.rome.slm.access;

import com.ibm.it.rome.common.trace.TraceHandler;
import java.util.Map;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:install/data/ITAMROOT0/4.2.0.0/assembly.dat:com/ibm/it/rome/slm/access/LdapLoginModule.class */
public class LdapLoginModule extends AbstractServerLoginModule {
    private static final String LDAPS_URL_PREFIX = "ldaps://";
    private static final String LDAP_URL_PREFIX = "ldap://";
    private static final String OBJECTCLASS_ATTRIBUTE_NAME = "objectclass";
    private static final String DN_SEPARATOR = ",";
    private static final String DEFAULT_AUTHORIZATION_TYPE = "simple";
    private static final String DEFAULT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String NULL_VALUE = "-";
    private static final String BASE_DN = "base_dn";
    private static final String BIND_DN = "bind_dn";
    private static final String BIND_PASSWORD = "bind_password";
    private static final String GROUP_ATTRIBUTE = "group_attribute";
    private static final String GROUP_FILTER = "group_filter";
    private static final String GROUP_MEMBER_ATTRIBUTE = "group_member_attribute";
    private static final String HOSTNAME = "hostname";
    private static final String LOGIN_ATTRIBUTE = "login_attribute";
    private static final String PORT = "port";
    private static final String SSL_ENABLED = "ssl_enabled";
    private static final String USER_FILTER = "user_filter";
    private static TraceHandler.TraceFeeder trace;
    static Class class$com$ibm$it$rome$slm$access$LdapLoginModule;

    @Override // com.ibm.it.rome.slm.access.AbstractServerLoginModule
    protected void validateCredentials() throws LoginException {
        trace.entry("validateCredentials");
        if (String.valueOf(this.password).equals("")) {
            trace.trace("The password is an empty string, this is not allowed");
            throw new LoginException("Anonymous login is not allowed");
        }
        try {
            createLdapInitContext();
            trace.exit("validateCredentials");
        } catch (AuthenticationException e) {
            trace.trace("User id or password incorrect: authentication exception message={0}", e.getMessage());
            throw new FailedLoginException("Wrong UserId or Password, check the typed values");
        } catch (NamingException e2) {
            trace.trace("Something went wrong during LDAP lookup: naming exception message={0}", e2.getMessage());
            throw new LoginException(e2.getMessage());
        }
    }

    private void createLdapInitContext() throws NamingException {
        trace.entry("createLdapInitContext");
        String valueOf = String.valueOf(this.password);
        Properties properties = new Properties();
        for (Map.Entry entry : this.options.entrySet()) {
            if (!entry.getKey().equals(BIND_PASSWORD)) {
                trace.trace("LDAP login module property: {0}={1}", new Object[]{entry.getKey(), entry.getValue()});
            }
        }
        properties.setProperty("java.naming.factory.initial", DEFAULT_FACTORY);
        if (((String) this.options.get(BIND_DN)).equals("-")) {
            trace.trace("For the LDAP search operation using anonymous account ...");
        } else {
            String str = (String) this.options.get(BIND_DN);
            String str2 = (String) this.options.get(BIND_PASSWORD);
            trace.trace("For the LDAP search operation using this DN ({0})", str);
            properties.setProperty("java.naming.security.principal", str);
            properties.setProperty("java.naming.security.credentials", str2);
        }
        String stringBuffer = new StringBuffer().append(Boolean.valueOf((String) this.options.get(SSL_ENABLED)).booleanValue() ? LDAPS_URL_PREFIX : LDAP_URL_PREFIX).append((String) this.options.get("hostname")).append(":").append((String) this.options.get("port")).toString();
        trace.trace("Provider url is ({0})", stringBuffer);
        properties.setProperty("java.naming.provider.url", stringBuffer);
        String stringBuffer2 = new StringBuffer().append("(&").append(new StringBuffer().append("(objectclass=").append(this.options.get(USER_FILTER)).append(")").toString()).append(new StringBuffer().append("(").append((String) this.options.get(LOGIN_ATTRIBUTE)).append("=").append(this.username).append(")").toString()).append(")").toString();
        trace.trace("The filter is {0}", stringBuffer2);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[0]);
        InitialDirContext initialDirContext = new InitialDirContext(properties);
        String str3 = (String) this.options.get(BASE_DN);
        trace.trace("The base dn for the search is ({0}), performing search...", str3);
        NamingEnumeration search = initialDirContext.search(str3, stringBuffer2, searchControls);
        initialDirContext.close();
        String str4 = null;
        int i = 0;
        while (search.hasMore()) {
            i++;
            str4 = new StringBuffer().append(((SearchResult) search.next()).getName()).append(",").append(str3).toString();
            trace.trace("Found object with principal ({0})", str4);
        }
        if (i != 1) {
            trace.trace("Found in the LDAP zero or more than one user, cannot authenticate");
            throw new AuthenticationException("Found in the LDAP zero or more than one user, cannot authenticate");
        }
        Properties properties2 = new Properties();
        properties2.setProperty("java.naming.factory.initial", DEFAULT_FACTORY);
        properties2.setProperty("java.naming.provider.url", stringBuffer);
        properties2.setProperty("java.naming.security.authentication", "simple");
        properties2.setProperty("java.naming.security.principal", str4);
        properties2.setProperty("java.naming.security.credentials", valueOf);
        trace.trace("Now performing authentication...");
        new InitialLdapContext(properties2, (Control[]) null).close();
        trace.trace("Authentication ok!");
        trace.exit("createLdapInitContext");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$it$rome$slm$access$LdapLoginModule == null) {
            cls = class$("com.ibm.it.rome.slm.access.LdapLoginModule");
            class$com$ibm$it$rome$slm$access$LdapLoginModule = cls;
        } else {
            cls = class$com$ibm$it$rome$slm$access$LdapLoginModule;
        }
        trace = new TraceHandler.TraceFeeder(cls);
    }
}
