package com.atlassian.user.impl.ldap.security.authentication;

import com.atlassian.user.EntityException;
import com.atlassian.user.configuration.ConfigurationException;
import com.atlassian.user.configuration.util.InitializationCheck;
import com.atlassian.user.impl.ldap.repository.LDAPRepository;
import com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor;
import com.atlassian.user.impl.ldap.search.LDAPUserAdaptor;
import com.atlassian.user.repository.Repository;
import com.atlassian.user.security.authentication.Authenticator;
import com.atlassian.util.profiling.UtilTimerStack;
import com.opensymphony.util.TextUtils;
import java.util.HashMap;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import net.sf.ldaptemplate.support.filter.AndFilter;
import net.sf.ldaptemplate.support.filter.EqualsFilter;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/user/impl/ldap/security/authentication/DefaultLDAPAuthenticator.class */
public class DefaultLDAPAuthenticator implements Authenticator {
    public static final SearchControls DEFAULT_SEARCH_CONTROLS = new SearchControls();
    private static final Logger log = Logger.getLogger(DefaultLDAPAuthenticator.class);
    private LDAPRepository repository;
    private LDAPUserAdaptor userAdaptor;

    public DefaultLDAPAuthenticator() {
    }

    public DefaultLDAPAuthenticator(LDAPRepository lDAPRepository) {
        this.repository = lDAPRepository;
        this.userAdaptor = new DefaultLDAPUserAdaptor(lDAPRepository);
        DEFAULT_SEARCH_CONTROLS.setReturningAttributes(new String[0]);
        DEFAULT_SEARCH_CONTROLS.setSearchScope(0);
    }

    @Override // com.atlassian.user.security.authentication.Authenticator
    public boolean authenticate(String str, String str2) throws EntityException {
        if (UtilTimerStack.isActive()) {
            UtilTimerStack.push(getClass().getName() + "_authenticate__" + str);
        }
        if (!TextUtils.stringSet(str2)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Cannot perform authentication on empty passwords.");
            return false;
        }
        DirContext dirContext = null;
        Hashtable hashtable = null;
        try {
            try {
                String userDN = this.userAdaptor.getUserDN(str);
                hashtable = this.repository.getJNDIEnv();
                hashtable.put("java.naming.security.principal", userDN);
                hashtable.put("java.naming.security.credentials", str2);
                hashtable.put("java.naming.security.authentication", "simple");
                hashtable.put("com.sun.jndi.ldap.connect.pool", "false");
                dirContext = new InitialDirContext(hashtable);
                String[] strArr = {this.repository.getUsernameAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(strArr);
                searchControls.setSearchScope(2);
                AndFilter andFilter = new AndFilter();
                andFilter.and(this.repository.getUserSearchFilter());
                andFilter.and(new EqualsFilter(this.repository.getUsernameAttribute(), str));
                if (log.isDebugEnabled()) {
                    log.debug("Doing initial search to complete authentication: username='" + str + "', base='" + this.repository.getBaseUserNamespace() + "' filter='" + andFilter.encode() + "'");
                }
                dirContext.search(this.repository.getBaseUserNamespace(), andFilter.encode(), searchControls);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                if (!UtilTimerStack.isActive()) {
                    return true;
                }
                UtilTimerStack.pop(getClass().getName() + "_authenticate__" + str);
                return true;
            } catch (Throwable th) {
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            log.error("Could not authenticate with LDAP. Please check your host ('" + hashtable.get("java.naming.provider.url") + "'), bind DN ('" + hashtable.get("java.naming.security.principal") + "') or bind password are correct.");
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                }
            }
            return false;
        } catch (Throwable th2) {
            log.error("Error occurred in LDAP authentication for username: " + str, th2);
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e5) {
                    e5.printStackTrace();
                }
            }
            return false;
        }
    }

    @Override // com.atlassian.user.security.authentication.Authenticator
    public Repository getRepository() {
        return this.repository;
    }

    @Override // com.atlassian.user.security.authentication.Authenticator
    public void init(HashMap hashMap) throws ConfigurationException {
        this.repository = (LDAPRepository) hashMap.get("repository");
        this.userAdaptor = new DefaultLDAPUserAdaptor(this.repository);
        DEFAULT_SEARCH_CONTROLS.setReturningAttributes(new String[0]);
        DEFAULT_SEARCH_CONTROLS.setSearchScope(0);
        InitializationCheck.validateArgs(hashMap, new String[]{"repository"}, this);
    }
}
