package org.ametys.plugins.core.impl.user.ldap;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.ametys.core.authentication.Credentials;
import org.ametys.core.user.CredentialsAwareUsersManager;

/* loaded from: input_file:org/ametys/plugins/core/impl/user/ldap/CredentialsAwareLdapUsersManager.class */
public class CredentialsAwareLdapUsersManager extends LdapUsersManager implements CredentialsAwareUsersManager {
    @Override // org.ametys.core.user.CredentialsAwareUsersManager
    public boolean checkCredentials(Credentials credentials) {
        String login = credentials.getLogin();
        String password = credentials.getPassword();
        boolean z = false;
        if (password != null && password.length() != 0) {
            String userDN = getUserDN(login);
            if (userDN != null) {
                Context context = null;
                Hashtable<String, String> _getContextEnv = _getContextEnv();
                _getContextEnv.put("java.naming.security.authentication", "simple");
                _getContextEnv.put("java.naming.security.principal", userDN);
                _getContextEnv.put("java.naming.security.credentials", password);
                try {
                    try {
                        try {
                            context = new InitialDirContext(_getContextEnv);
                            z = true;
                            _cleanup(context, null);
                        } catch (AuthenticationException e) {
                            if (getLogger().isInfoEnabled()) {
                                getLogger().info("Authentication failed", e);
                            }
                            _cleanup(context, null);
                        }
                    } catch (NamingException e2) {
                        getLogger().error("Error communication with ldap server", e2);
                        _cleanup(context, null);
                    }
                } catch (Throwable th) {
                    _cleanup(context, null);
                    throw th;
                }
            }
        } else if (getLogger().isDebugEnabled()) {
            getLogger().debug("LDAP Authentication failed since no password (or an empty one) was given");
        }
        return z;
    }

    protected String getUserDN(String str) {
        String str2 = null;
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = new InitialDirContext(_getContextEnv());
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this._usersSearchScope);
                searchControls.setReturningAttributes(new String[0]);
                namingEnumeration = dirContext.search(this._usersRelativeDN, "(&" + this._usersObjectFilter + "(" + this._usersLoginAttribute + "={0}))", new Object[]{str}, searchControls);
                if (namingEnumeration.hasMore()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    str2 = searchResult.getName();
                    if (searchResult.isRelative()) {
                        NameParser nameParser = dirContext.getNameParser("");
                        Name parse = nameParser.parse(dirContext.getNameInNamespace());
                        parse.addAll(nameParser.parse(this._usersRelativeDN));
                        parse.addAll(nameParser.parse(str2));
                        str2 = parse.toString();
                    }
                    if (namingEnumeration.hasMoreElements()) {
                        str2 = null;
                        getLogger().error("Multiple matches for attribute \"" + this._usersLoginAttribute + "\" and value = \"" + str + "\"");
                    }
                }
                _cleanup(dirContext, namingEnumeration);
            } catch (NamingException e) {
                getLogger().error("Error communicating with ldap server retrieving user with login '" + str + "'", e);
                _cleanup(dirContext, namingEnumeration);
            }
            return str2;
        } catch (Throwable th) {
            _cleanup(dirContext, namingEnumeration);
            throw th;
        }
    }
}
