package org.sonar.plugins.ldap;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.security.LoginPasswordAuthenticator;

/* loaded from: input_file:org/sonar/plugins/ldap/LdapAuthenticator.class */
public class LdapAuthenticator implements LoginPasswordAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(LdapAuthenticator.class);
    private final LdapContextFactory contextFactory;
    private final LdapUserMapping userMapping;

    public LdapAuthenticator(LdapContextFactory ldapContextFactory, LdapUserMapping ldapUserMapping) {
        this.contextFactory = ldapContextFactory;
        this.userMapping = ldapUserMapping;
    }

    public void init() {
    }

    public boolean authenticate(String str, String str2) {
        String nameInNamespace;
        if (this.contextFactory.isSasl()) {
            nameInNamespace = str;
        } else {
            try {
                SearchResult findUnique = this.userMapping.createSearch(this.contextFactory, str).findUnique();
                if (findUnique == null) {
                    LOG.debug("User {} not found", str);
                    return false;
                }
                nameInNamespace = findUnique.getNameInNamespace();
            } catch (NamingException e) {
                LOG.debug("User {} not found: {}", str, e.getMessage());
                return false;
            }
        }
        return this.contextFactory.isGssapi() ? checkPasswordUsingGssapi(nameInNamespace, str2) : checkPasswordUsingBind(nameInNamespace, str2);
    }

    private boolean checkPasswordUsingBind(String str, String str2) {
        Context context = null;
        try {
            try {
                context = this.contextFactory.createUserContext(str, str2);
                ContextHelper.closeQuetly(context);
                return true;
            } catch (NamingException e) {
                LOG.debug("Password not valid for user {}: {}", str, e.getMessage());
                ContextHelper.closeQuetly(context);
                return false;
            }
        } catch (Throwable th) {
            ContextHelper.closeQuetly(context);
            throw th;
        }
    }

    private boolean checkPasswordUsingGssapi(String str, String str2) {
        Configuration.setConfiguration(new Krb5LoginConfiguration());
        try {
            LoginContext loginContext = new LoginContext(getClass().getName(), new CallbackHandlerImpl(str, str2));
            loginContext.login();
            try {
                loginContext.logout();
                return true;
            } catch (LoginException e) {
                LOG.warn("Logout fails", e);
                return true;
            }
        } catch (LoginException e2) {
            LOG.debug("Password not valid for {}: {}", str, e2.getMessage());
            return false;
        }
    }
}
