package org.eclipse.scout.rt.server.commons.servletfilter.security;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InitialDirContext;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.scout.commons.Base64Utility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.commons.security.SimplePrincipal;
import org.eclipse.scout.rt.server.commons.cache.IHttpSessionCacheService;
import org.eclipse.scout.rt.server.commons.servletfilter.FilterConfigInjection;
import org.eclipse.scout.service.SERVICES;

/* loaded from: input_file:org/eclipse/scout/rt/server/commons/servletfilter/security/LDAPSecurityFilter.class */
public class LDAPSecurityFilter extends AbstractChainableSecurityFilter {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(LDAPSecurityFilter.class);
    public static final String PROP_BASIC_ATTEMPT = "LDAPSecurityFilter.basicAttempt";
    private String m_serverUrl;
    private String m_baseDn;
    private String m_groupDn;
    private String m_groupAttr;

    @Override // org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        FilterConfigInjection.FilterConfig anyConfig = new FilterConfigInjection(filterConfig, getClass()).getAnyConfig();
        this.m_serverUrl = getParam(anyConfig, "ldapServer", false);
        this.m_baseDn = getParam(anyConfig, "ldapBaseDN", true);
        this.m_groupDn = getParam(anyConfig, "lDAPgroupDN", true);
        this.m_groupAttr = getParam(anyConfig, "lDAPgroupAttributeId", true);
    }

    protected String getParam(FilterConfig filterConfig, String str, boolean z) throws ServletException {
        String initParameter = filterConfig.getInitParameter(str);
        boolean z2 = false;
        if (initParameter == null && z) {
            Enumeration initParameterNames = filterConfig.getInitParameterNames();
            while (initParameterNames.hasMoreElements() && !z2) {
                z2 = ((String) initParameterNames.nextElement()).equals(str);
            }
        }
        if (initParameter != null || z2) {
            return initParameter;
        }
        throw new ServletException("Missing init-param with name '" + str + "'.");
    }

    @Override // org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter
    protected int negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrincipalHolder principalHolder) throws IOException, ServletException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.matches("Basic .*")) {
            String[] split = new String(Base64Utility.decode(header.substring(6)), "ISO-8859-1").split(":", 2);
            String lowerCase = split[0].toLowerCase();
            String str = split[1];
            if (lowerCase != null && str != null && ldapLogin(this.m_serverUrl, this.m_baseDn, this.m_groupDn, this.m_groupAttr, lowerCase, str, false)) {
                principalHolder.setPrincipal(new SimplePrincipal(lowerCase));
                return 3;
            }
        }
        int basicAttempt = getBasicAttempt(httpServletRequest, httpServletResponse);
        if (basicAttempt > 2) {
            return 1;
        }
        setBasicAttept(httpServletRequest, httpServletResponse, basicAttempt + 1);
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + getRealm() + "\"");
        return 1;
    }

    private int getBasicAttempt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = 0;
        Object andTouch = ((IHttpSessionCacheService) SERVICES.getService(IHttpSessionCacheService.class)).getAndTouch(PROP_BASIC_ATTEMPT, httpServletRequest, httpServletResponse);
        if (andTouch instanceof Integer) {
            i = ((Integer) andTouch).intValue();
        }
        return i;
    }

    private void setBasicAttept(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        ((IHttpSessionCacheService) SERVICES.getService(IHttpSessionCacheService.class)).put(PROP_BASIC_ATTEMPT, Integer.valueOf(i), httpServletRequest, httpServletResponse);
    }

    protected String getUserDN(String str, String str2, String str3, String str4, String str5) throws ServletException {
        String str6 = "";
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", String.valueOf(str2) + "/" + str3);
        hashtable.put("java.naming.security.principal", "=,," + str3);
        hashtable.put("java.naming.security.credentials", "");
        hashtable.put("java.naming.language", "de");
        try {
            NamingEnumeration all = new InitialDirContext(hashtable).getAttributes(str4, new String[]{str5}).getAll();
            while (all.hasMore()) {
                NamingEnumeration all2 = ((Attribute) all.next()).getAll();
                while (true) {
                    if (!all2.hasMore()) {
                        break;
                    }
                    String str7 = (String) all2.next();
                    if (str7.length() > 4) {
                        String[] split = str7.substring(3).split(",");
                        if (split.length > 1 && str.equals(split[0].toLowerCase())) {
                            str6 = str7;
                            break;
                        }
                    }
                }
            }
            return str6;
        } catch (NamingException e) {
            LOG.error("Exception in getting user DN from LDAP: " + e);
            throw new SecurityException(e.getMessage(), e);
        }
    }

    private boolean ldapLogin(String str, String str2, String str3, String str4, String str5, String str6, boolean z) throws ServletException {
        String userDN = getUserDN(str5, str, str2, str3, str4);
        if (userDN.equals("")) {
            return false;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", String.valueOf(str) + "/" + str2);
        hashtable.put("java.naming.security.principal", userDN);
        hashtable.put("java.naming.security.credentials", str6);
        hashtable.put("java.naming.language", "de");
        try {
            new InitialDirContext(hashtable);
            return true;
        } catch (NamingException e) {
            if (!z) {
                return false;
            }
            e.printStackTrace();
            return false;
        }
    }
}
