package org.glowroot.agent.shaded.glowroot.ui;

import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.glowroot.agent.shaded.glowroot.common.config.LdapConfig;
import org.glowroot.agent.shaded.glowroot.common.repo.util.Encryption;
import org.glowroot.agent.shaded.google.common.collect.Sets;
import org.immutables.value.Value;

/* loaded from: input_file:org/glowroot/agent/shaded/glowroot/ui/LdapAuthentication.class */
class LdapAuthentication {

    /* loaded from: input_file:org/glowroot/agent/shaded/glowroot/ui/LdapAuthentication$AuthenticationException.class */
    static class AuthenticationException extends Exception {
        /* JADX INFO: Access modifiers changed from: package-private */
        public AuthenticationException(String str) {
            super(str);
        }

        AuthenticationException(Throwable th) {
            super(th);
        }

        AuthenticationException(String str, @Nullable Throwable th) {
            super(str, th);
        }
    }

    @Value.Immutable
    /* loaded from: input_file:org/glowroot/agent/shaded/glowroot/ui/LdapAuthentication$AuthenticationResult.class */
    interface AuthenticationResult {
        String userDn();

        Set<String> ldapGroupDns();
    }

    LdapAuthentication() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> getGlowrootRoles(Set<String> set, LdapConfig ldapConfig) throws NamingException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            List<String> list = ldapConfig.roleMappings().get(it.next());
            if (list != null) {
                newHashSet.addAll(list);
            }
        }
        return newHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> authenticateAndGetLdapGroupDns(String str, String str2, LdapConfig ldapConfig, SecretKey secretKey) throws Exception {
        String username = ldapConfig.username();
        String password = ldapConfig.password();
        if (!password.isEmpty()) {
            password = Encryption.decrypt(password, secretKey);
        }
        try {
            LdapContext createLdapContext = createLdapContext(username, password, ldapConfig);
            try {
                String userDn = getUserDn(createLdapContext, str, ldapConfig);
                if (userDn == null) {
                    throw new AuthenticationException("User not found: " + str);
                }
                try {
                    createLdapContext(userDn, str2, ldapConfig);
                    return getGroupDnsForUserDn(createLdapContext, userDn, ldapConfig);
                } catch (NamingException e) {
                    throw new AuthenticationException((Throwable) e);
                }
            } catch (NamingException e2) {
                throw new AuthenticationException((Throwable) e2);
            }
        } catch (NamingException e3) {
            throw new AuthenticationException("System LDAP authentication failed", e3);
        }
    }

    private static LdapContext createLdapContext(String str, String str2, LdapConfig ldapConfig) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", ldapConfig.url());
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    @Nullable
    private static String getUserDn(LdapContext ldapContext, String str, LdapConfig ldapConfig) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(ldapConfig.userBaseDn(), ldapConfig.userSearchFilter(), new String[]{str}, searchControls);
        if (!search.hasMore()) {
            return null;
        }
        String nameInNamespace = ((SearchResult) search.next()).getNameInNamespace();
        if (search.hasMore()) {
            throw new IllegalStateException("More than matching user: " + str);
        }
        search.close();
        return nameInNamespace;
    }

    private static Set<String> getGroupDnsForUserDn(LdapContext ldapContext, String str, LdapConfig ldapConfig) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(ldapConfig.groupBaseDn(), ldapConfig.groupSearchFilter(), new String[]{str}, searchControls);
        HashSet newHashSet = Sets.newHashSet();
        while (search.hasMore()) {
            newHashSet.add(((SearchResult) search.next()).getNameInNamespace());
        }
        search.close();
        return newHashSet;
    }
}
