package io.inkstand.http.undertow.auth.ldap;

import io.inkstand.InkstandRuntimeException;
import io.inkstand.security.LdapAuthConfiguration;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/inkstand/http/undertow/auth/ldap/LdapIdentityManager.class */
public class LdapIdentityManager implements IdentityManager {
    private static final Logger LOG = LoggerFactory.getLogger(LdapIdentityManager.class);

    @Inject
    private LdapAuthConfiguration ldapConfig;
    private LdapConnection connection;

    @PostConstruct
    public void connect() {
        LOG.debug("Connecting to LDAP server ldap://{}:{}", this.ldapConfig.getHostname(), Integer.valueOf(this.ldapConfig.getPort()));
        this.connection = new LdapNetworkConnection(this.ldapConfig.getHostname(), this.ldapConfig.getPort());
    }

    @PreDestroy
    public void disconnect() {
        if (this.connection.isConnected()) {
            try {
                this.connection.close();
            } catch (IOException e) {
                LOG.warn("Closing connection failed", e);
            }
        }
    }

    public Account verify(Account account) {
        return account;
    }

    public Account verify(String str, Credential credential) {
        bind();
        try {
            try {
                EntryCursor search = this.connection.search(this.ldapConfig.getUserContextDn(), getUserFilter(str), getSearchScope(), new String[0]);
                if (!search.next()) {
                    throw new InkstandRuntimeException("No user with id " + str + " found");
                }
                LdapAccount createUserAccout = createUserAccout((Entry) search.get(), credential, str);
                unbind();
                return createUserAccout;
            } catch (LdapException | CursorException e) {
                throw new InkstandRuntimeException(e);
            }
        } catch (Throwable th) {
            unbind();
            throw th;
        }
    }

    private LdapAccount createUserAccout(Entry entry, Credential credential, String str) throws LdapException, CursorException {
        LOG.debug("User {} found, collecting user groups", str);
        Set<String> roles = getRoles(str, entry.getDn().toString());
        LOG.debug("User {} has roles {}", str, roles);
        LOG.debug("Authenticating user {}", str);
        this.connection.bind(entry.getDn(), String.valueOf(((PasswordCredential) credential).getPassword()));
        LOG.debug("User {} authenticated", str);
        LdapAccount ldapAccount = new LdapAccount(str, entry.getDn().toString());
        ldapAccount.addRoles(roles);
        Iterator<String> it = roles.iterator();
        while (it.hasNext()) {
            ldapAccount.addRole(it.next());
        }
        return ldapAccount;
    }

    public Account verify(Credential credential) {
        throw new UnsupportedOperationException("verify with credentials not supported");
    }

    private void bind() {
        try {
            LOG.debug("binding user {}", this.ldapConfig.getBindDn());
            this.connection.bind(this.ldapConfig.getBindDn(), this.ldapConfig.getBindCredentials());
        } catch (LdapException e) {
            throw new InkstandRuntimeException("Ldap authentication failed", e);
        }
    }

    private void unbind() {
        try {
            this.connection.unBind();
        } catch (LdapException e) {
            throw new InkstandRuntimeException("Ldap unbind failed", e);
        }
    }

    private Set<String> getRoles(String str, String str2) throws LdapException, CursorException {
        bind();
        EntryCursor search = this.connection.search(this.ldapConfig.getRoleContextDn(), getRoleFilter(str, str2), getSearchScope(), new String[]{this.ldapConfig.getRoleNameAttribute()});
        HashSet hashSet = new HashSet();
        while (search.next()) {
            hashSet.add(((Entry) search.get()).get(this.ldapConfig.getRoleNameAttribute()).getString());
        }
        return hashSet;
    }

    private String getUserFilter(String str) {
        return this.ldapConfig.getUserFilter().replaceAll("\\{0\\}", str);
    }

    private String getRoleFilter(String str, String str2) {
        return this.ldapConfig.getRoleFilter().replaceAll("\\{0\\}", str).replaceAll("\\{1\\}", str2);
    }

    private SearchScope getSearchScope() {
        return SearchScope.getSearchScope(this.ldapConfig.getSearchScope().getValue());
    }
}
