package net.officefloor.web.security.store;

import java.util.HashSet;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.officefloor.server.http.HttpException;
import net.officefloor.server.http.HttpStatus;
import net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:BOOT-INF/lib/officeweb_security-3.11.0.jar:net/officefloor/web/security/store/JndiLdapCredentialStore.class */
public class JndiLdapCredentialStore implements CredentialStore {
    private final String algorithm;
    private final String credentialPrefix;
    private final DirContext context;
    private final String entrySearchBaseDn;
    private final String rolesSearchBaseDn;

    /* loaded from: input_file:BOOT-INF/lib/officeweb_security-3.11.0.jar:net/officefloor/web/security/store/JndiLdapCredentialStore$JndiLdapCredentialEntry.class */
    private class JndiLdapCredentialEntry implements CredentialEntry {
        private final String entryDn;

        public JndiLdapCredentialEntry(String str) {
            this.entryDn = str;
        }

        @Override // net.officefloor.web.security.store.CredentialEntry
        public byte[] retrieveCredentials() throws HttpException {
            try {
                NamingEnumeration all = JndiLdapCredentialStore.this.context.getAttributes(this.entryDn).get("userPassword").getAll();
                while (all.hasMore()) {
                    String str = new String((byte[]) all.next(), AbstractHttpSecuritySource.UTF_8);
                    if (str.toUpperCase().startsWith(JndiLdapCredentialStore.this.credentialPrefix)) {
                        String substring = str.substring(JndiLdapCredentialStore.this.credentialPrefix.length());
                        return JndiLdapCredentialStore.this.algorithm == null ? substring.getBytes(AbstractHttpSecuritySource.UTF_8) : Base64.decodeBase64(substring);
                    }
                }
                throw new HttpException(HttpStatus.INTERNAL_SERVER_ERROR, null, "No authentication credentials for " + this.entryDn);
            } catch (NamingException e) {
                throw new HttpException((Throwable) e);
            }
        }

        @Override // net.officefloor.web.security.store.CredentialEntry
        public Set<String> retrieveRoles() throws HttpException {
            try {
                NamingEnumeration search = JndiLdapCredentialStore.this.context.search(JndiLdapCredentialStore.this.rolesSearchBaseDn, "(&(objectClass=groupOfNames)(member=" + this.entryDn + "))", (SearchControls) null);
                HashSet hashSet = new HashSet();
                while (search.hasMore()) {
                    hashSet.add((String) ((SearchResult) search.next()).getAttributes().get("ou").get());
                }
                return hashSet;
            } catch (NamingException e) {
                throw new HttpException((Throwable) e);
            }
        }
    }

    public JndiLdapCredentialStore(String str, DirContext dirContext, String str2, String str3) {
        this.algorithm = str == null ? null : str.trim().length() == 0 ? null : str.trim();
        this.context = dirContext;
        this.entrySearchBaseDn = str2;
        this.rolesSearchBaseDn = str3;
        if (this.algorithm == null) {
            this.credentialPrefix = "";
        } else {
            this.credentialPrefix = "{" + this.algorithm.toUpperCase() + "}";
        }
    }

    @Override // net.officefloor.web.security.store.CredentialStore
    public String getAlgorithm() {
        return this.algorithm;
    }

    @Override // net.officefloor.web.security.store.CredentialStore
    public CredentialEntry retrieveCredentialEntry(String str, String str2) throws HttpException {
        try {
            NamingEnumeration search = this.context.search(this.entrySearchBaseDn, "(&(objectClass=inetOrgPerson)(uid=" + str + "))", (SearchControls) null);
            if (search.hasMore()) {
                return new JndiLdapCredentialEntry(((SearchResult) search.next()).getNameInNamespace());
            }
            return null;
        } catch (NamingException e) {
            throw new HttpException((Throwable) e);
        }
    }
}
