package com.worklight.core.auth.ext;

import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UserNamePasswordLoginModule;
import com.worklight.server.auth.api.WorkLightAuthLoginModule;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/LdapLoginModule.class */
public class LdapLoginModule extends UserNamePasswordLoginModule {
    private static final WorklightServerLogger logger = new WorklightServerLogger(LdapLoginModule.class, WorklightLogger.MessagesBundles.CORE);
    private static final String LDAP_PROVIDER_URL_OPTION_NAME = "ldapProviderUrl";
    private static final String LDAP_TIMEOUT_MS_OPTION_NAME = "ldapTimeoutMs";
    private static final String LDAP_SECURITY_AUTHENTICATION_OPTION_NAME = "ldapSecurityAuthentication";
    private static final String VALIDATION_TYPE_OPTION_NAME = "validationType";
    private static final String LDAP_SECURITY_PRINCIPAL_PATTERN_OPTION_NAME = "ldapSecurityPrincipalPattern";
    private static final String LDAP_SEARCH_FILTER_PATTERN_OPTION_NAME = "ldapSearchFilterPattern";
    private static final String LDAP_SEARCH_BASE_OPTION_NAME = "ldapSearchBase";
    private static final String COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String COM_SUN_JNDI_LDAP_CONNECT_TIMEOUT = "com.sun.jndi.ldap.connect.timeout";
    private static final String USERNAME_PLACEHOLDER = "{username}";
    private static final String LOGGER_LDAP_INVALID_VALIDATION_TYPE = "logger.ldapInvalidValidationType";
    private static final String LOGGER_LDAP_AUTHENTICATION_FAILED = "logger.ldapAuthenticationFailed";
    private String ldapProviderUrl;
    private String ldapTimeoutMs;
    private String ldapSecurityAuthentication;
    private String ldapSecurityPrincipalPattern;
    private String validationType;
    private String ldapSearchFilterPattern;
    private String ldapSearchBase;
    private String username;

    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/LdapLoginModule$VALIDATIONTYPE.class */
    private enum VALIDATIONTYPE {
        EXISTS("exists"),
        SEARCHPATTERN("searchPattern"),
        CUSTOM("custom");

        private final String value;

        VALIDATIONTYPE(String str) {
            this.value = str;
        }

        public static boolean contains(String str) {
            for (VALIDATIONTYPE validationtype : values()) {
                if (validationtype.value.equals(str)) {
                    return true;
                }
            }
            return false;
        }
    }

    @Override // com.worklight.server.auth.api.UserNamePasswordLoginModule, com.worklight.server.auth.api.WorkLightLoginModuleBase
    public void init(Map<String, String> map) throws MissingConfigurationOptionException, RuntimeException {
        this.ldapProviderUrl = getConfigurationOption(LDAP_PROVIDER_URL_OPTION_NAME, map, true);
        this.ldapTimeoutMs = getConfigurationOption(LDAP_TIMEOUT_MS_OPTION_NAME, map, true);
        this.ldapSecurityAuthentication = getConfigurationOption(LDAP_SECURITY_AUTHENTICATION_OPTION_NAME, map, true);
        this.validationType = getConfigurationOption(VALIDATION_TYPE_OPTION_NAME, map, true);
        this.ldapSecurityPrincipalPattern = getConfigurationOption(LDAP_SECURITY_PRINCIPAL_PATTERN_OPTION_NAME, map, true);
        this.ldapSearchFilterPattern = getConfigurationOption(LDAP_SEARCH_FILTER_PATTERN_OPTION_NAME, map, false);
        this.ldapSearchBase = getConfigurationOption(LDAP_SEARCH_BASE_OPTION_NAME, map, false);
        if (!VALIDATIONTYPE.contains(this.validationType)) {
            throw new RuntimeException(logger.getFormatter().format(LOGGER_LDAP_INVALID_VALIDATION_TYPE, new Object[]{VALIDATION_TYPE_OPTION_NAME}));
        }
        if (this.validationType.equals(VALIDATIONTYPE.SEARCHPATTERN.value)) {
            if (null == this.ldapSearchBase) {
                throw new MissingConfigurationOptionException(LDAP_SEARCH_BASE_OPTION_NAME);
            }
            if (null == this.ldapSearchFilterPattern) {
                throw new MissingConfigurationOptionException(LDAP_SEARCH_FILTER_PATTERN_OPTION_NAME);
            }
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModuleBase
    public boolean login(Map<String, Object> map) {
        String userName = getUserName(map);
        String password = getPassword(map);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", COM_SUN_JNDI_LDAP_LDAP_CTX_FACTORY);
        hashtable.put(COM_SUN_JNDI_LDAP_CONNECT_TIMEOUT, this.ldapTimeoutMs);
        hashtable.put("java.naming.provider.url", this.ldapProviderUrl);
        hashtable.put("java.naming.security.authentication", this.ldapSecurityAuthentication);
        hashtable.put("java.naming.security.principal", this.ldapSecurityPrincipalPattern.replace(USERNAME_PLACEHOLDER, userName));
        hashtable.put("java.naming.security.credentials", password);
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            boolean z = true;
            if (this.validationType.equals(VALIDATIONTYPE.SEARCHPATTERN.value)) {
                z = doSearchPatternValidation(initialLdapContext, userName);
            } else if (this.validationType.equals(VALIDATIONTYPE.CUSTOM.value)) {
                z = doCustomValidation(initialLdapContext, userName, password);
            }
            if (!z) {
                throw new Exception(this.validationType);
            }
            this.username = userName;
            return true;
        } catch (Exception e) {
            logger.warn("login", LOGGER_LDAP_AUTHENTICATION_FAILED, new Object[]{e.getMessage()});
            return false;
        }
    }

    private String getConfigurationOption(String str, Map<String, String> map, boolean z) throws MissingConfigurationOptionException {
        String remove = map.remove(str);
        if (null != remove) {
            return remove.trim();
        }
        if (z) {
            throw new MissingConfigurationOptionException(str);
        }
        return remove;
    }

    private boolean doSearchPatternValidation(LdapContext ldapContext, String str) throws Exception {
        ldapContext.setRequestControls((Control[]) null);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setTimeLimit(Integer.parseInt(this.ldapTimeoutMs));
        return ldapContext.search(this.ldapSearchBase, this.ldapSearchFilterPattern.replace(USERNAME_PLACEHOLDER, str), searchControls).hasMoreElements();
    }

    public boolean doCustomValidation(LdapContext ldapContext, String str, String str2) {
        return true;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthLoginModule
    public UserIdentity createIdentity(String str) {
        return new UserIdentity(str, this.username, this.username, null, null, null);
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModuleBase
    public void logout() {
        this.username = null;
    }

    @Override // com.worklight.server.auth.api.WorkLightLoginModuleBase
    public void abort() {
        this.username = null;
    }

    @Override // com.worklight.server.auth.api.UserNamePasswordLoginModule
    /* renamed from: clone */
    public WorkLightAuthLoginModule mo26clone() throws CloneNotSupportedException {
        return super.mo26clone();
    }
}
