package org.codehaus.plexus.redback.authentication.ldap;

import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.Authenticator;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.common.ldap.UserMapper;
import org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory;
import org.codehaus.plexus.redback.common.ldap.connection.LdapException;
import org.codehaus.plexus.redback.configuration.UserConfiguration;

/* loaded from: input_file:WEB-INF/lib/redback-authentication-ldap-1.1.2.jar:org/codehaus/plexus/redback/authentication/ldap/LdapBindAuthenticator.class */
public class LdapBindAuthenticator extends AbstractLogEnabled implements Authenticator {
    private UserMapper mapper;
    private LdapConnectionFactory connectionFactory;
    private UserConfiguration config;

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public String getId() {
        return "LdapBindAuthenticator";
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public AuthenticationResult authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = (PasswordBasedAuthenticationDataSource) authenticationDataSource;
        if (!this.config.getBoolean("ldap.bind.authenticator.enabled")) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null);
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setCountLimit(1L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(2);
        String str = "(&(objectClass=" + this.mapper.getUserObjectClass() + DefaultExpressionEngine.DEFAULT_INDEX_END + (this.mapper.getUserFilter() != null ? this.mapper.getUserFilter() : "") + DefaultExpressionEngine.DEFAULT_INDEX_START + this.mapper.getUserIdAttribute() + "=" + passwordBasedAuthenticationDataSource.getPrincipal() + "))";
        getLogger().info("Searching for users with filter: '" + str + "' from base dn: " + this.mapper.getUserBaseDn());
        try {
            NamingEnumeration search = this.connectionFactory.getConnection().getDirContext().search(this.mapper.getUserBaseDn(), str, searchControls);
            getLogger().info("Found user?: " + search.hasMoreElements());
            if (!search.hasMoreElements()) {
                return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), null);
            }
            String nameInNamespace = ((SearchResult) search.nextElement()).getNameInNamespace();
            getLogger().info("Attempting Authenication: + " + nameInNamespace);
            this.connectionFactory.getConnection(nameInNamespace, passwordBasedAuthenticationDataSource.getPassword());
            return new AuthenticationResult(true, passwordBasedAuthenticationDataSource.getPrincipal(), null);
        } catch (LdapException e) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e);
        } catch (NamingException e2) {
            return new AuthenticationResult(false, passwordBasedAuthenticationDataSource.getPrincipal(), e2);
        }
    }

    @Override // org.codehaus.plexus.redback.authentication.Authenticator
    public boolean supportsDataSource(AuthenticationDataSource authenticationDataSource) {
        return authenticationDataSource instanceof PasswordBasedAuthenticationDataSource;
    }
}
