package org.silverpeas.authentication;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPModification;
import com.novell.ldap.LDAPSearchResults;
import com.silverpeas.util.StringUtil;
import com.silverpeas.util.security.SilverpeasSSLSocketFactory;
import com.stratelia.silverpeas.silvertrace.SilverTrace;
import com.stratelia.webactiv.util.DateUtil;
import com.stratelia.webactiv.util.ResourceLocator;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.StringTokenizer;
import org.silverpeas.authentication.exception.AuthenticationBadCredentialException;
import org.silverpeas.authentication.exception.AuthenticationException;
import org.silverpeas.authentication.exception.AuthenticationHostException;
import org.silverpeas.authentication.exception.AuthenticationPasswordMustBeChangedAtNextLogon;
import org.silverpeas.util.Charsets;
import org.silverpeas.util.LdapConfiguration;

/* loaded from: input_file:org/silverpeas/authentication/AuthenticationLDAP.class */
public class AuthenticationLDAP extends Authentication {
    private static final int INTERVALS_PER_MILLISECOND = 10000;
    private static final long MILLISECONDS_BETWEEN_1601_AND_1970 = Long.parseLong("11644473600000");
    private static final String BASEDN_SEPARATOR = ";;";
    private static final int FORMAT_NANOSECOND = 0;
    private static final int FORMAT_TIMESTAMP = 1;
    protected String m_PwdLastSetFieldName;
    protected int m_PwdLastSetFieldFormat;
    protected int m_PwdMaxAge;
    protected int m_PwdExpirationReminderDelay;
    protected String ldapImpl;
    protected String m_UserBaseDN;
    protected String m_UserLoginFieldName;
    protected boolean m_MustAlertPasswordExpiration = false;
    protected LdapConfiguration configuration = new LdapConfiguration();

    @Override // org.silverpeas.authentication.Authentication
    public void loadProperties(ResourceLocator resourceLocator) {
        String serverName = getServerName();
        this.configuration.setSecure(resourceLocator.getBoolean(serverName + ".LDAPSecured", false));
        this.configuration.setLdapHost(resourceLocator.getString(serverName + ".LDAPHost"));
        if (this.configuration.isSecure()) {
            this.configuration.setLdapPort(resourceLocator.getInteger(serverName + ".LDAPSecuredPort", 636));
        } else {
            this.configuration.setLdapPort(resourceLocator.getInteger(serverName + ".LDAPPort", 389));
        }
        this.configuration.setTimeout(resourceLocator.getInteger(serverName + ".Timeout", 0));
        this.ldapImpl = resourceLocator.getString(serverName + ".LDAPImpl");
        this.configuration.setUsername(resourceLocator.getString(serverName + ".LDAPAccessLogin"));
        this.configuration.setPassword(resourceLocator.getString(serverName + ".LDAPAccessPasswd").getBytes(Charsets.UTF_8));
        this.m_UserBaseDN = resourceLocator.getString(serverName + ".LDAPUserBaseDN");
        this.m_UserLoginFieldName = resourceLocator.getString(serverName + ".LDAPUserLoginFieldName");
        this.m_MustAlertPasswordExpiration = resourceLocator.getBoolean(serverName + ".MustAlertPasswordExpiration", false);
        if (this.m_MustAlertPasswordExpiration) {
            this.m_PwdLastSetFieldName = resourceLocator.getString(serverName + ".LDAPPwdLastSetFieldName");
            String string = resourceLocator.getString(serverName + ".LDAPPwdMaxAge");
            this.m_PwdMaxAge = string == null ? Integer.MAX_VALUE : Integer.parseInt(string);
            String string2 = resourceLocator.getString(serverName + ".LDAPPwdLastSetFieldFormat");
            this.m_PwdLastSetFieldFormat = (string2 == null || string2.equals("nanoseconds")) ? 0 : 1;
            String string3 = resourceLocator.getString(serverName + ".PwdExpirationReminderDelay");
            this.m_PwdExpirationReminderDelay = string3 == null ? 5 : Integer.parseInt(string3);
            if (this.m_PwdLastSetFieldName == null) {
                this.m_MustAlertPasswordExpiration = false;
            }
        }
        SilverTrace.info("authentication", "AuthenticationLDAP.doAuthentication()", "root.MSG_GEN_PARAM_VALUE", "javax.net.ssl.trustStore = " + System.getProperty(SilverpeasSSLSocketFactory.TRUSTSTORE_KEY));
    }

    @Override // org.silverpeas.authentication.Authentication
    protected AuthenticationConnection<LDAPConnection> openConnection() throws AuthenticationException {
        LDAPConnection lDAPConnection = this.configuration.isSecure() ? new LDAPConnection(new LDAPJSSESecureSocketFactory()) : new LDAPConnection();
        if (this.configuration.getTimeout() > 0) {
            lDAPConnection.setSocketTimeOut(this.configuration.getTimeout());
        }
        try {
            lDAPConnection.connect(this.configuration.getLdapHost(), this.configuration.getLdapPort());
            return new AuthenticationConnection<>(lDAPConnection);
        } catch (LDAPException e) {
            throw new AuthenticationHostException("AuthenticationLDAP.openConnection()", 4, "root.EX_CONNECTION_OPEN_FAILED", "Configuration=" + this.configuration, e);
        }
    }

    @Override // org.silverpeas.authentication.Authentication
    protected void closeConnection(AuthenticationConnection authenticationConnection) throws AuthenticationException {
        try {
            LDAPConnection lDAPConnection = getLDAPConnection(authenticationConnection);
            if (lDAPConnection != null && lDAPConnection.isConnected()) {
                lDAPConnection.disconnect();
            }
        } catch (Exception e) {
            throw new AuthenticationHostException("AuthenticationLDAP.closeConnection()", 4, "root.EX_CONNECTION_CLOSE_FAILED", "Configuration=" + this.configuration, e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x00e4, code lost:
    
        r17 = r0.next();
     */
    @Override // org.silverpeas.authentication.Authentication
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void doAuthentication(org.silverpeas.authentication.AuthenticationConnection r9, org.silverpeas.authentication.AuthenticationCredential r10) throws org.silverpeas.authentication.exception.AuthenticationException {
        /*
            Method dump skipped, instructions count: 605
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.silverpeas.authentication.AuthenticationLDAP.doAuthentication(org.silverpeas.authentication.AuthenticationConnection, org.silverpeas.authentication.AuthenticationCredential):void");
    }

    private int calculateDaysBeforeExpiration(LDAPEntry lDAPEntry) throws AuthenticationPasswordMustBeChangedAtNextLogon {
        SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_ENTER_METHOD");
        LDAPAttribute attribute = lDAPEntry.getAttribute(this.m_PwdLastSetFieldName);
        SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "pwdLastSetAttr is null ? " + (attribute == null));
        if (attribute == null) {
            return Integer.MAX_VALUE;
        }
        Date date = null;
        switch (this.m_PwdLastSetFieldFormat) {
            case 0:
                long parseLong = Long.parseLong(attribute.getStringValue());
                if (parseLong != 0) {
                    SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "lastSetValue = " + parseLong);
                    long j = parseLong / 10000;
                    SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "lastSetValue = " + j);
                    long j2 = j - MILLISECONDS_BETWEEN_1601_AND_1970;
                    SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "lastSetValue = " + j2);
                    date = new Date(j2);
                    break;
                } else {
                    throw new AuthenticationPasswordMustBeChangedAtNextLogon("user=" + lDAPEntry.getDN());
                }
            case 1:
                try {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss");
                    String stringValue = attribute.getStringValue();
                    if (stringValue == null) {
                        SilverTrace.error("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "authentication.NO_VALUE", "m_PwdLastSetField=" + this.m_PwdLastSetFieldName);
                        return Integer.MAX_VALUE;
                    }
                    if (stringValue.length() < 14) {
                        SilverTrace.error("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "authentication.EX_BAD_DATE_FORMAT", "ldapValue=" + stringValue);
                        return Integer.MAX_VALUE;
                    }
                    stringValue.substring(0, 14);
                    date = simpleDateFormat.parse(attribute.getStringValue());
                    break;
                } catch (ParseException e) {
                    SilverTrace.error("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "authentication.EX_BAD_DATE_FORMAT", e);
                    break;
                }
        }
        SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "pwdLastSet = " + DateUtil.getOutputDateAndHour(date, "fr"));
        long time = date.getTime() - new Date().getTime();
        SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_PARAM_VALUE", "delayInMilliseconds = " + time);
        int round = Math.round((float) ((time / 86400000) + this.m_PwdMaxAge));
        SilverTrace.debug("authentication", "AuthenticationLDAP.calculateDaysBeforeExpiration()", "root.MSG_GEN_EXIT_METHOD", "delayInDays = " + round);
        return round;
    }

    @Override // org.silverpeas.authentication.Authentication
    protected void doChangePassword(AuthenticationConnection authenticationConnection, AuthenticationCredential authenticationCredential, String str) throws AuthenticationException {
        LDAPModification[] changeOpenDSPassword;
        String login = authenticationCredential.getLogin();
        String password = authenticationCredential.getPassword();
        String str2 = this.m_UserLoginFieldName + "=" + login;
        String[] strArr = {"sAMAccountName", "memberOf"};
        LDAPConnection lDAPConnection = getLDAPConnection(authenticationConnection);
        try {
            lDAPConnection.bind(3, this.configuration.getUsername(), this.configuration.getPassword());
            SilverTrace.info("authentication", "AuthenticationLDAP.changePassword()", "root.MSG_GEN_PARAM_VALUE", "UserFilter=" + str2);
            LDAPSearchResults search = lDAPConnection.search(this.m_UserBaseDN, 2, str2, strArr, false);
            if (!search.hasMore()) {
                throw new AuthenticationBadCredentialException("AuthenticationLDAP.changePassword()", 4, "authentication.EX_USER_NOT_FOUND", "User=" + login + ";LoginField=" + this.m_UserLoginFieldName);
            }
            String dn = search.next().getDN();
            if ("opends".equalsIgnoreCase(this.ldapImpl) || "openldap".equalsIgnoreCase(this.ldapImpl)) {
                lDAPConnection.bind(3, dn, password.getBytes(Charsets.UTF_8));
                changeOpenDSPassword = changeOpenDSPassword(str);
            } else {
                if (!this.configuration.isSecure()) {
                    throw new AuthenticationException("AuthenticationLDAP.changePassword", 4, "authentication.EX_CANT_CHANGE_USERPASSWORD", new UnsupportedOperationException("LDAP connection must be secured to allow password update"));
                }
                changeOpenDSPassword = getActiveDirectoryPasswordChange(password, str);
            }
            lDAPConnection.modify(dn, changeOpenDSPassword);
        } catch (Exception e) {
            throw new AuthenticationHostException("AuthenticationLDAP.doChangePassword()", 4, "authentication.EX_LDAP_ACCESS_ERROR", e);
        }
    }

    private LDAPModification[] getActiveDirectoryPasswordChange(String str, String str2) {
        return new LDAPModification[]{new LDAPModification(1, new LDAPAttribute("unicodePwd", getActiveDirectoryUnicodePwd(str))), new LDAPModification(0, new LDAPAttribute("unicodePwd", getActiveDirectoryUnicodePwd(str2)))};
    }

    private LDAPModification[] getActiveDirectoryPasswordReset(String str) {
        return new LDAPModification[]{new LDAPModification(2, new LDAPAttribute("unicodePwd", getActiveDirectoryUnicodePwd(str)))};
    }

    private byte[] getActiveDirectoryUnicodePwd(String str) {
        return ("\"" + str + "\"").getBytes(Charsets.UTF_16LE);
    }

    private LDAPModification[] changeOpenDSPassword(String str) {
        return new LDAPModification[]{new LDAPModification(2, new LDAPAttribute("userPassword", str))};
    }

    private static String[] extractBaseDNs(String str) {
        if (!str.contains(";;")) {
            return new String[]{str};
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";;");
        ArrayList arrayList = new ArrayList();
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.silverpeas.authentication.Authentication
    protected void doResetPassword(AuthenticationConnection authenticationConnection, String str, String str2) throws AuthenticationException {
        String str3 = this.m_UserLoginFieldName + "=" + str;
        String[] strArr = {"sAMAccountName", "memberOf"};
        LDAPConnection lDAPConnection = getLDAPConnection(authenticationConnection);
        try {
            lDAPConnection.bind(3, this.configuration.getUsername(), this.configuration.getPassword());
            SilverTrace.info("authentication", "AuthenticationLDAP.changePassword()", "root.MSG_GEN_PARAM_VALUE", "UserFilter=" + str3);
            LDAPSearchResults search = lDAPConnection.search(this.m_UserBaseDN, 2, str3, strArr, false);
            if (!search.hasMore()) {
                throw new AuthenticationBadCredentialException("AuthenticationLDAP.doResetPassword()", 4, "authentication.EX_USER_NOT_FOUND", "User=" + str + ";LoginField=" + this.m_UserLoginFieldName);
            }
            String dn = search.next().getDN();
            LDAPModification[] lDAPModificationArr = null;
            if (!StringUtil.isDefined(this.ldapImpl) || "ad".equalsIgnoreCase(this.ldapImpl)) {
                lDAPModificationArr = getActiveDirectoryPasswordReset(str2);
            } else if ("opends".equalsIgnoreCase(this.ldapImpl) || "openldap".equalsIgnoreCase(this.ldapImpl)) {
                lDAPModificationArr = changeOpenDSPassword(str2);
            }
            lDAPConnection.modify(dn, lDAPModificationArr);
        } catch (Exception e) {
            throw new AuthenticationHostException("AuthenticationLDAP.doResetPassword()", 4, "authentication.EX_LDAP_ACCESS_ERROR", e);
        }
    }

    private static LDAPConnection getLDAPConnection(AuthenticationConnection authenticationConnection) {
        return (LDAPConnection) authenticationConnection.getConnector();
    }
}
