package org.hsqldb.auth;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.hsqldb.Tokens;
import org.hsqldb.lib.FrameworkLogger;

/* loaded from: classes3.dex */
public class LdapAuthBean implements AuthFunctionBean {
    public static FrameworkLogger logger = FrameworkLogger.getLog(LdapAuthBean.class);
    public String accessAttribute;
    public Pattern accessValuePattern;
    public String[] attributeUnion;
    public boolean initialized;
    public String ldapHost;
    public Integer ldapPort;
    public String parentDn;
    public String principalTemplate;
    public Pattern roleSchemaValuePattern;
    public String rolesSchemaAttribute;
    public String saslRealm;
    public boolean tls;
    public String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    public String mechanism = Tokens.T_SIMPLE;
    public String rdnAttribute = "uid";

    @Override // org.hsqldb.auth.AuthFunctionBean
    public String[] authenticate(String str, String str2) throws DenyException {
        StartTlsResponse startTlsResponse;
        String group;
        if (!this.initialized) {
            throw new IllegalStateException("You must invoke the 'init' method to initialize the " + LdapAuthBean.class.getName() + " instance.");
        }
        Hashtable hashtable = new Hashtable(5, 0.75f);
        hashtable.put("java.naming.factory.initial", this.initialContextFactory);
        StringBuilder sb = new StringBuilder();
        sb.append("ldap://");
        sb.append(this.ldapHost);
        sb.append(this.ldapPort == null ? "" : ":" + this.ldapPort);
        InitialLdapContext initialLdapContext = "java.naming.provider.url";
        hashtable.put("java.naming.provider.url", sb.toString());
        StartTlsResponse startTlsResponse2 = null;
        try {
            try {
                initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                try {
                    if (this.tls) {
                        startTlsResponse = (StartTlsResponse) initialLdapContext.extendedOperation(new StartTlsRequest());
                        try {
                            try {
                                startTlsResponse.negotiate();
                            } catch (NamingException e2) {
                                e = e2;
                                throw new RuntimeException((Throwable) e);
                            } catch (Throwable th) {
                                th = th;
                                startTlsResponse2 = startTlsResponse;
                                if (startTlsResponse2 != null) {
                                    try {
                                        startTlsResponse2.close();
                                    } catch (IOException e3) {
                                        logger.error("Failed to close TLS Response", e3);
                                    }
                                }
                                if (initialLdapContext == null) {
                                    throw th;
                                }
                                try {
                                    initialLdapContext.close();
                                    throw th;
                                } catch (NamingException e4) {
                                    logger.error("Failed to close LDAP Context", e4);
                                    throw th;
                                }
                            }
                        } catch (IOException e5) {
                            e = e5;
                            throw new RuntimeException(e);
                        } catch (RuntimeException e6) {
                            throw e6;
                        } catch (DenyException e7) {
                            throw e7;
                        }
                    } else {
                        startTlsResponse = null;
                    }
                    initialLdapContext.addToEnvironment("java.naming.security.authentication", this.mechanism);
                    initialLdapContext.addToEnvironment("java.naming.security.principal", this.principalTemplate == null ? str : this.principalTemplate.replace("${username}", str));
                    initialLdapContext.addToEnvironment("java.naming.security.credentials", str2);
                    if (this.saslRealm != null) {
                        hashtable.put("java.naming.security.sasl.realm", this.saslRealm);
                    }
                    try {
                        NamingEnumeration search = initialLdapContext.search(this.parentDn, new BasicAttributes(this.rdnAttribute, str), this.attributeUnion);
                        if (!search.hasMore()) {
                            throw new DenyException();
                        }
                        SearchResult searchResult = (SearchResult) search.next();
                        if (search.hasMore()) {
                            throw new RuntimeException("> 1 result");
                        }
                        Attributes attributes = searchResult.getAttributes();
                        if (this.accessAttribute != null) {
                            Attribute attribute = attributes.get(this.accessAttribute);
                            if (attribute == null) {
                                throw new DenyException();
                            }
                            if (attribute.size() != 1) {
                                throw new RuntimeException("Access attribute '" + this.accessAttribute + "' has unexpected value count: " + attribute.size());
                            }
                            if (this.accessValuePattern != null) {
                                Object obj = attribute.get(0);
                                if (obj == null) {
                                    throw new RuntimeException("Access Attr. value is null");
                                }
                                if (!(obj instanceof String)) {
                                    throw new RuntimeException("Access Attr. value not a String: " + obj.getClass().getName());
                                }
                                if (!this.accessValuePattern.matcher((String) obj).matches()) {
                                    throw new DenyException();
                                }
                            }
                        }
                        if (this.rolesSchemaAttribute == null) {
                            if (startTlsResponse != null) {
                                try {
                                    startTlsResponse.close();
                                } catch (IOException e8) {
                                    logger.error("Failed to close TLS Response", e8);
                                }
                            }
                            try {
                                initialLdapContext.close();
                            } catch (NamingException e9) {
                                logger.error("Failed to close LDAP Context", e9);
                            }
                            return null;
                        }
                        ArrayList arrayList = new ArrayList();
                        Attribute attribute2 = attributes.get(this.rolesSchemaAttribute);
                        if (attribute2 != null) {
                            int size = attribute2.size();
                            for (int i2 = 0; i2 < size; i2++) {
                                Object obj2 = attribute2.get(i2);
                                if (obj2 == null) {
                                    throw new RuntimeException("R/S Attr value #" + i2 + " is null");
                                }
                                if (!(obj2 instanceof String)) {
                                    throw new RuntimeException("R/S Attr value #" + i2 + " not a String: " + obj2.getClass().getName());
                                }
                                if (this.roleSchemaValuePattern == null) {
                                    group = (String) obj2;
                                } else {
                                    Matcher matcher = this.roleSchemaValuePattern.matcher((String) obj2);
                                    if (matcher.matches()) {
                                        group = matcher.groupCount() > 0 ? matcher.group(1) : (String) obj2;
                                    }
                                }
                                arrayList.add(group);
                            }
                        }
                        if (arrayList.size() >= 1) {
                            String[] strArr = (String[]) arrayList.toArray(new String[0]);
                            if (startTlsResponse != null) {
                                try {
                                    startTlsResponse.close();
                                } catch (IOException e10) {
                                    logger.error("Failed to close TLS Response", e10);
                                }
                            }
                            try {
                                initialLdapContext.close();
                            } catch (NamingException e11) {
                                logger.error("Failed to close LDAP Context", e11);
                            }
                            return strArr;
                        }
                        if (this.accessAttribute == null) {
                            throw new DenyException();
                        }
                        String[] strArr2 = new String[0];
                        if (startTlsResponse != null) {
                            try {
                                startTlsResponse.close();
                            } catch (IOException e12) {
                                logger.error("Failed to close TLS Response", e12);
                            }
                        }
                        try {
                            initialLdapContext.close();
                        } catch (NamingException e13) {
                            logger.error("Failed to close LDAP Context", e13);
                        }
                        return strArr2;
                    } catch (Exception e14) {
                        throw new RuntimeException(e14);
                    } catch (AuthenticationException unused) {
                        throw new DenyException();
                    }
                } catch (IOException e15) {
                    e = e15;
                } catch (RuntimeException e16) {
                    throw e16;
                } catch (DenyException e17) {
                    throw e17;
                } catch (NamingException e18) {
                    e = e18;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (IOException e19) {
            e = e19;
        } catch (RuntimeException e20) {
            throw e20;
        } catch (NamingException e21) {
            e = e21;
        } catch (DenyException e22) {
            throw e22;
        } catch (Throwable th3) {
            th = th3;
            initialLdapContext = null;
        }
    }

    public void init() {
        String str;
        if (this.ldapHost == null) {
            throw new IllegalStateException("Required property 'ldapHost' not set");
        }
        if (this.parentDn == null) {
            throw new IllegalStateException("Required property 'parentDn' not set");
        }
        if (this.initialContextFactory == null) {
            throw new IllegalStateException("Required property 'initialContextFactory' not set");
        }
        if (this.mechanism == null) {
            throw new IllegalStateException("Required property 'mechanism' not set");
        }
        if (this.rdnAttribute == null) {
            throw new IllegalStateException("Required property 'rdnAttribute' not set");
        }
        if (this.rolesSchemaAttribute == null && this.accessAttribute == null) {
            throw new IllegalStateException("You must set property 'rolesSchemaAttribute' and/or property 'accessAttribute'");
        }
        if (this.roleSchemaValuePattern != null && this.rolesSchemaAttribute == null) {
            throw new IllegalStateException("If property 'roleSchemaValuePattern' is set, then you must also set property 'rolesSchemaAttribute' to indicate which attribute to evaluate");
        }
        if (this.accessValuePattern != null && this.accessAttribute == null) {
            throw new IllegalStateException("If property 'accessValuePattern' is set, then you must also set property 'accessAttribute' to indicate which attribute to evaluate");
        }
        String str2 = this.rolesSchemaAttribute;
        if (str2 == null || (str = this.accessAttribute) == null) {
            String str3 = this.rolesSchemaAttribute;
            if (str3 != null) {
                this.attributeUnion = new String[]{str3};
            } else {
                this.attributeUnion = new String[]{this.accessAttribute};
            }
        } else {
            this.attributeUnion = new String[]{str2, str};
        }
        this.initialized = true;
    }

    public void setAccessAttribute(String str) {
        this.accessAttribute = str;
    }

    public void setAccessValuePattern(Pattern pattern) {
        this.accessValuePattern = pattern;
    }

    public void setAccessValuePatternString(String str) {
        setAccessValuePattern(Pattern.compile(str));
    }

    public void setInitialContextFactory(String str) {
        this.initialContextFactory = str;
    }

    public void setLdapHost(String str) {
        this.ldapHost = str;
    }

    public void setLdapPort(int i2) {
        this.ldapPort = Integer.valueOf(i2);
    }

    public void setParentDn(String str) {
        this.parentDn = str;
    }

    public void setPrincipalTemplate(String str) {
        this.principalTemplate = str;
    }

    public void setRdnAttribute(String str) {
        this.rdnAttribute = str;
    }

    public void setRoleSchemaValuePattern(Pattern pattern) {
        this.roleSchemaValuePattern = pattern;
    }

    public void setRoleSchemaValuePatternString(String str) {
        setRoleSchemaValuePattern(Pattern.compile(str));
    }

    public void setRolesSchemaAttribute(String str) {
        this.rolesSchemaAttribute = str;
    }

    public void setSaslRealm(String str) {
        this.saslRealm = str;
    }

    public void setSecurityMechanism(String str) {
        this.mechanism = str;
    }

    public void setStartTls(boolean z) {
        this.tls = z;
    }
}
