package com.ibm.ws.sip.security.digest.ldap;

import com.ibm.sip.util.log.Log;
import com.ibm.sip.util.log.LogMgr;
import com.ibm.sip.util.log.Situation;
import com.ibm.ws.sip.security.auth.DigestUtils;
import com.ibm.ws.sip.security.digest.DigestPasswordServer;
import com.ibm.ws.sip.security.digest.DigestTAI;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:com/ibm/ws/sip/security/digest/ldap/LdapPasswordServer.class */
public class LdapPasswordServer implements DigestPasswordServer {
    private static final LogMgr c_logger = Log.get(LdapPasswordServer.class);
    private Properties m_ldapProps;
    private CredentialsCache m_credentialsCache;
    private boolean m_isInitialized = false;
    private Object m_initSemaphore = new Object();
    private DirContext m_dirCtx = null;
    private SearchControls m_searchCtls = null;
    private String m_userFilterExpr = null;
    private String m_lookupAttrName = null;
    private boolean m_is_ssl_enabled = false;
    private boolean m_isHashedCredentials = false;
    private String m_hashedRealm = null;

    @Override // com.ibm.ws.sip.security.digest.DigestPasswordServer
    public int initialize(Properties properties) {
        this.m_ldapProps = properties;
        this.m_credentialsCache = new CredentialsCache(properties);
        return 0;
    }

    @Override // com.ibm.ws.sip.security.digest.DigestPasswordServer
    public String getHashedUserCredentials(String str, String str2) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "getUserCredentials", new Object[]{str, str2});
        }
        String hashedUserCredentials = this.m_credentialsCache.getHashedUserCredentials(str, str2);
        if (hashedUserCredentials == null) {
            hashedUserCredentials = lookupHashedCredentials(str, str2);
            if (hashedUserCredentials != null) {
                this.m_credentialsCache.addCredentials(str, str2, hashedUserCredentials);
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "getUserCredentials", hashedUserCredentials);
        }
        return hashedUserCredentials;
    }

    private String lookupHashedCredentials(String str, String str2) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "lookupHashedCredentials", new Object[]{str});
        }
        if (this.m_dirCtx == null) {
            initDirectoryAccess();
        }
        String lookupUserAttribute = lookupUserAttribute(str, this.m_lookupAttrName, this.m_searchCtls);
        if (lookupUserAttribute == null) {
            return null;
        }
        String str3 = null;
        if (!this.m_isHashedCredentials) {
            str3 = DigestUtils.createHashedA1(str, str2, lookupUserAttribute);
        } else if (this.m_hashedRealm != null && this.m_hashedRealm.equalsIgnoreCase(str2)) {
            str3 = lookupUserAttribute;
        } else if (c_logger.isWarnEnabled()) {
            c_logger.warn("warn.unsupported.realm", Situation.SITUATION_UNKNOWN, str2);
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "lookupHashedCredentials", "******");
        }
        return str3;
    }

    private String lookupUserAttribute(String str, String str2, SearchControls searchControls) {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry((Object) this, "lookupUserAttribute", new Object[]{str, str2});
        }
        String str3 = null;
        if (this.m_dirCtx != null) {
            try {
                NamingEnumeration search = this.m_dirCtx.search("", this.m_userFilterExpr, new String[]{str}, this.m_searchCtls);
                if (search.hasMoreElements()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(str2);
                    if (attribute.size() > 0) {
                        Object obj = attribute.get();
                        if (obj instanceof byte[]) {
                            str3 = new String((byte[]) obj);
                        } else if (obj instanceof String) {
                            str3 = (String) obj;
                        } else if (c_logger.isErrorEnabled()) {
                            c_logger.error("Unable to retrieve password from LDAP server");
                        }
                    }
                }
            } catch (NamingException e) {
                if (c_logger.isErrorEnabled()) {
                    c_logger.error("error.exception.naming", Situation.SITUATION_UNKNOWN, (Object[]) null, e);
                }
            }
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "lookupUserAttribute", "******");
        }
        return str3;
    }

    private synchronized void initProperties() {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "initProperties");
        }
        if (this.m_isInitialized) {
            if (c_logger.isTraceDebugEnabled()) {
                c_logger.traceDebug(this, "initProperties", "already initialized");
                return;
            }
            return;
        }
        String property = this.m_ldapProps.getProperty(LdapConstants.PROPERTY_HASHED_CREDENTIALS);
        if (property != null && property.length() > 0) {
            DigestTAI.logPropertyFound(LdapConstants.PROPERTY_HASHED_CREDENTIALS, property);
            this.m_lookupAttrName = property;
        }
        String property2 = this.m_ldapProps.getProperty(LdapConstants.PROPERTY_HASHED_CREDENTIALS_REALM);
        if (property2 != null && property2.length() > 0) {
            DigestTAI.logPropertyFound(LdapConstants.PROPERTY_HASHED_CREDENTIALS_REALM, property2);
            this.m_hashedRealm = property2;
        }
        if (this.m_lookupAttrName == null || this.m_hashedRealm == null) {
            this.m_isHashedCredentials = false;
            if (c_logger.isInfoEnabled()) {
                c_logger.info("info.unhashed.creds", Situation.SITUATION_UNKNOWN);
            }
            this.m_lookupAttrName = this.m_ldapProps.getProperty(LdapConstants.PROPERTY_PASSWORD_ATTRIBUTE_NAME);
            if (this.m_lookupAttrName != null) {
                DigestTAI.logPropertyFound(LdapConstants.PROPERTY_PASSWORD_ATTRIBUTE_NAME, this.m_lookupAttrName);
            } else {
                this.m_lookupAttrName = LdapConstants.DEFAULT_PASSWORD_ATTRIBUTE_NAME;
            }
        } else {
            this.m_isHashedCredentials = true;
        }
        String property3 = this.m_ldapProps.getProperty(LdapConstants.PROPERTY_ENABLE_LDAP_SSL);
        if (property3 != null && property3.length() > 0) {
            DigestTAI.logPropertyFound(LdapConstants.PROPERTY_ENABLE_LDAP_SSL, property3);
            this.m_is_ssl_enabled = Boolean.parseBoolean(property3);
        }
        String[] strArr = {this.m_lookupAttrName};
        this.m_userFilterExpr = this.m_ldapProps.getProperty(LdapConstants.SEARCH_FILTER).replaceAll("%v", "{0}");
        this.m_searchCtls = new SearchControls();
        this.m_searchCtls.setReturningAttributes(strArr);
        this.m_searchCtls.setSearchScope(2);
        this.m_searchCtls.setCountLimit(1L);
        this.m_isInitialized = true;
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "initProperties");
        }
    }

    private void initDirectoryAccess() {
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceEntry(this, "initDirectoryAccess");
        }
        synchronized (this.m_initSemaphore) {
            if (!this.m_isInitialized) {
                initProperties();
            }
        }
        String property = this.m_ldapProps.getProperty("host");
        String property2 = this.m_ldapProps.getProperty("port");
        String property3 = this.m_ldapProps.getProperty(LdapConstants.BASE_DN);
        String property4 = this.m_ldapProps.getProperty(LdapConstants.ADMIN_DN, "");
        String property5 = this.m_ldapProps.getProperty(LdapConstants.ADMIN_PASSWORD, "");
        if (c_logger.isTraceDebugEnabled()) {
            c_logger.traceDebug(this, "initDirectoryAccess", "connection on {ldap://[" + property + "]:[" + property2 + "]/" + property3 + "} with [" + property4 + "]/[*******]");
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", LdapConstants.LDAP_CTX_FACTORY);
        hashtable.put("java.naming.provider.url", "ldap://" + property + ":" + property2 + "/" + property3);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", property4);
        hashtable.put("java.naming.security.credentials", property5);
        if (c_logger.isTraceDebugEnabled()) {
            c_logger.traceDebug(this, "initDirectoryAccess", "sslEnabled = [" + this.m_is_ssl_enabled + "]");
        }
        if (this.m_is_ssl_enabled) {
            hashtable.put("java.naming.security.protocol", LdapConstants.LDAP_SSL);
            hashtable.put("java.naming.ldap.factory.socket", LdapConstants.LDAP_SSL_SOCKET_FACTORY_CLASS_NAME);
        }
        try {
            this.m_dirCtx = new InitialDirContext(hashtable);
        } catch (NamingException e) {
            if (c_logger.isErrorEnabled()) {
                c_logger.error("error.exception.naming", Situation.SITUATION_UNKNOWN, (Object[]) null, e);
            }
        }
        if (c_logger.isTraceDebugEnabled()) {
            c_logger.traceDebug(this, "initDirectoryAccess", "succesful Ldap connection");
        }
        if (c_logger.isTraceEntryExitEnabled()) {
            c_logger.traceExit(this, "initDirectoryAccess");
        }
    }
}
