package tw.com.draytek.server.service.externalauthentication;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.axis.Constants;
import tw.com.draytek.acs.property.TR069Property;

/* loaded from: input_file:tw/com/draytek/server/service/externalauthentication/LdapAuthenticator.class */
public class LdapAuthenticator {
    private static final String PREFIX = "LDAP -> ";
    private String server;
    private int port;
    private int bindType;
    private boolean enableSSL;
    private String regularDN;
    private String regularPW;
    private String loginAccount;
    private String password;
    private String loginDN;
    private String userCN;
    private String baseDN;
    private String addtionalFilter;
    private String groupDN;
    private boolean connected;
    private boolean isExistInBaseDN;
    private boolean isExistInGroupDN;
    private boolean authenticated;
    private String userMail = Constants.URI_LITERAL_ENC;
    private String userTelephoneNumber = Constants.URI_LITERAL_ENC;
    private LdapContext authentication;
    private LdapContext connection;

    public LdapAuthenticator() {
    }

    public LdapAuthenticator(ServerConfig serverConfig, LdapProfileConfig ldapProfileConfig) throws NamingException {
        if (this.connected) {
            close();
        }
        setLoginAccount(serverConfig.getLoginAccount());
        setPassword(serverConfig.getLoginPassword());
        setServer(serverConfig.getServerName());
        setPort(serverConfig.getServerPort());
        setBindType(serverConfig.getBindType());
        setEnableSSL(serverConfig.isEnableSSL());
        setRegularDN(serverConfig.getRegularDN());
        setRegularPW(serverConfig.getRegularPW());
        setUserCN(ldapProfileConfig.getCommonName());
        setBaseDN(ldapProfileConfig.getBaseDN());
        setAddtionalFilter(ldapProfileConfig.getAddtionalFilter());
        setGroupDN(ldapProfileConfig.getGroupDN());
        this.loginDN = this.userCN + "=" + this.loginAccount + TR069Property.CSV_SEPERATOR + this.baseDN;
        switch (getBindType()) {
            case 1:
                authentication();
                return;
            case 2:
                anonymousConnect();
                return;
            case 3:
                regularConnect();
                return;
            default:
                return;
        }
    }

    private void anonymousConnect() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + this.server + ":" + this.port + "/");
        hashtable.put("java.naming.security.authentication", "none");
        if (this.enableSSL) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        try {
            try {
                try {
                    try {
                        this.connection = new InitialLdapContext(hashtable, (Control[]) null);
                        debug("LDAP -> 1-(Anonymous)Connection Success!");
                        SearchResult userbyBaseDN = getUserbyBaseDN(this.userCN, this.loginAccount);
                        if (userbyBaseDN == null || !this.isExistInBaseDN) {
                            debug("1-(Anonymous)Authentication Failed: Couldn't find user");
                        } else {
                            this.loginDN = getUserDNByBaseDN(userbyBaseDN.getName());
                            if (!this.groupDN.equals(Constants.URI_LITERAL_ENC)) {
                                this.isExistInGroupDN = getUserbyGroupDN(this.loginAccount) != null;
                            }
                            if (this.groupDN.equals(Constants.URI_LITERAL_ENC) || (!this.groupDN.equals(Constants.URI_LITERAL_ENC) && this.isExistInGroupDN)) {
                                debug("1-(Anonymous)Authentication loginDN: " + this.loginDN);
                                authentication();
                            }
                        }
                        this.connected = true;
                        if (this.connection != null) {
                            try {
                                this.connection.close();
                            } catch (NamingException e) {
                            }
                            this.connection = null;
                        }
                    } catch (AuthenticationNotSupportedException e2) {
                        System.out.println("LDAP -> 1-(Anonymous)Authentication Not Supported Exception!");
                        e2.printStackTrace(System.out);
                        if (this.connection != null) {
                            try {
                                this.connection.close();
                            } catch (NamingException e3) {
                            }
                            this.connection = null;
                        }
                    }
                } catch (CommunicationException e4) {
                    System.out.println("LDAP -> 1-(Anonymous)Communication Fail!");
                    e4.printStackTrace(System.out);
                    if (this.connection != null) {
                        try {
                            this.connection.close();
                        } catch (NamingException e5) {
                        }
                        this.connection = null;
                    }
                }
            } catch (Exception e6) {
                System.out.println("LDAP -> 1-(Anonymous)Unknown exception. Please contact your administrator!");
                e6.printStackTrace(System.out);
                if (this.connection != null) {
                    try {
                        this.connection.close();
                    } catch (NamingException e7) {
                    }
                    this.connection = null;
                }
            } catch (AuthenticationException e8) {
                System.out.println("LDAP -> 1-(Anonymous)Authentication Fail!");
                e8.printStackTrace(System.out);
                if (this.connection != null) {
                    try {
                        this.connection.close();
                    } catch (NamingException e9) {
                    }
                    this.connection = null;
                }
            }
        } catch (Throwable th) {
            if (this.connection != null) {
                try {
                    this.connection.close();
                } catch (NamingException e10) {
                }
                this.connection = null;
            }
            throw th;
        }
    }

    private void regularConnect() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + this.server + ":" + this.port + "/");
        if (this.enableSSL) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", this.regularDN);
        hashtable.put("java.naming.security.credentials", this.regularPW);
        try {
            try {
                try {
                    try {
                        try {
                            this.connection = new InitialLdapContext(hashtable, (Control[]) null);
                            debug("LDAP -> 1-(Regular)Authentication Success!");
                            SearchResult userbyBaseDN = getUserbyBaseDN(this.userCN, this.loginAccount);
                            if (userbyBaseDN == null || !this.isExistInBaseDN) {
                                debug("1-(Regular)Authentication Failed: Couldn't find user");
                            } else {
                                this.loginDN = getUserDNByBaseDN(userbyBaseDN.getName());
                                if (!this.groupDN.equals(Constants.URI_LITERAL_ENC)) {
                                    this.isExistInGroupDN = getUserbyGroupDN(this.loginAccount) != null;
                                }
                                if (this.groupDN.equals(Constants.URI_LITERAL_ENC) || (!this.groupDN.equals(Constants.URI_LITERAL_ENC) && this.isExistInGroupDN)) {
                                    debug("1-(Regular)Authentication loginDN: " + this.loginDN);
                                    authentication();
                                }
                            }
                            this.connected = true;
                            if (this.connection != null) {
                                try {
                                    this.connection.close();
                                } catch (NamingException e) {
                                }
                                this.connection = null;
                            }
                        } catch (Exception e2) {
                            debug("LDAP -> 1-(Regular)Unknown exception. Please contact your administrator!");
                            e2.printStackTrace(System.out);
                            if (this.connection != null) {
                                try {
                                    this.connection.close();
                                } catch (NamingException e3) {
                                }
                                this.connection = null;
                            }
                        }
                    } catch (AuthenticationException e4) {
                        debug("LDAP -> 1-(Regular)Authentication Fail!");
                        e4.printStackTrace(System.out);
                        if (this.connection != null) {
                            try {
                                this.connection.close();
                            } catch (NamingException e5) {
                            }
                            this.connection = null;
                        }
                    }
                } catch (CommunicationException e6) {
                    debug("LDAP -> 1-(Regular)Communication Fail!");
                    e6.printStackTrace(System.out);
                    if (this.connection != null) {
                        try {
                            this.connection.close();
                        } catch (NamingException e7) {
                        }
                        this.connection = null;
                    }
                }
            } catch (AuthenticationNotSupportedException e8) {
                debug("LDAP -> 1-(Regular)Authentication Not Supported Exception!");
                e8.printStackTrace(System.out);
                if (this.connection != null) {
                    try {
                        this.connection.close();
                    } catch (NamingException e9) {
                    }
                    this.connection = null;
                }
            }
        } catch (Throwable th) {
            if (this.connection != null) {
                try {
                    this.connection.close();
                } catch (NamingException e10) {
                }
                this.connection = null;
            }
            throw th;
        }
    }

    private void authentication() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + this.server + ":" + this.port + "/");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", this.loginDN);
        hashtable.put("java.naming.security.credentials", this.password);
        if (this.enableSSL) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        try {
            try {
                try {
                    try {
                        this.authentication = new InitialLdapContext(hashtable, (Control[]) null);
                        debug("LDAP -> Authentication Success!");
                        this.authenticated = true;
                        if (this.bindType == 1) {
                            this.connected = true;
                        }
                    } finally {
                        if (this.authentication != null) {
                            try {
                                this.authentication.close();
                            } catch (NamingException e) {
                            }
                            this.authentication = null;
                        }
                    }
                } catch (Exception e2) {
                    debug("LDAP -> Unknown exception. Please contact your administrator!");
                    e2.printStackTrace(System.out);
                    if (this.authentication != null) {
                        try {
                            this.authentication.close();
                        } catch (NamingException e3) {
                        }
                        this.authentication = null;
                    }
                }
            } catch (CommunicationException e4) {
                debug("LDAP -> Communication Fail!");
                e4.printStackTrace(System.out);
                if (this.authentication != null) {
                    try {
                        this.authentication.close();
                    } catch (NamingException e5) {
                    }
                    this.authentication = null;
                }
            }
        } catch (AuthenticationNotSupportedException e6) {
            debug("LDAP -> Authentication Not Supported Exception!");
            e6.printStackTrace(System.out);
            if (this.authentication != null) {
                try {
                    this.authentication.close();
                } catch (NamingException e7) {
                }
                this.authentication = null;
            }
        } catch (AuthenticationException e8) {
            debug("LDAP -> Authentication Fail!");
            e8.printStackTrace(System.out);
            if (this.authentication != null) {
                try {
                    this.authentication.close();
                } catch (NamingException e9) {
                }
                this.authentication = null;
            }
        }
    }

    public SearchResult getUserbyBaseDN(String str, String str2) {
        if (str.equals(Constants.URI_LITERAL_ENC) || str == null) {
            str = "uid";
        }
        String str3 = "(|(|(" + str + "=" + str2 + ")(cn=" + str2 + "))(sAMAccountName=" + str2 + "))";
        if (!this.addtionalFilter.equals(Constants.URI_LITERAL_ENC) && this.addtionalFilter != null) {
            str3 = "(&" + this.addtionalFilter + "(" + str3 + "))";
        }
        debug("LDAP -> Search filter: " + str3 + ", baseDN: " + this.baseDN);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            NamingEnumeration search = this.connection.search(this.baseDN, str3, searchControls);
            if (!search.hasMoreElements()) {
                return null;
            }
            SearchResult searchResult = (SearchResult) search.nextElement();
            Attributes attributes = searchResult.getAttributes();
            this.userMail = getAttrs(attributes, "mail");
            this.userTelephoneNumber = getAttrs(attributes, "telephoneNumber");
            if (search.hasMoreElements()) {
                System.err.println("LDAP -> Matched multiple users for the accountName: " + str2);
                return null;
            }
            this.isExistInBaseDN = true;
            return searchResult;
        } catch (NamingException e) {
            System.err.println("LDAP -> Couldn't find user with uid (" + str2 + ") error: " + e.getMessage());
            return null;
        }
    }

    private void getAllAttrs(Attributes attributes) {
        try {
            NamingEnumeration all = attributes.getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                String id = attribute.getID();
                String str = Constants.URI_LITERAL_ENC;
                NamingEnumeration all2 = attribute.getAll();
                while (all2.hasMore()) {
                    str = Constants.URI_LITERAL_ENC + all2.next();
                }
                System.out.println("attribute: " + id + " >>> value: " + str);
            }
        } catch (NamingException e) {
            e.printStackTrace();
        }
    }

    private String getAttrs(Attributes attributes, String str) {
        String str2 = Constants.URI_LITERAL_ENC;
        try {
            if (attributes.get(str) != null) {
                str2 = attributes.get(str).get().toString();
            }
        } catch (NamingException e) {
            e.printStackTrace();
        }
        return str2;
    }

    public SearchResult getUserbyGroupDN(String str) {
        String str2 = "(|(&(objectclass=posixGroup)(memberUid=" + str + "))(&(objectcategory=group)(member=" + str + "))(&(objectclass=posixGroup)(uniqueMember=" + str + ")))";
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        debug("LDAP -> Search filter: " + str2);
        try {
            NamingEnumeration search = this.connection.search(this.groupDN, str2, searchControls);
            if (search.hasMoreElements()) {
                return (SearchResult) search.nextElement();
            }
            return null;
        } catch (NamingException e) {
            System.err.println("LDAP -> Couldn't find user with uid (" + str + ") error: " + e.getMessage());
            return null;
        }
    }

    public boolean isConnected() {
        return this.connected;
    }

    public boolean isAuthenticated() {
        return this.authenticated;
    }

    public String getUserMail() {
        return this.userMail;
    }

    public String getUserTelephoneNumber() {
        return this.userTelephoneNumber;
    }

    public int getBindType() {
        return this.bindType;
    }

    public void close() {
        this.connected = false;
        try {
            this.connection.close();
            System.out.println("LDAP -> Connection closed!");
        } catch (NamingException e) {
            System.err.println("LDAP -> Close: failed to close connection: " + e.getMessage());
        }
        this.connection = null;
    }

    private String getUserDNByBaseDN(String str) {
        return str + TR069Property.CSV_SEPERATOR + this.baseDN;
    }

    private static void debug(Object... objArr) {
        if (TR069Property.ENABLE_DEBUG_ACS2_USER_MODE == 1) {
            String className = Thread.currentThread().getStackTrace()[2].getClassName();
            System.out.println(" ");
            Object[] objArr2 = new Object[3 + objArr.length];
            int i = 2;
            objArr2[0] = className.substring(className.lastIndexOf(".") + 1);
            objArr2[1] = Thread.currentThread().getStackTrace()[2].getMethodName();
            objArr2[2] = String.valueOf(Thread.currentThread().getStackTrace()[2].getLineNumber());
            String str = objArr2[0] + "." + objArr2[1] + "():" + objArr2[2] + "  ";
            for (Object obj : objArr) {
                i++;
                objArr2[i] = String.valueOf(obj);
                str = str + objArr2[i];
            }
            System.out.println(str);
        }
    }

    public void setRegularDN(String str) {
        this.regularDN = str;
    }

    public void setRegularPW(String str) {
        this.regularPW = str;
    }

    public void setLoginAccount(String str) {
        this.loginAccount = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public void setEnableSSL(boolean z) {
        this.enableSSL = z;
    }

    public void setBindType(int i) {
        this.bindType = i;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void setServer(String str) {
        this.server = str;
    }

    public void setAddtionalFilter(String str) {
        this.addtionalFilter = str;
    }

    public void setBaseDN(String str) {
        this.baseDN = str;
    }

    public void setGroupDN(String str) {
        this.groupDN = str;
    }

    public void setUserCN(String str) {
        this.userCN = str;
    }
}
