package edu.ucsb.nceas.metacat;

import edu.ucsb.nceas.metacat.properties.PropertyService;
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.ConnectException;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ReferralException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:edu/ucsb/nceas/metacat/AuthLdap.class */
public class AuthLdap implements AuthInterface {
    private String ldapUrl;
    private String ldapsUrl;
    private String ldapBase;
    private String referral;
    private String ldapConnectTimeLimit;
    private int ldapSearchTimeLimit;
    private int ldapSearchCountLimit;
    private String currentReferralInfo;
    Hashtable<String, String> env = new Hashtable<>(11);
    private Context rContext;
    private String userName;
    private String userPassword;
    ReferralException refExc;
    private static Logger logMetacat = Logger.getLogger(AuthLdap.class);

    public AuthLdap() throws InstantiationException {
        try {
            this.ldapUrl = PropertyService.getProperty("auth.url");
            this.ldapsUrl = PropertyService.getProperty("auth.surl");
            this.ldapBase = PropertyService.getProperty("auth.base");
            this.referral = PropertyService.getProperty("ldap.referral");
            this.ldapConnectTimeLimit = PropertyService.getProperty("ldap.connectTimeLimit");
            this.ldapSearchTimeLimit = Integer.parseInt(PropertyService.getProperty("ldap.searchTimeLimit"));
            this.ldapSearchCountLimit = Integer.parseInt(PropertyService.getProperty("ldap.searchCountLimit"));
            this.currentReferralInfo = "";
        } catch (NumberFormatException e) {
            throw new InstantiationException("Could not instantiate AuthLdap.  Bad number format when converting properties: " + e.getMessage());
        } catch (PropertyNotFoundException e2) {
            throw new InstantiationException("Could not instantiate AuthLdap.  Property not found: " + e2.getMessage());
        }
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public boolean authenticate(String str, String str2) throws ConnectException {
        String str3 = this.ldapUrl;
        String str4 = this.ldapsUrl;
        String str5 = this.ldapBase;
        boolean z = false;
        if (str.indexOf(",") == -1) {
            throw new ConnectException("Invalid LDAP user credential: " + str + ".  Missing ','");
        }
        logMetacat.debug("AuthLdap.authenticate - identifier: " + str + ", uid: " + str.substring(0, str.indexOf(",")) + ", user: " + str.substring(str.indexOf(","), str.length()));
        try {
            logMetacat.info("AuthLdap.authenticate - Calling ldapAuthenticate with user as identifier: " + str);
            z = ldapAuthenticate(str, str2, new Boolean(PropertyService.getProperty("ldap.onlySecureConnection")).booleanValue());
            if (!z) {
                logMetacat.info("AuthLdap.authenticate - Not Authenticated");
                logMetacat.info("AuthLdap.authenticate - Looking up DN for: " + str);
                String identifyingName = getIdentifyingName(str, str3, str5);
                if (identifyingName == null) {
                    logMetacat.info("AuthLdap.authenticate - No DN found from getIdentifyingName");
                    return z;
                }
                logMetacat.info("AuthLdap.authenticate - DN found from getIdentifyingName: " + identifyingName);
                String decode = URLDecoder.decode(identifyingName);
                logMetacat.info("AuthLdap.authenticate - DN decoded: " + decode);
                if (decode.startsWith("ldap")) {
                    logMetacat.debug("AuthLdap.authenticate - identifier starts with \"ldap\"");
                    String substring = decode.substring(0, decode.lastIndexOf("/") + 1);
                    String substring2 = decode.substring(decode.indexOf(",", decode.indexOf(",") + 1) + 1);
                    String substring3 = decode.substring(decode.lastIndexOf("/") + 1);
                    logMetacat.info("AuthLdap.authenticate - Calling ldapAuthenticate: with user as identifier: " + substring3 + " and refUrl as: " + substring + " and refBase as: " + substring2);
                    z = ldapAuthenticate(substring3, str2, substring, substring2, new Boolean(PropertyService.getProperty("ldap.onlySecureReferalsConnection")).booleanValue());
                } else {
                    logMetacat.info("AuthLdap.authenticate - identifier doesnt start with ldap");
                    String str6 = decode + "," + str5;
                    logMetacat.info("AuthLdap.authenticate - Calling ldapAuthenticatewith user as identifier: " + str6);
                    z = ldapAuthenticate(str6, str2, new Boolean(PropertyService.getProperty("ldap.onlySecureConnection")).booleanValue());
                }
            }
        } catch (NamingException e) {
            logMetacat.error("AuthLdap.authenticate - Naming exception while authenticating in AuthLdap.authenticate: " + e);
            e.printStackTrace();
        } catch (NullPointerException e2) {
            logMetacat.error("AuthLdap.authenticate - NullPointerException while authenticating in AuthLdap.authenticate: " + e2);
            e2.printStackTrace();
            throw new ConnectException("AuthLdap.authenticate - NullPointerException while authenticating in AuthLdap.authenticate: " + e2);
        } catch (PropertyNotFoundException e3) {
            logMetacat.error("AuthLdap.authenticate - Property exception while authenticating in AuthLdap.authenticate: " + e3.getMessage());
        }
        return z;
    }

    private boolean ldapAuthenticate(String str, String str2, boolean z) throws ConnectException, NamingException, NullPointerException {
        return ldapAuthenticate(str, str2, this.ldapsUrl, this.ldapBase, z);
    }

    private boolean ldapAuthenticate(String str, String str2, String str3, String str4, boolean z) {
        String substring;
        String substring2;
        boolean z2 = false;
        logMetacat.info("AuthLdap.ldapAuthenticate - dn is: " + str);
        int lastIndexOf = str.lastIndexOf("/");
        logMetacat.debug("AuthLdap.ldapAuthenticate - position is: " + lastIndexOf);
        if (lastIndexOf == -1) {
            substring = str3;
            substring2 = str.indexOf("") < 0 ? str + "," + str4 : str;
            logMetacat.info("AuthLdap.ldapAuthenticate - userDN is: " + substring2);
        } else {
            substring = str.substring(0, lastIndexOf + 1);
            substring2 = str.substring(lastIndexOf + 1);
            logMetacat.info("AuthLdap.ldapAuthenticate - server is: " + substring);
            logMetacat.info("AuthLdap.ldapAuthenticate - userDN is: " + substring2);
        }
        logMetacat.warn("AuthLdap.ldapAuthenticate - Trying to authenticate: " + substring2 + " Using server: " + substring);
        try {
            Hashtable<String, String> hashtable = new Hashtable<>();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", substring);
            hashtable.put("java.naming.referral", "throw");
            try {
                z2 = authenticateTLS(hashtable, substring2, str2);
            } catch (AuthenticationException e) {
                logMetacat.info("AuthLdap.ldapAuthenticate - failed to login : " + e.getMessage());
                String str5 = null;
                try {
                    str5 = getAliasedDnTLS(substring2, hashtable);
                    if (str5 != null) {
                        logMetacat.warn("AuthLdap.ldapAuthenticate - an aliased object " + str5 + " was found for the DN " + substring2 + ". We will try to authenticate this new DN " + str5 + ".");
                        z2 = authenticateTLS(hashtable, str5, str2);
                    }
                } catch (AuthTLSException e2) {
                    logMetacat.error("AuthLdap.ldapAuthenticate - AuthTLSException " + e2.getMessage() + " happend when the ldap server authenticated the aliased object " + str5);
                } catch (IOException e3) {
                    logMetacat.error("AuthLdap.ldapAuthenticate - IOException " + e3.getMessage() + " happend when the ldap server authenticated the aliased object " + str5);
                } catch (NamingException e4) {
                    logMetacat.error("AuthLdap.ldapAuthenticate - NamingException " + e4.getMessage() + " happend when the ldap server authenticated the aliased object " + str5);
                }
            } catch (AuthTLSException e5) {
                logMetacat.info("AuthLdap.ldapAuthenticate - error while negotiating TLS: " + e5.getMessage());
                if (z) {
                    return z2;
                }
                try {
                    z2 = authenticateNonTLS(hashtable, substring2, str2);
                } catch (AuthenticationException e6) {
                    logMetacat.warn("Authentication exception for (nonTLS): " + e6.getMessage());
                    String str6 = null;
                    try {
                        str6 = getAliasedDnNonTLS(substring2, hashtable);
                        if (str6 != null) {
                            logMetacat.warn("AuthLdap.ldapAuthenticate(NonTLS) - an aliased object " + str6 + " was found for the DN " + substring2 + ". We will try to authenticate this new DN " + str6 + " again.");
                            z2 = authenticateNonTLS(hashtable, str6, str2);
                        }
                    } catch (NamingException e7) {
                        logMetacat.error("AuthLdap.ldapAuthenticate(NonTLS) - NamingException " + e7.getMessage() + " happend when the ldap server authenticated the aliased object " + str6);
                    } catch (IOException e8) {
                        logMetacat.error("AuthLdap.ldapAuthenticate(NonTLS) - IOException " + e8.getMessage() + " happend when the ldap server authenticated the aliased object " + str6);
                    }
                }
            }
        } catch (AuthenticationException e9) {
            logMetacat.warn("Authentication exception: " + e9.getMessage());
            z2 = false;
        } catch (InvalidNameException e10) {
            logMetacat.error("AuthLdap.ldapAuthenticate - An invalid DN was provided: " + e10.getMessage());
        } catch (NamingException e11) {
            logMetacat.warn("AuthLdap.ldapAuthenticate - Caught NamingException in login: " + e11.getClass().getName());
            logMetacat.info(e11.toString() + "  " + e11.getRootCause());
        }
        return z2;
    }

    private String getAliasedDnTLS(String str, Hashtable<String, String> hashtable) throws NamingException, IOException {
        return getAliasedDn(str, hashtable, true);
    }

    private String getAliasedDnNonTLS(String str, Hashtable<String, String> hashtable) throws NamingException, IOException {
        return getAliasedDn(str, hashtable, false);
    }

    private String getAliasedDn(String str, Hashtable<String, String> hashtable, boolean z) throws NamingException, IOException {
        String str2 = null;
        if (hashtable != null) {
            hashtable.put("java.naming.referral", "ignore");
        }
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        StartTlsResponse startTlsResponse = null;
        if (z) {
            startTlsResponse = (StartTlsResponse) initialLdapContext.extendedOperation(new StartTlsRequest());
            startTlsResponse.negotiate();
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = initialLdapContext.search(str, "(objectClass=*)", searchControls);
        while (true) {
            if (!search.hasMore()) {
                break;
            }
            SearchResult searchResult = (SearchResult) search.next();
            if (!searchResult.isRelative()) {
                str2 = searchResult.getNameInNamespace();
                break;
            }
        }
        if (z && startTlsResponse != null) {
            startTlsResponse.close();
        }
        initialLdapContext.close();
        return str2;
    }

    private boolean authenticateTLS(Hashtable<String, String> hashtable, String str, String str2) throws AuthTLSException, AuthenticationException {
        logMetacat.info("AuthLdap.authenticateTLS - Trying to authenticate with TLS");
        try {
            double currentTimeMillis = System.currentTimeMillis();
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            initialLdapContext.extendedOperation(new StartTlsRequest()).negotiate();
            initialLdapContext.addToEnvironment("java.naming.security.authentication", "simple");
            initialLdapContext.addToEnvironment("java.naming.security.principal", str);
            initialLdapContext.addToEnvironment("java.naming.security.credentials", str2);
            initialLdapContext.reconnect((Control[]) null);
            logMetacat.info("AuthLdap.authenticateTLS - Connection time thru " + this.ldapsUrl + " was: " + ((System.currentTimeMillis() - currentTimeMillis) / 1000.0d) + " seconds.");
            return true;
        } catch (AuthenticationException e) {
            logMetacat.warn("AuthLdap.authenticateTLS - Authentication exception: " + e.getMessage());
            throw e;
        } catch (IOException e2) {
            throw new AuthTLSException("AuthLdap.authenticateTLS - I/O error when athenticating via TLS: " + e2.getMessage());
        } catch (NamingException e3) {
            throw new AuthTLSException("AuthLdap.authenticateTLS - Naming error when athenticating via TLS: " + e3.getMessage());
        }
    }

    private boolean authenticateNonTLS(Hashtable<String, String> hashtable, String str, String str2) throws NamingException {
        logMetacat.info("AuthLdap.authenticateNonTLS - Trying to authenticate without TLS");
        double currentTimeMillis = System.currentTimeMillis();
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        initialLdapContext.addToEnvironment("java.naming.security.authentication", "simple");
        initialLdapContext.addToEnvironment("java.naming.security.principal", str);
        initialLdapContext.addToEnvironment("java.naming.security.credentials", str2);
        initialLdapContext.reconnect((Control[]) null);
        logMetacat.info("AuthLdap.authenticateNonTLS - Connection time thru " + this.ldapsUrl + " was: " + ((System.currentTimeMillis() - currentTimeMillis) / 1000.0d) + " seconds.");
        return true;
    }

    private String getIdentifyingName(String str, String str2, String str3) throws NamingException {
        NamingEnumeration search;
        String str4 = null;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.referral", "throw");
        hashtable.put("java.naming.provider.url", str2 + str3);
        try {
            int indexOf = str.indexOf(",");
            String substring = str.substring(str.indexOf("=") + 1, indexOf);
            logMetacat.info("AuthLdap.getIdentifyingName - uid is: " + substring);
            String substring2 = str.substring(str.indexOf("=", indexOf + 1) + 1, str.indexOf(",", indexOf + 1));
            logMetacat.info("AuthLdap.getIdentifyingName - org is: " + substring2);
            DirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String str5 = "(&(uid=" + substring + ")(o=" + substring2 + "))";
            logMetacat.warn("AuthLdap.getIdentifyingName - Searching for DNs with following filter: " + str5);
            boolean z = true;
            while (z) {
                try {
                    search = initialDirContext.search("", str5, searchControls);
                } catch (ReferralException e) {
                    logMetacat.info("AuthLdap.getIdentifyingName - Got referral: " + e.getReferralInfo());
                    if (z) {
                        boolean z2 = true;
                        while (z2) {
                            try {
                                initialDirContext = e.getReferralContext();
                                z2 = false;
                            } catch (NamingException e2) {
                                logMetacat.error("NamingException when getting referral contex. Skipping this referral. " + e2.getMessage());
                                e.skipReferral();
                                z2 = true;
                            }
                        }
                    }
                }
                if (search.hasMore()) {
                    str4 = ((SearchResult) search.next()).getName();
                    return str4;
                }
                z = false;
            }
            return str4;
        } catch (NamingException e3) {
            logMetacat.error("AuthLdap.getIdentifyingName - Naming exception while getting dn: " + e3);
            throw new NamingException("Naming exception in AuthLdap.getIdentifyingName: " + e3);
        }
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String[][] getUsers(String str, String str2) throws ConnectException {
        String[][] strArr = (String[][]) null;
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.referral", this.referral);
        hashtable.put("java.naming.provider.url", this.ldapUrl);
        hashtable.put("com.sun.jndi.ldap.connect.timeout", this.ldapConnectTimeLimit);
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{"dn", "cn", "o", "ou", "mail"});
            searchControls.setSearchScope(2);
            searchControls.setTimeLimit(this.ldapSearchTimeLimit);
            NamingEnumeration search = initialDirContext.search(this.ldapBase, "(objectClass=inetOrgPerson)", searchControls);
            Vector vector = new Vector();
            Vector vector2 = new Vector();
            Vector vector3 = new Vector();
            Vector vector4 = new Vector();
            Vector vector5 = new Vector();
            while (search.hasMore()) {
                try {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes = searchResult.getAttributes();
                    if ((attributes.get("cn") + "").startsWith("cn: ")) {
                        vector2.add((attributes.get("cn") + "").substring(4));
                    } else {
                        vector2.add(attributes.get("cn") + "");
                    }
                    if ((attributes.get("o") + "").startsWith("o: ")) {
                        vector3.add((attributes.get("o") + "").substring(3));
                    } else {
                        vector3.add(attributes.get("o") + "");
                    }
                    if ((attributes.get("ou") + "").startsWith("ou: ")) {
                        vector4.add((attributes.get("ou") + "").substring(4));
                    } else {
                        vector4.add(attributes.get("ou") + "");
                    }
                    if ((attributes.get("mail") + "").startsWith("mail: ")) {
                        vector5.add((attributes.get("mail") + "").substring(6));
                    } else {
                        vector5.add(attributes.get("mail") + "");
                    }
                    vector.add(searchResult.getName() + "," + this.ldapBase);
                } catch (SizeLimitExceededException e) {
                    logMetacat.error("AuthLdap.getUsers - LDAP Server size limit exceeded. Returning incomplete record set.");
                }
            }
            strArr = new String[vector.size()][5];
            for (int i = 0; i < vector.size(); i++) {
                strArr[i][0] = (String) vector.elementAt(i);
                strArr[i][1] = (String) vector2.elementAt(i);
                strArr[i][2] = (String) vector3.elementAt(i);
                strArr[i][3] = (String) vector3.elementAt(i);
                strArr[i][4] = (String) vector5.elementAt(i);
            }
            initialDirContext.close();
        } catch (NamingException e2) {
            logMetacat.error("AuthLdap.getUsers - Problem getting users in AuthLdap.getUsers:" + e2);
        }
        return strArr;
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String[] getUserInfo(String str, String str2) throws ConnectException {
        String[] strArr = new String[3];
        logMetacat.info("AuthLdap.getUserInfo - get the user info for user  " + str);
        Hashtable<String, String> hashtable = new Hashtable<>(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", this.ldapUrl);
        String str3 = null;
        try {
            str3 = getAliasedDnNonTLS(str, hashtable);
        } catch (Exception e) {
            logMetacat.warn("AuthLdap.getUserInfo - can't get the alias name for the user " + str + " since " + e.getMessage());
        }
        logMetacat.info("AuthLdap.getUserInfo - the aliased dn for " + str + " is " + str3);
        if (str3 != null) {
            str = str3;
        }
        try {
            hashtable.put("java.naming.referral", this.referral);
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{"cn", "o", "mail"});
            searchControls.setSearchScope(2);
            NamingEnumeration search = initialDirContext.search(str, "(&(" + str.substring(0, str.indexOf(",")) + "))", searchControls);
            while (search.hasMore()) {
                try {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if ((attributes.get("cn") + "").startsWith("cn: ")) {
                        strArr[0] = (attributes.get("cn") + "").substring(4);
                    } else {
                        strArr[0] = attributes.get("cn") + "";
                    }
                    if ((attributes.get("o") + "").startsWith("o: ")) {
                        strArr[1] = (attributes.get("o") + "").substring(3);
                    } else {
                        strArr[1] = attributes.get("o") + "";
                    }
                    if ((attributes.get("mail") + "").startsWith("mail: ")) {
                        strArr[2] = (attributes.get("mail") + "").substring(6);
                    } else {
                        strArr[2] = attributes.get("mail") + "";
                    }
                } catch (SizeLimitExceededException e2) {
                    logMetacat.error("AuthLdap.getUserInfo - LDAP Server size limit exceeded. Returning incomplete record set.");
                }
            }
            initialDirContext.close();
            return strArr;
        } catch (NamingException e3) {
            logMetacat.error("AuthLdap.getUserInfo - Problem getting users:" + e3);
            throw new ConnectException("Problem getting users in AuthLdap.getUsers:" + e3);
        }
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String[] getUsers(String str, String str2, String str3) throws ConnectException {
        String[] strArr = null;
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.referral", this.referral);
        hashtable.put("java.naming.provider.url", this.ldapUrl);
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            Attributes attributes = initialDirContext.getAttributes(str3, new String[]{"uniqueMember"});
            Vector vector = new Vector();
            try {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    NamingEnumeration all2 = ((Attribute) all.next()).getAll();
                    while (all2.hasMore()) {
                        vector.add(all2.next());
                    }
                }
            } catch (SizeLimitExceededException e) {
                logMetacat.error("AuthLdap.getUsers - LDAP Server size limit exceeded. Returning incomplete record set.");
            }
            strArr = new String[vector.size()];
            for (int i = 0; i < vector.size(); i++) {
                strArr[i] = (String) vector.elementAt(i);
            }
            initialDirContext.close();
        } catch (NamingException e2) {
            logMetacat.error("AuthLdap.getUsers - Problem getting users for a group in AuthLdap.getUsers:" + e2);
        }
        return strArr;
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String[][] getGroups(String str, String str2) throws ConnectException {
        return getGroups(str, str2, null);
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String[][] getGroups(String str, String str2, String str3) throws ConnectException {
        logMetacat.debug("AuthLdap.getGroups - getGroups() called.");
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        this.userName = str;
        this.userPassword = str2;
        this.env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.env.put("java.naming.referral", "throw");
        this.env.put("java.naming.provider.url", this.ldapUrl);
        this.env.put("com.sun.jndi.ldap.connect.timeout", this.ldapConnectTimeLimit);
        try {
            try {
                DirContext initialDirContext = new InitialDirContext(this.env);
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{"cn", "o", "description"});
                searchControls.setSearchScope(2);
                searchControls.setTimeLimit(this.ldapSearchTimeLimit);
                searchControls.setCountLimit(this.ldapSearchCountLimit);
                String str4 = null == str3 ? "(objectClass=groupOfUniqueNames)" : "(& (objectClass=groupOfUniqueNames)(uniqueMember=" + str3 + "))";
                logMetacat.info("AuthLdap.getGroups - group filter is: " + str4);
                boolean z = true;
                while (z) {
                    try {
                        NamingEnumeration search = initialDirContext.search(this.ldapBase, str4, searchControls);
                        while (search.hasMore()) {
                            SearchResult searchResult = (SearchResult) search.next();
                            Attributes attributes = searchResult.getAttributes();
                            if ((attributes.get("description") + "").startsWith("description: ")) {
                                vector2.add((attributes.get("description") + "").substring(13));
                            } else {
                                vector2.add(attributes.get("description") + "");
                            }
                            if (searchResult.getName().startsWith("ldap") || !searchResult.isRelative()) {
                                logMetacat.debug("AuthLdap.getGroups - Search result entry is absolute ...");
                                Hashtable hashtable = new Hashtable(11);
                                hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                                hashtable.put("java.naming.referral", "ignore");
                                hashtable.put("java.naming.provider.url", this.ldapUrl);
                                hashtable.put("com.sun.jndi.ldap.connect.timeout", this.ldapConnectTimeLimit);
                                try {
                                    InitialDirContext initialDirContext2 = new InitialDirContext(hashtable);
                                    SearchControls searchControls2 = new SearchControls();
                                    searchControls2.setReturningAttributes(new String[]{"o"});
                                    searchControls2.setSearchScope(1);
                                    searchControls2.setTimeLimit(this.ldapSearchTimeLimit);
                                    searchControls2.setCountLimit(this.ldapSearchCountLimit);
                                    String str5 = "(&(objectClass=referral)(ref=" + this.currentReferralInfo.substring(0, this.currentReferralInfo.indexOf("?")) + "))";
                                    logMetacat.debug("AuthLdap.getGroups - rFilter is: " + str5);
                                    NamingEnumeration search2 = initialDirContext2.search(this.ldapBase, str5, searchControls2);
                                    while (search2.hasMore()) {
                                        SearchResult searchResult2 = (SearchResult) search2.next();
                                        Attributes attributes2 = searchResult2.getAttributes();
                                        logMetacat.debug("AuthLdap.getGroups - referral search result is: " + searchResult2.toString());
                                        if ((attributes.get("cn") + "").startsWith("cn: ")) {
                                            vector.add("cn=" + (attributes.get("cn") + "").substring(4) + ",o=" + (attributes2.get("o") + "").substring(3) + "," + this.ldapBase);
                                            logMetacat.info("AuthLdap.getGroups - group " + (attributes.get("cn") + "").substring(4) + ",o=" + (attributes2.get("o") + "").substring(3) + "," + this.ldapBase + " added to the group vector");
                                        } else {
                                            vector.add("cn=" + attributes.get("cn") + ",o=" + attributes2.get("o") + "," + this.ldapBase);
                                            logMetacat.info("AuthLdap.getGroups - group cn=" + attributes.get("cn") + ",o=" + attributes2.get("o") + "," + this.ldapBase + " added to the group vector");
                                        }
                                    }
                                } catch (NamingException e) {
                                    logMetacat.debug("AuthLdap.getGroups - Caught naming exception: ");
                                    e.printStackTrace(System.err);
                                }
                            } else {
                                logMetacat.debug("AuthLdap.getGroups - Search result entry is relative ...");
                                vector.add(searchResult.getName() + "," + this.ldapBase);
                                logMetacat.info("AuthLdap.getGroups - group " + searchResult.getName() + "," + this.ldapBase + " added to the group vector");
                            }
                        }
                        z = false;
                    } catch (ReferralException e2) {
                        logMetacat.info("AuthLdap.getGroups -  caught referral exception: " + e2.getReferralInfo());
                        this.currentReferralInfo = (String) e2.getReferralInfo();
                        z = true;
                        boolean z2 = true;
                        while (z2) {
                            try {
                                initialDirContext = (DirContext) e2.getReferralContext();
                                z2 = false;
                            } catch (NamingException e3) {
                                logMetacat.error("NamingException when getting referral contex. Skipping this referral. " + e3.getMessage());
                                e2.skipReferral();
                                z2 = true;
                            }
                        }
                    }
                }
                initialDirContext.close();
                logMetacat.warn("AuthLdap.getGroups - The user is in the following groups: " + vector.toString());
                String[][] strArr = new String[vector.size()][2];
                for (int i = 0; i < vector.size(); i++) {
                    strArr[i][0] = (String) vector.elementAt(i);
                    strArr[i][1] = (String) vector2.elementAt(i);
                }
                return strArr;
            } catch (Throwable th) {
                logMetacat.warn("AuthLdap.getGroups - The user is in the following groups: " + vector.toString());
                String[][] strArr2 = new String[vector.size()][2];
                for (int i2 = 0; i2 < vector.size(); i2++) {
                    strArr2[i2][0] = (String) vector.elementAt(i2);
                    strArr2[i2][1] = (String) vector2.elementAt(i2);
                }
                return strArr2;
            }
        } catch (NamingException e4) {
            logMetacat.info("AuthLdap.getGroups - caught naming exception: ");
            e4.printStackTrace(System.err);
            logMetacat.warn("AuthLdap.getGroups - The user is in the following groups: " + vector.toString());
            String[][] strArr3 = new String[vector.size()][2];
            for (int i3 = 0; i3 < vector.size(); i3++) {
                strArr3[i3][0] = (String) vector.elementAt(i3);
                strArr3[i3][1] = (String) vector2.elementAt(i3);
            }
            return strArr3;
        }
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public HashMap<String, Vector<String>> getAttributes(String str) throws ConnectException {
        return getAttributes(null, null, str);
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public HashMap<String, Vector<String>> getAttributes(String str, String str2, String str3) throws ConnectException {
        HashMap<String, Vector<String>> hashMap = new HashMap<>();
        String str4 = this.ldapUrl;
        String str5 = this.ldapBase;
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.referral", this.referral);
        hashtable.put("java.naming.provider.url", str4);
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            NamingEnumeration all = initialDirContext.getAttributes(str3).getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                Vector<String> vector = new Vector<>();
                String id = attribute.getID();
                NamingEnumeration all2 = attribute.getAll();
                while (all2.hasMore()) {
                    try {
                        vector.add((String) all2.next());
                    } catch (ClassCastException e) {
                        logMetacat.debug("Could not cast LDAP attribute (" + id + ") to a String value, so skipping.");
                    }
                }
                hashMap.put(id, vector);
            }
            initialDirContext.close();
            return hashMap;
        } catch (NamingException e2) {
            logMetacat.error("AuthLdap.getAttributes - Problem getting attributes:" + e2);
            throw new ConnectException("Problem getting attributes in AuthLdap.getAttributes:" + e2);
        }
    }

    private Hashtable getSubtrees(String str, String str2, String str3, String str4) throws ConnectException {
        logMetacat.debug("AuthLdap.getSubtrees - getting subtrees for user: " + str + ", ldapUrl: " + str3 + ", ldapBase: " + str4);
        Hashtable hashtable = new Hashtable();
        Hashtable hashtable2 = new Hashtable(11);
        hashtable2.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable2.put("java.naming.referral", "ignore");
        hashtable2.put("java.naming.provider.url", str3 + str4);
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable2);
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{"o", "ref"});
            searchControls.setSearchScope(2);
            NamingEnumeration search = initialDirContext.search("", "(|(objectclass=organization)(objectclass=referral))", searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                logMetacat.debug("AuthLdap.getSubtrees - search result: " + searchResult.toString());
                NamingEnumeration all = searchResult.getAttributes().getAll();
                if (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    String str5 = (String) attribute.get();
                    String id = attribute.getID();
                    if (all.hasMore()) {
                        Attribute attribute2 = (Attribute) all.next();
                        String str6 = (String) attribute2.get();
                        String id2 = attribute2.getID();
                        if (str4.startsWith(id2 + "=" + str6)) {
                            hashtable.put(str4, str5.substring(0, str5.lastIndexOf("/") + 1));
                        } else {
                            hashtable.put("[" + id2 + "=" + str6 + "]" + str5.substring(str5.lastIndexOf("/") + 1, str5.length()), str5.substring(0, str5.lastIndexOf("/") + 1));
                        }
                    } else if (str4.startsWith(id + "=" + str5)) {
                        hashtable.put(str4, str3);
                    } else if (searchResult.isRelative()) {
                        hashtable.put(id + "=" + str5 + "," + str4, str3);
                    } else {
                        String name = searchResult.getName();
                        hashtable.put(id + "=" + str5 + "," + str4, name.substring(0, name.lastIndexOf("/") + 1));
                    }
                }
            }
            initialDirContext.close();
            return hashtable;
        } catch (NamingException e) {
            logMetacat.error("AuthLdap.getSubtrees - Problem getting subtrees in AuthLdap.getSubtrees:" + e);
            throw new ConnectException("Problem getting subtrees in AuthLdap.getSubtrees:" + e);
        }
    }

    @Override // edu.ucsb.nceas.metacat.AuthInterface
    public String getPrincipals(String str, String str2) throws ConnectException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n");
        stringBuffer.append("<principals>\n");
        Hashtable subtrees = getSubtrees(str, str2, this.ldapUrl, this.ldapBase);
        Enumeration keys = subtrees.keys();
        while (keys.hasMoreElements()) {
            this.ldapBase = (String) keys.nextElement();
            this.ldapUrl = (String) subtrees.get(this.ldapBase);
            logMetacat.info("AuthLdap.getPrincipals - ldapBase: " + this.ldapBase + ", ldapUrl: " + this.ldapUrl);
            String str3 = this.ldapBase;
            if (str3.startsWith("[")) {
                this.ldapBase = str3.substring(str3.indexOf("]") + 1);
                if (str3 != null && str3.indexOf("o=") > -1) {
                    String substring = str3.substring(str3.indexOf("o=") + 2);
                    str3 = substring.substring(0, substring.indexOf("]"));
                }
            } else if (str3 != null && str3.indexOf("o=") > -1) {
                str3 = str3.substring(str3.indexOf("o=") + 2);
                if (str3.indexOf(",") > -1) {
                    str3 = str3.substring(0, str3.indexOf(","));
                }
            }
            logMetacat.info("AuthLdap.getPrincipals - org name is  " + str3);
            String escapeXml = StringEscapeUtils.escapeXml(str3);
            logMetacat.info("AuthLdap.getPrincipals - org name (after the xml escaping) is  " + escapeXml);
            stringBuffer.append("  <authSystem URI=\"" + this.ldapUrl + this.ldapBase + "\" organization=\"" + escapeXml + "\">\n");
            String[][] groups = getGroups(str, str2);
            logMetacat.debug("AuthLdap.getPrincipals - after getting groups " + groups);
            String[][] users = getUsers(str, str2);
            logMetacat.debug("AuthLdap.getPrincipals - after getting users " + users);
            if (groups != null && users != null && groups.length > 0) {
                for (int i = 0; i < groups.length; i++) {
                    stringBuffer.append("    <group>\n");
                    stringBuffer.append("      <groupname>" + StringEscapeUtils.escapeXml(groups[i][0]) + "</groupname>\n");
                    stringBuffer.append("      <description>" + StringEscapeUtils.escapeXml(groups[i][1]) + "</description>\n");
                    String[] users2 = getUsers(str, str2, groups[i][0]);
                    for (int i2 = 0; i2 < users2.length; i2++) {
                        int searchUser = searchUser(users2[i2], users);
                        stringBuffer.append("      <user>\n");
                        if (searchUser < 0) {
                            stringBuffer.append("        <username>" + StringEscapeUtils.escapeXml(users2[i2]) + "</username>\n");
                        } else {
                            stringBuffer.append("        <username>" + StringEscapeUtils.escapeXml(users[searchUser][0]) + "</username>\n");
                            stringBuffer.append("        <name>" + StringEscapeUtils.escapeXml(users[searchUser][1]) + "</name>\n");
                            stringBuffer.append("        <organization>" + StringEscapeUtils.escapeXml(users[searchUser][2]) + "</organization>\n");
                            if (users[searchUser][3].compareTo("null") != 0) {
                                stringBuffer.append("      <organizationUnitName>" + StringEscapeUtils.escapeXml(users[searchUser][3]) + "</organizationUnitName>\n");
                            }
                            stringBuffer.append("        <email>" + StringEscapeUtils.escapeXml(users[searchUser][4]) + "</email>\n");
                        }
                        stringBuffer.append("      </user>\n");
                    }
                    stringBuffer.append("    </group>\n");
                }
            }
            if (users != null) {
                for (int i3 = 0; i3 < users.length; i3++) {
                    stringBuffer.append("    <user>\n");
                    stringBuffer.append("      <username>" + StringEscapeUtils.escapeXml(users[i3][0]) + "</username>\n");
                    stringBuffer.append("      <name>" + StringEscapeUtils.escapeXml(users[i3][1]) + "</name>\n");
                    stringBuffer.append("      <organization>" + StringEscapeUtils.escapeXml(users[i3][2]) + "</organization>\n");
                    if (users[i3][3].compareTo("null") != 0) {
                        stringBuffer.append("      <organizationUnitName>" + StringEscapeUtils.escapeXml(users[i3][3]) + "</organizationUnitName>\n");
                    }
                    stringBuffer.append("      <email>" + StringEscapeUtils.escapeXml(users[i3][4]) + "</email>\n");
                    stringBuffer.append("    </user>\n");
                }
            }
            stringBuffer.append("  </authSystem>\n");
        }
        stringBuffer.append("</principals>");
        return stringBuffer.toString();
    }

    public static int searchUser(String str, String[][] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (str.compareTo(strArr[i][0]) == 0) {
                return i;
            }
        }
        return -1;
    }

    public void testCredentials(String str, String str2, String str3, String str4) throws NamingException {
        String substring;
        String substring2;
        logMetacat.debug("dn is: " + str);
        int lastIndexOf = str.lastIndexOf("/");
        logMetacat.debug("AuthLdap.testCredentials - position is: " + lastIndexOf);
        if (lastIndexOf == -1) {
            substring = str3;
            substring2 = str.indexOf("") < 0 ? str + "," + str4 : str;
            logMetacat.debug("AuthLdap.testCredentials - userDN is: " + substring2);
        } else {
            substring = str.substring(0, lastIndexOf + 1);
            substring2 = str.substring(lastIndexOf + 1);
            logMetacat.debug("AuthLdap.testCredentials - server is: " + substring);
            logMetacat.debug("AuthLdap.testCredentials - userDN is: " + substring2);
        }
        logMetacat.debug("AuthLdap.testCredentials - Trying to authenticate: " + substring2 + " using server: " + substring);
        this.env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.env.put("java.naming.referral", "follow");
        this.env.put("java.naming.security.authentication", "simple");
        this.env.put("java.naming.security.principal", substring2);
        this.env.put("java.naming.security.credentials", str2);
        this.env.put("java.naming.provider.url", str3);
        new InitialLdapContext(this.env, (Control[]) null);
    }

    public static void main(String[] strArr) {
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        logMetacat.warn("AuthLdap.main - Creating session...");
        try {
            AuthLdap authLdap = new AuthLdap();
            logMetacat.warn("AuthLdap.main - Session exists...");
            try {
                logMetacat.warn("AuthLdap.main - Authenticating...");
                boolean authenticate = authLdap.authenticate(str, str2);
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Authentication successful for: " + str);
                } else {
                    logMetacat.warn("AuthLdap.main - Authentication failed for: " + str);
                }
                if (authenticate) {
                    logMetacat.info("AuthLdap.main - Getting attributes for user....");
                    HashMap<String, Vector<String>> attributes = authLdap.getAttributes(str, str2, str);
                    for (String str4 : attributes.keySet()) {
                        Iterator<String> it = attributes.get(str4).iterator();
                        while (it.hasNext()) {
                            logMetacat.warn("AuthLdap.main - " + str4 + ": " + it.next());
                        }
                    }
                }
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Getting all groups....");
                    String[][] groups = authLdap.getGroups(str, str2);
                    logMetacat.info("AuthLdap.main - Groups found: " + groups.length);
                    for (int i = 0; i < groups.length; i++) {
                        logMetacat.info("AuthLdap.main - Group " + i + ": " + groups[i][0]);
                    }
                }
                String str5 = null;
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Getting groups for user....");
                    String[][] groups2 = authLdap.getGroups(str, str2, str);
                    logMetacat.info("AuthLdap.main - Groups found: " + groups2.length);
                    for (int i2 = 0; i2 < groups2.length; i2++) {
                        logMetacat.info("AuthLdap.main - Group " + i2 + ": " + groups2[i2][0]);
                        str5 = groups2[i2][0];
                    }
                }
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Getting users for group....");
                    logMetacat.info("AuthLdap.main - Group: " + str5);
                    String[] users = authLdap.getUsers(str, str2, str5);
                    logMetacat.info("AuthLdap.main - Users found: " + users.length);
                    for (int i3 = 0; i3 < users.length; i3++) {
                        logMetacat.warn("AuthLdap.main - User " + i3 + ": " + users[i3]);
                    }
                }
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Getting all users ....");
                    logMetacat.info("AuthLdap.main - Users found: " + authLdap.getUsers(str, str2).length);
                }
                if (authenticate) {
                    logMetacat.warn("AuthLdap.main - Trying principals....");
                    String principals = new AuthLdap().getPrincipals(str, str2);
                    FileWriter fileWriter = new FileWriter(new File("principals.xml"));
                    BufferedWriter bufferedWriter = new BufferedWriter(fileWriter);
                    bufferedWriter.write(principals);
                    bufferedWriter.flush();
                    bufferedWriter.close();
                    fileWriter.close();
                    logMetacat.warn("AuthLdap.main - Finished getting principals.");
                }
            } catch (IOException e) {
                logMetacat.error("AuthLdap.main - I/O Error writing to file principals.txt: " + e.getMessage());
            } catch (InstantiationException e2) {
                logMetacat.error("AuthLdap.main - Instantiation error writing to file principals.txt: " + e2.getMessage());
            } catch (ConnectException e3) {
                logMetacat.error("AuthLdap.main - " + e3.getMessage());
            }
        } catch (Exception e4) {
            logMetacat.error("AuthLdap.main - Could not instantiate AuthLdap: " + e4.getMessage());
        }
    }
}
