package org.alfresco.repo.security.authentication.ldap;

import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.sync.ldap.LDAPNameResolver;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:org/alfresco/repo/security/authentication/ldap/LDAPAuthenticationComponentImpl.class */
public class LDAPAuthenticationComponentImpl extends AbstractAuthenticationComponent implements InitializingBean, ActivateableBean {
    private boolean escapeCommasInBind = false;
    private boolean escapeCommasInUid = false;
    private boolean active = true;
    private String userNameFormat;
    private LDAPNameResolver ldapNameResolver;
    private LDAPInitialDirContextFactory ldapInitialContextFactory;

    public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory lDAPInitialDirContextFactory) {
        this.ldapInitialContextFactory = lDAPInitialDirContextFactory;
    }

    public void setUserNameFormat(String str) {
        this.userNameFormat = (str == null || str.length() == 0) ? null : str;
    }

    public void setLdapNameResolver(LDAPNameResolver lDAPNameResolver) {
        this.ldapNameResolver = lDAPNameResolver;
    }

    public void setEscapeCommasInBind(boolean z) {
        this.escapeCommasInBind = z;
    }

    public void setEscapeCommasInUid(boolean z) {
        this.escapeCommasInUid = z;
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    @Override // org.alfresco.repo.management.subsystems.ActivateableBean
    public boolean isActive() {
        return this.active;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.ldapNameResolver == null && this.userNameFormat == null) {
            throw new IllegalStateException("At least one of ldapNameResolver and userNameFormat must be set");
        }
    }

    @Override // org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
    protected void authenticateImpl(String str, char[] cArr) throws AuthenticationException {
        InitialDirContext initialDirContext = null;
        try {
            initialDirContext = this.ldapInitialContextFactory.getInitialDirContext(this.userNameFormat == null ? this.ldapNameResolver.resolveDistinguishedName(str) : String.format(this.userNameFormat, escapeUserName(str, this.escapeCommasInBind)), new String(cArr));
            setCurrentUser(escapeUserName(str, this.escapeCommasInUid));
            if (initialDirContext != null) {
                try {
                    initialDirContext.close();
                } catch (NamingException e) {
                    clearCurrentSecurityContext();
                    throw new AuthenticationException("Failed to close connection", e);
                }
            }
        } catch (Throwable th) {
            if (initialDirContext != null) {
                try {
                    initialDirContext.close();
                } catch (NamingException e2) {
                    clearCurrentSecurityContext();
                    throw new AuthenticationException("Failed to close connection", e2);
                }
            }
            throw th;
        }
    }

    private static String escapeUserName(String str, boolean z) {
        if (!z) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == ',') {
                stringBuffer.append('\\');
            }
            stringBuffer.append(charAt);
        }
        return stringBuffer.toString();
    }

    @Override // org.alfresco.repo.security.authentication.AbstractAuthenticationComponent
    protected boolean implementationAllowsGuestLogin() {
        return true;
    }
}
