package com.atlassian.user.impl.ldap.security.authentication;

import com.atlassian.user.EntityException;
import com.atlassian.user.impl.ldap.InitialDirContextInitialisationHelper;
import com.atlassian.user.impl.ldap.properties.LdapConnectionProperties;
import com.atlassian.user.impl.ldap.properties.LdapSearchProperties;
import com.atlassian.user.impl.ldap.repository.LdapContextFactory;
import com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor;
import com.atlassian.user.impl.ldap.search.LDAPUserAdaptor;
import com.atlassian.user.impl.ldap.search.LdapFilterFactory;
import com.atlassian.user.repository.RepositoryIdentifier;
import com.atlassian.user.security.authentication.Authenticator;
import com.atlassian.user.util.LDAPUtils;
import com.atlassian.user.util.UtilTimerStackUtils;
import java.util.function.Supplier;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;

/* loaded from: input_file:com/atlassian/user/impl/ldap/security/authentication/DefaultLDAPAuthenticator.class */
public class DefaultLDAPAuthenticator implements Authenticator {
    private static final Logger log = Logger.getLogger(DefaultLDAPAuthenticator.class);
    private final LDAPUserAdaptor userAdaptor;
    private final LdapSearchProperties searchProperties;
    private final RepositoryIdentifier repositoryIdentifier;
    private final LdapConnectionProperties connectionProperties;
    private final LdapFilterFactory filterFactory;
    private final LdapContextFactory contextFactory;

    public DefaultLDAPAuthenticator(RepositoryIdentifier repositoryIdentifier, LdapContextFactory ldapContextFactory, LdapSearchProperties ldapSearchProperties, LdapConnectionProperties ldapConnectionProperties, LdapFilterFactory ldapFilterFactory) {
        this.repositoryIdentifier = repositoryIdentifier;
        this.filterFactory = ldapFilterFactory;
        this.searchProperties = ldapSearchProperties;
        this.connectionProperties = ldapConnectionProperties;
        this.contextFactory = ldapContextFactory;
        this.userAdaptor = new DefaultLDAPUserAdaptor(ldapContextFactory, ldapSearchProperties, ldapFilterFactory);
    }

    public boolean authenticate(String str, String str2) throws EntityException {
        Supplier supplier = () -> {
            return getClass().getName() + "_authenticate__" + str;
        };
        UtilTimerStackUtils.push(supplier);
        try {
            if (StringUtils.isEmpty(str2)) {
                log.debug("Cannot perform authentication on empty passwords.");
                UtilTimerStackUtils.pop(supplier);
                return false;
            }
            DirContext dirContext = null;
            try {
                String userDN = this.userAdaptor.getUserDN(str);
                try {
                    try {
                        try {
                            dirContext = InitialDirContextInitialisationHelper.newInitialDirContext(getClass().getClassLoader(), this.contextFactory.getAuthenticationJndiEnvironment(userDN, str2));
                            SearchControls searchControls = new SearchControls();
                            searchControls.setReturningAttributes(new String[]{this.searchProperties.getUsernameAttribute()});
                            searchControls.setSearchScope(2);
                            AndFilter andFilter = new AndFilter();
                            andFilter.and(this.filterFactory.getUserSearchFilter());
                            andFilter.and(new EqualsFilter(this.searchProperties.getUsernameAttribute(), str));
                            if (log.isDebugEnabled()) {
                                log.debug("Doing initial search to complete authentication, username: '" + str + "', base: '" + this.searchProperties.getBaseUserNamespace() + "' filter: '" + andFilter.encode() + "'");
                            }
                            dirContext.search(this.searchProperties.getBaseUserNamespace(), andFilter.encode(), searchControls);
                            LDAPUtils.closeQuietly((Context) dirContext);
                            UtilTimerStackUtils.pop(supplier);
                            return true;
                        } finally {
                            LDAPUtils.closeQuietly((Context) null);
                        }
                    } catch (Throwable th) {
                        log.error("Error occurred in LDAP authentication for username: " + str, th);
                        LDAPUtils.closeQuietly((Context) dirContext);
                        UtilTimerStackUtils.pop(supplier);
                        return false;
                    }
                } catch (AuthenticationException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("LDAP authentication failed, user: '" + str + "', constructed DN: '" + userDN + "'", e);
                    }
                    dirContext = dirContext;
                    UtilTimerStackUtils.pop(supplier);
                    return false;
                } catch (NamingException e2) {
                    log.error("LDAP authentication error, user: '" + str + "', constructed DN: '" + userDN + "', connectionProperties: " + this.connectionProperties, e2);
                    LDAPUtils.closeQuietly((Context) dirContext);
                    UtilTimerStackUtils.pop(supplier);
                    return false;
                }
            } catch (EntityException e3) {
                log.error("Could not construct DN to authenticate user: " + str, e3);
                UtilTimerStackUtils.pop(supplier);
                return false;
            }
        } catch (Throwable th2) {
            UtilTimerStackUtils.pop(supplier);
            throw th2;
        }
    }

    public RepositoryIdentifier getRepository() {
        return this.repositoryIdentifier;
    }
}
