package org.smallmind.nutsnbolts.shiro.realm;

import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.UUID;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;

/* loaded from: input_file:org/smallmind/nutsnbolts/shiro/realm/ActiveDirectoryLdapRealm.class */
public class ActiveDirectoryLdapRealm extends LdapAuthorizingRealm {
    private static final CredentialsMatcher CREDENTIALS_MATCHER = new HashedCredentialsMatcher("SHA-1");
    private static final String[] RETURNED_ATTRIBUTES = {"sn", "givenName", "mail"};
    private static HashSet<String> ROLE_SET = new HashSet<>();
    private LdapConnectionDetails connectionDetails;
    private String searchPath;
    private String domain;

    @Override // org.smallmind.nutsnbolts.shiro.realm.LdapAuthorizingRealm
    public void setConnectionDetails(LdapConnectionDetails ldapConnectionDetails) {
        this.connectionDetails = ldapConnectionDetails;
    }

    @Override // org.smallmind.nutsnbolts.shiro.realm.LdapAuthorizingRealm
    public void setSearchPath(String str) {
        this.searchPath = str;
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return CREDENTIALS_MATCHER;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return new SimpleAuthorizationInfo(Collections.unmodifiableSet(ROLE_SET));
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        try {
            String str = "(&(objectClass=user)(sAMAccountName=" + authenticationToken.getPrincipal() + "))";
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(RETURNED_ATTRIBUTES);
            searchControls.setSearchScope(2);
            searchControls.setCountLimit(1L);
            NamingEnumeration search = getLdapContext(this.connectionDetails.getUserName(), this.connectionDetails.getPassword()).search(this.searchPath, str, searchControls);
            if (!search.hasMoreElements() || ((SearchResult) search.next()).getAttributes() == null) {
                return null;
            }
            getLdapContext(authenticationToken.getPrincipal().toString() + "@" + this.domain, new String((char[]) authenticationToken.getCredentials()));
            String str2 = new String((char[]) authenticationToken.getCredentials());
            SimpleByteSource simpleByteSource = new SimpleByteSource(UUID.randomUUID().toString());
            return new SimpleAuthenticationInfo(authenticationToken.getPrincipal(), new Sha1Hash(str2, simpleByteSource).getBytes(), simpleByteSource, getName());
        } catch (NamingException e) {
            throw new AuthenticationException(e);
        }
    }

    private DirContext getLdapContext(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://" + this.connectionDetails.getHost() + ":" + this.connectionDetails.getPort() + "/" + this.connectionDetails.getRootNamespace());
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        return new InitialDirContext(hashtable);
    }

    static {
        ROLE_SET.add(RoleType.ADMIN.getCode());
    }
}
