package org.jivesoftware.openfire.ldap;

import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.jivesoftware.openfire.auth.AuthorizationMapping;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/ldap/LdapAuthorizationMapping.class */
public class LdapAuthorizationMapping implements AuthorizationMapping {
    private static final Logger Log = LoggerFactory.getLogger(LdapAuthorizationMapping.class);
    private LdapManager manager;
    private String princField;
    private String princSearchFilter;

    public LdapAuthorizationMapping() {
        JiveGlobals.migrateProperty("ldap.princField");
        JiveGlobals.migrateProperty("ldap.princSearchFilter");
        this.manager = LdapManager.getInstance();
        this.princField = JiveGlobals.getProperty("ldap.princField", "k5login");
        this.princSearchFilter = JiveGlobals.getProperty("ldap.princSearchFilter");
        StringBuilder sb = new StringBuilder();
        if (this.princSearchFilter == null) {
            sb.append('(').append(this.princField).append("={0})");
        } else {
            sb.append("(&(").append(this.princField).append("={0})(");
            sb.append(this.princSearchFilter).append("))");
        }
        this.princSearchFilter = sb.toString();
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationMapping
    public String map(String str) {
        String usernameField;
        LdapContext context;
        NamingEnumeration search;
        String str2 = str;
        DirContext dirContext = null;
        try {
            Log.debug("LdapAuthorizationMapping: Starting LDAP search...");
            usernameField = this.manager.getUsernameField();
            boolean isSubTreeSearch = this.manager.isSubTreeSearch();
            context = this.manager.getContext();
            SearchControls searchControls = new SearchControls();
            if (isSubTreeSearch) {
                searchControls.setSearchScope(2);
            } else {
                searchControls.setSearchScope(1);
            }
            searchControls.setReturningAttributes(new String[]{usernameField});
            search = context.search("", this.princSearchFilter, new String[]{LdapManager.sanitizeSearchFilter(str)}, searchControls);
            Log.debug("LdapAuthorizationMapping: ... search finished");
        } catch (Exception e) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (Exception e2) {
                    Log.debug("An exception occurred while trying to close a LDAP context after trying to map authorization for principal {}.", str, e2);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (Exception e3) {
                    Log.debug("An exception occurred while trying to close a LDAP context after trying to map authorization for principal {}.", str, e3);
                    throw th;
                }
            }
            throw th;
        }
        if (search == null || !search.hasMoreElements()) {
            Log.debug("LdapAuthorizationMapping: Username based on principal '" + str + "' not found.");
            if (context != null) {
                try {
                    context.close();
                } catch (Exception e4) {
                    Log.debug("An exception occurred while trying to close a LDAP context after trying to map authorization for principal {}.", str, e4);
                }
            }
            return str;
        }
        str2 = (String) ((SearchResult) search.next()).getAttributes().get(usernameField).get();
        if (context != null) {
            try {
                context.close();
            } catch (Exception e5) {
                Log.debug("An exception occurred while trying to close a LDAP context after trying to map authorization for principal {}.", str, e5);
            }
        }
        return str2;
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationMapping
    public String name() {
        return "LDAP Authorization Mapping";
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationMapping
    public String description() {
        return "Provider for authorization using LDAP. Returns the authentication identity's (principal, whose password is used) default authorization identity (username to act as) using the attribute specified in ldap.princField.";
    }
}
