package org.sonatype.security.ldap.realms;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.rest.global.AbstractGlobalConfigurationPlexusResource;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.17-01/dependencies/nexus-ldap-common-2.14.17-01.jar:org/sonatype/security/ldap/realms/DefaultLdapContextFactory.class */
public class DefaultLdapContextFactory implements LdapContextFactory {
    protected static final String SUN_CONNECTION_POOLING_ENV_PROPERTY = "com.sun.jndi.ldap.connect.pool";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultLdapContextFactory.class);
    public static final String NEXUS_LDAP_ENV_PREFIX = "nexus.ldap.env.";
    protected String authentication = AbstractGlobalConfigurationPlexusResource.SECURITY_SIMPLE;
    protected String principalSuffix = null;
    protected String searchBase = null;
    protected String contextFactoryClassName = null;
    protected String url = null;
    protected String referral = null;
    protected String systemUsername = null;
    protected String systemPassword = null;
    private boolean usePooling = true;
    private Map<String, String> additionalEnvironment = Maps.newHashMap();

    public DefaultLdapContextFactory() {
        this.additionalEnvironment.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.additionalEnvironment.put("java.naming.referral", "follow");
        for (String str : System.getProperties().stringPropertyNames()) {
            if (str.startsWith(NEXUS_LDAP_ENV_PREFIX) && str.length() > NEXUS_LDAP_ENV_PREFIX.length()) {
                String substring = str.substring(NEXUS_LDAP_ENV_PREFIX.length());
                String property = System.getProperty(str);
                if (property != null) {
                    this.additionalEnvironment.put(substring, property);
                }
            }
        }
    }

    public void setAuthentication(String str) {
        this.authentication = str;
    }

    public void setPrincipalSuffix(String str) {
        this.principalSuffix = str;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
    }

    public void setContextFactoryClassName(String str) {
        this.contextFactoryClassName = str;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public void setReferral(String str) {
        this.referral = str;
    }

    public void setSystemUsername(String str) {
        this.systemUsername = str;
    }

    public void setSystemPassword(String str) {
        this.systemPassword = str;
    }

    public void setUsePooling(boolean z) {
        this.usePooling = z;
    }

    public void setAdditionalEnvironment(Map<String, String> map) {
        this.additionalEnvironment = Maps.newHashMap();
        this.additionalEnvironment.putAll(map);
    }

    public void addAdditionalEnvironment(Map<String, String> map) {
        this.additionalEnvironment.putAll(map);
    }

    @Override // org.apache.shiro.realm.ldap.LdapContextFactory
    public LdapContext getSystemLdapContext() throws NamingException {
        return getLdapContext(this.systemUsername, this.systemPassword, true);
    }

    @Override // org.apache.shiro.realm.ldap.LdapContextFactory
    public LdapContext getLdapContext(String str, String str2) throws NamingException {
        return getLdapContext(str, str2, false);
    }

    @Override // org.apache.shiro.realm.ldap.LdapContextFactory
    public LdapContext getLdapContext(Object obj, Object obj2) throws NamingException {
        return getLdapContext(obj.toString(), obj2.toString(), false);
    }

    public LdapContext getLdapContext(String str, String str2, boolean z) throws NamingException {
        return new InitialLdapContext(getSetupEnvironment(str, str2, z), (Control[]) null);
    }

    @VisibleForTesting
    Hashtable<String, String> getSetupEnvironment(String str, String str2, boolean z) {
        Preconditions.checkNotNull(this.url, "No ldap URL specified (ldap://<hostname>:<port>)");
        if (str != null && this.principalSuffix != null) {
            str = str + this.principalSuffix;
        }
        Hashtable<String, String> hashtable = new Hashtable<>();
        if (this.additionalEnvironment != null) {
            hashtable.putAll(this.additionalEnvironment);
        }
        if (!"none".equals(this.authentication) || z) {
            hashtable.put("java.naming.security.authentication", this.authentication);
        } else {
            hashtable.put("java.naming.security.authentication", AbstractGlobalConfigurationPlexusResource.SECURITY_SIMPLE);
        }
        if (str != null) {
            hashtable.put("java.naming.security.principal", str);
        }
        if (str2 != null) {
            hashtable.put("java.naming.security.credentials", str2);
        }
        if (this.contextFactoryClassName != null) {
            hashtable.put("java.naming.factory.initial", this.contextFactoryClassName);
        }
        hashtable.put("java.naming.provider.url", this.url);
        if (this.referral != null) {
            hashtable.put("java.naming.referral", this.referral);
        }
        if (this.usePooling && str != null && z) {
            hashtable.put(SUN_CONNECTION_POOLING_ENV_PROPERTY, "true");
        }
        if (log.isDebugEnabled()) {
            HashMap newHashMap = Maps.newHashMap(hashtable);
            if (newHashMap.containsKey("java.naming.security.credentials")) {
                newHashMap.put("java.naming.security.credentials", "***");
            }
            Logger logger = log;
            Object[] objArr = new Object[4];
            objArr[0] = this.url;
            objArr[1] = this.systemUsername;
            objArr[2] = this.usePooling ? "enabled" : "disabled";
            objArr[3] = newHashMap;
            logger.debug("Initializing LDAP context using URL [{}] and username [{}] with pooling [{}] and environment {}", objArr);
        }
        return hashtable;
    }
}
