package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.model.DbConfigContainerConfigProvider;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor;
import com.cloudera.cmf.service.scm.ScmConfigValueProvider;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.FeatureManager;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Maps;
import com.sun.security.auth.module.LdapLoginModule;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.persistence.EntityManagerFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/cloudera/cmf/service/auth/LdapLoginMonitor.class */
public class LdapLoginMonitor extends AbstractExternalServerLoginMonitor {
    private static final String LDAP_CONNECT_TIMEOUT = "com.sun.jndi.ldap.connect.timeout";
    private static final String LDAP_READ_TIMEOUT = "com.sun.jndi.ldap.read.timeout";
    private static final String LDAP_CONNECT_TIMEOUT_VALUE = "30000";
    private static final String LDAP_READ_TIMEOUT_VALUE = "30000";
    private static final String LDAP_SECURE_PROTOCOL = "ldaps://";
    private final CmfEntityManagerHelper cmfEntityManagerHelper;
    private final ScmConfigValueProvider scmConfigValueProvider;
    private LdapLoginModule ldapLoginModule;

    /* loaded from: input_file:com/cloudera/cmf/service/auth/LdapLoginMonitor$CmfEntityManagerHelper.class */
    public static class CmfEntityManagerHelper {
        private final EntityManagerFactory emf;

        public CmfEntityManagerHelper(EntityManagerFactory entityManagerFactory) {
            this.emf = entityManagerFactory;
        }

        @VisibleForTesting
        CmfEntityManager getCmfEntityManager() {
            return new CmfEntityManager(this.emf);
        }
    }

    public LdapLoginMonitor(FeatureManager featureManager, ScmConfigValueProvider scmConfigValueProvider, CmfEntityManagerHelper cmfEntityManagerHelper) {
        super(featureManager, "LDAP");
        this.scmConfigValueProvider = scmConfigValueProvider;
        this.cmfEntityManagerHelper = cmfEntityManagerHelper;
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void initLoginCredentials() {
        CmfEntityManager cmfEntityManager = null;
        try {
            try {
                CmfEntityManager cmfEntityManager2 = this.cmfEntityManagerHelper.getCmfEntityManager();
                cmfEntityManager2.beginForRollbackAndReadonly();
                DbConfigContainerConfigProvider scmConfigProvider = cmfEntityManager2.getScmConfigProvider();
                boolean hasFeature = this.featureManager.hasFeature(ProductState.Feature.LDAP);
                if (((ScmParams.AuthBackendOrder) this.scmConfigValueProvider.getScmConfigValue(ScmParams.AUTH_BACKEND_ORDER, scmConfigProvider)) == ScmParams.AuthBackendOrder.DB_ONLY || !hasFeature) {
                    THROTTLED_LOGGER.info("LDAP is not in use, there is no monitoring for it.");
                    this.initState = AbstractExternalServerLoginMonitor.InitializationState.STOP_RUNNING;
                    if (cmfEntityManager2 != null) {
                        cmfEntityManager2.close();
                        return;
                    }
                    return;
                }
                String str = (String) this.scmConfigValueProvider.getScmConfigValue(ScmParams.LDAP_URL, scmConfigProvider);
                List<String> splitLdapServerUrl = splitLdapServerUrl(str);
                String str2 = (String) this.scmConfigValueProvider.getScmConfigValue(ScmParams.LDAP_BIND_DN, scmConfigProvider);
                String str3 = (String) this.scmConfigValueProvider.getScmConfigValue(ScmParams.LDAP_BIND_PW, scmConfigProvider);
                String str4 = (String) this.scmConfigValueProvider.getScmConfigValue(ScmParams.LDAP_BIND_DN_MONITORING, scmConfigProvider);
                String str5 = (String) this.scmConfigValueProvider.getScmConfigValue(ScmParams.LDAP_BIND_PW_MONITORING, scmConfigProvider);
                boolean isEmpty = StringUtils.isEmpty(str4);
                boolean isEmpty2 = StringUtils.isEmpty(str5);
                if (isEmpty && !isEmpty2) {
                    THROTTLED_LOGGER.info("LDAP configuration is incomplete for monitoring. Please specify bind DN for monitoring or leave password for monitoring blank.");
                    this.initState = AbstractExternalServerLoginMonitor.InitializationState.STOP_RUNNING;
                    if (cmfEntityManager2 != null) {
                        cmfEntityManager2.close();
                        return;
                    }
                    return;
                }
                String str6 = isEmpty ? str2 : str4;
                String str7 = isEmpty2 ? str3 : str5;
                if (splitLdapServerUrl.isEmpty() || StringUtils.isEmpty(str6) || StringUtils.isEmpty(str7)) {
                    THROTTLED_LOGGER.info("LDAP configuration is incomplete for monitoring. Please check LDAP URL and monitoring bind user settings.");
                    this.initState = AbstractExternalServerLoginMonitor.InitializationState.STOP_RUNNING;
                    if (cmfEntityManager2 != null) {
                        cmfEntityManager2.close();
                        return;
                    }
                    return;
                }
                this.ldapLoginModule = new LdapLoginModule();
                HashMap newHashMap = Maps.newHashMap();
                newHashMap.put("userProvider", str);
                newHashMap.put("authIdentity", str6);
                newHashMap.put("useSSL", useSSL(splitLdapServerUrl));
                newHashMap.put(LDAP_CONNECT_TIMEOUT, "30000");
                newHashMap.put(LDAP_READ_TIMEOUT, "30000");
                if (LOGGER.isDebugEnabled()) {
                    newHashMap.put("debug", TRUE);
                }
                String str8 = str6;
                String str9 = str7;
                this.ldapLoginModule.initialize(new Subject(), callbackArr -> {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(str8);
                        }
                        if (callback instanceof PasswordCallback) {
                            ((PasswordCallback) callback).setPassword(str9.toCharArray());
                        }
                    }
                }, (Map) null, newHashMap);
                this.initState = AbstractExternalServerLoginMonitor.InitializationState.READY_TO_MEASURE;
                if (cmfEntityManager2 != null) {
                    cmfEntityManager2.close();
                }
            } catch (Exception e) {
                THROTTLED_LOGGER.warn("LDAP Login Monitor initialization failed:", e);
                if (0 != 0) {
                    cmfEntityManager.close();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                cmfEntityManager.close();
            }
            throw th;
        }
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void measure() {
        measureLoginTime(this.ldapLoginModule);
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void finalizeMonitoring() {
        LOGGER.debug("LDAP monitoring ended.");
    }

    @VisibleForTesting
    List<String> splitLdapServerUrl(String str) {
        if (StringUtils.isBlank(str)) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : StringUtils.split(str, " ")) {
            if (StringUtils.startsWith(str2.toLowerCase(), LDAP_SECURE_PROTOCOL)) {
                arrayList2.add(str2);
            } else {
                arrayList.add(str2);
            }
        }
        if (!arrayList.isEmpty() && !arrayList2.isEmpty()) {
            THROTTLED_LOGGER.warn("Mixed URLs are present, so only LDAPS URLs are being monitored.");
        }
        return arrayList2.isEmpty() ? arrayList : arrayList2;
    }

    @VisibleForTesting
    String useSSL(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (StringUtils.startsWith(it.next().toLowerCase(), LDAP_SECURE_PROTOCOL)) {
                return TRUE;
            }
        }
        return FALSE;
    }
}
