package no.kantega.security.api.impl.ldap.password;

import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPReferralException;
import com.novell.ldap.LDAPSearchResults;
import no.kantega.security.api.common.SystemException;
import no.kantega.security.api.identity.DefaultIdentity;
import no.kantega.security.api.identity.Identity;
import no.kantega.security.api.impl.ldap.LdapConfigurable;
import no.kantega.security.api.password.PasswordManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:no/kantega/security/api/impl/ldap/password/LdapPasswordManager.class */
public class LdapPasswordManager extends LdapConfigurable implements PasswordManager {
    private String domain;
    private Logger log = Logger.getLogger(getClass());

    public boolean verifyPassword(Identity identity, String str) throws SystemException {
        if (str == null || str.length() == 0) {
            return false;
        }
        LDAPConnection lDAPConnection = new LDAPConnection();
        String escapeChars = escapeChars(identity.getUserId());
        try {
            try {
                lDAPConnection.connect(this.host, this.port);
                String str2 = this.objectClassUsers.length() > 0 ? "(&(objectclass=" + this.objectClassUsers + ")(" + this.usernameAttribute + "=" + escapeChars + "))" : "(" + this.usernameAttribute + "=" + escapeChars + ")";
                lDAPConnection.bind(3, this.adminUser, this.adminPassword.getBytes());
                LDAPSearchResults search = lDAPConnection.search(this.searchBaseUsers, 2, str2, new String[0], false);
                if (search.hasMore()) {
                    try {
                        lDAPConnection.bind(3, search.next().getDN(), str.getBytes("utf-8"));
                        this.log.debug("Password verified for userid:" + identity.getUserId());
                        try {
                            lDAPConnection.disconnect();
                        } catch (LDAPException e) {
                        }
                        return true;
                    } catch (Exception e2) {
                        throw new SystemException("Feil ved verifisering av passord", e2);
                    } catch (LDAPException e3) {
                        if (e3.getResultCode() == 19) {
                            this.log.debug("Password verification failed for userid:" + identity.getUserId() + " (CONSTRAINT_VIOLATION)");
                            try {
                                lDAPConnection.disconnect();
                            } catch (LDAPException e4) {
                            }
                            return false;
                        }
                        if (e3.getResultCode() != 49) {
                            throw new SystemException("Feil ved verifisering av passord", e3);
                        }
                        this.log.debug("Password verification failed for userid:" + identity.getUserId() + " (INVALID_CREDENTIALS)");
                        try {
                            lDAPConnection.disconnect();
                        } catch (LDAPException e5) {
                        }
                        return false;
                    } catch (LDAPReferralException e6) {
                    }
                }
                try {
                    return false;
                } catch (LDAPException e7) {
                    return false;
                }
            } catch (LDAPException e8) {
                throw new SystemException("Feil ved lesing fra LDAP", e8);
            }
        } finally {
            try {
                lDAPConnection.disconnect();
            } catch (LDAPException e9) {
            }
        }
    }

    public void setPassword(Identity identity, String str, String str2) throws SystemException {
    }

    public boolean supportsPasswordChange() {
        return false;
    }

    public String getDomain() {
        return this.domain;
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    public static void main(String[] strArr) {
        try {
            LdapPasswordManager ldapPasswordManager = new LdapPasswordManager();
            ldapPasswordManager.setAdminUser("ad@mogul.no");
            ldapPasswordManager.setAdminPassword("Tzg5hh4Vf");
            ldapPasswordManager.setDomain("mogul");
            ldapPasswordManager.setHost("tom.mogul.no");
            ldapPasswordManager.setSearchBaseUsers("ou=Norway,dc=mogul,dc=no");
            ldapPasswordManager.setSearchBaseRoles("ou=Norway,dc=mogul,dc=no");
            DefaultIdentity defaultIdentity = new DefaultIdentity();
            defaultIdentity.setUserId("andska");
            if (ldapPasswordManager.verifyPassword(defaultIdentity, "********")) {
                System.out.println("Passord er korrekt");
            } else {
                System.out.println("Passord er feil");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
