package org.jivesoftware.openfire.ldap;

import java.util.ArrayList;
import java.util.Collection;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import org.jivesoftware.openfire.auth.AuthorizationPolicy;
import org.jivesoftware.util.JiveGlobals;
import org.xmpp.packet.JID;

/* loaded from: input_file:org/jivesoftware/openfire/ldap/LdapAuthorizationPolicy.class */
public class LdapAuthorizationPolicy implements AuthorizationPolicy {
    private LdapManager manager;
    private String usernameField;
    private String authorizeField;

    public LdapAuthorizationPolicy() {
        JiveGlobals.migrateProperty("ldap.authorizeField");
        this.manager = LdapManager.getInstance();
        this.usernameField = this.manager.getUsernameField();
        this.authorizeField = JiveGlobals.getProperty("ldap.authorizeField", "k5login");
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public boolean authorize(String str, String str2) {
        return getAuthorized(str).contains(str2);
    }

    private Collection<String> getAuthorized(String str) {
        String unescapeNode = JID.unescapeNode(str);
        ArrayList arrayList = new ArrayList();
        DirContext dirContext = null;
        try {
            String findUserDN = this.manager.findUserDN(unescapeNode);
            String[] strArr = {this.usernameField, this.authorizeField};
            dirContext = this.manager.getContext();
            Attribute attribute = dirContext.getAttributes(findUserDN, strArr).get(this.manager.getNameField());
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    arrayList.add((String) all.nextElement());
                }
            }
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e) {
                }
            }
            return arrayList;
        } catch (Exception e2) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e3) {
                    return arrayList;
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String name() {
        return "LDAP Authorization Policy";
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String description() {
        return "Provider for authorization using LDAP. Checks if the authenticated principal is in the user's LDAP object using the authorizeField property.";
    }
}
