package de.sebastianvonhelmersen.authentication;

import de.sebastianvonhelmersen.User;
import de.sebastianvonhelmersen.user;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.*;
import java.util.Hashtable;

public class Ldap {

    /*
    private static final String LDAP_URL = "ldap://192.168.1.11:389";
    private static final String BASE_DN = "dc=authentik,dc=vonhelmersen,dc=online";
    private static final String ADMIN_DN = "cn=akadmin,ou=users,dc=authentik,dc=vonhelmersen,dc=online"; // service account
    */

    private static final String LDAP_URL = "ldap://juri:389";
    private static final String BASE_DN = "dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at";
    private static final String ADMIN_DN = "cn=admin,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"; // service account
    public static User authenticate(String username, String password) {

        try {
            // 1. Bind as admin/service account
            Hashtable<String, String> env = new Hashtable<>();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, LDAP_URL);
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, ADMIN_DN);
            env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASSWORD);

            DirContext ctx = new InitialDirContext(env);

            // 2. Search for user DN
            String filter = "(uid=" + escapeLDAPSearchFilter(username) + ")";
            SearchControls controls = new SearchControls();
            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            NamingEnumeration<SearchResult> results = ctx.search(BASE_DN, filter, controls);

            if (!results.hasMore()) {
                ctx.close();
                return null; // user not found
            }

            /*
            {
                givenname=givenName: Sebastian,
                sn=sn: Helmersen,
                userpassword=userPassword: [B@2b6cb5b5,
                loginshell=loginShell: /bin/bash,
                gidnumber=gidNumber: 2000,
                uidnumber=uidNumber: 1196,
                mail=mail: helmi@fet.at,
                objectclass=objectClass: posixAccount,
                inetOrgPerson,
                organizationalPerson,
                person,
                uid=uid: helmi,
                cn=cn: Sebastian Helmersen,
                homedirectory=homeDirectory: /home/helmi
            }
             */
            // System.out.println("Results: " + results.toString());


            SearchResult result = results.next();
            String userDN = result.getNameInNamespace();
            ctx.close();

            // 3. Try binding with userDN + password
            Hashtable<String, String> authEnv = new Hashtable<>();
            authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            authEnv.put(Context.PROVIDER_URL, LDAP_URL);
            authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
            authEnv.put(Context.SECURITY_PRINCIPAL, userDN);
            authEnv.put(Context.SECURITY_CREDENTIALS, password);

            new InitialDirContext(authEnv).close(); // bind attempt

            return new user(result.getAttributes()); // success

        } catch (Exception e) {
            e.printStackTrace();
            return null; // failed (invalid credentials or LDAP error)
        }
    }

    public static String escapeLDAPSearchFilter(String input) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < input.length(); i++) {
            char c = input.charAt(i);
            switch (c) {
                case '\\': sb.append("\\5c"); break;
                case '*': sb.append("\\2a"); break;
                case '(': sb.append("\\28"); break;
                case ')': sb.append("\\29"); break;
                case '\u0000': sb.append("\\00"); break;
                default: sb.append(c);
            }
        }
        return sb.toString();
    }
}