package org.apache.jackrabbit.oak.security.authentication.ldap;

import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncMode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.class */
public class JndiLdapSearch implements LdapSearch {
    private static final Logger log = LoggerFactory.getLogger(JndiLdapSearch.class);
    private final LdapSettings settings;
    private final Map<String, String> ldapEnvironment;

    public JndiLdapSearch(LdapSettings ldapSettings) {
        this.settings = ldapSettings;
        this.ldapEnvironment = createEnvironment(ldapSettings);
    }

    private static Map createEnvironment(LdapSettings ldapSettings) {
        HashMap hashMap = new HashMap();
        hashMap.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        StringBuilder sb = new StringBuilder();
        sb.append("ldap://").append(ldapSettings.getHost()).append(':').append(ldapSettings.getPort());
        hashMap.put("java.naming.provider.url", sb.toString());
        if (ldapSettings.isSecure()) {
            hashMap.put("java.naming.security.protocol", "ssl");
        }
        String authDn = ldapSettings.getAuthDn();
        String authPw = ldapSettings.getAuthPw();
        if (authDn == null || authDn.length() == 0) {
            hashMap.put("java.naming.security.authentication", "none");
        } else {
            hashMap.put("java.naming.security.authentication", "simple");
            hashMap.put("java.naming.security.principal", authDn);
            hashMap.put("java.naming.security.credentials", authPw);
        }
        return ImmutableMap.copyOf(hashMap);
    }

    private Object parseAttributeValue(Attribute attribute) throws NamingException {
        int size = attribute.size();
        if (size <= 1) {
            return String.valueOf(attribute.get());
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < size; i++) {
            arrayList.add(String.valueOf(attribute.get(i)));
        }
        return arrayList;
    }

    private void initProperties(LdapUser ldapUser, Attributes attributes) throws NamingException {
        NamingEnumeration all = attributes.getAll();
        HashMap hashMap = new HashMap();
        Map<String, String> groupAttributes = ldapUser instanceof LdapGroup ? this.settings.getGroupAttributes() : this.settings.getUserAttributes();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, String> entry : groupAttributes.entrySet()) {
            String key = entry.getKey();
            hashMap2.put(key == null ? null : key.toLowerCase(), entry.getValue());
        }
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            String lowerCase = attribute.getID().toLowerCase();
            if (hashMap2.containsKey(lowerCase)) {
                hashMap.put(hashMap2.get(lowerCase), parseAttributeValue(attribute));
            }
        }
        ldapUser.setProperties(hashMap);
    }

    private List<SearchResult> search(String str, String str2, int i, String[] strArr) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(0L);
        searchControls.setDerefLinkFlag(true);
        searchControls.setTimeLimit(this.settings.getSearchTimeout());
        ArrayList arrayList = new ArrayList();
        InitialDirContext initialDirContext = null;
        try {
            try {
                initialDirContext = new InitialDirContext(new Hashtable(this.ldapEnvironment));
                NamingEnumeration search = initialDirContext.search(str, str2, strArr, searchControls);
                while (search.hasMore()) {
                    arrayList.add(search.next());
                }
                if (initialDirContext != null) {
                    initialDirContext.close();
                }
            } catch (NamingException e) {
                log.error("LDAP search failed", e);
                if (initialDirContext != null) {
                    initialDirContext.close();
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (initialDirContext != null) {
                initialDirContext.close();
            }
            throw th;
        }
    }

    private String compileSearchFilter(String str, String str2) {
        StringBuilder sb = new StringBuilder("(&");
        if (str2 != null && !SyncMode.NO_SYNC.equals(str2)) {
            if (!str2.startsWith("(")) {
                sb.append('(');
            }
            sb.append(str2);
            if (!str2.endsWith(")")) {
                sb.append(')');
            }
        }
        if (str != null && !SyncMode.NO_SYNC.equals(str)) {
            if (!str.startsWith("(")) {
                sb.append('(');
            }
            sb.append(str);
            if (!str.endsWith(")")) {
                sb.append(')');
            }
        }
        sb.append(')');
        return sb.toString();
    }

    private List<SearchResult> searchUser(String str) throws NamingException {
        HashSet hashSet = new HashSet(this.settings.getUserAttributes().keySet());
        hashSet.add(this.settings.getUserIdAttribute());
        String[] strArr = new String[hashSet.size()];
        hashSet.toArray(strArr);
        return search(this.settings.getUserRoot(), compileSearchFilter(this.settings.getUserFilter(), this.settings.getUserIdAttribute() + '=' + str), 2, strArr);
    }

    private List<SearchResult> searchGroups(String str) throws NamingException {
        HashSet hashSet = new HashSet(this.settings.getGroupAttributes().keySet());
        String[] strArr = new String[hashSet.size()];
        hashSet.toArray(strArr);
        return search(this.settings.getGroupRoot(), compileSearchFilter(this.settings.getGroupFilter(), this.settings.getGroupMembershipAttribute() + '=' + str), 2, strArr);
    }

    private boolean findUser(LdapUser ldapUser, String str) {
        try {
            List<SearchResult> searchUser = searchUser(str);
            if (searchUser.isEmpty()) {
                if (str.contains("\\")) {
                    return findUser(ldapUser, str.substring(str.indexOf(92) + 1));
                }
                return false;
            }
            SearchResult searchResult = searchUser.get(0);
            ldapUser.setDN(searchResult.getNameInNamespace());
            initProperties(ldapUser, searchResult.getAttributes());
            return true;
        } catch (NamingException e) {
            return false;
        }
    }

    @Override // org.apache.jackrabbit.oak.security.authentication.ldap.LdapSearch
    public boolean findUser(LdapUser ldapUser) {
        return findUser(ldapUser, ldapUser.getId());
    }

    @Override // org.apache.jackrabbit.oak.security.authentication.ldap.LdapSearch
    public Set<LdapGroup> findGroups(LdapUser ldapUser) {
        HashSet hashSet = new HashSet();
        try {
            for (SearchResult searchResult : searchGroups(ldapUser.getDN())) {
                LdapGroup ldapGroup = new LdapGroup(searchResult.getNameInNamespace(), this);
                hashSet.add(ldapGroup);
                initProperties(ldapGroup, searchResult.getAttributes());
            }
        } catch (NamingException e) {
        }
        return hashSet;
    }

    @Override // org.apache.jackrabbit.oak.security.authentication.ldap.LdapSearch
    public boolean authenticate(LdapUser ldapUser) throws LoginException {
        try {
            Hashtable hashtable = new Hashtable(this.ldapEnvironment);
            hashtable.put("java.naming.security.principal", ldapUser.getDN());
            hashtable.put("java.naming.security.credentials", ldapUser.getLdapPassword());
            hashtable.put("java.naming.security.authentication", "simple");
            new InitialDirContext(hashtable).close();
            return true;
        } catch (NamingException e) {
            throw new LoginException("Could not create initial LDAP context for user " + ldapUser.getDN() + ": " + e.getMessage());
        }
    }
}
