package org.cristalise.lookup.ldap;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPDN;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSEStartTLSFactory;
import com.novell.ldap.LDAPModification;
import com.novell.ldap.LDAPSearchConstraints;
import com.novell.ldap.LDAPSearchResults;
import com.novell.ldap.util.Base64;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Random;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.cristalise.kernel.common.ObjectAlreadyExistsException;
import org.cristalise.kernel.common.ObjectCannotBeUpdated;
import org.cristalise.kernel.common.ObjectNotFoundException;
import org.cristalise.kernel.utils.Logger;

/* loaded from: input_file:org/cristalise/lookup/ldap/LDAPLookupUtils.class */
public final class LDAPLookupUtils {
    static final char[] META_CHARS = {'+', '=', '\"', ',', '<', '>', ';', '/'};
    static final String[] META_ESCAPED = {"2B", "3D", "22", "2C", "3C", "3E", "3B", "2F"};
    private static final Random RANDOM = new SecureRandom();

    public static LDAPEntry getEntry(LDAPConnection lDAPConnection, String str, int i) throws ObjectNotFoundException {
        try {
            LDAPSearchConstraints lDAPSearchConstraints = new LDAPSearchConstraints();
            lDAPSearchConstraints.setBatchSize(0);
            lDAPSearchConstraints.setDereference(i);
            LDAPEntry read = lDAPConnection.read(str, lDAPSearchConstraints);
            if (read != null) {
                return read;
            }
            throw new ObjectNotFoundException(str + " does not exist");
        } catch (LDAPException e) {
            throw new ObjectNotFoundException("LDAP Exception for dn:" + str + ": \n" + e.getMessage());
        }
    }

    public static String generateUserPassword(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        messageDigest.reset();
        String generateSalt = generateSalt(16);
        messageDigest.update((str + generateSalt).getBytes());
        byte[] digest = messageDigest.digest();
        byte[] bytes = generateSalt.getBytes();
        byte[] bArr = new byte[digest.length + bytes.length];
        System.arraycopy(digest, 0, bArr, 0, digest.length);
        System.arraycopy(bytes, 0, bArr, digest.length, bytes.length);
        StringBuffer stringBuffer = new StringBuffer("{SSHA}");
        stringBuffer.append(Base64.encode(bArr));
        return stringBuffer.toString();
    }

    public static String generateSalt(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return String.valueOf(bArr);
    }

    public static LDAPConnection createConnection(LDAPProperties lDAPProperties) throws LDAPException {
        if (lDAPProperties.mUseTLS) {
            try {
                LDAPConnection.setSocketFactory(lDAPProperties.mIgnoreCertErrors ? new LDAPJSSEStartTLSFactory(getPermissiveSocketFactory()) : new LDAPJSSEStartTLSFactory());
            } catch (Exception e) {
                Logger.error(e);
                Logger.die("Could not enable TLS over LDAP", new Object[0]);
            }
        }
        LDAPConnection lDAPConnection = lDAPProperties.mTimeOut.intValue() == 0 ? new LDAPConnection() : new LDAPConnection(lDAPProperties.mTimeOut.intValue());
        Logger.msg(3, "LDAPLookup - connecting to " + lDAPProperties.mHost, new Object[0]);
        lDAPConnection.connect(lDAPProperties.mHost, Integer.valueOf(lDAPProperties.mPort.intValue()).intValue());
        if (lDAPProperties.mUseTLS) {
            try {
                lDAPConnection.startTLS();
            } catch (Exception e2) {
                Logger.error(e2);
                Logger.die("Could not enable TLS over LDAP", new Object[0]);
            }
        }
        Logger.msg(3, "LDAPLookup - authenticating user:" + lDAPProperties.mUser, new Object[0]);
        lDAPConnection.bind(3, lDAPProperties.mUser, String.valueOf(lDAPProperties.mPassword).getBytes());
        Logger.msg(3, "LDAPLookup - authentication successful", new Object[0]);
        LDAPSearchConstraints lDAPSearchConstraints = new LDAPSearchConstraints();
        lDAPSearchConstraints.setMaxResults(0);
        lDAPConnection.setConstraints(lDAPSearchConstraints);
        return lDAPConnection;
    }

    public static SSLSocketFactory getPermissiveSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.cristalise.lookup.ldap.LDAPLookupUtils.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static LDAPEntry getEntry(LDAPConnection lDAPConnection, String str) throws ObjectNotFoundException {
        return getEntry(lDAPConnection, str, 0);
    }

    public static String getFirstAttributeValue(LDAPEntry lDAPEntry, String str) throws ObjectNotFoundException {
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        if (attribute == null) {
            throw new ObjectNotFoundException("No attributes named '" + str + "'");
        }
        return (String) attribute.getStringValues().nextElement();
    }

    public static String[] getAllAttributeValues(LDAPEntry lDAPEntry, String str) {
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        return attribute != null ? attribute.getStringValueArray() : new String[0];
    }

    public static boolean existsAttributeValue(LDAPEntry lDAPEntry, String str, String str2) {
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        if (attribute == null) {
            return false;
        }
        String[] strArr = new String[attribute.size()];
        String[] stringValueArray = attribute.getStringValueArray();
        for (int i = 0; i < attribute.size(); i++) {
            if (stringValueArray[i].equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasOneAttributeValue(LDAPEntry lDAPEntry, String str) throws ObjectNotFoundException {
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        if (attribute == null) {
            throw new ObjectNotFoundException("No attributes named '" + str + "'");
        }
        return attribute.size() == 1;
    }

    public static void setAttributeValue(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry, String str, String str2) throws ObjectNotFoundException, ObjectCannotBeUpdated {
        try {
        } catch (ObjectNotFoundException e) {
            addAttributeValue(lDAPConnection, lDAPEntry, str, str2);
        }
        if (!hasOneAttributeValue(lDAPEntry, str)) {
            throw new ObjectCannotBeUpdated("Attribute " + str + " of entry " + lDAPEntry.getDN() + " has more than one value");
        }
        try {
            lDAPConnection.modify(lDAPEntry.getDN(), new LDAPModification(2, new LDAPAttribute(str, str2)));
        } catch (LDAPException e2) {
            Logger.error(e2);
            throw new ObjectCannotBeUpdated("Attribute " + str + " of entry " + lDAPEntry.getDN() + " could not be modified");
        }
    }

    public static void addAttributeValue(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry, String str, String str2) throws ObjectCannotBeUpdated {
        try {
            lDAPConnection.modify(lDAPEntry.getDN(), new LDAPModification(0, new LDAPAttribute(str, str2)));
        } catch (LDAPException e) {
            Logger.error(e);
            throw new ObjectCannotBeUpdated("Attribute " + str + " of entry " + lDAPEntry.getDN() + " could not be added.");
        }
    }

    public static void removeAttributeValue(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry, String str, String str2) throws ObjectCannotBeUpdated {
        try {
            lDAPConnection.modify(lDAPEntry.getDN(), new LDAPModification(1, new LDAPAttribute(str, str2)));
        } catch (LDAPException e) {
            Logger.error(e);
            throw new ObjectCannotBeUpdated("Attribute " + str + " of entry " + lDAPEntry.getDN() + " could not be deleted");
        }
    }

    public static boolean exists(LDAPConnection lDAPConnection, String str) {
        try {
            return lDAPConnection.read(str, new String[]{"1.1"}) != null;
        } catch (LDAPException e) {
            Logger.debug(9, "LDAPLookupUtils.exists(" + str + ": " + e.getMessage(), new Object[0]);
            return false;
        }
    }

    public static void addEntry(LDAPConnection lDAPConnection, LDAPEntry lDAPEntry) throws ObjectAlreadyExistsException, LDAPException {
        try {
            lDAPConnection.add(lDAPEntry);
        } catch (LDAPException e) {
            if (e.getResultCode() != 68) {
                throw e;
            }
            throw new ObjectAlreadyExistsException("Entry already present." + lDAPEntry.getDN());
        }
    }

    public static boolean hasChildren(LDAPConnection lDAPConnection, String str, String str2) {
        String[] strArr = {"1.1"};
        LDAPSearchConstraints lDAPSearchConstraints = new LDAPSearchConstraints();
        lDAPSearchConstraints.setBatchSize(0);
        lDAPSearchConstraints.setDereference(0);
        try {
            return lDAPConnection.search(str, 1, str2, strArr, false, lDAPSearchConstraints).hasMore();
        } catch (LDAPException e) {
            Logger.error(e);
            return false;
        }
    }

    public static String[] getChildrenDNs(LDAPConnection lDAPConnection, String str, String str2) {
        String[] strArr = null;
        String[] strArr2 = {"1.1"};
        LDAPSearchConstraints lDAPSearchConstraints = new LDAPSearchConstraints();
        lDAPSearchConstraints.setBatchSize(0);
        lDAPSearchConstraints.setDereference(0);
        try {
            LDAPSearchResults search = lDAPConnection.search(str, 1, str2, strArr2, false, lDAPSearchConstraints);
            strArr = new String[search.getCount()];
            int i = 0;
            while (search.hasMore()) {
                LDAPEntry next = search.next();
                if (next != null) {
                    int i2 = i;
                    i++;
                    strArr[i2] = new String(next.getDN());
                }
            }
        } catch (Exception e) {
            Logger.error(e);
        }
        return strArr;
    }

    public static void delete(LDAPConnection lDAPConnection, String str) throws LDAPException {
        try {
            Logger.msg(7, "LDAPLookupUtils.delete() - " + str, new Object[0]);
            lDAPConnection.delete(str);
        } catch (LDAPException e) {
            Logger.error("LDAPLookupUtils.remove() - Cannot remove " + str + ": " + e.getMessage(), new Object[0]);
            throw e;
        }
    }

    public static void createCristalContext(LDAPConnection lDAPConnection, String str) {
        if (exists(lDAPConnection, str)) {
            return;
        }
        try {
            String str2 = LDAPDN.explodeDN(str, true)[0];
            LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
            lDAPAttributeSet.add(new LDAPAttribute("cn", str2));
            String[] strArr = {"cristalcontext"};
            if (str2.equals("last")) {
                lDAPAttributeSet.add(new LDAPAttribute("intsyskey", "0"));
            }
            lDAPAttributeSet.add(new LDAPAttribute("objectclass", strArr));
            addEntry(lDAPConnection, new LDAPEntry(str, lDAPAttributeSet));
        } catch (Exception e) {
            Logger.error(e);
            Logger.die("Error creating CRISTAL LDAP roots. Is the cristal.schema configured correctly in the LDAP server?", new Object[0]);
        }
    }

    public static void createOrganizationContext(LDAPConnection lDAPConnection, String str) {
        if (exists(lDAPConnection, str)) {
            return;
        }
        try {
            String str2 = LDAPDN.explodeDN(str, true)[0];
            LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
            lDAPAttributeSet.add(new LDAPAttribute("objectclass", "organization"));
            lDAPAttributeSet.add(new LDAPAttribute("o", str2));
            addEntry(lDAPConnection, new LDAPEntry(str, lDAPAttributeSet));
        } catch (Exception e) {
            Logger.msg(e.toString(), new Object[0]);
        }
    }

    public static String escapeDN(String str) {
        if (str == null) {
            return null;
        }
        String replaceAll = new String(str).replaceAll("\\\\", "\\\\").replaceAll("^#", "\\\\23").replaceAll("^ | $", "\\\\20");
        for (int i = 0; i < META_CHARS.length; i++) {
            replaceAll = replaceAll.replaceAll("\\" + META_CHARS[i], "\\\\" + META_ESCAPED[i]);
        }
        if (!str.equals(replaceAll)) {
            Logger.msg(3, "LDAP DN " + str + " escaped to " + replaceAll, new Object[0]);
        }
        return replaceAll;
    }

    public static String unescapeDN(String str) {
        String replaceAll = new String(str).replaceAll("^\\\\23", "#").replaceAll("^\\\\20|\\\\20$", " ");
        for (int i = 0; i < META_CHARS.length; i++) {
            replaceAll = replaceAll.replaceAll("\\\\" + META_ESCAPED[i], "" + META_CHARS[i]);
        }
        String replaceAll2 = replaceAll.replaceAll("\\\\", "\\");
        if (!str.equals(replaceAll2)) {
            Logger.msg(3, "LDAP DN " + str + " unescaped to " + replaceAll2, new Object[0]);
        }
        return replaceAll2;
    }

    public static String escapeSearchFilter(String str) {
        String replaceAll = new String(str).replaceAll("\\\\", "\\\\5c").replaceAll("\\(", "\\\\28").replaceAll("\\)", "\\\\29");
        if (!str.equals(replaceAll)) {
            Logger.msg(3, "LDAP Search Filter " + str + " escaped to " + replaceAll, new Object[0]);
        }
        return replaceAll;
    }
}
