package org.apache.karaf.jaas.modules.ldap;

import java.io.Closeable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.EventDirContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shaded.org.codehaus.plexus.util.LineOrientedInterpolatingReader;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/karaf/jaas/org.apache.karaf.jaas.modules/2.4.0.redhat-621222-06/org.apache.karaf.jaas.modules-2.4.0.redhat-621222-06.jar:org/apache/karaf/jaas/modules/ldap/LDAPCache.class */
public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChangeListener {
    private static final ConcurrentMap<LDAPOptions, LDAPCache> CACHES = new ConcurrentHashMap();
    private static Logger LOGGER = LoggerFactory.getLogger((Class<?>) LDAPLoginModule.class);
    private final Map<String, String[]> userDnAndNamespace = new HashMap();
    private final Map<String, String[]> userRoles = new HashMap();
    private final LDAPOptions options;
    private DirContext context;

    public static void clear() {
        while (!CACHES.isEmpty()) {
            LDAPCache remove = CACHES.remove(CACHES.keySet().iterator().next());
            if (remove != null) {
                remove.clearCache();
            }
        }
    }

    public static LDAPCache getCache(LDAPOptions lDAPOptions) {
        LDAPCache lDAPCache = CACHES.get(lDAPOptions);
        if (lDAPCache == null) {
            lDAPCache = new LDAPCache(lDAPOptions);
            CACHES.putIfAbsent(lDAPOptions, lDAPCache);
        }
        return lDAPCache;
    }

    public LDAPCache(LDAPOptions lDAPOptions) {
        this.options = lDAPOptions;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public synchronized void close() {
        clearCache();
        if (this.context != null) {
            try {
                this.context.close();
                this.context = null;
            } catch (NamingException e) {
                this.context = null;
            } catch (Throwable th) {
                this.context = null;
                throw th;
            }
        }
    }

    private boolean isContextAlive() {
        boolean z = false;
        if (this.context != null) {
            try {
                this.context.getAttributes("");
                z = true;
            } catch (Exception e) {
            }
        }
        return z;
    }

    public synchronized DirContext open() throws NamingException {
        if (isContextAlive()) {
            return this.context;
        }
        clearCache();
        this.context = new InitialDirContext(this.options.getEnv());
        EventDirContext eventDirContext = (EventDirContext) this.context.lookup("");
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        if (!this.options.getDisableCache()) {
            eventDirContext.addNamingListener(this.options.getUserBaseDn(), this.options.getUserFilter().replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")).replace(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ, "\\\\"), searchControls, this);
            eventDirContext.addNamingListener(this.options.getRoleBaseDn(), this.options.getRoleFilter().replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")).replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")).replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")).replace(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ, "\\\\"), searchControls, this);
        }
        return this.context;
    }

    public synchronized String[] getUserDnAndNamespace(String str) throws Exception {
        String[] strArr = this.userDnAndNamespace.get(str);
        if (strArr == null) {
            strArr = doGetUserDnAndNamespace(str);
            if (strArr != null && !this.options.getDisableCache()) {
                this.userDnAndNamespace.put(str, strArr);
            }
        }
        return strArr;
    }

    protected String[] doGetUserDnAndNamespace(String str) throws NamingException {
        DirContext open = open();
        SearchControls searchControls = new SearchControls();
        if (this.options.getUserSearchSubtree()) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        String replace = this.options.getUserFilter().replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(str)).replace(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ, "\\\\");
        LOGGER.debug("Looking for the user in LDAP with ");
        LOGGER.debug("  base DN: " + this.options.getUserBaseDn());
        LOGGER.debug("  filter: " + replace);
        NamingEnumeration search = open.search(this.options.getUserBaseDn(), replace, searchControls);
        try {
            if (!search.hasMore()) {
                LOGGER.warn("User " + str + " not found in LDAP.");
                if (search != null) {
                    try {
                        search.close();
                    } catch (NamingException e) {
                    }
                }
                return null;
            }
            LOGGER.debug("Found the user DN.");
            SearchResult searchResult = (SearchResult) search.next();
            String nameInNamespace = searchResult.getNameInNamespace();
            int indexOf = nameInNamespace.toLowerCase().indexOf("," + this.options.getUserBaseDn().toLowerCase());
            String[] strArr = {indexOf > 0 ? nameInNamespace.substring(0, indexOf) : searchResult.getName(), nameInNamespace};
            if (search != null) {
                try {
                    search.close();
                } catch (NamingException e2) {
                }
            }
            return strArr;
        } catch (Throwable th) {
            if (search != null) {
                try {
                    search.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    public synchronized String[] getUserRoles(String str, String str2, String str3) throws Exception {
        String[] strArr = this.userRoles.get(str2);
        if (strArr == null) {
            strArr = doGetUserRoles(str, str2, str3);
            if (!this.options.getDisableCache()) {
                this.userRoles.put(str2, strArr);
            }
        }
        return strArr;
    }

    protected Set<String> tryMappingRole(String str) {
        HashSet hashSet = new HashSet();
        if (this.options.getRoleMapping().isEmpty()) {
            return hashSet;
        }
        Set<String> set = this.options.getRoleMapping().get(str);
        if (set != null) {
            for (String str2 : set) {
                LOGGER.debug("LDAP role {} is mapped to Karaf role {}", str, str2);
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    private String[] doGetUserRoles(String str, String str2, String str3) throws NamingException {
        DirContext open = open();
        SearchControls searchControls = new SearchControls();
        if (this.options.getRoleSearchSubtree()) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        String replace = this.options.getRoleFilter().replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(str)).replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(str2)).replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(str3)).replace(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ, "\\\\");
        LOGGER.debug("Looking for the user roles in LDAP with ");
        LOGGER.debug("  base DN: " + this.options.getRoleBaseDn());
        LOGGER.debug("  filter: " + replace);
        NamingEnumeration search = open.search(this.options.getRoleBaseDn(), replace, searchControls);
        try {
            ArrayList arrayList = new ArrayList();
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(this.options.getRoleNameAttribute());
                if (attribute != null) {
                    for (int i = 0; i < attribute.size(); i++) {
                        String str4 = (String) attribute.get(i);
                        if (str4 != null) {
                            LOGGER.debug("User {} is a member of role {}", str, str4);
                            Set<String> tryMappingRole = tryMappingRole(str4);
                            if (tryMappingRole.isEmpty()) {
                                arrayList.add(str4);
                            } else {
                                Iterator<String> it = tryMappingRole.iterator();
                                while (it.hasNext()) {
                                    arrayList.add(it.next());
                                }
                            }
                        }
                    }
                }
            }
            String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
            if (search != null) {
                try {
                    search.close();
                } catch (NamingException e) {
                }
            }
            return strArr;
        } catch (Throwable th) {
            if (search != null) {
                try {
                    search.close();
                } catch (NamingException e2) {
                }
            }
            throw th;
        }
    }

    public void objectAdded(NamingEvent namingEvent) {
        clearCache();
    }

    public void objectRemoved(NamingEvent namingEvent) {
        clearCache();
    }

    public void objectRenamed(NamingEvent namingEvent) {
        clearCache();
    }

    public void objectChanged(NamingEvent namingEvent) {
        clearCache();
    }

    public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
        clearCache();
    }

    protected synchronized void clearCache() {
        this.userDnAndNamespace.clear();
        this.userRoles.clear();
    }
}
