package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine;
import edu.internet2.middleware.shibboleth.common.session.LogoutEvent;
import edu.vt.middleware.ldap.Ldap;
import edu.vt.middleware.ldap.LdapConfig;
import edu.vt.middleware.ldap.LdapPool;
import edu.vt.middleware.ldap.LdapUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector.class */
public class LdapDataConnector extends BaseDataConnector implements ApplicationListener {
    private static Logger log = LoggerFactory.getLogger(LdapDataConnector.class);
    private TrustManager[] sslTrustManagers;
    private KeyManager[] sslKeyManagers;
    private boolean mergeMultipleResults;
    private boolean noResultsIsError;
    private boolean cacheResults;
    private TemplateEngine filterCreator;
    private String filterTemplateName;
    private String filterTemplate;
    private String[] returnAttributes;
    private LdapConfig ldapConfig;
    private LdapPool ldapPool;
    private int poolMaxIdle;
    private int poolInitIdleCapacity;
    private Map<String, Map<String, Map<String, BaseAttribute>>> cache;
    private boolean initialized;
    private final LDAPValueEscapingStrategy escapingStrategy;

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector$AUTHENTICATION_TYPE.class */
    public enum AUTHENTICATION_TYPE {
        ANONYMOUS,
        SIMPLE,
        STRONG,
        EXTERNAL,
        DIGEST_MD5,
        CRAM_MD5,
        GSSAPI
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector$LDAPValueEscapingStrategy.class */
    public class LDAPValueEscapingStrategy implements TemplateEngine.CharacterEscapingStrategy {
        protected LDAPValueEscapingStrategy() {
        }

        @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine.CharacterEscapingStrategy
        public String escape(String str) {
            return str.replace("*", "\\*").replace("(", "\\(").replace(")", "\\)").replace("\\", "\\");
        }
    }

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector$SEARCH_SCOPE.class */
    public enum SEARCH_SCOPE {
        OBJECT,
        ONELEVEL,
        SUBTREE
    }

    public LdapDataConnector(String str, String str2, boolean z, int i, int i2) {
        this.ldapConfig = new LdapConfig(str, str2);
        this.ldapConfig.useTls(z);
        this.poolMaxIdle = i;
        this.poolInitIdleCapacity = i2;
        this.escapingStrategy = new LDAPValueEscapingStrategy();
    }

    public void initialize() {
        this.initialized = true;
        registerTemplate();
        initializeLdapPool();
        initializeCache();
    }

    protected void initializeLdapPool() {
        if (this.initialized) {
            this.ldapPool = new LdapPool(this.ldapConfig, this.poolMaxIdle, this.poolInitIdleCapacity);
        }
    }

    protected void initializeCache() {
        if (this.cacheResults && this.initialized) {
            this.cache = new HashMap();
        }
    }

    protected void clearCache() {
        if (this.cacheResults && this.initialized) {
            this.cache.clear();
        }
    }

    protected void registerTemplate() {
        if (this.initialized) {
            this.filterTemplateName = "shibboleth.resolver.dc." + getId();
            this.filterCreator.registerTemplate(this.filterTemplateName, this.filterTemplate);
        }
    }

    public boolean isMergeResults() {
        return this.mergeMultipleResults;
    }

    public void setMergeResults(boolean z) {
        this.mergeMultipleResults = z;
        clearCache();
    }

    public boolean isCacheResults() {
        return this.cacheResults;
    }

    public void setCacheResults(boolean z) {
        this.cacheResults = z;
        if (this.cacheResults) {
            initializeCache();
        } else {
            this.cache = null;
        }
    }

    public boolean isNoResultsIsError() {
        return this.noResultsIsError;
    }

    public void setNoResultsIsError(boolean z) {
        this.noResultsIsError = z;
    }

    public TemplateEngine getTemplateEngine() {
        return this.filterCreator;
    }

    public void setTemplateEngine(TemplateEngine templateEngine) {
        this.filterCreator = templateEngine;
        registerTemplate();
        clearCache();
    }

    public String getFilterTemplate() {
        return this.filterTemplate;
    }

    public void setFilterTemplate(String str) {
        this.filterTemplate = str;
        clearCache();
    }

    public String getLdapUrl() {
        return this.ldapConfig.getHost();
    }

    public String getBaseDn() {
        return this.ldapConfig.getBase();
    }

    public boolean isUseStartTls() {
        return this.ldapConfig.isTlsEnabled();
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.ldapConfig.getSslSocketFactory();
    }

    public void setSslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        this.ldapConfig.setSslSocketFactory(sSLSocketFactory);
        clearCache();
        initializeLdapPool();
    }

    public TrustManager[] getSslTrustManagers() {
        return this.sslTrustManagers;
    }

    public void setSslTrustManagers(X509Credential x509Credential) {
        if (x509Credential != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                for (X509Certificate x509Certificate : x509Credential.getEntityCertificateChain()) {
                    keyStore.setCertificateEntry("ldap_tls_trust_" + x509Certificate.getSerialNumber(), x509Certificate);
                }
                trustManagerFactory.init(keyStore);
                this.sslTrustManagers = trustManagerFactory.getTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(this.sslKeyManagers, this.sslTrustManagers, null);
                this.ldapConfig.setSslSocketFactory(sSLContext.getSocketFactory());
                clearCache();
                initializeLdapPool();
            } catch (IOException e) {
                log.error("Error initializing trust managers", e);
            } catch (GeneralSecurityException e2) {
                log.error("Error initializing trust managers", e2);
            }
        }
    }

    public KeyManager[] getSslKeyManagers() {
        return this.sslKeyManagers;
    }

    public void setSslKeyManagers(X509Credential x509Credential) {
        if (x509Credential != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setKeyEntry("ldap_tls_client_auth", x509Credential.getPrivateKey(), "changeit".toCharArray(), (Certificate[]) x509Credential.getEntityCertificateChain().toArray(new X509Certificate[0]));
                keyManagerFactory.init(keyStore, "changeit".toCharArray());
                this.sslKeyManagers = keyManagerFactory.getKeyManagers();
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(this.sslKeyManagers, this.sslTrustManagers, null);
                this.ldapConfig.setSslSocketFactory(sSLContext.getSocketFactory());
                clearCache();
                initializeLdapPool();
            } catch (IOException e) {
                log.error("Error initializing key managers", e);
            } catch (GeneralSecurityException e2) {
                log.error("Error initializing key managers", e2);
            }
        }
    }

    public HostnameVerifier getHostnameVerifier() {
        return this.ldapConfig.getHostnameVerifier();
    }

    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
        this.ldapConfig.setHostnameVerifier(hostnameVerifier);
        clearCache();
        initializeLdapPool();
    }

    public AUTHENTICATION_TYPE getAuthenticationType() {
        AUTHENTICATION_TYPE authentication_type = null;
        if (this.ldapConfig.isAnonymousAuth()) {
            authentication_type = AUTHENTICATION_TYPE.ANONYMOUS;
        } else if (this.ldapConfig.isSimpleAuth()) {
            authentication_type = AUTHENTICATION_TYPE.SIMPLE;
        } else if (this.ldapConfig.isStrongAuth()) {
            authentication_type = AUTHENTICATION_TYPE.STRONG;
        } else if (this.ldapConfig.isExternalAuth()) {
            authentication_type = AUTHENTICATION_TYPE.EXTERNAL;
        } else if (this.ldapConfig.isDigestMD5Auth()) {
            authentication_type = AUTHENTICATION_TYPE.DIGEST_MD5;
        } else if (this.ldapConfig.isCramMD5Auth()) {
            authentication_type = AUTHENTICATION_TYPE.CRAM_MD5;
        } else if (this.ldapConfig.isGSSAPIAuth()) {
            authentication_type = AUTHENTICATION_TYPE.GSSAPI;
        }
        return authentication_type;
    }

    public void setAuthenticationType(AUTHENTICATION_TYPE authentication_type) {
        if (authentication_type == AUTHENTICATION_TYPE.ANONYMOUS) {
            this.ldapConfig.useAnonymousAuth();
        } else if (authentication_type == AUTHENTICATION_TYPE.SIMPLE) {
            this.ldapConfig.useSimpleAuth();
        } else if (authentication_type == AUTHENTICATION_TYPE.STRONG) {
            this.ldapConfig.useStrongAuth();
        } else if (authentication_type == AUTHENTICATION_TYPE.EXTERNAL) {
            this.ldapConfig.useExternalAuth();
        } else if (authentication_type == AUTHENTICATION_TYPE.DIGEST_MD5) {
            this.ldapConfig.useDigestMD5Auth();
        } else if (authentication_type == AUTHENTICATION_TYPE.CRAM_MD5) {
            this.ldapConfig.useCramMD5Auth();
        } else if (authentication_type == AUTHENTICATION_TYPE.GSSAPI) {
            this.ldapConfig.useGSSAPIAuth();
        }
        clearCache();
        initializeLdapPool();
    }

    public SEARCH_SCOPE getSearchScope() {
        SEARCH_SCOPE search_scope = null;
        if (this.ldapConfig.isObjectSearchScope()) {
            search_scope = SEARCH_SCOPE.OBJECT;
        } else if (this.ldapConfig.isOneLevelSearchScope()) {
            search_scope = SEARCH_SCOPE.ONELEVEL;
        } else if (this.ldapConfig.isSubTreeSearchScope()) {
            search_scope = SEARCH_SCOPE.SUBTREE;
        }
        return search_scope;
    }

    public void setSearchScope(SEARCH_SCOPE search_scope) {
        if (search_scope == SEARCH_SCOPE.OBJECT) {
            this.ldapConfig.useObjectSearchScope();
        } else if (search_scope == SEARCH_SCOPE.SUBTREE) {
            this.ldapConfig.useSubTreeSearchScope();
        } else if (search_scope == SEARCH_SCOPE.ONELEVEL) {
            this.ldapConfig.useOneLevelSearchScope();
        }
        clearCache();
    }

    public String[] getReturnAttributes() {
        return this.returnAttributes;
    }

    public void setReturnAttributes(String[] strArr) {
        this.returnAttributes = strArr;
        clearCache();
    }

    public void setReturnAttributes(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        String[] strArr = new String[stringTokenizer.countTokens()];
        for (int i = 0; i < stringTokenizer.countTokens(); i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        setReturnAttributes(strArr);
    }

    public int getSearchTimeLimit() {
        return this.ldapConfig.getTimeLimit();
    }

    public void setSearchTimeLimit(int i) {
        this.ldapConfig.setTimeLimit(i);
        clearCache();
    }

    public long getMaxResultSize() {
        return this.ldapConfig.getCountLimit();
    }

    public void setMaxResultSize(long j) {
        this.ldapConfig.setCountLimit(j);
        clearCache();
    }

    public boolean isReturningObjects() {
        return this.ldapConfig.getReturningObjFlag();
    }

    public void setReturningObjects(boolean z) {
        this.ldapConfig.setReturningObjFlag(z);
        clearCache();
    }

    public boolean isLinkDereferencing() {
        return this.ldapConfig.getDerefLinkFlag();
    }

    public void setLinkDereferencing(boolean z) {
        this.ldapConfig.setDerefLinkFlag(z);
        clearCache();
    }

    public String getPrincipal() {
        return this.ldapConfig.getServiceUser();
    }

    public void setPrincipal(String str) {
        this.ldapConfig.setServiceUser(str);
        clearCache();
        initializeLdapPool();
    }

    public String getPrincipalCredential() {
        return (String) this.ldapConfig.getServiceCredential();
    }

    public void setPrincipalCredential(String str) {
        this.ldapConfig.setServiceCredential(str);
        clearCache();
        initializeLdapPool();
    }

    public void setLdapProperties(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.ldapConfig.setEnvironmentProperties(entry.getKey(), entry.getValue());
        }
        clearCache();
        initializeLdapPool();
    }

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        if (applicationEvent instanceof LogoutEvent) {
            this.cache.remove(((LogoutEvent) applicationEvent).getUserSession().getPrincipalName());
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public Map<String, BaseAttribute> resolve(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        String createStatement = this.filterCreator.createStatement(this.filterTemplateName, shibbolethResolutionContext, getDependencyIds(), this.escapingStrategy);
        log.debug("Search filter: {}", createStatement);
        Map<String, BaseAttribute> map = null;
        if (this.cacheResults) {
            log.debug("Checking cache for search results");
            map = getCachedAttributes(shibbolethResolutionContext, createStatement);
            if (map != null && log.isDebugEnabled()) {
                log.debug("Returning attributes from cache");
            }
        }
        if (map == null) {
            log.debug("Retrieving attributes from LDAP");
            Iterator<SearchResult> searchLdap = searchLdap(createStatement);
            if (this.noResultsIsError && !searchLdap.hasNext()) {
                throw new AttributeResolutionException("No LDAP entry found for " + shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
            }
            map = buildBaseAttributes(searchLdap);
            if (this.cacheResults && map != null) {
                setCachedAttributes(shibbolethResolutionContext, createStatement, map);
                log.debug("Stored results in the cache");
            }
        }
        return map;
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public void validate() throws AttributeResolutionException {
        Ldap ldap = null;
        try {
            try {
                ldap = (Ldap) this.ldapPool.borrowObject();
                if (!ldap.connect()) {
                    throw new NamingException();
                }
                if (ldap != null) {
                    try {
                        this.ldapPool.returnObject(ldap);
                    } catch (Exception e) {
                        log.error("Could not return Ldap object back to pool", e);
                    }
                }
            } catch (NamingException e2) {
                log.error("An error occured when attempting to search the LDAP: " + this.ldapConfig.getEnvironment(), e2);
                throw new AttributeResolutionException("An error occurred when attempting to search the LDAP");
            } catch (Exception e3) {
                log.error("Could not retrieve Ldap object from pool", e3);
                throw new AttributeResolutionException("An error occurred when attempting to retrieve a LDAP connection from the pool");
            }
        } catch (Throwable th) {
            if (ldap != null) {
                try {
                    this.ldapPool.returnObject(ldap);
                } catch (Exception e4) {
                    log.error("Could not return Ldap object back to pool", e4);
                }
            }
            throw th;
        }
    }

    protected Iterator<SearchResult> searchLdap(String str) throws AttributeResolutionException {
        Ldap ldap = null;
        try {
            try {
                ldap = (Ldap) this.ldapPool.borrowObject();
                Iterator<SearchResult> search = ldap.search(str, this.returnAttributes);
                if (ldap != null) {
                    try {
                        this.ldapPool.returnObject(ldap);
                    } catch (Exception e) {
                        log.error("Could not return Ldap object back to pool", e);
                    }
                }
                return search;
            } catch (Throwable th) {
                if (ldap != null) {
                    try {
                        this.ldapPool.returnObject(ldap);
                    } catch (Exception e2) {
                        log.error("Could not return Ldap object back to pool", e2);
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            log.error("An error occured when attempting to search the LDAP: " + this.ldapConfig.getEnvironment(), e3);
            throw new AttributeResolutionException("An error occurred when attempting to search the LDAP");
        } catch (Exception e4) {
            log.error("Could not retrieve Ldap object from pool", e4);
            throw new AttributeResolutionException("An error occurred when attempting to retrieve a LDAP connection from the pool");
        }
    }

    protected Map<String, BaseAttribute> buildBaseAttributes(Iterator<SearchResult> it) throws AttributeResolutionException {
        HashMap hashMap = new HashMap();
        if (!it.hasNext()) {
            return hashMap;
        }
        do {
            try {
                for (Map.Entry entry : LdapUtil.parseAttributes(it.next().getAttributes(), true).entrySet()) {
                    log.debug("Found the following attribute: {}", entry);
                    BaseAttribute baseAttribute = (BaseAttribute) hashMap.get(entry.getKey());
                    if (baseAttribute == null) {
                        baseAttribute = new BasicAttribute();
                        ((BasicAttribute) baseAttribute).setId((String) entry.getKey());
                        hashMap.put(entry.getKey(), baseAttribute);
                    }
                    List<String> list = (List) entry.getValue();
                    if (list != null && !list.isEmpty()) {
                        for (String str : list) {
                            if (!DatatypeHelper.isEmpty(str)) {
                                baseAttribute.getValues().add(DatatypeHelper.safeTrimOrNullString(str));
                            }
                        }
                    }
                }
                if (!this.mergeMultipleResults) {
                    break;
                }
            } catch (NamingException e) {
                log.error("Error parsing LDAP attributes", e);
                throw new AttributeResolutionException("Error parsing LDAP attributes");
            }
        } while (it.hasNext());
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [java.util.Map] */
    protected void setCachedAttributes(ShibbolethResolutionContext shibbolethResolutionContext, String str, Map<String, BaseAttribute> map) {
        HashMap hashMap;
        String principalName = shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName();
        if (this.cache.containsKey(principalName)) {
            hashMap = (Map) this.cache.get(principalName);
        } else {
            hashMap = new HashMap();
            this.cache.put(principalName, hashMap);
        }
        hashMap.put(str, map);
    }

    protected Map<String, BaseAttribute> getCachedAttributes(ShibbolethResolutionContext shibbolethResolutionContext, String str) {
        Map<String, BaseAttribute> map = null;
        if (this.cacheResults) {
            String principalName = shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName();
            if (this.cache.containsKey(principalName)) {
                map = this.cache.get(principalName).get(str);
            }
        }
        return map;
    }
}
