package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine;
import edu.vt.middleware.ldap.Ldap;
import edu.vt.middleware.ldap.SearchFilter;
import edu.vt.middleware.ldap.bean.LdapAttribute;
import edu.vt.middleware.ldap.bean.LdapAttributes;
import edu.vt.middleware.ldap.bean.LdapBeanProvider;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.NamingException;
import javax.naming.directory.SearchResult;
import net.sf.ehcache.Cache;
import net.sf.ehcache.Element;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector.class */
public class LdapDataConnector extends BaseDataConnector {
    private LdapPoolStrategy ldapPool;
    private TemplateEngine filterCreator;
    private String filterTemplateName;
    private String filterTemplate;
    private String[] returnAttributes;
    private boolean noResultsIsError;
    private Cache resultsCache;
    private final Logger log = LoggerFactory.getLogger(LdapDataConnector.class);
    private final LDAPValueEscapingStrategy escapingStrategy = new LDAPValueEscapingStrategy();

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector$AUTHENTICATION_TYPE.class */
    public enum AUTHENTICATION_TYPE {
        ANONYMOUS("none"),
        SIMPLE("simple"),
        STRONG("strong"),
        EXTERNAL("EXTERNAL"),
        DIGEST_MD5("DIGEST-MD5"),
        CRAM_MD5("CRAM-MD5"),
        GSSAPI("GSSAPI");

        private String authTypeName;

        AUTHENTICATION_TYPE(String str) {
            this.authTypeName = str;
        }

        public String getAuthTypeName() {
            return this.authTypeName;
        }

        public static AUTHENTICATION_TYPE getAuthenticationTypeByName(String str) {
            AUTHENTICATION_TYPE authentication_type = null;
            if (ANONYMOUS.getAuthTypeName().equals(str)) {
                authentication_type = ANONYMOUS;
            } else if (SIMPLE.getAuthTypeName().equals(str)) {
                authentication_type = SIMPLE;
            } else if (STRONG.getAuthTypeName().equals(str)) {
                authentication_type = STRONG;
            } else if (EXTERNAL.getAuthTypeName().equals(str)) {
                authentication_type = EXTERNAL;
            } else if (DIGEST_MD5.getAuthTypeName().equals(str)) {
                authentication_type = DIGEST_MD5;
            } else if (CRAM_MD5.getAuthTypeName().equals(str)) {
                authentication_type = CRAM_MD5;
            } else if (GSSAPI.getAuthTypeName().equals(str)) {
                authentication_type = GSSAPI;
            }
            return authentication_type;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:edu/internet2/middleware/shibboleth/common/attribute/resolver/provider/dataConnector/LdapDataConnector$LDAPValueEscapingStrategy.class */
    public class LDAPValueEscapingStrategy implements TemplateEngine.CharacterEscapingStrategy {
        protected LDAPValueEscapingStrategy() {
        }

        @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.TemplateEngine.CharacterEscapingStrategy
        public String escape(String str) {
            return str.replace("*", "\\*").replace("(", "\\(").replace(")", "\\)").replace("\\", "\\");
        }
    }

    public LdapDataConnector(LdapPoolStrategy ldapPoolStrategy, Cache cache) {
        this.ldapPool = ldapPoolStrategy;
        this.resultsCache = cache;
    }

    public void registerTemplate(TemplateEngine templateEngine, String str) {
        if (getId() == null) {
            throw new IllegalStateException("Template cannot be registered until plugin id has been set");
        }
        this.filterCreator = templateEngine;
        this.filterTemplate = str;
        this.filterTemplateName = "shibboleth.resolver.dc." + getId();
        this.filterCreator.registerTemplate(this.filterTemplateName, this.filterTemplate);
    }

    protected void clearCache() {
        if (isCacheResults()) {
            this.resultsCache.removeAll();
        }
    }

    public boolean isCacheResults() {
        return this.resultsCache != null;
    }

    public boolean isNoResultsIsError() {
        return this.noResultsIsError;
    }

    public void setNoResultsIsError(boolean z) {
        this.noResultsIsError = z;
    }

    public TemplateEngine getTemplateEngine() {
        return this.filterCreator;
    }

    public String getFilterTemplate() {
        return this.filterTemplate;
    }

    public LdapPoolStrategy getLdapPool() {
        return this.ldapPool;
    }

    public String[] getReturnAttributes() {
        return this.returnAttributes;
    }

    public void setReturnAttributes(String[] strArr) {
        this.returnAttributes = strArr;
    }

    public void setReturnAttributes(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        String[] strArr = new String[stringTokenizer.countTokens()];
        for (int i = 0; i < stringTokenizer.countTokens(); i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        setReturnAttributes(strArr);
    }

    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public void validate() throws AttributeResolutionException {
        Ldap ldap = null;
        try {
            try {
                Ldap checkOut = this.ldapPool.checkOut();
                if (checkOut == null) {
                    this.log.error("Unable to retrieve an LDAP connection");
                    throw new AttributeResolutionException("Unable to retrieve LDAP connection");
                }
                if (!checkOut.connect()) {
                    throw new NamingException();
                }
                if (checkOut != null) {
                    try {
                        this.ldapPool.checkIn(checkOut);
                    } catch (Exception e) {
                        this.log.error("Could not return Ldap object back to pool", e);
                    }
                }
            } catch (NamingException e2) {
                this.log.error("An error occured when attempting to search the LDAP: " + ldap.getLdapConfig().getEnvironment(), e2);
                throw new AttributeResolutionException("An error occurred when attempting to search the LDAP", e2);
            } catch (Exception e3) {
                this.log.error("Could not retrieve Ldap object from pool", e3);
                throw new AttributeResolutionException("An error occurred when attempting to retrieve a LDAP connection from the pool", e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    this.ldapPool.checkIn(null);
                } catch (Exception e4) {
                    this.log.error("Could not return Ldap object back to pool", e4);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ResolutionPlugIn
    public Map<String, BaseAttribute> resolve(ShibbolethResolutionContext shibbolethResolutionContext) throws AttributeResolutionException {
        String trim = this.filterCreator.createStatement(this.filterTemplateName, shibbolethResolutionContext, getDependencyIds(), this.escapingStrategy).trim();
        this.log.debug("Search filter: {}", trim);
        Map<String, BaseAttribute> retrieveAttributesFromCache = retrieveAttributesFromCache(trim);
        if (retrieveAttributesFromCache == null) {
            Iterator<SearchResult> searchLdap = searchLdap(trim);
            if (this.noResultsIsError && !searchLdap.hasNext()) {
                this.log.debug("LDAP data connector " + getId() + " - No result returned and connector configured to treat this as an error.");
                throw new AttributeResolutionException("No LDAP entry found for " + shibbolethResolutionContext.getAttributeRequestContext().getPrincipalName());
            }
            retrieveAttributesFromCache = buildBaseAttributes(searchLdap);
            cacheResult(trim, retrieveAttributesFromCache);
        }
        return retrieveAttributesFromCache;
    }

    protected Map<String, BaseAttribute> retrieveAttributesFromCache(String str) {
        if (!isCacheResults()) {
            return null;
        }
        this.log.debug("LDAP data connector {} - Checking cache for search results", getId());
        Element element = this.resultsCache.get(str);
        if (element == null || element.isExpired()) {
            this.log.debug("LDAP data connector {} - No results cached for search filter '{}'", getId(), str);
            return null;
        }
        this.log.debug("LDAP data connector {} - Returning attributes from cache", getId());
        return (Map) element.getObjectValue();
    }

    protected Iterator<SearchResult> searchLdap(String str) throws AttributeResolutionException {
        this.log.debug("LDAP data connector {} - Retrieving attributes from LDAP", getId());
        Ldap ldap = null;
        try {
            try {
                try {
                    ldap = this.ldapPool.checkOut();
                    Iterator<SearchResult> search = ldap.search(new SearchFilter(str), this.returnAttributes);
                    if (ldap != null) {
                        try {
                            this.ldapPool.checkIn(ldap);
                        } catch (Exception e) {
                            this.log.error("LDAP data connector " + getId() + " - Could not return Ldap object back to pool", e);
                        }
                    }
                    return search;
                } catch (Throwable th) {
                    if (ldap != null) {
                        try {
                            this.ldapPool.checkIn(ldap);
                        } catch (Exception e2) {
                            this.log.error("LDAP data connector " + getId() + " - Could not return Ldap object back to pool", e2);
                        }
                    }
                    throw th;
                }
            } catch (NamingException e3) {
                this.log.debug("LDAP data connector " + getId() + " - An error occured when attempting to search the LDAP: " + ldap.getLdapConfig().getEnvironment(), e3);
                throw new AttributeResolutionException("An error occurred when attempting to search the LDAP");
            }
        } catch (Exception e4) {
            this.log.debug("LDAP data connector " + getId() + " - Could not perform ldap search", e4);
            throw new AttributeResolutionException("An error occurred when attempting to perform a LDAP search");
        }
    }

    protected Map<String, BaseAttribute> buildBaseAttributes(Iterator<SearchResult> it) throws AttributeResolutionException {
        HashMap hashMap = new HashMap();
        if (!it.hasNext()) {
            return hashMap;
        }
        SearchResult next = it.next();
        try {
            LdapAttributes newLdapAttributes = LdapBeanProvider.getLdapBeanFactory().newLdapAttributes();
            newLdapAttributes.addAttributes(next.getAttributes());
            for (LdapAttribute ldapAttribute : newLdapAttributes.getAttributes()) {
                this.log.debug("LDAP data connector {} - Found the following attribute: {}", getId(), ldapAttribute);
                BaseAttribute baseAttribute = (BaseAttribute) hashMap.get(ldapAttribute.getName());
                if (baseAttribute == null) {
                    baseAttribute = new BasicAttribute(ldapAttribute.getName());
                    hashMap.put(ldapAttribute.getName(), baseAttribute);
                }
                Set values = ldapAttribute.getValues();
                if (values != null && !values.isEmpty()) {
                    for (Object obj : values) {
                        if (obj instanceof String) {
                            String str = (String) obj;
                            if (!DatatypeHelper.isEmpty(str)) {
                                baseAttribute.getValues().add(DatatypeHelper.safeTrimOrNullString(str));
                            }
                        } else {
                            this.log.debug("LDAP data connector {} - Attribute {} contained a value that is not of type String", getId(), ldapAttribute.getName());
                            baseAttribute.getValues().add(obj);
                        }
                    }
                }
            }
            return hashMap;
        } catch (NamingException e) {
            this.log.debug("LDAP data connector " + getId() + " - Error parsing LDAP attributes", e);
            throw new AttributeResolutionException("Error parsing LDAP attributes", e);
        }
    }

    protected void cacheResult(String str, Map<String, BaseAttribute> map) {
        if (isCacheResults()) {
            this.log.debug("LDAP data connector {} - Caching attributes from search '{}'", getId(), str);
            this.resultsCache.put(new Element(str, map));
        }
    }
}
