package org.jbpm.services.task.identity;

import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.kie.api.task.UserGroupCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.class */
public class LDAPUserGroupCallbackImpl extends AbstractUserGroupInfo implements UserGroupCallback {
    protected static final String DEFAULT_PROPERTIES_NAME = "classpath:/jbpm.usergroup.callback.properties";
    public static final String BIND_USER = "ldap.bind.user";
    public static final String BIND_PWD = "ldap.bind.pwd";
    public static final String USER_CTX = "ldap.user.ctx";
    public static final String ROLE_CTX = "ldap.role.ctx";
    public static final String USER_ROLES_CTX = "ldap.user.roles.ctx";
    public static final String USER_FILTER = "ldap.user.filter";
    public static final String ROLE_FILTER = "ldap.role.filter";
    public static final String USER_ATTR_ID = "ldap.user.attr.id";
    public static final String ROLE_ATTR_ID = "ldap.roles.attr.id";
    public static final String IS_USER_ID_DN = "ldap.user.id.dn";
    public static final String SEARCH_SCOPE = "ldap.search.scope";
    public static final String LDAP_NAME_ESCAPE = "ldap.name.escape";
    private Properties config;
    private static final Logger logger = LoggerFactory.getLogger(LDAPUserGroupCallbackImpl.class);
    public static final String USER_ROLES_FILTER = "ldap.user.roles.filter";
    protected static final String[] requiredProperties = {"ldap.user.ctx", "ldap.role.ctx", "ldap.user.filter", "ldap.role.filter", USER_ROLES_FILTER};

    public LDAPUserGroupCallbackImpl(boolean z) {
        this.config = readProperties(System.getProperty("jbpm.usergroup.callback.properties"), DEFAULT_PROPERTIES_NAME);
        validate();
    }

    public LDAPUserGroupCallbackImpl(Properties properties) {
        this.config = properties;
        validate();
    }

    public boolean existsUser(String str) {
        String escapeIllegalChars = escapeIllegalChars(str);
        InitialLdapContext initialLdapContext = null;
        boolean z = false;
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String property = this.config.getProperty("ldap.user.ctx");
                String property2 = this.config.getProperty("ldap.user.filter");
                String property3 = this.config.getProperty("ldap.user.attr.id", "uid");
                String replaceAll = property2.replaceAll("\\{0\\}", escapeIllegalChars);
                logger.debug("Seaching for user existence with filter {} on context {}", replaceAll, property);
                SearchControls searchControls = new SearchControls();
                String property4 = this.config.getProperty("ldap.search.scope");
                if (property4 != null) {
                    searchControls.setSearchScope(parseSearchScope(property4));
                }
                NamingEnumeration search = initialLdapContext.search(property, replaceAll, searchControls);
                if (search.hasMore()) {
                    if (((SearchResult) search.next()).getAttributes().get(property3).contains(escapeIllegalChars)) {
                        z = true;
                    }
                    logger.debug("Entry in LDAP found and result of matching with given user id is {}", Boolean.valueOf(z));
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                        e2.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
        }
        return z;
    }

    public boolean existsGroup(String str) {
        String escapeIllegalChars = escapeIllegalChars(str);
        InitialLdapContext initialLdapContext = null;
        boolean z = false;
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String property = this.config.getProperty("ldap.role.ctx");
                String property2 = this.config.getProperty("ldap.role.filter");
                String property3 = this.config.getProperty(ROLE_ATTR_ID, "cn");
                String replaceAll = property2.replaceAll("\\{0\\}", escapeIllegalChars);
                SearchControls searchControls = new SearchControls();
                String property4 = this.config.getProperty("ldap.search.scope");
                if (property4 != null) {
                    searchControls.setSearchScope(parseSearchScope(property4));
                }
                NamingEnumeration search = initialLdapContext.search(property, replaceAll, searchControls);
                if (search.hasMore() && ((SearchResult) search.next()).getAttributes().get(property3).contains(escapeIllegalChars)) {
                    z = true;
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            throw th;
        }
    }

    public List<String> getGroupsForUser(String str, List<String> list, List<String> list2) {
        InitialLdapContext initialLdapContext = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String str2 = str;
                if (!Boolean.parseBoolean(this.config.getProperty(IS_USER_ID_DN, "false"))) {
                    logger.debug("User id is not DN, looking up user first...");
                    String property = this.config.getProperty("ldap.user.ctx");
                    String property2 = this.config.getProperty("ldap.user.filter");
                    SearchControls searchControls = new SearchControls();
                    String property3 = this.config.getProperty("ldap.search.scope");
                    if (property3 != null) {
                        searchControls.setSearchScope(parseSearchScope(property3));
                    }
                    logger.debug("Searching for user DN with filter {} on context {}", property2, property);
                    NamingEnumeration search = initialLdapContext.search(property, property2, new Object[]{str}, searchControls);
                    if (search.hasMore()) {
                        str2 = ((SearchResult) search.nextElement()).getNameInNamespace();
                        logger.debug("User DN found, DN is {}", str2);
                    }
                    search.close();
                }
                String property4 = this.config.getProperty(USER_ROLES_CTX, this.config.getProperty("ldap.role.ctx"));
                String property5 = this.config.getProperty(USER_ROLES_FILTER);
                String property6 = this.config.getProperty(ROLE_ATTR_ID, "cn");
                SearchControls searchControls2 = new SearchControls();
                String property7 = this.config.getProperty("ldap.search.scope");
                if (property7 != null) {
                    searchControls2.setSearchScope(parseSearchScope(property7));
                }
                logger.debug("Searching for groups for user with filter {} on context {}", property5, property4);
                NamingEnumeration search2 = initialLdapContext.search(property4, property5, new Object[]{str2}, searchControls2);
                if (search2.hasMore()) {
                    while (search2.hasMore()) {
                        String unescapeIllegalChars = unescapeIllegalChars((String) ((SearchResult) search2.nextElement()).getAttributes().get(property6).get());
                        logger.debug("Found group {}", unescapeIllegalChars);
                        arrayList.add(unescapeIllegalChars);
                    }
                }
                search2.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            throw th;
        }
    }

    protected void validate() {
        if (this.config == null) {
            throw new IllegalArgumentException("No configuration found for LDAPUserGroupCallbackImpl, aborting...");
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (String str : requiredProperties) {
            if (!this.config.containsKey(str)) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(", ");
                }
                stringBuffer.append(str);
            }
        }
        if (stringBuffer.length() > 0) {
            logger.debug("Validation failed due to missing required properties: {}", stringBuffer.toString());
            throw new IllegalArgumentException("Missing required properties to configure LDAPUserGroupCallbackImpl: " + stringBuffer.toString());
        }
    }

    protected InitialLdapContext buildInitialLdapContext() throws NamingException {
        if (this.config.getProperty("java.naming.factory.initial") == null) {
            this.config.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (this.config.getProperty("java.naming.security.authentication") == null) {
            this.config.setProperty("java.naming.security.authentication", "simple");
        }
        String property = this.config.getProperty("java.naming.security.protocol");
        if (this.config.getProperty("java.naming.provider.url") == null) {
            this.config.setProperty("java.naming.provider.url", "ldap://localhost:" + ((property == null || !property.equals("ssl")) ? "389" : "636"));
        }
        String property2 = this.config.getProperty("ldap.bind.user");
        if (property2 != null) {
            this.config.setProperty("java.naming.security.principal", property2);
        }
        String property3 = this.config.getProperty("ldap.bind.pwd");
        if (property2 != null) {
            this.config.setProperty("java.naming.security.credentials", property3);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Using following InitialLdapContext properties:");
            logger.debug("Factory {}", this.config.getProperty("java.naming.factory.initial"));
            logger.debug("Authentication {}", this.config.getProperty("java.naming.security.authentication"));
            logger.debug("Protocol {}", this.config.getProperty("java.naming.security.protocol"));
            logger.debug("Provider URL {}", this.config.getProperty("java.naming.provider.url"));
        }
        return new InitialLdapContext(this.config, (Control[]) null);
    }

    protected int parseSearchScope(String str) {
        logger.debug("Search scope: {}", str);
        if ("OBJECT_SCOPE".equals(str)) {
            return 0;
        }
        return (!"ONELEVEL_SCOPE".equals(str) && "SUBTREE_SCOPE".equals(str)) ? 2 : 1;
    }

    private boolean escapeOn() {
        return Boolean.parseBoolean(this.config.getProperty(LDAP_NAME_ESCAPE, "true"));
    }

    protected String escapeIllegalChars(String str) {
        return !escapeOn() ? str : str.replace(",", "\\,");
    }

    protected String unescapeIllegalChars(String str) {
        return !escapeOn() ? str : str.replace("\\,", ",");
    }
}
