package org.jbpm.services.task.identity;

import freemarker.core.Configurable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.drools.core.RuleBaseConfiguration;
import org.kie.api.task.model.Group;
import org.kie.api.task.model.OrganizationalEntity;
import org.kie.api.task.model.User;
import org.kie.internal.task.api.TaskModelProvider;
import org.kie.internal.task.api.UserInfo;
import org.kie.internal.task.api.model.InternalOrganizationalEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jbpm-human-task-core-6.4.0.Final.jar:org/jbpm/services/task/identity/LDAPUserInfoImpl.class */
public class LDAPUserInfoImpl extends AbstractUserGroupInfo implements UserInfo {
    protected static final String DEFAULT_PROPERTIES_NAME = "classpath:/jbpm.user.info.properties";
    public static final String BIND_USER = "ldap.bind.user";
    public static final String BIND_PWD = "ldap.bind.pwd";
    public static final String USER_CTX = "ldap.user.ctx";
    public static final String ROLE_CTX = "ldap.role.ctx";
    public static final String USER_FILTER = "ldap.user.filter";
    public static final String ROLE_FILTER = "ldap.role.filter";
    public static final String ROLE_MEMBERS_FILTER = "ldap.role.members.filter";
    public static final String EMAIL_ATTR_ID = "ldap.email.attr.id";
    public static final String NAME_ATTR_ID = "ldap.name.attr.id";
    public static final String LANG_ATTR_ID = "ldap.lang.attr.id";
    public static final String MEMBER_ATTR_ID = "ldap.member.attr.id";
    public static final String USER_ATTR_ID = "ldap.user.attr.id";
    public static final String ROLE_ATTR_ID = "ldap.role.attr.id";
    public static final String IS_ENTITY_ID_DN = "ldap.entity.id.dn";
    public static final String SEARCH_SCOPE = "ldap.search.scope";
    private Properties config;
    private static final Logger logger = LoggerFactory.getLogger(LDAPUserInfoImpl.class);
    protected static final String[] requiredProperties = {"ldap.user.ctx", "ldap.role.ctx", "ldap.user.filter", "ldap.role.filter"};

    public LDAPUserInfoImpl(boolean z) {
        this.config = readProperties(System.getProperty("jbpm.user.info.properties"), DEFAULT_PROPERTIES_NAME);
        validate();
    }

    public LDAPUserInfoImpl(Properties properties) {
        this.config = properties;
        validate();
    }

    @Override // org.kie.internal.task.api.UserInfo
    public String getDisplayName(OrganizationalEntity organizationalEntity) {
        String property;
        String property2;
        String property3;
        if (organizationalEntity instanceof User) {
            property = this.config.getProperty("ldap.user.ctx");
            property2 = this.config.getProperty("ldap.user.filter");
            property3 = this.config.getProperty(NAME_ATTR_ID, "displayName");
        } else {
            if (!(organizationalEntity instanceof Group)) {
                throw new IllegalArgumentException("Unknown organizational entity " + organizationalEntity);
            }
            property = this.config.getProperty("ldap.role.ctx");
            property2 = this.config.getProperty("ldap.role.filter");
            property3 = this.config.getProperty(NAME_ATTR_ID, "displayName");
        }
        return searchLdap(property, property2, property3, organizationalEntity);
    }

    @Override // org.kie.internal.task.api.UserInfo
    public Iterator<OrganizationalEntity> getMembersForGroup(Group group) {
        InitialLdapContext initialLdapContext = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String property = this.config.getProperty("ldap.role.ctx");
                String property2 = this.config.getProperty(ROLE_MEMBERS_FILTER, this.config.getProperty("ldap.role.filter"));
                String property3 = this.config.getProperty(MEMBER_ATTR_ID, "member");
                String id = group.getId();
                if (Boolean.parseBoolean(this.config.getProperty(IS_ENTITY_ID_DN, RuleBaseConfiguration.DEFAULT_SIGN_ON_SERIALIZATION))) {
                    id = extractUserId(id, group);
                }
                String replaceAll = property2.replaceAll("\\{0\\}", id);
                SearchControls searchControls = new SearchControls();
                String property4 = this.config.getProperty("ldap.search.scope");
                if (property4 != null) {
                    searchControls.setSearchScope(parseSearchScope(property4));
                }
                NamingEnumeration search = initialLdapContext.search(property, replaceAll, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(property3);
                    for (int i = 0; i < attribute.size(); i++) {
                        User newUser = TaskModelProvider.getFactory().newUser();
                        ((InternalOrganizationalEntity) newUser).setId(attribute.get(i).toString());
                        arrayList.add(newUser);
                    }
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return arrayList.iterator();
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            throw th;
        }
    }

    @Override // org.kie.internal.task.api.UserInfo
    public boolean hasEmail(Group group) {
        Attribute attribute;
        InitialLdapContext initialLdapContext = null;
        boolean z = false;
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String property = this.config.getProperty("ldap.role.ctx");
                String property2 = this.config.getProperty("ldap.role.filter");
                String property3 = this.config.getProperty(EMAIL_ATTR_ID, "mail");
                String id = group.getId();
                if (Boolean.parseBoolean(this.config.getProperty(IS_ENTITY_ID_DN, RuleBaseConfiguration.DEFAULT_SIGN_ON_SERIALIZATION))) {
                    id = extractUserId(id, group);
                }
                String replaceAll = property2.replaceAll("\\{0\\}", id);
                SearchControls searchControls = new SearchControls();
                String property4 = this.config.getProperty("ldap.search.scope");
                if (property4 != null) {
                    searchControls.setSearchScope(parseSearchScope(property4));
                }
                NamingEnumeration search = initialLdapContext.search(property, replaceAll, searchControls);
                if (search.hasMore() && (attribute = ((SearchResult) search.next()).getAttributes().get(property3)) != null && attribute.get() != null) {
                    z = true;
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            throw th;
        }
    }

    @Override // org.kie.internal.task.api.UserInfo
    public String getEmailForEntity(OrganizationalEntity organizationalEntity) {
        String property;
        String property2;
        String property3;
        if (organizationalEntity instanceof User) {
            property = this.config.getProperty("ldap.user.ctx");
            property2 = this.config.getProperty("ldap.user.filter");
            property3 = this.config.getProperty(EMAIL_ATTR_ID, "mail");
        } else {
            if (!(organizationalEntity instanceof Group)) {
                throw new IllegalArgumentException("Unknown organizational entity " + organizationalEntity);
            }
            property = this.config.getProperty("ldap.role.ctx");
            property2 = this.config.getProperty("ldap.role.filter");
            property3 = this.config.getProperty(EMAIL_ATTR_ID, "mail");
        }
        return searchLdap(property, property2, property3, organizationalEntity);
    }

    @Override // org.kie.internal.task.api.UserInfo
    public String getLanguageForEntity(OrganizationalEntity organizationalEntity) {
        String property;
        String property2;
        String property3;
        if (organizationalEntity instanceof User) {
            property = this.config.getProperty("ldap.user.ctx");
            property2 = this.config.getProperty("ldap.user.filter");
            property3 = this.config.getProperty(LANG_ATTR_ID, Configurable.LOCALE_KEY);
        } else {
            if (!(organizationalEntity instanceof Group)) {
                throw new IllegalArgumentException("Unknown organizational entity " + organizationalEntity);
            }
            property = this.config.getProperty("ldap.role.ctx");
            property2 = this.config.getProperty("ldap.role.filter");
            property3 = this.config.getProperty(LANG_ATTR_ID, Configurable.LOCALE_KEY);
        }
        String searchLdap = searchLdap(property, property2, property3, organizationalEntity);
        if (searchLdap == null) {
            searchLdap = "en-UK";
        }
        return searchLdap;
    }

    protected void validate() {
        if (this.config == null) {
            throw new IllegalArgumentException("No configuration found for LDAPUserInfoImpl, aborting...");
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (String str : requiredProperties) {
            if (!this.config.containsKey(str)) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(", ");
                }
                stringBuffer.append(str);
            }
        }
        if (stringBuffer.length() > 0) {
            logger.debug("Validation failed due to missing required properties: {}", stringBuffer.toString());
            throw new IllegalArgumentException("Missing required properties to configure LDAPUserInfoImpl: " + stringBuffer.toString());
        }
    }

    protected InitialLdapContext buildInitialLdapContext() throws NamingException {
        if (this.config.getProperty("java.naming.factory.initial") == null) {
            this.config.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (this.config.getProperty("java.naming.security.authentication") == null) {
            this.config.setProperty("java.naming.security.authentication", "simple");
        }
        String property = this.config.getProperty("java.naming.security.protocol");
        if (this.config.getProperty("java.naming.provider.url") == null) {
            this.config.setProperty("java.naming.provider.url", "ldap://localhost:" + ((property == null || !property.equals("ssl")) ? "389" : "636"));
        }
        String property2 = this.config.getProperty("ldap.bind.user");
        if (property2 != null) {
            this.config.setProperty("java.naming.security.principal", property2);
        }
        String property3 = this.config.getProperty("ldap.bind.pwd");
        if (property2 != null) {
            this.config.setProperty("java.naming.security.credentials", property3);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Using following InitialLdapContext properties:");
            logger.debug("Factory {}", this.config.getProperty("java.naming.factory.initial"));
            logger.debug("Authentication {}", this.config.getProperty("java.naming.security.authentication"));
            logger.debug("Protocol {}", this.config.getProperty("java.naming.security.protocol"));
            logger.debug("Provider URL {}", this.config.getProperty("java.naming.provider.url"));
        }
        return new InitialLdapContext(this.config, (Control[]) null);
    }

    protected String searchLdap(String str, String str2, String str3, OrganizationalEntity organizationalEntity) {
        Attribute attribute;
        InitialLdapContext initialLdapContext = null;
        String str4 = null;
        try {
            try {
                initialLdapContext = buildInitialLdapContext();
                String id = organizationalEntity.getId();
                if (Boolean.parseBoolean(this.config.getProperty(IS_ENTITY_ID_DN, RuleBaseConfiguration.DEFAULT_SIGN_ON_SERIALIZATION))) {
                    id = extractUserId(id, organizationalEntity);
                }
                String replaceAll = str2.replaceAll("\\{0\\}", id);
                SearchControls searchControls = new SearchControls();
                String property = this.config.getProperty("ldap.search.scope");
                if (property != null) {
                    searchControls.setSearchScope(parseSearchScope(property));
                }
                NamingEnumeration search = initialLdapContext.search(str, replaceAll, searchControls);
                if (search.hasMore() && (attribute = ((SearchResult) search.next()).getAttributes().get(str3)) != null) {
                    str4 = (String) attribute.get();
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
            }
            return str4;
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            throw th;
        }
    }

    protected String extractUserId(String str, OrganizationalEntity organizationalEntity) {
        String[] split = str.split(",");
        if (split.length == 1) {
            return str;
        }
        String str2 = null;
        if (organizationalEntity instanceof User) {
            str2 = this.config.getProperty("ldap.user.attr.id", "uid");
        } else if (organizationalEntity instanceof Group) {
            str2 = this.config.getProperty(ROLE_ATTR_ID, "cn");
        }
        if (split == null) {
            return null;
        }
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            if (split2[0].equalsIgnoreCase(str2)) {
                return split2[1];
            }
        }
        return null;
    }

    protected int parseSearchScope(String str) {
        logger.debug("Search scope: {}", str);
        if ("OBJECT_SCOPE".equals(str)) {
            return 0;
        }
        return (!"ONELEVEL_SCOPE".equals(str) && "SUBTREE_SCOPE".equals(str)) ? 2 : 1;
    }
}
