package org.wildfly.security.auth.realm.ldap;

import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.Spliterators;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.naming.Binding;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ReferralException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.EventContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import org.wildfly.common.Assert;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.realm.IdentitySharedExclusiveLock;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.ModifiableRealmIdentityIterator;
import org.wildfly.security.auth.server.ModifiableSecurityRealm;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.AlgorithmEvidence;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.password.spec.Encoding;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm.class */
public class LdapSecurityRealm implements ModifiableSecurityRealm, CacheableSecurityRealm {
    private final Supplier<Provider[]> providers;
    private final ExceptionSupplier<DirContext, NamingException> dirContextSupplier;
    private final NameRewriter nameRewriter;
    private final IdentityMapping identityMapping;
    private final int pageSize;
    private final Charset hashCharset;
    private final Encoding hashEncoding;
    private final List<CredentialLoader> credentialLoaders;
    private final List<CredentialPersister> credentialPersisters;
    private final List<EvidenceVerifier> evidenceVerifiers;
    private final String ENV_BINARY_ATTRIBUTES = "java.naming.ldap.attributes.binary";
    private final ConcurrentHashMap<String, IdentitySharedExclusiveLock> realmIdentityLocks = new ConcurrentHashMap<>();
    private Set<Consumer<Principal>> listenersPendingRegistration = new LinkedHashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm$IdentityMapping.class */
    public static class IdentityMapping {
        private final String searchDn;
        private final boolean searchRecursive;
        private final int searchTimeLimit;
        private final String rdnIdentifier;
        private final List<AttributeMapping> attributes;
        private final LdapName newIdentityParent;
        private final Attributes newIdentityAttributes;
        private final String filterName;
        private final String iteratorFilter;

        public IdentityMapping(String str, boolean z, int i, String str2, List<AttributeMapping> list, LdapName ldapName, Attributes attributes, String str3, String str4) {
            Assert.checkNotNullParam("rdnIdentifier", str2);
            this.searchDn = str;
            this.searchRecursive = z;
            this.searchTimeLimit = i;
            this.rdnIdentifier = str2;
            this.attributes = list;
            this.newIdentityParent = ldapName;
            this.newIdentityAttributes = attributes;
            this.filterName = str3;
            this.iteratorFilter = str4;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm$LdapRealmIdentity.class */
    public class LdapRealmIdentity implements ModifiableRealmIdentity {
        private final String name;
        private IdentitySharedExclusiveLock.IdentityLock lock;
        private final Charset hashCharset;
        private final Encoding hashEncoding;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm$LdapRealmIdentity$LdapIdentity.class */
        public class LdapIdentity {
            private final String name;
            private final DirContext dirContext;
            private final String distinguishedName;
            private final String url;
            private final SearchResult entry;

            LdapIdentity(String str, DirContext dirContext, String str2, String str3, SearchResult searchResult) {
                this.name = str;
                this.dirContext = dirContext;
                this.distinguishedName = str2;
                this.url = str3;
                this.entry = searchResult;
            }

            String getName() {
                return this.name;
            }

            DirContext getDirContext() {
                return this.dirContext;
            }

            String getDistinguishedName() {
                return this.distinguishedName;
            }

            String getUrl() {
                return this.url;
            }

            SearchResult getEntry() {
                return this.entry;
            }
        }

        LdapRealmIdentity(String str, IdentitySharedExclusiveLock.IdentityLock identityLock, Charset charset, Encoding encoding) {
            this.name = str;
            this.lock = identityLock;
            this.hashCharset = charset;
            this.hashEncoding = encoding;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Principal getRealmIdentityPrincipal() {
            return new NamePrincipal(this.name);
        }

        public Charset getHashCharset() {
            return this.hashCharset;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            if (LdapSecurityRealm.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec) == SupportLevel.UNSUPPORTED) {
                return SupportLevel.UNSUPPORTED;
            }
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                    credentialLoader.addRequiredIdentityAttributes(hashSet);
                    credentialLoader.addBinaryIdentityAttributes(hashSet2);
                }
                LdapIdentity identity = getIdentity(obtainContext, hashSet, hashSet2);
                if (identity == null) {
                    SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
                    LdapSecurityRealm.this.closeContext(obtainContext);
                    return supportLevel;
                }
                SupportLevel supportLevel2 = SupportLevel.UNSUPPORTED;
                for (CredentialLoader credentialLoader2 : LdapSecurityRealm.this.credentialLoaders) {
                    if (credentialLoader2.getCredentialAcquireSupport(cls, str, algorithmParameterSpec).mayBeSupported()) {
                        SupportLevel credentialAcquireSupport = credentialLoader2.forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getEntry().getAttributes(), this.hashEncoding).getCredentialAcquireSupport(cls, str, algorithmParameterSpec, LdapSecurityRealm.this.providers);
                        if (credentialAcquireSupport != null && credentialAcquireSupport.isDefinitelySupported()) {
                            return credentialAcquireSupport;
                        }
                        if (credentialAcquireSupport != null && supportLevel2.compareTo(credentialAcquireSupport) < 0) {
                            supportLevel2 = credentialAcquireSupport;
                        }
                    }
                }
                SupportLevel supportLevel3 = supportLevel2;
                LdapSecurityRealm.this.closeContext(obtainContext);
                return supportLevel3;
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            return (C) getCredential(cls, str, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            if (LdapSecurityRealm.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec) == SupportLevel.UNSUPPORTED) {
                return null;
            }
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (CredentialLoader credentialLoader : LdapSecurityRealm.this.credentialLoaders) {
                    credentialLoader.addRequiredIdentityAttributes(hashSet);
                    credentialLoader.addBinaryIdentityAttributes(hashSet2);
                }
                LdapIdentity identity = getIdentity(obtainContext, hashSet, hashSet2);
                if (identity == null) {
                    return null;
                }
                for (CredentialLoader credentialLoader2 : LdapSecurityRealm.this.credentialLoaders) {
                    if (credentialLoader2.getCredentialAcquireSupport(cls, str, algorithmParameterSpec).mayBeSupported()) {
                        Credential credential = credentialLoader2.forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getEntry().getAttributes(), this.hashEncoding).getCredential(cls, str, algorithmParameterSpec, LdapSecurityRealm.this.providers);
                        if (cls.isInstance(credential)) {
                            C cast = cls.cast(credential);
                            LdapSecurityRealm.this.closeContext(obtainContext);
                            return cast;
                        }
                    }
                }
                LdapSecurityRealm.this.closeContext(obtainContext);
                return null;
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.wildfly.security.auth.server.ModifiableRealmIdentity
        public void setCredentials(Collection<? extends Credential> collection) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentials", collection);
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (CredentialPersister credentialPersister : LdapSecurityRealm.this.credentialPersisters) {
                    credentialPersister.addRequiredIdentityAttributes(hashSet);
                    credentialPersister.addBinaryIdentityAttributes(hashSet2);
                }
                LdapIdentity identity = getIdentity(obtainContext, hashSet, hashSet2);
                if (identity == null) {
                    throw ElytronMessages.log.ldapRealmIdentityNotExists(this.name);
                }
                for (Credential credential : collection) {
                    Class<?> cls = credential.getClass();
                    String algorithm = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
                    AlgorithmParameterSpec parameters = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getParameters() : null;
                    boolean z = false;
                    Iterator it = LdapSecurityRealm.this.credentialPersisters.iterator();
                    while (it.hasNext()) {
                        if (((CredentialPersister) it.next()).forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getEntry().getAttributes()).getCredentialPersistSupport(cls, algorithm, parameters)) {
                            z = true;
                        }
                    }
                    if (!z) {
                        throw ElytronMessages.log.ldapRealmsPersisterNotSupported();
                    }
                }
                Iterator it2 = LdapSecurityRealm.this.credentialPersisters.iterator();
                while (it2.hasNext()) {
                    ((CredentialPersister) it2.next()).forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getEntry().getAttributes()).clearCredentials();
                }
                for (Credential credential2 : collection) {
                    Class<?> cls2 = credential2.getClass();
                    String algorithm2 = credential2 instanceof AlgorithmCredential ? ((AlgorithmCredential) credential2).getAlgorithm() : null;
                    AlgorithmParameterSpec parameters2 = credential2 instanceof AlgorithmCredential ? ((AlgorithmCredential) credential2).getParameters() : null;
                    Iterator it3 = LdapSecurityRealm.this.credentialPersisters.iterator();
                    while (true) {
                        if (it3.hasNext()) {
                            IdentityCredentialPersister forIdentity = ((CredentialPersister) it3.next()).forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getEntry().getAttributes());
                            if (forIdentity.getCredentialPersistSupport(cls2, algorithm2, parameters2)) {
                                forIdentity.persistCredential(credential2);
                                break;
                            }
                        }
                    }
                }
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public void dispose() {
            IdentitySharedExclusiveLock.IdentityLock identityLock = this.lock;
            this.lock = null;
            if (identityLock != null) {
                identityLock.release();
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return AuthorizationIdentity.basicIdentity(getAttributes());
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public org.wildfly.security.authz.Attributes getAttributes() throws RealmUnavailableException {
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                LdapIdentity identity = getIdentity(obtainContext, (Collection) LdapSecurityRealm.this.identityMapping.attributes.stream().map((v0) -> {
                    return v0.getIdentityLdapName();
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toSet()), null);
                SearchResult entry = identity != null ? identity.getEntry() : null;
                DirContext dirContext = identity != null ? identity.getDirContext() : null;
                MapAttributes mapAttributes = new MapAttributes();
                mapAttributes.addAll(extractSimpleAttributes(entry));
                mapAttributes.addAll(extractFilteredAttributes(entry, obtainContext, dirContext));
                if (ElytronMessages.log.isDebugEnabled()) {
                    ElytronMessages.log.debugf("Obtaining authorization identity attributes for principal [%s]:", this.name);
                    if (mapAttributes.isEmpty()) {
                        ElytronMessages.log.debugf("Identity [%s] does not have any attributes.", this.name);
                    } else {
                        ElytronMessages.log.debugf("Identity [%s] attributes are:", this.name);
                        mapAttributes.keySet().forEach(str -> {
                            mapAttributes.get(str).forEach(str -> {
                                ElytronMessages.log.debugf("    Attribute [%s] value [%s].", str, str);
                            });
                        });
                    }
                }
                org.wildfly.security.authz.Attributes asReadOnly = mapAttributes.asReadOnly();
                LdapSecurityRealm.this.closeContext(obtainContext);
                return asReadOnly;
            } catch (Throwable th) {
                LdapSecurityRealm.this.closeContext(obtainContext);
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidenceType", cls);
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (EvidenceVerifier evidenceVerifier : LdapSecurityRealm.this.evidenceVerifiers) {
                    evidenceVerifier.addRequiredIdentityAttributes(hashSet);
                    evidenceVerifier.addBinaryIdentityAttributes(hashSet2);
                }
                LdapIdentity identity = getIdentity(obtainContext, hashSet, hashSet2);
                if (identity == null) {
                    SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
                    LdapSecurityRealm.this.closeContext(obtainContext);
                    return supportLevel;
                }
                SupportLevel supportLevel2 = SupportLevel.UNSUPPORTED;
                for (EvidenceVerifier evidenceVerifier2 : LdapSecurityRealm.this.evidenceVerifiers) {
                    if (evidenceVerifier2.getEvidenceVerifySupport(cls, str).mayBeSupported()) {
                        SupportLevel evidenceVerifySupport = evidenceVerifier2.forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getUrl(), identity.getEntry().getAttributes(), this.hashEncoding).getEvidenceVerifySupport(cls, str, LdapSecurityRealm.this.providers);
                        if (evidenceVerifySupport != null && evidenceVerifySupport.isDefinitelySupported()) {
                            return evidenceVerifySupport;
                        }
                        if (evidenceVerifySupport != null && supportLevel2.compareTo(evidenceVerifySupport) < 0) {
                            supportLevel2 = evidenceVerifySupport;
                        }
                    }
                }
                SupportLevel supportLevel3 = supportLevel2;
                LdapSecurityRealm.this.closeContext(obtainContext);
                return supportLevel3;
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidence", evidence);
            Class<?> cls = evidence.getClass();
            String algorithm = evidence instanceof AlgorithmEvidence ? ((AlgorithmEvidence) evidence).getAlgorithm() : null;
            if (LdapSecurityRealm.this.getEvidenceVerifySupport(cls, algorithm) == SupportLevel.UNSUPPORTED) {
                return false;
            }
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet();
                for (EvidenceVerifier evidenceVerifier : LdapSecurityRealm.this.evidenceVerifiers) {
                    evidenceVerifier.addRequiredIdentityAttributes(hashSet);
                    evidenceVerifier.addBinaryIdentityAttributes(hashSet2);
                }
                LdapIdentity identity = getIdentity(obtainContext, hashSet, hashSet2);
                if (identity == null) {
                    return false;
                }
                for (EvidenceVerifier evidenceVerifier2 : LdapSecurityRealm.this.evidenceVerifiers) {
                    if (evidenceVerifier2.getEvidenceVerifySupport(cls, algorithm).mayBeSupported() && evidenceVerifier2.forIdentity(identity.getDirContext(), identity.getDistinguishedName(), identity.getUrl(), identity.getEntry().getAttributes(), this.hashEncoding).verifyEvidence(evidence, LdapSecurityRealm.this.providers, this.hashCharset)) {
                        LdapSecurityRealm.this.closeContext(obtainContext);
                        return true;
                    }
                }
                LdapSecurityRealm.this.closeContext(obtainContext);
                return false;
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                boolean z = getIdentity(obtainContext) != null;
                if (!z) {
                    ElytronMessages.log.debugf("Principal [%s] does not exists.", this.name);
                }
                return z;
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }

        private LdapSearch createLdapSearchByDn() {
            if (!this.name.regionMatches(true, 0, LdapSecurityRealm.this.identityMapping.rdnIdentifier, 0, LdapSecurityRealm.this.identityMapping.rdnIdentifier.length())) {
                return null;
            }
            try {
                LdapName ldapName = new LdapName(this.name);
                Rdn rdn = ldapName.getRdn(ldapName.size() - 1);
                if (!rdn.getType().equalsIgnoreCase(LdapSecurityRealm.this.identityMapping.rdnIdentifier)) {
                    ElytronMessages.log.tracef("Getting identity [%s] by DN skipped - RDN does not match [%s]", this.name, LdapSecurityRealm.this.identityMapping.rdnIdentifier);
                    return null;
                }
                if (LdapSecurityRealm.this.identityMapping.searchDn != null) {
                    List rdns = new LdapName(LdapSecurityRealm.this.identityMapping.searchDn).getRdns();
                    if (!ldapName.startsWith(rdns)) {
                        ElytronMessages.log.tracef("Getting identity [%s] by DN skipped - DN not in search-dn [%s]", this.name, LdapSecurityRealm.this.identityMapping.searchDn);
                        return null;
                    }
                    if (!LdapSecurityRealm.this.identityMapping.searchRecursive && ldapName.size() != rdns.size() + 1) {
                        ElytronMessages.log.tracef("Getting identity [%s] by DN skipped - DN not directly in search-dn and recursive search not enabled [%s]", this.name, LdapSecurityRealm.this.identityMapping.searchDn);
                        return null;
                    }
                }
                return new LdapSearch(ldapName.toString(), 0, 0, LdapSecurityRealm.this.identityMapping.filterName, rdn.getValue().toString());
            } catch (InvalidNameException e) {
                ElytronMessages.log.tracef(e, "Getting identity [%s] by DN failed - will continue by name", this.name);
                return null;
            }
        }

        private LdapIdentity getIdentity(DirContext dirContext) throws RealmUnavailableException {
            return getIdentity(dirContext, null, null);
        }

        private LdapIdentity getIdentity(DirContext dirContext, Collection<String> collection, Collection<String> collection2) throws RealmUnavailableException {
            ElytronMessages.log.debugf("Trying to create identity for principal [%s].", this.name);
            LdapSearch createLdapSearchByDn = createLdapSearchByDn();
            if (createLdapSearchByDn == null) {
                if (LdapSecurityRealm.this.identityMapping.searchDn == null) {
                    ElytronMessages.log.debugf("Identity for principal [%s] not found. The name is not a valid DN and the search base DN is null", this.name);
                    return null;
                }
                createLdapSearchByDn = new LdapSearch(LdapSecurityRealm.this, LdapSecurityRealm.this.identityMapping.searchDn, LdapSecurityRealm.this.identityMapping.searchRecursive, 0, LdapSecurityRealm.this.identityMapping.filterName, this.name);
            }
            createLdapSearchByDn.setReturningAttributes(collection);
            createLdapSearchByDn.setBinaryAttributes(collection2);
            LdapSearch ldapSearch = createLdapSearchByDn;
            Stream<SearchResult> search = createLdapSearchByDn.search(dirContext);
            try {
                SearchResult orElse = search.findFirst().orElse(null);
                if (orElse == null) {
                    ElytronMessages.log.debugf("Identity for principal [%s] not found.", this.name);
                    if (search != null) {
                        search.close();
                    }
                    return null;
                }
                LdapIdentity ldapIdentity = new LdapIdentity(this.name, ldapSearch.getContext(), orElse.getNameInNamespace(), orElse.isRelative() ? null : orElse.getName(), orElse);
                ElytronMessages.log.debugf("Identity for principal [%s] found at [%s].", this.name, ldapIdentity.getDistinguishedName());
                if (search != null) {
                    search.close();
                }
                return ldapIdentity;
            } catch (Throwable th) {
                if (search != null) {
                    try {
                        search.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        private String extractRdn(AttributeMapping attributeMapping, String str) {
            String rdn = attributeMapping.getRdn();
            try {
                LdapName ldapName = new LdapName(str);
                for (int size = ldapName.size() - 1; size >= 0; size--) {
                    Rdn rdn2 = ldapName.getRdn(size);
                    if (rdn2.getType().equalsIgnoreCase(rdn)) {
                        return rdn2.getValue().toString();
                    }
                }
                return null;
            } catch (Exception e) {
                throw ElytronMessages.log.ldapRealmInvalidRdnForAttribute(attributeMapping.getName(), str, rdn, e);
            }
        }

        private boolean valuesFromAttribute(SearchResult searchResult, AttributeMapping attributeMapping, Collection<String> collection) throws NamingException {
            if (attributeMapping.getLdapName() == null) {
                String nameInNamespace = searchResult.getNameInNamespace();
                if (attributeMapping.getRdn() != null) {
                    nameInNamespace = extractRdn(attributeMapping, nameInNamespace);
                }
                return collection.add(nameInNamespace);
            }
            Attribute attribute = searchResult.getAttributes().get(attributeMapping.getLdapName());
            if (attribute == null) {
                return false;
            }
            Enumeration enumeration = null;
            try {
                enumeration = attribute.getAll();
                Stream map = Collections.list(enumeration).stream().map((v0) -> {
                    return v0.toString();
                });
                if (attributeMapping.getRdn() != null) {
                    map = map.map(str -> {
                        return extractRdn(attributeMapping, str);
                    }).filter((v0) -> {
                        return Objects.nonNull(v0);
                    });
                }
                Objects.requireNonNull(collection);
                boolean z = map.map((v1) -> {
                    return r1.add(v1);
                }).filter(bool -> {
                    return bool.booleanValue();
                }).count() != 0;
                if (enumeration != null) {
                    try {
                        enumeration.close();
                    } catch (NamingException e) {
                    }
                }
                return z;
            } catch (Throwable th) {
                if (enumeration != null) {
                    try {
                        enumeration.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        }

        private Map<String, Collection<String>> extractFilteredAttributes(SearchResult searchResult, DirContext dirContext, DirContext dirContext2) {
            return extractAttributes((v0) -> {
                return v0.isFilteredOrReference();
            }, attributeMapping -> {
                Collection<String> arrayList = attributeMapping.getRoleRecursionDepth() == 0 ? new ArrayList<>() : new HashSet<>();
                String searchDn = attributeMapping.getSearchDn() != null ? attributeMapping.getSearchDn() : LdapSecurityRealm.this.identityMapping.searchDn;
                LinkedList<SearchResult> linkedList = new LinkedList();
                linkedList.add(searchResult);
                for (int i = 0; i <= attributeMapping.getRoleRecursionDepth() && !linkedList.isEmpty(); i++) {
                    LinkedList linkedList2 = new LinkedList();
                    for (SearchResult searchResult2 : linkedList) {
                        String nameInNamespace = searchResult2 != null ? searchResult2.getNameInNamespace() : null;
                        if (attributeMapping.getReference() != null && searchResult2 != null) {
                            forEachAttributeValue(searchResult2, attributeMapping.getReference(), str -> {
                                extractFilteredAttributesFromSearch(new LdapSearch(str), searchResult2, attributeMapping, dirContext, dirContext2, arrayList, linkedList2);
                            });
                        } else if (attributeMapping.getReference() == null) {
                            if (i == 0) {
                                extractFilteredAttributesFromSearch(new LdapSearch(LdapSecurityRealm.this, searchDn, attributeMapping.getRecursiveSearch(), 0, attributeMapping.getFilter(), this.name, nameInNamespace), searchResult2, attributeMapping, dirContext, dirContext2, arrayList, linkedList2);
                            } else if (searchResult2 != null) {
                                forEachAttributeValue(searchResult2, attributeMapping.getRoleRecursionName(), str2 -> {
                                    extractFilteredAttributesFromSearch(new LdapSearch(LdapSecurityRealm.this, searchDn, attributeMapping.getRecursiveSearch(), 0, attributeMapping.getFilter(), str2, nameInNamespace), searchResult2, attributeMapping, dirContext, dirContext2, arrayList, linkedList2);
                                });
                            }
                        }
                    }
                    linkedList = linkedList2;
                }
                return arrayList;
            });
        }

        private void extractFilteredAttributesFromSearch(LdapSearch ldapSearch, SearchResult searchResult, AttributeMapping attributeMapping, DirContext dirContext, DirContext dirContext2, Collection<String> collection, Collection<SearchResult> collection2) {
            String nameInNamespace = searchResult != null ? searchResult.getNameInNamespace() : null;
            HashSet hashSet = new HashSet();
            hashSet.add(attributeMapping.getLdapName());
            hashSet.add(attributeMapping.getReference());
            hashSet.add(attributeMapping.getRoleRecursionName());
            ldapSearch.setReturningAttributes(hashSet);
            try {
                Stream<SearchResult> search = ldapSearch.search(attributeMapping.searchInIdentityContext() ? dirContext2 : dirContext);
                try {
                    search.forEach(searchResult2 -> {
                        try {
                            if (valuesFromAttribute(searchResult2, attributeMapping, collection)) {
                                collection2.add(searchResult2);
                            }
                        } catch (Exception e) {
                            throw ElytronMessages.log.ldapRealmFailedObtainAttributes(nameInNamespace, e);
                        }
                    });
                    if (search != null) {
                        search.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                throw ElytronMessages.log.ldapRealmFailedObtainAttributes(nameInNamespace, e);
            }
        }

        private Map<String, Collection<String>> extractSimpleAttributes(SearchResult searchResult) {
            return searchResult == null ? Collections.emptyMap() : extractAttributes(attributeMapping -> {
                return !attributeMapping.isFilteredOrReference();
            }, attributeMapping2 -> {
                ArrayList arrayList = new ArrayList();
                try {
                    valuesFromAttribute(searchResult, attributeMapping2, arrayList);
                    return arrayList;
                } catch (Exception e) {
                    throw ElytronMessages.log.ldapRealmFailedObtainAttributes(searchResult.getNameInNamespace(), e);
                }
            });
        }

        private Map<String, Collection<String>> extractAttributes(Predicate<AttributeMapping> predicate, Function<AttributeMapping, Collection<String>> function) {
            return (Map) LdapSecurityRealm.this.identityMapping.attributes.stream().filter(predicate).collect(Collectors.toMap((v0) -> {
                return v0.getName();
            }, function, (collection, collection2) -> {
                ArrayList arrayList = new ArrayList(collection);
                arrayList.addAll(collection2);
                return arrayList;
            }));
        }

        private void forEachAttributeValue(SearchResult searchResult, String str, Consumer<String> consumer) {
            Enumeration enumeration = null;
            try {
                try {
                    Attribute attribute = searchResult.getAttributes().get(str);
                    if (attribute == null) {
                        if (0 != 0) {
                            try {
                                enumeration.close();
                                return;
                            } catch (NamingException e) {
                                ElytronMessages.log.trace("Unable to close attributesEnum", e);
                                return;
                            }
                        }
                        return;
                    }
                    enumeration = attribute.getAll();
                    Collections.list(enumeration).stream().map((v0) -> {
                        return v0.toString();
                    }).forEach(consumer);
                    if (enumeration != null) {
                        try {
                            enumeration.close();
                        } catch (NamingException e2) {
                            ElytronMessages.log.trace("Unable to close attributesEnum", e2);
                        }
                    }
                } catch (Throwable th) {
                    if (enumeration != null) {
                        try {
                            enumeration.close();
                        } catch (NamingException e3) {
                            ElytronMessages.log.trace("Unable to close attributesEnum", e3);
                        }
                    }
                    throw th;
                }
            } catch (NamingException e4) {
                throw ElytronMessages.log.ldapRealmFailedObtainAttributes(searchResult.getNameInNamespace(), e4);
            }
        }

        @Override // org.wildfly.security.auth.server.ModifiableRealmIdentity
        public void delete() throws RealmUnavailableException {
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                try {
                    LdapIdentity identity = getIdentity(obtainContext);
                    if (identity == null) {
                        throw ElytronMessages.log.noSuchIdentity();
                    }
                    ElytronMessages.log.debugf("Removing identity [%s] with DN [%s] from LDAP", this.name, identity.getDistinguishedName());
                    identity.getDirContext().destroySubcontext(new LdapName(identity.getDistinguishedName()));
                    LdapSecurityRealm.this.closeContext(obtainContext);
                } catch (NamingException e) {
                    throw ElytronMessages.log.ldapRealmFailedDeleteIdentityFromServer(e);
                }
            } catch (Throwable th) {
                LdapSecurityRealm.this.closeContext(obtainContext);
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.ModifiableRealmIdentity
        public void create() throws RealmUnavailableException {
            if (LdapSecurityRealm.this.identityMapping.newIdentityParent == null || LdapSecurityRealm.this.identityMapping.newIdentityAttributes == null) {
                throw ElytronMessages.log.ldapRealmNotConfiguredToSupportCreatingIdentities();
            }
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                try {
                    LdapName ldapName = (LdapName) LdapSecurityRealm.this.identityMapping.newIdentityParent.clone();
                    ldapName.add(new Rdn(LdapSecurityRealm.this.identityMapping.rdnIdentifier, this.name));
                    ElytronMessages.log.debugf("Creating identity [%s] with DN [%s] in LDAP", this.name, ldapName.toString());
                    obtainContext.createSubcontext(ldapName, LdapSecurityRealm.this.identityMapping.newIdentityAttributes);
                    LdapSecurityRealm.this.closeContext(obtainContext);
                } catch (NamingException e) {
                    throw ElytronMessages.log.ldapRealmFailedCreateIdentityOnServer(e);
                }
            } catch (Throwable th) {
                LdapSecurityRealm.this.closeContext(obtainContext);
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.ModifiableRealmIdentity
        public void setAttributes(org.wildfly.security.authz.Attributes attributes) throws RealmUnavailableException {
            ElytronMessages.log.debugf("Trying to set attributes for principal [%s].", this.name);
            DirContext obtainContext = LdapSecurityRealm.this.obtainContext();
            try {
                try {
                    LdapIdentity identity = getIdentity(obtainContext);
                    if (identity == null) {
                        throw ElytronMessages.log.noSuchIdentity();
                    }
                    LinkedList linkedList = new LinkedList();
                    LdapName ldapName = new LdapName(identity.getDistinguishedName());
                    String str = null;
                    for (AttributeMapping attributeMapping : LdapSecurityRealm.this.identityMapping.attributes) {
                        if (attributeMapping.getFilter() == null && attributeMapping.getReference() == null && attributeMapping.getRdn() == null) {
                            if (LdapSecurityRealm.this.identityMapping.rdnIdentifier.equalsIgnoreCase(attributeMapping.getLdapName())) {
                                if (attributes.size(attributeMapping.getName()) != 1) {
                                    throw ElytronMessages.log.ldapRealmRequiresExactlyOneRdnAttribute(attributeMapping.getName(), this.name);
                                }
                                str = attributes.get(attributeMapping.getName(), 0);
                            } else if (attributes.size(attributeMapping.getName()) == 0) {
                                linkedList.add(new ModificationItem(3, new BasicAttribute(attributeMapping.getLdapName())));
                            } else {
                                BasicAttribute basicAttribute = new BasicAttribute(attributeMapping.getLdapName());
                                Attributes.Entry entry = attributes.get(attributeMapping.getName());
                                Objects.requireNonNull(basicAttribute);
                                entry.forEach((v1) -> {
                                    r1.add(v1);
                                });
                                linkedList.add(new ModificationItem(2, basicAttribute));
                            }
                        } else if (attributes.size(attributeMapping.getName()) != 0) {
                            ElytronMessages.log.ldapRealmDoesNotSupportSettingFilteredAttribute(attributeMapping.getName(), this.name);
                        }
                    }
                    for (Attributes.Entry entry2 : attributes.entries()) {
                        if (LdapSecurityRealm.this.identityMapping.attributes.stream().filter(attributeMapping2 -> {
                            return attributeMapping2.getName().equals(entry2.getKey());
                        }).count() == 0) {
                            throw ElytronMessages.log.ldapRealmCannotSetAttributeWithoutMapping(entry2.getKey(), this.name);
                        }
                    }
                    identity.getDirContext().modifyAttributes(ldapName, (ModificationItem[]) linkedList.toArray(new ModificationItem[linkedList.size()]));
                    if (str != null && !str.equals(ldapName.getRdn(ldapName.size() - 1).getValue())) {
                        LdapName ldapName2 = new LdapName(ldapName.getRdns().subList(0, ldapName.size() - 1));
                        ldapName2.add(new Rdn(LdapSecurityRealm.this.identityMapping.rdnIdentifier, str));
                        identity.getDirContext().rename(ldapName, ldapName2);
                    }
                } catch (Exception e) {
                    throw ElytronMessages.log.ldapRealmAttributesSettingFailed(this.name, e);
                }
            } finally {
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm$LdapSearch.class */
    public class LdapSearch {
        private final String NO_FILTER = "(objectclass=*)";
        private final String searchDn;
        private final int searchScope;
        private final int pageSize;
        private final String filter;
        private final String[] filterArgs;
        private Collection<String> returningAttributes;
        private Collection<String> binaryAttributes;
        private DirContext context;
        private NamingEnumeration<SearchResult> result;
        private byte[] cookie;
        private ReferralException referralException;

        public LdapSearch(LdapSecurityRealm ldapSecurityRealm, String str, boolean z, int i, String str2, String... strArr) {
            this(str, z ? 2 : 1, i, str2, strArr);
        }

        public LdapSearch(String str, int i, int i2, String str2, String... strArr) {
            this.NO_FILTER = "(objectclass=*)";
            this.searchDn = str;
            this.searchScope = i;
            this.pageSize = i2;
            this.filter = str2;
            this.filterArgs = strArr;
        }

        public LdapSearch(String str) {
            this.NO_FILTER = "(objectclass=*)";
            this.searchDn = str;
            this.searchScope = 0;
            this.pageSize = 0;
            this.filter = "(objectclass=*)";
            this.filterArgs = null;
        }

        public Stream<SearchResult> search(DirContext dirContext) throws RealmUnavailableException {
            if (ElytronMessages.log.isDebugEnabled()) {
                ElytronMessages elytronMessages = ElytronMessages.log;
                Object[] objArr = new Object[5];
                objArr[0] = this.filter;
                objArr[1] = this.searchDn;
                objArr[2] = this.filterArgs == null ? null : String.join(", ", this.filterArgs);
                objArr[3] = this.returningAttributes == null ? null : String.join(", ", this.returningAttributes);
                objArr[4] = this.binaryAttributes == null ? null : String.join(", ", this.binaryAttributes);
                elytronMessages.debugf("Executing search [%s] in context [%s] with arguments [%s]. Returning attributes are [%s]. Binary attributes are [%s].", objArr);
            }
            this.context = dirContext;
            this.cookie = null;
            try {
                try {
                    this.result = searchWithPagination();
                } catch (ReferralException e) {
                    this.referralException = e;
                }
                return (Stream) StreamSupport.stream(new Spliterators.AbstractSpliterator<SearchResult>(Long.MAX_VALUE, 256) { // from class: org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.LdapSearch.1
                    boolean finished = false;
                    Set<Object> followedReferrals = new HashSet();
                    boolean exceptionWasFollowed = false;
                    boolean execute = false;

                    @Override // java.util.Spliterator
                    public boolean tryAdvance(Consumer<? super SearchResult> consumer) {
                        if (this.finished) {
                            return false;
                        }
                        while (true) {
                            try {
                                try {
                                    if (this.execute) {
                                        this.execute = false;
                                        LdapSearch.this.result = LdapSearch.this.searchWithPagination();
                                    }
                                    if (LdapSearch.this.referralException != null && !this.exceptionWasFollowed) {
                                        this.exceptionWasFollowed = true;
                                        throw LdapSearch.this.referralException;
                                    }
                                    if (!LdapSearch.this.result.hasMore()) {
                                        if (LdapSearch.this.pageSize == 0 || !(LdapSearch.this.context instanceof LdapContext)) {
                                            ElytronMessages.log.trace("Identity iterating - pagination not supported - end of list");
                                            this.finished = true;
                                            return false;
                                        }
                                        PagedResultsResponseControl[] responseControls = LdapSearch.this.context.getResponseControls();
                                        if (responseControls != null) {
                                            for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                                                if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                                    LdapSearch.this.cookie = pagedResultsResponseControl.getCookie();
                                                    if (LdapSearch.this.cookie == null) {
                                                        ElytronMessages.log.trace("Identity iterating - no more pages - end of list");
                                                        this.finished = true;
                                                        return false;
                                                    }
                                                }
                                            }
                                        }
                                        LdapSearch.this.result.close();
                                        LdapSearch.this.result = LdapSearch.this.searchWithPagination();
                                        if (!LdapSearch.this.result.hasMore()) {
                                            ElytronMessages.log.trace("Identity iterating - even after page loading no results - end of list");
                                            this.finished = true;
                                            return false;
                                        }
                                    }
                                    SearchResult searchResult = (SearchResult) LdapSearch.this.result.next();
                                    ElytronMessages.log.debugf("Found entry [%s].", searchResult.getNameInNamespace());
                                    consumer.accept(searchResult);
                                    return true;
                                } catch (ReferralException e2) {
                                    if (this.followedReferrals.add(e2.getReferralInfo())) {
                                        ElytronMessages.log.debugf("Next referral following in identity iterating: [%s]", e2.getReferralInfo());
                                        LdapSearch.this.context = LdapSearch.this.context.wrapReferralContextObtaining(e2);
                                        this.execute = true;
                                    } else {
                                        if (!e2.skipReferral()) {
                                            ElytronMessages.log.debugf("Referral skipped and no more elements: [%s]", e2.getReferralInfo());
                                            this.finished = true;
                                            return false;
                                        }
                                        ElytronMessages.log.debugf("Referral skipped, continue: [%s]", e2.getReferralInfo());
                                        LdapSearch.this.context = LdapSearch.this.context.wrapReferralContextObtaining(e2);
                                        this.execute = true;
                                    }
                                }
                            } catch (NamingException | IOException e3) {
                                try {
                                    if (LdapSearch.this.result != null) {
                                        LdapSearch.this.result.close();
                                    }
                                } catch (NamingException e4) {
                                    ElytronMessages.log.trace("Unable to close result", e4);
                                }
                                throw ElytronMessages.log.ldapRealmErrorWhileConsumingResultsFromSearch(LdapSearch.this.searchDn, LdapSearch.this.filter, Arrays.toString(LdapSearch.this.filterArgs), e3);
                            }
                        }
                    }
                }, false).onClose(() -> {
                    if (this.result != null) {
                        try {
                            this.result.close();
                        } catch (NamingException e2) {
                            ElytronMessages.log.trace("Unable to close result", e2);
                        }
                    }
                });
            } catch (Exception e2) {
                throw ElytronMessages.log.ldapRealmIdentitySearchFailed(e2);
            } catch (NameNotFoundException e3) {
                ElytronMessages.log.trace("Error searching", e3);
                return Stream.empty();
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public NamingEnumeration<SearchResult> searchWithPagination() throws NamingException, IOException {
            Control[] controlArr = null;
            Object obj = null;
            if (this.pageSize != 0 && (this.context instanceof LdapContext)) {
                controlArr = this.context.getRequestControls();
                this.context.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, this.cookie, true)});
            }
            if (this.binaryAttributes != null && this.binaryAttributes.size() != 0) {
                obj = this.context.getEnvironment().get("java.naming.ldap.attributes.binary");
                this.context.addToEnvironment("java.naming.ldap.attributes.binary", String.join(" ", this.binaryAttributes));
            }
            NamingEnumeration<SearchResult> search = this.context.search(new LdapName(this.searchDn), this.filter, this.filterArgs, createSearchControls());
            if (this.binaryAttributes != null && this.binaryAttributes.size() != 0) {
                if (obj == null) {
                    this.context.removeFromEnvironment("java.naming.ldap.attributes.binary");
                } else {
                    this.context.addToEnvironment("java.naming.ldap.attributes.binary", obj);
                }
            }
            if (this.pageSize != 0 && (this.context instanceof LdapContext)) {
                this.context.setRequestControls(controlArr);
            }
            return search;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setReturningAttributes(Collection<String> collection) {
            this.returningAttributes = collection;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setBinaryAttributes(Collection<String> collection) {
            this.binaryAttributes = collection;
        }

        private SearchControls createSearchControls() {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(this.searchScope);
            searchControls.setTimeLimit(LdapSecurityRealm.this.identityMapping.searchTimeLimit);
            if (this.returningAttributes == null) {
                searchControls.setReturningAttributes(new String[0]);
            } else {
                searchControls.setReturningAttributes((String[]) this.returningAttributes.toArray(new String[this.returningAttributes.size()]));
            }
            return searchControls;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public DirContext getContext() {
            return this.context;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/ldap/LdapSecurityRealm$ServerNotificationListener.class */
    public class ServerNotificationListener implements ObjectChangeListener, NamespaceChangeListener {
        private final Consumer<Principal> listener;

        ServerNotificationListener(Consumer<Principal> consumer) {
            this.listener = consumer;
        }

        public void objectAdded(NamingEvent namingEvent) {
        }

        public void objectRemoved(NamingEvent namingEvent) {
            invokeCacheUpdateListener(namingEvent);
        }

        public void objectRenamed(NamingEvent namingEvent) {
            invokeCacheUpdateListener(namingEvent);
        }

        public void objectChanged(NamingEvent namingEvent) {
            invokeCacheUpdateListener(namingEvent);
        }

        public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
        }

        private void invokeCacheUpdateListener(NamingEvent namingEvent) {
            Binding oldBinding = namingEvent.getOldBinding();
            try {
                Optional findFirst = new LdapName(oldBinding.getName()).getRdns().stream().filter(rdn -> {
                    return rdn.getType().equals(LdapSecurityRealm.this.identityMapping.rdnIdentifier);
                }).map(rdn2 -> {
                    return new NamePrincipal(rdn2.getValue().toString());
                }).findFirst();
                Consumer<Principal> consumer = this.listener;
                Objects.requireNonNull(consumer);
                findFirst.ifPresent((v1) -> {
                    r1.accept(v1);
                });
            } catch (InvalidNameException e) {
                throw ElytronMessages.log.ldapInvalidLdapName(oldBinding.getName(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapSecurityRealm(Supplier<Provider[]> supplier, ExceptionSupplier<DirContext, NamingException> exceptionSupplier, NameRewriter nameRewriter, IdentityMapping identityMapping, List<CredentialLoader> list, List<CredentialPersister> list2, List<EvidenceVerifier> list3, int i, Charset charset, Encoding encoding) {
        this.providers = supplier;
        this.dirContextSupplier = exceptionSupplier;
        this.nameRewriter = nameRewriter;
        this.identityMapping = identityMapping;
        this.pageSize = i;
        this.hashCharset = charset != null ? charset : StandardCharsets.UTF_8;
        this.hashEncoding = encoding != null ? encoding : Encoding.BASE64;
        this.credentialLoaders = list;
        this.credentialPersisters = list2;
        this.evidenceVerifiers = list3;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) {
        return getRealmIdentity(principal, false);
    }

    @Override // org.wildfly.security.auth.server.ModifiableSecurityRealm
    public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal) {
        return getRealmIdentity(principal, true);
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.wildfly.security.auth.realm.CacheableSecurityRealm
    public void registerIdentityChangeListener(Consumer<Principal> consumer) {
        synchronized (this.listenersPendingRegistration) {
            DirContext dirContext = null;
            try {
                try {
                    dirContext = obtainContext();
                    registerIdentityChangeListener(dirContext, consumer);
                    if (dirContext != null) {
                        closeContext(dirContext);
                    }
                } catch (Exception e) {
                    this.listenersPendingRegistration.add(consumer);
                    ElytronMessages.log.ldapRealmDeferRegistration();
                    if (ElytronMessages.log.isDebugEnabled()) {
                        ElytronMessages.log.debug("Listener registration failure: ", e);
                    }
                    if (dirContext != null) {
                        closeContext(dirContext);
                    }
                }
            } catch (Throwable th) {
                if (dirContext != null) {
                    closeContext(dirContext);
                }
                throw th;
            }
        }
    }

    private void registerIdentityChangeListener(DirContext dirContext, Consumer<Principal> consumer) throws NamingException {
        ((EventContext) dirContext.lookup("")).addNamingListener("", 2, new ServerNotificationListener(consumer));
    }

    private ModifiableRealmIdentity getRealmIdentity(Principal principal, boolean z) {
        if (!(principal instanceof NamePrincipal)) {
            return ModifiableRealmIdentity.NON_EXISTENT;
        }
        String rewriteName = this.nameRewriter.rewriteName(principal.getName());
        if (rewriteName == null) {
            throw ElytronMessages.log.invalidName();
        }
        ElytronMessages.log.debugf("Obtaining lock for identity [%s]...", rewriteName);
        IdentitySharedExclusiveLock realmIdentityLockForName = getRealmIdentityLockForName(rewriteName);
        IdentitySharedExclusiveLock.IdentityLock lockExclusive = z ? realmIdentityLockForName.lockExclusive() : realmIdentityLockForName.lockShared();
        ElytronMessages.log.debugf("Obtained lock for identity [%s].", rewriteName);
        return new LdapRealmIdentity(rewriteName, lockExclusive, this.hashCharset, this.hashEncoding);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DirContext obtainContext() throws RealmUnavailableException {
        try {
            DirContext dirContext = (DirContext) this.dirContextSupplier.get();
            synchronized (this.listenersPendingRegistration) {
                Iterator<Consumer<Principal>> it = this.listenersPendingRegistration.iterator();
                while (it.hasNext()) {
                    registerIdentityChangeListener(dirContext, it.next());
                    it.remove();
                }
            }
            return dirContext;
        } catch (NamingException e) {
            throw ElytronMessages.log.ldapRealmFailedToObtainContext(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void closeContext(DirContext dirContext) {
        try {
            dirContext.close();
        } catch (NamingException e) {
            ElytronMessages.log.debug("LdapSecurityRealm failed to close DirContext", e);
        }
    }

    @Override // org.wildfly.security.auth.server.ModifiableSecurityRealm
    public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException {
        if (this.identityMapping.iteratorFilter == null) {
            throw ElytronMessages.log.ldapRealmNotConfiguredToSupportIteratingOverIdentities();
        }
        final DirContext obtainContext = obtainContext();
        LdapSearch ldapSearch = new LdapSearch(this, this.identityMapping.searchDn, this.identityMapping.searchRecursive, this.pageSize, this.identityMapping.iteratorFilter, new String[0]);
        ldapSearch.setReturningAttributes(Collections.singleton(this.identityMapping.rdnIdentifier));
        final Stream<SearchResult> search = ldapSearch.search(obtainContext);
        final Iterator it = search.map(searchResult -> {
            try {
                return (String) searchResult.getAttributes().get(this.identityMapping.rdnIdentifier).get();
            } catch (NamingException e) {
                throw new RuntimeException(ElytronMessages.log.ldapRealmIdentitySearchFailed(e));
            }
        }).distinct().iterator();
        return new ModifiableRealmIdentityIterator() { // from class: org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.1
            @Override // java.util.Iterator
            public boolean hasNext() {
                return it.hasNext();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public ModifiableRealmIdentity next() {
                return LdapSecurityRealm.this.getRealmIdentityForUpdate(new NamePrincipal((String) it.next()));
            }

            @Override // org.wildfly.security.auth.server.ModifiableRealmIdentityIterator, java.lang.AutoCloseable
            public void close() throws RealmUnavailableException {
                search.close();
                LdapSecurityRealm.this.closeContext(obtainContext);
            }
        };
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
        Iterator<CredentialLoader> it = this.credentialLoaders.iterator();
        while (it.hasNext()) {
            SupportLevel credentialAcquireSupport = it.next().getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
            if (credentialAcquireSupport.isDefinitelySupported()) {
                return credentialAcquireSupport;
            }
            if (supportLevel.compareTo(credentialAcquireSupport) < 0) {
                supportLevel = credentialAcquireSupport;
            }
        }
        return supportLevel;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
        Iterator<EvidenceVerifier> it = this.evidenceVerifiers.iterator();
        while (it.hasNext()) {
            SupportLevel evidenceVerifySupport = it.next().getEvidenceVerifySupport(cls, str);
            if (evidenceVerifySupport.isDefinitelySupported()) {
                return evidenceVerifySupport;
            }
            if (supportLevel.compareTo(evidenceVerifySupport) < 0) {
                supportLevel = evidenceVerifySupport;
            }
        }
        return supportLevel;
    }

    private IdentitySharedExclusiveLock getRealmIdentityLockForName(String str) {
        IdentitySharedExclusiveLock identitySharedExclusiveLock = this.realmIdentityLocks.get(str);
        if (identitySharedExclusiveLock == null) {
            IdentitySharedExclusiveLock identitySharedExclusiveLock2 = new IdentitySharedExclusiveLock();
            identitySharedExclusiveLock = this.realmIdentityLocks.putIfAbsent(str, identitySharedExclusiveLock2);
            if (identitySharedExclusiveLock == null) {
                identitySharedExclusiveLock = identitySharedExclusiveLock2;
            }
        }
        return identitySharedExclusiveLock;
    }
}
