package org.picketlink.idm.ldap.internal;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.Binding;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.sshd.common.util.SelectorUtils;
import org.eclipse.jgit.lib.ConfigConstants;
import org.picketlink.common.constants.LDAPConstants;
import org.picketlink.idm.IDMInternalLog;
import org.picketlink.idm.IDMInternalMessages;
import org.picketlink.idm.IDMLog;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.LDAPIdentityStoreConfiguration;
import org.picketlink.idm.config.LDAPMappingConfiguration;

/* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-2.6.0.CR2.jar:org/picketlink/idm/ldap/internal/LDAPOperationManager.class */
public class LDAPOperationManager {
    private final LDAPIdentityStoreConfiguration config;
    private final Map<String, Object> connectionProperties = Collections.unmodifiableMap(createConnectionProperties());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-2.6.0.CR2.jar:org/picketlink/idm/ldap/internal/LDAPOperationManager$LdapOperation.class */
    public interface LdapOperation<R> {
        R execute(LdapContext ldapContext) throws NamingException;
    }

    public LDAPOperationManager(LDAPIdentityStoreConfiguration lDAPIdentityStoreConfiguration) throws NamingException {
        this.config = lDAPIdentityStoreConfiguration;
    }

    public void modifyAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(2, attribute)});
    }

    public void removeAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(3, attribute)});
    }

    public void addAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(1, attribute)});
    }

    public void removeEntryById(final String str, String str2) {
        try {
            final BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(getUniqueIdentifierAttributeName(), str2));
            execute(new LdapOperation<Void>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                public Void execute(LdapContext ldapContext) throws NamingException {
                    NamingEnumeration search = ldapContext.search(str, basicAttributes);
                    if (search.hasMore()) {
                        LDAPOperationManager.this.destroySubcontext(ldapContext, ((SearchResult) search.next()).getNameInNamespace());
                    }
                    search.close();
                    return null;
                }
            });
        } catch (NamingException e) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e, "Could not remove entry from DN [%s] and id [%s]", str, str2);
            throw new RuntimeException(e);
        }
    }

    public List<SearchResult> search(final String str, final String str2, LDAPMappingConfiguration lDAPMappingConfiguration) throws NamingException {
        final ArrayList arrayList = new ArrayList();
        final SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(false);
        List<String> returningAttributes = getReturningAttributes(lDAPMappingConfiguration);
        searchControls.setReturningAttributes((String[]) returningAttributes.toArray(new String[returningAttributes.size()]));
        try {
            return (List) execute(new LdapOperation<List<SearchResult>>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                public List<SearchResult> execute(LdapContext ldapContext) throws NamingException {
                    NamingEnumeration search = ldapContext.search(str, str2, searchControls);
                    while (search.hasMoreElements()) {
                        arrayList.add(search.nextElement());
                    }
                    search.close();
                    return arrayList;
                }
            });
        } catch (NamingException e) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e, "Could not query server using DN [%s] and filter [%s]", str, str2);
            throw e;
        }
    }

    public String getFilterById(String str, String str2) {
        String str3 = null;
        if (this.config.isActiveDirectory()) {
            final String str4 = "<GUID=" + str2 + ">";
            try {
                str3 = "(&(objectClass=*)(" + getUniqueIdentifierAttributeName() + LDAPConstants.EQUAL + org.picketlink.common.util.LDAPUtil.convertObjectGUIToByteString((byte[]) ((Attributes) execute(new LdapOperation<Attributes>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                    public Attributes execute(LdapContext ldapContext) throws NamingException {
                        return ldapContext.getAttributes(str4);
                    }
                })).get(LDAPConstants.OBJECT_GUID).get()) + "))";
            } catch (NamingException e) {
                return str3;
            }
        }
        if (str3 == null) {
            str3 = "(&(objectClass=*)(" + getUniqueIdentifierAttributeName() + LDAPConstants.EQUAL + str2 + "))";
        }
        return str3;
    }

    public SearchResult lookupById(final String str, String str2, LDAPMappingConfiguration lDAPMappingConfiguration) {
        final String filterById = getFilterById(str, str2);
        if (filterById == null) {
            return null;
        }
        try {
            final SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningObjFlag(false);
            searchControls.setCountLimit(1L);
            List<String> returningAttributes = getReturningAttributes(lDAPMappingConfiguration);
            searchControls.setReturningAttributes((String[]) returningAttributes.toArray(new String[returningAttributes.size()]));
            return (SearchResult) execute(new LdapOperation<SearchResult>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                public SearchResult execute(LdapContext ldapContext) throws NamingException {
                    NamingEnumeration search = ldapContext.search(str, filterById, searchControls);
                    try {
                        if (!search.hasMoreElements()) {
                        }
                        SearchResult searchResult = (SearchResult) search.next();
                        if (search != null) {
                            search.close();
                        }
                        return searchResult;
                    } finally {
                        if (search != null) {
                            search.close();
                        }
                    }
                }
            });
        } catch (NamingException e) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e, "Could not query server using DN [%s] and filter [%s]", str, filterById);
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroySubcontext(LdapContext ldapContext, String str) {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = ldapContext.listBindings(str);
                while (namingEnumeration.hasMore()) {
                    destroySubcontext(ldapContext, ((Binding) namingEnumeration.next()).getNameInNamespace());
                }
                ldapContext.unbind(str);
                try {
                    namingEnumeration.close();
                } catch (Exception e) {
                }
            } catch (Throwable th) {
                try {
                    namingEnumeration.close();
                } catch (Exception e2) {
                }
                throw th;
            }
        } catch (Exception e3) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e3, "Could not unbind DN [%s]", str);
            throw new RuntimeException(e3);
        }
    }

    public boolean authenticate(String str, String str2) {
        InitialContext initialContext = null;
        try {
            try {
                Hashtable hashtable = new Hashtable(this.connectionProperties);
                hashtable.put("java.naming.security.principal", str);
                hashtable.put("java.naming.security.credentials", str2);
                hashtable.put("com.sun.jndi.ldap.connect.pool", ConfigConstants.CONFIG_KEY_FALSE);
                initialContext = new InitialLdapContext(hashtable, (Control[]) null);
                if (initialContext != null) {
                    try {
                        initialContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (initialContext != null) {
                    try {
                        initialContext.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            if (IDMInternalLog.LDAP_STORE_LOGGER.isDebugEnabled()) {
                IDMInternalLog.LDAP_STORE_LOGGER.debugf(e3, "Authentication failed for DN [%s]", str);
            }
            if (initialContext != null) {
                try {
                    initialContext.close();
                } catch (NamingException e4) {
                }
            }
            return false;
        }
    }

    private void modifyAttributes(final String str, final ModificationItem[] modificationItemArr) {
        try {
            if (IDMInternalLog.LDAP_STORE_LOGGER.isDebugEnabled()) {
                IDMInternalLog.LDAP_STORE_LOGGER.debugf("Modifying attributes for entry [%s]: [", str);
                for (ModificationItem modificationItem : modificationItemArr) {
                    IDMInternalLog.LDAP_STORE_LOGGER.debugf("  Op [%s]: %s = %s", Integer.valueOf(modificationItem.getModificationOp()), modificationItem.getAttribute().getID(), modificationItem.getAttribute().get());
                }
                IDMInternalLog.LDAP_STORE_LOGGER.debugf(SelectorUtils.PATTERN_HANDLER_SUFFIX, new Object[0]);
            }
            execute(new LdapOperation<Void>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                public Void execute(LdapContext ldapContext) throws NamingException {
                    ldapContext.modifyAttributes(str, modificationItemArr);
                    return null;
                }
            });
        } catch (NamingException e) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e, "Could not modify attribute for DN [%s].", str);
            throw new IdentityManagementException("Could not modify attribute for DN [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX, e);
        }
    }

    public void createSubContext(final String str, final Attributes attributes) {
        try {
            if (IDMInternalLog.LDAP_STORE_LOGGER.isDebugEnabled()) {
                IDMInternalLog.LDAP_STORE_LOGGER.debugf("Creating entry [%s] with attributes: [", str);
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    IDMInternalLog.LDAP_STORE_LOGGER.debugf("  %s = %s", attribute.getID(), attribute.get());
                }
                IDMInternalLog.LDAP_STORE_LOGGER.debugf(SelectorUtils.PATTERN_HANDLER_SUFFIX, new Object[0]);
            }
            execute(new LdapOperation<Void>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.picketlink.idm.ldap.internal.LDAPOperationManager.LdapOperation
                public Void execute(LdapContext ldapContext) throws NamingException {
                    ldapContext.createSubcontext(str, attributes).close();
                    return null;
                }
            });
        } catch (NamingException e) {
            IDMInternalLog.LDAP_STORE_LOGGER.errorf(e, "Could not create entry [%s].", str);
            throw new IdentityManagementException("Error creating subcontext [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX, e);
        }
    }

    private String getUniqueIdentifierAttributeName() {
        return this.config.getUniqueIdentifierAttributeName();
    }

    private NamingEnumeration<SearchResult> createEmptyEnumeration() {
        return new NamingEnumeration<SearchResult>() { // from class: org.picketlink.idm.ldap.internal.LDAPOperationManager.7
            /* renamed from: next, reason: merged with bridge method [inline-methods] */
            public SearchResult m2626next() throws NamingException {
                return null;
            }

            public boolean hasMore() throws NamingException {
                return false;
            }

            public void close() throws NamingException {
            }

            public boolean hasMoreElements() {
                return false;
            }

            /* renamed from: nextElement, reason: merged with bridge method [inline-methods] */
            public SearchResult m2627nextElement() {
                return null;
            }
        };
    }

    public Attributes getAttributes(String str, String str2, LDAPMappingConfiguration lDAPMappingConfiguration) {
        SearchResult lookupById = lookupById(str2, str, lDAPMappingConfiguration);
        if (lookupById == null) {
            throw IDMInternalMessages.MESSAGES.storeLdapEntryNotFoundWithId(str, str2);
        }
        return lookupById.getAttributes();
    }

    public String decodeEntryUUID(Object obj) {
        return this.config.isActiveDirectory() ? org.picketlink.common.util.LDAPUtil.decodeObjectGUID((byte[]) obj) : obj.toString();
    }

    private LdapContext createLdapContext() throws NamingException {
        return new InitialLdapContext(new Hashtable(this.connectionProperties), (Control[]) null);
    }

    private Map<String, Object> createConnectionProperties() {
        HashMap hashMap = new HashMap();
        hashMap.put("java.naming.factory.initial", this.config.getFactoryName());
        hashMap.put("java.naming.security.authentication", this.config.getAuthType());
        String protocol = this.config.getProtocol();
        if (protocol != null) {
            hashMap.put("java.naming.security.protocol", protocol);
        }
        String bindDN = this.config.getBindDN();
        char[] charArray = this.config.getBindCredential() != null ? this.config.getBindCredential().toCharArray() : null;
        if (bindDN != null) {
            hashMap.put("java.naming.security.principal", bindDN);
            hashMap.put("java.naming.security.credentials", charArray);
        }
        String ldapURL = this.config.getLdapURL();
        if (ldapURL == null) {
            throw new RuntimeException("url");
        }
        hashMap.put("java.naming.provider.url", ldapURL);
        Properties connectionProperties = this.config.getConnectionProperties();
        if (connectionProperties != null) {
            for (Object obj : connectionProperties.keySet()) {
                hashMap.put(obj.toString(), connectionProperties.getProperty(obj.toString()));
            }
        }
        if (this.config.isActiveDirectory()) {
            hashMap.put("java.naming.ldap.attributes.binary", LDAPConstants.OBJECT_GUID);
        }
        if (IDMInternalLog.LDAP_STORE_LOGGER.isDebugEnabled()) {
            IDMInternalLog.LDAP_STORE_LOGGER.debugf("Creating LdapContext using properties: [%s]", hashMap);
        }
        return hashMap;
    }

    private <R> R execute(LdapOperation<R> ldapOperation) throws NamingException {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = createLdapContext();
                R execute = ldapOperation.execute(ldapContext);
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e) {
                        IDMLog.IDENTITY_STORE_LOGGER.error("Could not close Ldap context.", e);
                    }
                }
                return execute;
            } catch (Throwable th) {
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e2) {
                        IDMLog.IDENTITY_STORE_LOGGER.error("Could not close Ldap context.", e2);
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            IDMLog.IDENTITY_STORE_LOGGER.error("Could not create Ldap context.", e3);
            throw e3;
        }
    }

    private List<String> getReturningAttributes(LDAPMappingConfiguration lDAPMappingConfiguration) {
        ArrayList arrayList = new ArrayList();
        if (lDAPMappingConfiguration != null) {
            arrayList.addAll(lDAPMappingConfiguration.getMappedProperties().values());
            arrayList.add(lDAPMappingConfiguration.getParentMembershipAttributeName());
            for (LDAPMappingConfiguration lDAPMappingConfiguration2 : this.config.getRelationshipConfigs()) {
                if (lDAPMappingConfiguration2.getRelatedAttributedType().equals(lDAPMappingConfiguration.getMappedClass())) {
                    arrayList.addAll(lDAPMappingConfiguration2.getMappedProperties().values());
                }
            }
        } else {
            arrayList.add("*");
        }
        arrayList.add(getUniqueIdentifierAttributeName());
        arrayList.add(LDAPConstants.CREATE_TIMESTAMP);
        arrayList.add(LDAPConstants.OBJECT_CLASS);
        return arrayList;
    }
}
