package com.walmartlabs.concord.plugins.ldap;

import com.walmartlabs.concord.sdk.Context;
import com.walmartlabs.concord.sdk.ContextUtils;
import com.walmartlabs.concord.sdk.InjectVariable;
import com.walmartlabs.concord.sdk.Task;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Callable;
import javax.inject.Named;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.net.ssl.SSLHandshakeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named("ldap")
/* loaded from: input_file:com/walmartlabs/concord/plugins/ldap/LdapTask.class */
public class LdapTask implements Task {
    private static final Logger log = LoggerFactory.getLogger(LdapTask.class);
    private static final int MAX_RETRIES = 3;
    private static final long RETRY_DELAY = 3000;
    private static final String ACTION_KEY = "action";
    private static final String LDAP_AD_SERVER = "ldapAdServer";
    private static final String LDAP_BIND_USER_DN = "bindUserDn";
    private static final String LDAP_BIND_PASSWORD = "bindPassword";
    private static final String LDAP_SEARCH_BASE = "searchBase";
    private static final String LDAP_USER = "user";
    private static final String LDAP_GROUP = "group";
    private static final String LDAP_SECURITY_ENABLED = "securityEnabled";
    private static final String LDAP_DN = "dn";
    private static final String LDAP_OUT = "out";
    private static final String LDAP_DEFAULT_OUT = "ldapResult";

    @InjectVariable("ldapParams")
    private Map<String, Object> defaults;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$LdapTask$Action;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/walmartlabs/concord/plugins/ldap/LdapTask$Action.class */
    public enum Action {
        SEARCHBYDN,
        GETUSER,
        GETGROUP,
        ISMEMBEROF;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static Action[] valuesCustom() {
            Action[] valuesCustom = values();
            int length = valuesCustom.length;
            Action[] actionArr = new Action[length];
            System.arraycopy(valuesCustom, 0, actionArr, 0, length);
            return actionArr;
        }
    }

    public void execute(Context context) {
        Action action = getAction(context);
        switch ($SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$LdapTask$Action()[action.ordinal()]) {
            case 1:
                log.info("Starting 'SearchByDn' Action");
                searchByDn(context, null);
                return;
            case 2:
                log.info("Starting 'GetUser' Action");
                getUser(context);
                return;
            case MAX_RETRIES /* 3 */:
                log.info("Starting 'GetGroup' Action");
                getGroup(context);
                return;
            case 4:
                log.info("Starting 'IsMemberOf' Action");
                isMemberOf(context);
                return;
            default:
                throw new IllegalArgumentException("Unsupported action type: " + action);
        }
    }

    public boolean isMemberOf(@InjectVariable("context") Context context, String str, String str2) {
        NamingEnumeration<String> attrValues;
        SearchResult searchByDn = searchByDn(context, str2);
        if (searchByDn == null || (attrValues = getAttrValues(searchByDn, "member")) == null) {
            return false;
        }
        while (attrValues.hasMoreElements()) {
            String str3 = (String) attrValues.nextElement();
            if (Objects.equals(str, str3) || isMemberOf(context, str, str3)) {
                return true;
            }
        }
        return false;
    }

    private SearchResult searchByDn(Context context, String str) {
        if (str == null) {
            str = ContextUtils.assertString(context, LDAP_DN);
        }
        boolean z = false;
        SearchResult searchResult = null;
        try {
            String str2 = "(distinguishedName=" + str + ")";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(context, str2);
            });
            if (namingEnumeration.hasMoreElements()) {
                searchResult = (SearchResult) namingEnumeration.nextElement();
                z = true;
            }
            setOutVariable(context, Boolean.valueOf(z), searchResultToMap(searchResult));
            return searchResult;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private SearchResult getUser(Context context) {
        String assertString = ContextUtils.assertString(context, LDAP_USER);
        boolean z = false;
        SearchResult searchResult = null;
        try {
            String str = "(|(userPrincipalName=" + assertString + ")(sAMAccountName=" + assertString + ")(mailNickname=" + assertString + ")(proxyAddresses=smtp:" + assertString + ")(mail=" + assertString + "))";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(context, str);
            });
            if (namingEnumeration.hasMoreElements()) {
                searchResult = (SearchResult) namingEnumeration.nextElement();
                z = true;
            }
            setOutVariable(context, Boolean.valueOf(z), searchResultToMap(searchResult));
            return searchResult;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private SearchResult getGroup(Context context) {
        String assertString = ContextUtils.assertString(context, LDAP_GROUP);
        boolean booleanValue = ((Boolean) ContextUtils.assertVariable(context, LDAP_SECURITY_ENABLED, Boolean.class)).booleanValue();
        boolean z = false;
        SearchResult searchResult = null;
        try {
            String str = "(name=" + assertString + ")";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(context, str);
            });
            while (true) {
                if (!namingEnumeration.hasMoreElements()) {
                    break;
                }
                searchResult = (SearchResult) namingEnumeration.nextElement();
                String attrValue = getAttrValue(searchResult, "distinguishedName");
                if (attrValue != null && attrValue.toLowerCase().contains("ou=security") == booleanValue) {
                    z = true;
                    break;
                }
            }
            setOutVariable(context, Boolean.valueOf(z), searchResultToMap(searchResult));
            return searchResult;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private void isMemberOf(Context context) {
        boolean z = false;
        boolean z2 = false;
        try {
            SearchResult user = getUser(context);
            SearchResult group = getGroup(context);
            if (user != null && group != null) {
                z2 = isMemberOf(context, getAttrValue(user, "distinguishedName"), getAttrValue(group, "distinguishedName"));
                z = true;
            }
            setOutVariable(context, Boolean.valueOf(z), Boolean.valueOf(z2));
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private NamingEnumeration<SearchResult> search(Context context, String str) {
        String assertString = ContextUtils.assertString(context, LDAP_SEARCH_BASE);
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = establishConnection(context);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration<SearchResult> namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                    return establishConnection(context).search(assertString, str, searchControls);
                });
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e) {
                        throw new IllegalArgumentException("Error occurred while closing connection " + e);
                    }
                }
                return namingEnumeration;
            } catch (Throwable th) {
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e2) {
                        throw new IllegalArgumentException("Error occurred while closing connection " + e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new IllegalArgumentException("Error occurred while searching " + e3);
        }
    }

    private LdapContext establishConnection(Context context) {
        String string = getString(this.defaults, context, LDAP_AD_SERVER, null);
        String string2 = getString(this.defaults, context, LDAP_BIND_USER_DN, null);
        String string3 = getString(this.defaults, context, LDAP_BIND_PASSWORD, null);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", string);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", string2);
        hashtable.put("java.naming.security.credentials", string3);
        hashtable.put("java.naming.ldap.version", "3");
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (Exception e) {
            throw new IllegalArgumentException("Error while establishing connection " + e);
        }
    }

    private static String getAttrValue(SearchResult searchResult, String str) {
        NamingEnumeration<String> attrValues = getAttrValues(searchResult, str);
        if (attrValues.hasMoreElements()) {
            return (String) attrValues.nextElement();
        }
        return null;
    }

    private static NamingEnumeration<String> getAttrValues(SearchResult searchResult, String str) {
        Attributes attributes;
        Attribute attribute;
        if (searchResult == null || (attributes = searchResult.getAttributes()) == null || (attribute = attributes.get(str)) == null) {
            return null;
        }
        try {
            return attribute.getAll();
        } catch (NamingException unused) {
            return null;
        }
    }

    private static Map<String, Object> searchResultToMap(SearchResult searchResult) {
        if (searchResult == null) {
            return null;
        }
        HashMap hashMap = new HashMap(searchResult.getAttributes().size());
        try {
            Attributes attributes = searchResult.getAttributes();
            NamingEnumeration iDs = attributes.getIDs();
            HashMap hashMap2 = new HashMap(attributes.size());
            while (iDs.hasMore()) {
                String str = (String) iDs.next();
                Set<String> allAttributesValues = getAllAttributesValues(attributes.get(str));
                if (allAttributesValues.size() == 1) {
                    hashMap2.put(str, allAttributesValues.iterator().next());
                } else {
                    hashMap2.put(str, allAttributesValues);
                }
            }
            hashMap.put("attributes", hashMap2);
        } catch (Exception e) {
            log.error("Error mapping SearchResult attributes: {}", e.getMessage());
        }
        return hashMap;
    }

    private static <T> T withRetry(int i, long j, Callable<T> callable) throws Exception {
        Exception exc = null;
        for (int i2 = 0; !Thread.currentThread().isInterrupted() && i2 <= i; i2++) {
            if (i2 > 0) {
                log.info("Retry after {} sec", Long.valueOf(j / 1000));
                sleep(j);
                log.info("Retrying...");
            }
            try {
                return callable.call();
            } catch (SSLHandshakeException e) {
                log.error("Error during SSL handshake; possibly due to untrusted self-signed certificate." + e.getMessage());
                throw e;
            } catch (Exception e2) {
                exc = e2;
                log.error("call error", e2);
            }
        }
        if (Thread.currentThread().isInterrupted()) {
            throw new InterruptedException();
        }
        throw new RuntimeException(exc);
    }

    private static Set<String> getAllAttributesValues(Attribute attribute) throws NamingException {
        HashSet hashSet = new HashSet();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            hashSet.add(all.next().toString());
        }
        return hashSet;
    }

    private static void setOutVariable(Context context, Boolean bool, Object obj) {
        String string = getString(null, context, LDAP_OUT, LDAP_DEFAULT_OUT);
        HashMap hashMap = new HashMap();
        hashMap.put("success", bool);
        hashMap.put("result", obj);
        context.setVariable(string, hashMap);
    }

    private static Action getAction(Context context) {
        return Action.valueOf(ContextUtils.assertString(context, ACTION_KEY).trim().toUpperCase());
    }

    private static String getString(Map<String, Object> map, Context context, String str, String str2) {
        Object value = getValue(map, context, str, str2);
        if (value instanceof String) {
            return (String) value;
        }
        throw new IllegalArgumentException("'" + str + "': expected a string value, got " + value);
    }

    private static Object getValue(Map<String, Object> map, Context context, String str, Object obj) {
        Object variable = context.getVariable(str);
        if (variable == null && map != null) {
            variable = map.get(str);
        }
        if (variable == null) {
            variable = obj;
        }
        if (variable == null) {
            throw new IllegalArgumentException("Mandatory parameter '" + str + "' is required");
        }
        return variable;
    }

    static void sleep(long j) {
        try {
            Thread.sleep(j);
        } catch (InterruptedException unused) {
            Thread.currentThread().interrupt();
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$LdapTask$Action() {
        int[] iArr = $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$LdapTask$Action;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Action.valuesCustom().length];
        try {
            iArr2[Action.GETGROUP.ordinal()] = MAX_RETRIES;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Action.GETUSER.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Action.ISMEMBEROF.ordinal()] = 4;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[Action.SEARCHBYDN.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$LdapTask$Action = iArr2;
        return iArr2;
    }
}
