package com.walmartlabs.concord.plugins.ldap;

import com.walmartlabs.concord.plugins.ldap.TaskParams;
import com.walmartlabs.concord.sdk.MapUtils;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.stream.Stream;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.net.ssl.SSLHandshakeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/walmartlabs/concord/plugins/ldap/LdapTaskCommon.class */
public class LdapTaskCommon {
    private static final Logger log = LoggerFactory.getLogger(LdapTaskCommon.class);
    private static final int MAX_RETRIES = 3;
    private static final long RETRY_DELAY = 3000;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$TaskParams$Action;

    public Map<String, Object> execute(TaskParams taskParams) {
        switch ($SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$TaskParams$Action()[taskParams.action().ordinal()]) {
            case 1:
                log.info("Starting 'SearchByDn' Action");
                TaskParams.SearchByDnParams searchByDnParams = (TaskParams.SearchByDnParams) taskParams;
                return toResult(searchByDn(searchByDnParams, searchByDnParams.searchBase(), searchByDnParams.dn()));
            case 2:
                log.info("Starting 'GetUser' Action");
                TaskParams.GetUserParams getUserParams = (TaskParams.GetUserParams) taskParams;
                return toResult(getUser(getUserParams, getUserParams.searchBase(), getUserParams.user()));
            case MAX_RETRIES /* 3 */:
                log.info("Starting 'GetGroup' Action");
                TaskParams.GetGroupParams getGroupParams = (TaskParams.GetGroupParams) taskParams;
                return toResult(getGroup(getGroupParams, getGroupParams.searchBase(), getGroupParams.group(), getGroupParams.securityGroupTypes(), getGroupParams.securityEnabled()));
            case 4:
                log.info("Starting 'IsMemberOf' Action");
                boolean isMemberOf = isMemberOf((TaskParams.MemberOfParams) taskParams);
                HashMap hashMap = new HashMap();
                hashMap.put("success", true);
                hashMap.put("result", Boolean.valueOf(isMemberOf));
                return hashMap;
            default:
                throw new IllegalArgumentException("Unsupported action type: " + taskParams.action());
        }
    }

    public boolean isMemberOf(LdapSearchParams ldapSearchParams, String str, String str2) {
        NamingEnumeration<String> attrValues;
        SearchResult searchByDn = searchByDn(ldapSearchParams, ldapSearchParams.searchBase(), str2);
        if (searchByDn == null || (attrValues = getAttrValues(searchByDn, "member")) == null) {
            return false;
        }
        while (attrValues.hasMoreElements()) {
            String str3 = (String) attrValues.nextElement();
            if (Objects.equals(str, str3) || isMemberOf(ldapSearchParams, str, str3)) {
                return true;
            }
        }
        return false;
    }

    private SearchResult searchByDn(LdapConnectionCfg ldapConnectionCfg, String str, String str2) {
        try {
            String str3 = "(distinguishedName=" + str2 + ")";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(ldapConnectionCfg, str, str3);
            });
            if (namingEnumeration.hasMoreElements()) {
                return (SearchResult) namingEnumeration.nextElement();
            }
            return null;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private SearchResult getUser(LdapConnectionCfg ldapConnectionCfg, String str, String str2) {
        try {
            String str3 = "(|(userPrincipalName=" + str2 + ")(sAMAccountName=" + str2 + ")(mailNickname=" + str2 + ")(proxyAddresses=smtp:" + str2 + ")(mail=" + str2 + "))";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(ldapConnectionCfg, str, str3);
            });
            if (namingEnumeration.hasMoreElements()) {
                return (SearchResult) namingEnumeration.nextElement();
            }
            return null;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private SearchResult getGroup(LdapConnectionCfg ldapConnectionCfg, String str, String str2, List<String> list, boolean z) {
        try {
            String str3 = "(name=" + str2 + ")";
            NamingEnumeration namingEnumeration = (NamingEnumeration) withRetry(MAX_RETRIES, RETRY_DELAY, () -> {
                return search(ldapConnectionCfg, str, str3);
            });
            while (namingEnumeration.hasMoreElements()) {
                SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                String attrValue = getAttrValue(searchResult, "distinguishedName");
                if (attrValue != null && attrValue.toLowerCase().contains("ou=security") == z) {
                    return searchResult;
                }
                String attrValue2 = getAttrValue(searchResult, "groupType");
                if (attrValue2 != null) {
                    Stream<String> stream = list.stream();
                    attrValue2.getClass();
                    if (stream.anyMatch((v1) -> {
                        return r1.equals(v1);
                    }) == z) {
                        return searchResult;
                    }
                }
            }
            return null;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private boolean isMemberOf(TaskParams.MemberOfParams memberOfParams) {
        boolean z = false;
        try {
            SearchResult user = getUser(memberOfParams, memberOfParams.searchBase(), memberOfParams.user());
            SearchResult group = getGroup(memberOfParams, memberOfParams.searchBase(), memberOfParams.group(), memberOfParams.securityGroupTypes(), memberOfParams.securityEnabled());
            if (user != null && group != null) {
                z = isMemberOf(memberOfParams, getAttrValue(user, "distinguishedName"), getAttrValue(group, "distinguishedName"));
            }
            return z;
        } catch (Exception e) {
            throw new IllegalArgumentException("Error occurred while searching " + e);
        }
    }

    private NamingEnumeration<SearchResult> search(LdapConnectionCfg ldapConnectionCfg, String str, String str2) {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = establishConnection(ldapConnectionCfg);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration<SearchResult> search = ldapContext.search(str, str2, searchControls);
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e) {
                        throw new IllegalArgumentException("Error occurred while closing connection " + e);
                    }
                }
                return search;
            } catch (Exception e2) {
                throw new IllegalArgumentException("Error occurred while searching " + e2);
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e3) {
                    throw new IllegalArgumentException("Error occurred while closing connection " + e3);
                }
            }
            throw th;
        }
    }

    private LdapContext establishConnection(LdapConnectionCfg ldapConnectionCfg) throws NamingException {
        if (ldapConnectionCfg.dnsSrvRr() != null) {
            Map<String, Object> dnsSrvRr = ldapConnectionCfg.dnsSrvRr();
            List<String> ldapServers = getLdapServers(MapUtils.assertString(dnsSrvRr, "name"), MapUtils.assertString(dnsSrvRr, "protocol"), MapUtils.assertString(dnsSrvRr, "port"));
            while (0 < ldapServers.size()) {
                try {
                    return establishConnection(ldapConnectionCfg, ldapServers.get(0));
                } catch (CommunicationException e) {
                    log.warn("Error while establishing connection with ldap AD server: {}, Exception: {}", ldapServers.get(0), e.getMessage());
                } catch (Exception e2) {
                    throw new IllegalArgumentException("Error while establishing connection " + e2);
                }
            }
        }
        if (ldapConnectionCfg.ldapAdServer() == null) {
            throw new IllegalArgumentException("Mandatory variable either 'dnsSrvRr' or 'ldapAdServer' is required");
        }
        try {
            return establishConnection(ldapConnectionCfg, ldapConnectionCfg.ldapAdServer());
        } catch (Exception e3) {
            throw new IllegalArgumentException("Error while establishing connection " + e3);
        }
    }

    private LdapContext establishConnection(LdapConnectionCfg ldapConnectionCfg, String str) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", ldapConnectionCfg.bindUserDn());
        hashtable.put("java.naming.security.credentials", ldapConnectionCfg.bindPassword());
        hashtable.put("java.naming.ldap.version", "3");
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    private List<String> getLdapServers(String str, String str2, String str3) throws NamingException {
        CopyOnWriteArrayList copyOnWriteArrayList = new CopyOnWriteArrayList();
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
        hashtable.put("java.naming.provider.url", "dns:");
        NamingEnumeration all = new InitialDirContext(hashtable).getAttributes(str, new String[]{"SRV"}).getAll();
        while (all.hasMore()) {
            NamingEnumeration all2 = ((Attribute) all.next()).getAll();
            while (all2.hasMore()) {
                copyOnWriteArrayList.add(String.valueOf(str2) + "://" + removeLastCharIfDot(((String) all2.next()).split(" ")[MAX_RETRIES]) + ":" + str3);
            }
        }
        return copyOnWriteArrayList;
    }

    private static String removeLastCharIfDot(String str) {
        return (str == null || str.length() == 0 || str.charAt(str.length() - 1) != '.') ? str : str.substring(0, str.length() - 1);
    }

    private static String getAttrValue(SearchResult searchResult, String str) {
        NamingEnumeration<String> attrValues = getAttrValues(searchResult, str);
        if (attrValues == null || !attrValues.hasMoreElements()) {
            return null;
        }
        return (String) attrValues.nextElement();
    }

    private static NamingEnumeration<String> getAttrValues(SearchResult searchResult, String str) {
        Attributes attributes;
        Attribute attribute;
        if (searchResult == null || (attributes = searchResult.getAttributes()) == null || (attribute = attributes.get(str)) == null) {
            return null;
        }
        try {
            return attribute.getAll();
        } catch (NamingException unused) {
            return null;
        }
    }

    private static Map<String, Object> searchResultToMap(SearchResult searchResult) {
        if (searchResult == null) {
            return null;
        }
        HashMap hashMap = new HashMap(searchResult.getAttributes().size());
        try {
            Attributes attributes = searchResult.getAttributes();
            NamingEnumeration iDs = attributes.getIDs();
            HashMap hashMap2 = new HashMap(attributes.size());
            while (iDs.hasMore()) {
                String str = (String) iDs.next();
                Set<String> allAttributesValues = getAllAttributesValues(attributes.get(str));
                if (allAttributesValues.size() == 1) {
                    hashMap2.put(str, allAttributesValues.iterator().next());
                } else {
                    hashMap2.put(str, allAttributesValues);
                }
            }
            hashMap.put("attributes", hashMap2);
        } catch (Exception e) {
            log.error("Error mapping SearchResult attributes: {}", e.getMessage());
        }
        return hashMap;
    }

    private static <T> T withRetry(int i, long j, Callable<T> callable) throws Exception {
        Exception exc = null;
        for (int i2 = 0; !Thread.currentThread().isInterrupted() && i2 <= i; i2++) {
            if (i2 > 0) {
                log.info("Retry after {} sec", Long.valueOf(j / 1000));
                sleep(j);
                log.info("Retrying...");
            }
            try {
                return callable.call();
            } catch (SSLHandshakeException e) {
                log.error("Error during SSL handshake; possibly due to untrusted self-signed certificate." + e.getMessage());
                throw e;
            } catch (Exception e2) {
                exc = e2;
                log.error("call error", e2);
            }
        }
        if (Thread.currentThread().isInterrupted()) {
            throw new InterruptedException();
        }
        throw new RuntimeException(exc);
    }

    private static Set<String> getAllAttributesValues(Attribute attribute) throws NamingException {
        HashSet hashSet = new HashSet();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            hashSet.add(all.next().toString());
        }
        return hashSet;
    }

    private static Map<String, Object> toResult(SearchResult searchResult) {
        HashMap hashMap = new HashMap();
        hashMap.put("success", Boolean.valueOf(searchResult != null));
        hashMap.put("result", searchResultToMap(searchResult));
        return hashMap;
    }

    private static void sleep(long j) {
        try {
            Thread.sleep(j);
        } catch (InterruptedException unused) {
            Thread.currentThread().interrupt();
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$TaskParams$Action() {
        int[] iArr = $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$TaskParams$Action;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[TaskParams.Action.valuesCustom().length];
        try {
            iArr2[TaskParams.Action.GETGROUP.ordinal()] = MAX_RETRIES;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[TaskParams.Action.GETUSER.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[TaskParams.Action.ISMEMBEROF.ordinal()] = 4;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[TaskParams.Action.SEARCHBYDN.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$walmartlabs$concord$plugins$ldap$TaskParams$Action = iArr2;
        return iArr2;
    }
}
