package org.wso2.carbon.user.core.ldap;

import java.util.Hashtable;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.TimeLimitExceededException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/user/core/ldap/LDAPConnectionContext.class */
public class LDAPConnectionContext {
    private static Log log = LogFactory.getLog(LDAPConnectionContext.class);
    private Hashtable environment;
    private SortedMap<Integer, SRVRecord> dcMap;
    private Hashtable environmentForDNS;
    private String DNSDomainName;
    private boolean readOnly;
    private static final String CONNECTION_TIME_OUT = "LDAPConnectionTimeout";
    private static final String READ_TIME_OUT = "ReadTimeout";

    public LDAPConnectionContext(RealmConfiguration realmConfiguration) throws UserStoreException {
        this.readOnly = false;
        String userStoreProperty = realmConfiguration.getUserStoreProperty(LDAPConstants.DNS_URL);
        if (userStoreProperty != null) {
            this.DNSDomainName = realmConfiguration.getUserStoreProperty(LDAPConstants.DNS_DOMAIN_NAME);
            if (this.DNSDomainName == null) {
                throw new UserStoreException("DNS is enabled, but DNS domain name not provided.");
            }
            this.environmentForDNS = new Hashtable();
            this.environmentForDNS.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
            this.environmentForDNS.put("java.naming.provider.url", userStoreProperty);
            populateDCMap();
            String userStoreProperty2 = realmConfiguration.getUserStoreProperty("ReadOnly");
            if (userStoreProperty2 != null) {
                this.readOnly = Boolean.parseBoolean(userStoreProperty2);
            }
        }
        String userStoreProperty3 = realmConfiguration.getUserStoreProperty("ConnectionURL");
        String str = null;
        if (userStoreProperty3 != null) {
            String str2 = userStoreProperty3.split(":")[2];
            String str3 = null;
            if (str2.contains("${") && str2.contains("}")) {
                str3 = Integer.toString(CarbonUtils.getPortFromServerConfig(str2));
            }
            str = str3 != null ? userStoreProperty3.replace(str2, str3) : realmConfiguration.getUserStoreProperty("ConnectionURL");
        }
        String userStoreProperty4 = realmConfiguration.getUserStoreProperty("ConnectionName");
        String userStoreProperty5 = realmConfiguration.getUserStoreProperty("ConnectionPassword");
        if (log.isDebugEnabled()) {
            log.debug("Connection Name :: " + userStoreProperty4 + ", Connection URL :: " + str);
        }
        this.environment = new Hashtable();
        this.environment.put("java.naming.factory.initial", LDAPConstants.DRIVER_NAME);
        this.environment.put("java.naming.security.authentication", "simple");
        this.environment.put("org.wso2.carbon.context.RequestBaseContext", UserCoreConstants.USER_LOCKED);
        if (userStoreProperty4 != null) {
            this.environment.put("java.naming.security.principal", userStoreProperty4);
        }
        if (userStoreProperty5 != null) {
            this.environment.put("java.naming.security.credentials", userStoreProperty5);
        }
        if (str != null) {
            this.environment.put("java.naming.provider.url", str);
        }
        boolean z = false;
        String userStoreProperty6 = realmConfiguration.getUserStoreProperty("ConnectionPoolingEnabled");
        if (userStoreProperty6 != null && !userStoreProperty6.trim().isEmpty()) {
            z = Boolean.parseBoolean(userStoreProperty6);
        }
        this.environment.put("com.sun.jndi.ldap.connect.pool", z ? UserCoreConstants.USER_LOCKED : "false");
        if (realmConfiguration.getUserStoreProperty(LDAPConstants.PROPERTY_REFERRAL) != null) {
            this.environment.put("java.naming.referral", realmConfiguration.getUserStoreProperty(LDAPConstants.PROPERTY_REFERRAL));
        }
        String userStoreProperty7 = realmConfiguration.getUserStoreProperty(LDAPConstants.LDAP_ATTRIBUTES_BINARY);
        if (userStoreProperty7 != null) {
            this.environment.put(LDAPConstants.LDAP_ATTRIBUTES_BINARY, userStoreProperty7);
        }
        String userStoreProperty8 = realmConfiguration.getUserStoreProperty(CONNECTION_TIME_OUT);
        String userStoreProperty9 = realmConfiguration.getUserStoreProperty(READ_TIME_OUT);
        if (userStoreProperty8 == null || userStoreProperty8.trim().isEmpty()) {
            this.environment.put("com.sun.jndi.ldap.connect.timeout", "5000");
        } else {
            this.environment.put("com.sun.jndi.ldap.connect.timeout", userStoreProperty8);
        }
        if (StringUtils.isNotEmpty(userStoreProperty9)) {
            this.environment.put("com.sun.jndi.ldap.read.timeout", userStoreProperty9);
        }
    }

    public DirContext getContext() throws UserStoreException {
        InitialDirContext initialDirContext = null;
        if (this.dcMap == null) {
            try {
                initialDirContext = new InitialDirContext(this.environment);
            } catch (NamingException e) {
                log.error("Error obtaining connection. " + e.getMessage(), e);
                log.error("Trying again to get connection.");
                try {
                    initialDirContext = new InitialDirContext(this.environment);
                } catch (Exception e2) {
                    log.error("Error obtaining connection for the second time" + e.getMessage(), e);
                    throw new UserStoreException("Error obtaining connection. " + e.getMessage(), e);
                }
            }
        } else if (this.dcMap != null && this.dcMap.size() != 0) {
            try {
                this.environment.put("java.naming.provider.url", getLDAPURLFromSRVRecord(this.dcMap.get(this.dcMap.firstKey())));
                initialDirContext = new InitialDirContext(this.environment);
            } catch (NamingException e3) {
                log.error("Error obtaining connection to first Domain Controller." + e3.getMessage(), e3);
                log.info("Trying to connect with other Domain Controllers");
                for (Integer num : this.dcMap.keySet()) {
                    try {
                        this.environment.put("java.naming.provider.url", getLDAPURLFromSRVRecord(this.dcMap.get(num)));
                        initialDirContext = new InitialDirContext(this.environment);
                        break;
                    } catch (NamingException e4) {
                        if (num == this.dcMap.lastKey()) {
                            log.error("Error obtaining connection for all " + num + " Domain Controllers." + e3.getMessage(), e3);
                            throw new UserStoreException("Error obtaining connection. " + e3.getMessage(), e3);
                        }
                    }
                }
            }
        }
        return initialDirContext;
    }

    public void updateCredential(String str) {
        this.environment.put("java.naming.security.credentials", str);
    }

    private void populateDCMap() throws UserStoreException {
        try {
            InitialDirContext initialDirContext = new InitialDirContext(this.environmentForDNS);
            NamingEnumeration all = initialDirContext.getAttributes(LDAPConstants.ACTIVE_DIRECTORY_DOMAIN_CONTROLLER_SERVICE + this.DNSDomainName, new String[]{LDAPConstants.SRV_ATTRIBUTE_NAME}).get(LDAPConstants.SRV_ATTRIBUTE_NAME).getAll();
            this.dcMap = new TreeMap();
            while (all.hasMore()) {
                String obj = all.next().toString();
                SRVRecord sRVRecord = new SRVRecord();
                String[] split = obj.split(" ");
                String str = split[0];
                if (str != null) {
                    sRVRecord.setPriority(Integer.parseInt(str));
                }
                String str2 = split[1];
                if (str2 != null) {
                    sRVRecord.setWeight(Integer.parseInt(str2));
                }
                String str3 = split[2];
                if (str3 != null) {
                    sRVRecord.setPort(Integer.parseInt(str3));
                }
                String str4 = split[3];
                if (str4 != null) {
                    sRVRecord.setHostName(str4);
                }
                this.dcMap.put(Integer.valueOf(sRVRecord.getPriority()), sRVRecord);
            }
            for (SRVRecord sRVRecord2 : this.dcMap.values()) {
                sRVRecord2.setHostIP((String) initialDirContext.getAttributes(sRVRecord2.getHostName(), new String[]{LDAPConstants.A_RECORD_ATTRIBUTE_NAME}).get(LDAPConstants.A_RECORD_ATTRIBUTE_NAME).get());
            }
        } catch (NamingException e) {
            log.error("Error obtaining information from DNS Server" + e.getMessage(), e);
            throw new UserStoreException("Error obtaining information from DNS Server " + e.getMessage(), e);
        }
    }

    private String getLDAPURLFromSRVRecord(SRVRecord sRVRecord) {
        return this.readOnly ? "ldap://" + sRVRecord.getHostIP() + ":" + sRVRecord.getPort() : "ldaps://" + sRVRecord.getHostIP() + ":" + sRVRecord.getPort();
    }

    public LdapContext getContextWithCredentials(String str, String str2) throws UserStoreException, NamingException, AuthenticationException {
        InitialLdapContext initialLdapContext = null;
        Hashtable hashtable = new Hashtable();
        for (Object obj : this.environment.keySet()) {
            hashtable.put((String) obj, (String) this.environment.get(obj));
        }
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        if (this.dcMap == null) {
            initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        } else if (this.dcMap != null && this.dcMap.size() != 0) {
            try {
                hashtable.put("java.naming.provider.url", getLDAPURLFromSRVRecord(this.dcMap.get(this.dcMap.firstKey())));
                initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            } catch (TimeLimitExceededException e) {
                throw new UserStoreException("TimeLimitExceeded : LDAP Read Timed Out");
            } catch (AuthenticationException e2) {
                throw e2;
            } catch (NamingException e3) {
                log.error("Error obtaining connection to first Domain Controller." + e3.getMessage(), e3);
                log.info("Trying to connect with other Domain Controllers");
                for (Integer num : this.dcMap.keySet()) {
                    try {
                        this.environment.put("java.naming.provider.url", getLDAPURLFromSRVRecord(this.dcMap.get(num)));
                        initialLdapContext = new InitialLdapContext(this.environment, (Control[]) null);
                        break;
                    } catch (NamingException e4) {
                        if (num == this.dcMap.lastKey()) {
                            log.error("Error obtaining connection for all " + num + " Domain Controllers." + e4.getMessage(), e4);
                            throw new UserStoreException("Error obtaining connection. " + e4.getMessage(), e4);
                        }
                    } catch (AuthenticationException e5) {
                        throw e5;
                    }
                }
            }
        }
        return initialLdapContext;
    }
}
