package com.att.research.xacml.std.pip.engines.ldap;

import com.att.research.xacml.api.Attribute;
import com.att.research.xacml.api.pip.PIPException;
import com.att.research.xacml.api.pip.PIPFinder;
import com.att.research.xacml.api.pip.PIPRequest;
import com.att.research.xacml.api.pip.PIPResponse;
import com.att.research.xacml.std.pip.StdMutablePIPResponse;
import com.att.research.xacml.std.pip.StdPIPResponse;
import com.att.research.xacml.std.pip.engines.StdConfigurableEngine;
import com.att.research.xacml.std.pip.engines.csv.HyperCSVEngine;
import com.google.common.base.Splitter;
import com.google.common.cache.Cache;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/att/research/xacml/std/pip/engines/ldap/LDAPEngine.class */
public class LDAPEngine extends StdConfigurableEngine {
    public static final String PROP_RESOLVERS = "resolvers";
    public static final String PROP_RESOLVER = "resolver";
    public static final String PROP_LDAP_SCOPE = "scope";
    private static final String LDAP_SCOPE_SUBTREE = "subtree";
    private static final String LDAP_SCOPE_OBJECT = "object";
    private static final String LDAP_SCOPE_ONELEVEL = "onelevel";
    private static final String DEFAULT_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String DEFAULT_SCOPE = "subtree";
    private Log logger = LogFactory.getLog(getClass());
    private Hashtable<Object, Object> ldapEnvironment = new Hashtable<>();
    private List<LDAPResolver> ldapResolvers = new ArrayList();
    private int ldapScope;
    static final /* synthetic */ boolean $assertionsDisabled;

    private boolean configureStringProperty(String str, String str2, Properties properties, String str3) {
        String property = properties.getProperty(str + str2, str3);
        if (property == null) {
            return false;
        }
        this.ldapEnvironment.put(str2, property);
        return true;
    }

    private boolean configureIntegerProperty(String str, String str2, Properties properties, Integer num) {
        String property = properties.getProperty(str + str2);
        if (property == null) {
            if (num == null) {
                return false;
            }
            this.ldapEnvironment.put(str2, num);
            return true;
        }
        try {
            this.ldapEnvironment.put(str2, Integer.valueOf(Integer.parseInt(property)));
            return true;
        } catch (NumberFormatException e) {
            this.logger.error("Invalid Integer '" + property + "' for '" + str2 + "' property");
            return false;
        }
    }

    @Override // com.att.research.xacml.std.pip.engines.StdConfigurableEngine, com.att.research.xacml.std.pip.engines.ConfigurableEngine
    public void configure(String str, Properties properties) throws PIPException {
        super.configure(str, properties);
        String str2 = str + ".";
        if (!configureStringProperty(str2, "java.naming.provider.url", properties, null)) {
            throw new PIPException("Invalid configuration for " + getClass().getName() + ": No " + str2 + "java.naming.provider.url");
        }
        configureStringProperty(str2, "java.naming.authoritative", properties, null);
        configureIntegerProperty(str2, "java.naming.batchsize", properties, null);
        configureStringProperty(str2, "java.naming.dns.url", properties, null);
        configureStringProperty(str2, "java.naming.factory.initial", properties, DEFAULT_CONTEXT_FACTORY);
        configureStringProperty(str2, "java.naming.language", properties, null);
        configureStringProperty(str2, "java.naming.factory.object", properties, null);
        configureStringProperty(str2, "java.naming.referral", properties, null);
        configureStringProperty(str2, "java.naming.security.authentication", properties, null);
        configureStringProperty(str2, "java.naming.security.credentials", properties, null);
        configureStringProperty(str2, "java.naming.security.principal", properties, null);
        configureStringProperty(str2, "java.naming.security.protocol", properties, null);
        configureStringProperty(str2, "java.naming.factory.state", properties, null);
        configureStringProperty(str2, "java.naming.factory.url.pkgs", properties, null);
        String property = properties.getProperty(str2 + "scope", "subtree");
        if ("subtree".equals(property)) {
            this.ldapScope = 2;
        } else if (LDAP_SCOPE_OBJECT.equals(property)) {
            this.ldapScope = 0;
        } else if (LDAP_SCOPE_ONELEVEL.equals(property)) {
            this.ldapScope = 1;
        } else {
            this.logger.warn("Invalid LDAP Scope value '" + property + "'; using subtree");
            this.ldapScope = 2;
        }
        String property2 = properties.getProperty(str2 + "resolvers");
        if (property2 == null || property2.isEmpty()) {
            throw new PIPException("Invalid configuration for " + getClass().getName() + ": No " + str2 + "resolvers");
        }
        for (String str3 : Splitter.on(',').trimResults().omitEmptyStrings().split(property2)) {
            String property3 = properties.getProperty(str2 + "resolver." + str3 + ".classname");
            if (property3 == null) {
                throw new PIPException("Invalid configuration for " + getClass().getName() + ": No " + str2 + "resolver." + str3 + ".classname");
            }
            try {
                Class<?> cls = Class.forName(property3);
                if (!LDAPResolver.class.isAssignableFrom(cls)) {
                    this.logger.error("LDAPResolver class " + property3 + " does not implement " + LDAPResolver.class.getCanonicalName());
                    throw new PIPException("LDAPResolver class " + property3 + " does not implement " + LDAPResolver.class.getCanonicalName());
                }
                LDAPResolver lDAPResolver = (LDAPResolver) LDAPResolver.class.cast(cls.newInstance());
                if (!$assertionsDisabled && lDAPResolver == null) {
                    throw new AssertionError();
                }
                lDAPResolver.configure(str2 + "resolver." + str3, properties, getIssuer());
                this.ldapResolvers.add(lDAPResolver);
            } catch (Exception e) {
                this.logger.error("Exception instantiating LDAPResolver for class '" + property3 + "': " + e.getMessage(), e);
                throw new PIPException("Exception instantiating LDAPResolver for class '" + property3 + "'", e);
            }
        }
    }

    @Override // com.att.research.xacml.api.pip.PIPEngine
    public PIPResponse getAttributes(PIPRequest pIPRequest, PIPFinder pIPFinder) throws PIPException {
        if (this.ldapResolvers.size() == 0) {
            throw new IllegalStateException(getClass().getCanonicalName() + " is not configured");
        }
        StdMutablePIPResponse stdMutablePIPResponse = new StdMutablePIPResponse();
        Iterator<LDAPResolver> it = this.ldapResolvers.iterator();
        while (it.hasNext()) {
            getAttributes(pIPRequest, pIPFinder, stdMutablePIPResponse, it.next());
        }
        if (stdMutablePIPResponse.getAttributes().size() == 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("returning empty response");
            }
            return StdPIPResponse.PIP_RESPONSE_EMPTY;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Returning " + stdMutablePIPResponse.getAttributes().size() + " attributes");
            this.logger.debug(stdMutablePIPResponse.getAttributes());
        }
        return new StdPIPResponse(stdMutablePIPResponse);
    }

    public void getAttributes(PIPRequest pIPRequest, PIPFinder pIPFinder, StdMutablePIPResponse stdMutablePIPResponse, LDAPResolver lDAPResolver) throws PIPException {
        PIPResponse pIPResponse;
        String base = lDAPResolver.getBase(this, pIPRequest, pIPFinder);
        if (base == null) {
            this.logger.warn(getName() + " does not handle " + pIPRequest.toString());
            return;
        }
        String filterString = lDAPResolver.getFilterString(this, pIPRequest, pIPFinder);
        Cache<String, PIPResponse> cache = getCache();
        String str = base + "::" + (filterString == null ? HyperCSVEngine.HYPER_PASS : filterString);
        if (cache != null && (pIPResponse = (PIPResponse) cache.getIfPresent(str)) != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Returning cached response: " + pIPResponse);
            }
            stdMutablePIPResponse.addAttributes(pIPResponse.getAttributes());
            return;
        }
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(this.ldapEnvironment);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.ldapScope);
                NamingEnumeration search = dirContext.search(base, filterString, searchControls);
                if (search != null && search.hasMore()) {
                    while (search.hasMore()) {
                        List<Attribute> decodeResult = lDAPResolver.decodeResult((SearchResult) search.next());
                        if (decodeResult != null && decodeResult.size() > 0) {
                            stdMutablePIPResponse.addAttributes(decodeResult);
                        }
                    }
                }
                if (cache != null) {
                    cache.put(str, (Object) null);
                }
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e) {
                        this.logger.warn("Exception closing DirContext: " + e.getMessage(), e);
                    }
                }
            } catch (NamingException e2) {
                this.logger.error("NamingException creating the DirContext: " + e2.getMessage(), e2);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e3) {
                        this.logger.warn("Exception closing DirContext: " + e3.getMessage(), e3);
                    }
                }
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    this.logger.warn("Exception closing DirContext: " + e4.getMessage(), e4);
                }
            }
            throw th;
        }
    }

    @Override // com.att.research.xacml.api.pip.PIPEngine
    public Collection<PIPRequest> attributesRequired() {
        HashSet hashSet = new HashSet();
        Iterator<LDAPResolver> it = this.ldapResolvers.iterator();
        while (it.hasNext()) {
            it.next().attributesRequired(hashSet);
        }
        return hashSet;
    }

    @Override // com.att.research.xacml.api.pip.PIPEngine
    public Collection<PIPRequest> attributesProvided() {
        HashSet hashSet = new HashSet();
        Iterator<LDAPResolver> it = this.ldapResolvers.iterator();
        while (it.hasNext()) {
            it.next().attributesProvided(hashSet);
        }
        return hashSet;
    }

    static {
        $assertionsDisabled = !LDAPEngine.class.desiredAssertionStatus();
    }
}
