package org.camunda.bpm.identity.impl.ldap;

import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.SortControl;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.GroupQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.identity.UserQuery;
import org.camunda.bpm.engine.impl.AbstractQuery;
import org.camunda.bpm.engine.impl.UserQueryImpl;
import org.camunda.bpm.engine.impl.UserQueryProperty;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.identity.IdentityProviderException;
import org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.entity.GroupEntity;
import org.camunda.bpm.engine.impl.persistence.entity.UserEntity;

/* loaded from: input_file:org/camunda/bpm/identity/impl/ldap/LdapIdentityProviderSession.class */
public class LdapIdentityProviderSession implements ReadOnlyIdentityProvider {
    private static final Logger LOG = Logger.getLogger(LdapIdentityProviderSession.class.getName());
    protected LdapConfiguration ldapConfiguration;
    protected LdapContext initialContext;

    public LdapIdentityProviderSession(LdapConfiguration ldapConfiguration) {
        this.ldapConfiguration = ldapConfiguration;
    }

    public void flush() {
    }

    public void close() {
        if (this.initialContext != null) {
            try {
                this.initialContext.close();
            } catch (Exception e) {
                LOG.log(Level.FINE, "exception while closing LDAP DIR CTX", (Throwable) e);
            }
        }
    }

    protected InitialLdapContext openContext(String str, String str2) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.ldapConfiguration.getInitialContextFactory());
        hashtable.put("java.naming.security.authentication", this.ldapConfiguration.getSecurityAuthentication());
        hashtable.put("java.naming.provider.url", this.ldapConfiguration.getServerUrl());
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        if (this.ldapConfiguration.isAllowAnonymousLogin() && str2.isEmpty()) {
            hashtable.put("java.naming.security.authentication", "none");
        }
        if (this.ldapConfiguration.isUseSsl()) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        Map<String, String> contextProperties = this.ldapConfiguration.getContextProperties();
        if (contextProperties != null) {
            hashtable.putAll(contextProperties);
        }
        try {
            return new InitialLdapContext(hashtable, (Control[]) null);
        } catch (NamingException e) {
            throw new IdentityProviderException("Could not connect to LDAP server", e);
        } catch (AuthenticationException e2) {
            throw new LdapAuthenticationException("Could not authenticate with LDAP server", e2);
        }
    }

    protected void ensureContextInitialized() {
        if (this.initialContext == null) {
            this.initialContext = openContext(this.ldapConfiguration.getManagerDn(), this.ldapConfiguration.getManagerPassword());
        }
    }

    public User findUserById(String str) {
        return (User) m1createUserQuery(Context.getCommandContext()).userId(str).singleResult();
    }

    public UserQuery createUserQuery() {
        return new LdapUserQueryImpl(Context.getProcessEngineConfiguration().getCommandExecutorTxRequired());
    }

    /* renamed from: createUserQuery, reason: merged with bridge method [inline-methods] */
    public UserQueryImpl m1createUserQuery(CommandContext commandContext) {
        return new LdapUserQueryImpl();
    }

    public long findUserCountByQueryCriteria(LdapUserQueryImpl ldapUserQueryImpl) {
        ensureContextInitialized();
        return findUserByQueryCriteria(ldapUserQueryImpl).size();
    }

    public List<User> findUserByQueryCriteria(LdapUserQueryImpl ldapUserQueryImpl) {
        ensureContextInitialized();
        return ldapUserQueryImpl.getGroupId() != null ? findUsersByGroupId(ldapUserQueryImpl) : findUsersWithoutGroupId(ldapUserQueryImpl, composeDn(this.ldapConfiguration.getUserSearchBase(), this.ldapConfiguration.getBaseDn()));
    }

    protected List<User> findUsersByGroupId(LdapUserQueryImpl ldapUserQueryImpl) {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = this.initialContext.search(getDnForGroup(ldapUserQueryImpl.getGroupId()), "(& " + this.ldapConfiguration.getGroupSearchFilter() + ")", this.ldapConfiguration.getSearchControls());
                ArrayList<String> arrayList = new ArrayList();
                while (namingEnumeration.hasMoreElements()) {
                    Attribute attribute = ((SearchResult) namingEnumeration.nextElement()).getAttributes().get(this.ldapConfiguration.getGroupMemberAttribute());
                    if (null != attribute) {
                        NamingEnumeration all = attribute.getAll();
                        while (all.hasMoreElements() && arrayList.size() < ldapUserQueryImpl.getMaxResults()) {
                            arrayList.add((String) all.nextElement());
                        }
                    }
                }
                ArrayList arrayList2 = new ArrayList();
                String composeDn = composeDn(this.ldapConfiguration.getUserSearchBase(), this.ldapConfiguration.getBaseDn());
                for (String str : arrayList) {
                    if (this.ldapConfiguration.isUsePosixGroups()) {
                        ldapUserQueryImpl.userId(str);
                    }
                    List<User> findUsersWithoutGroupId = this.ldapConfiguration.isUsePosixGroups() ? findUsersWithoutGroupId(ldapUserQueryImpl, composeDn) : findUsersWithoutGroupId(ldapUserQueryImpl, str);
                    if (findUsersWithoutGroupId.size() > 0) {
                        arrayList2.add(findUsersWithoutGroupId.get(0));
                    }
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
                return arrayList2;
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e2) {
                        throw th;
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new IdentityProviderException("Could not query for users", e3);
        }
    }

    public List<User> findUsersWithoutGroupId(LdapUserQueryImpl ldapUserQueryImpl, String str) {
        if (this.ldapConfiguration.isSortControlSupported()) {
            applyRequestControls(ldapUserQueryImpl);
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = this.initialContext.search(str, getUserSearchFilter(ldapUserQueryImpl), this.ldapConfiguration.getSearchControls());
                int i = 0;
                ArrayList arrayList = new ArrayList();
                while (namingEnumeration.hasMoreElements() && arrayList.size() < ldapUserQueryImpl.getMaxResults()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                    if (i >= ldapUserQueryImpl.getFirstResult()) {
                        LdapUserEntity transformUser = transformUser(searchResult);
                        if (isAuthenticatedUser(transformUser) || isAuthorized(Permissions.READ, Resources.USER, transformUser.getId())) {
                            arrayList.add(transformUser);
                        }
                    }
                    i++;
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
                return arrayList;
            } catch (NamingException e2) {
                throw new IdentityProviderException("Could not query for users", e2);
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (Exception e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public boolean checkPassword(String str, String str2) {
        if (str2 == null || str == null || str.isEmpty()) {
            return false;
        }
        if (!this.ldapConfiguration.isAllowAnonymousLogin() && str2.equals("")) {
            return false;
        }
        LdapUserEntity findUserById = findUserById(str);
        close();
        if (findUserById == null) {
            return false;
        }
        try {
            openContext(findUserById.getDn(), str2);
            return true;
        } catch (LdapAuthenticationException e) {
            return false;
        }
    }

    protected String getUserSearchFilter(LdapUserQueryImpl ldapUserQueryImpl) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.write("(&");
        stringWriter.write(this.ldapConfiguration.getUserSearchFilter());
        if (ldapUserQueryImpl.getId() != null) {
            addFilter(this.ldapConfiguration.getUserIdAttribute(), escapeLDAPSearchFilter(ldapUserQueryImpl.getId()), stringWriter);
        }
        if (ldapUserQueryImpl.getIds() != null && ldapUserQueryImpl.getIds().length > 0) {
            stringWriter.write("(|");
            for (String str : ldapUserQueryImpl.getIds()) {
                addFilter(this.ldapConfiguration.getUserIdAttribute(), escapeLDAPSearchFilter(str), stringWriter);
            }
            stringWriter.write(")");
        }
        if (ldapUserQueryImpl.getEmail() != null) {
            addFilter(this.ldapConfiguration.getUserEmailAttribute(), ldapUserQueryImpl.getEmail(), stringWriter);
        }
        if (ldapUserQueryImpl.getEmailLike() != null) {
            addFilter(this.ldapConfiguration.getUserEmailAttribute(), ldapUserQueryImpl.getEmailLike(), stringWriter);
        }
        if (ldapUserQueryImpl.getFirstName() != null) {
            addFilter(this.ldapConfiguration.getUserFirstnameAttribute(), ldapUserQueryImpl.getFirstName(), stringWriter);
        }
        if (ldapUserQueryImpl.getFirstNameLike() != null) {
            addFilter(this.ldapConfiguration.getUserFirstnameAttribute(), ldapUserQueryImpl.getFirstNameLike(), stringWriter);
        }
        if (ldapUserQueryImpl.getLastName() != null) {
            addFilter(this.ldapConfiguration.getUserLastnameAttribute(), ldapUserQueryImpl.getLastName(), stringWriter);
        }
        if (ldapUserQueryImpl.getLastNameLike() != null) {
            addFilter(this.ldapConfiguration.getUserLastnameAttribute(), ldapUserQueryImpl.getLastNameLike(), stringWriter);
        }
        stringWriter.write(")");
        return stringWriter.toString();
    }

    public Group findGroupById(String str) {
        return (Group) createGroupQuery(Context.getCommandContext()).groupId(str).singleResult();
    }

    public GroupQuery createGroupQuery() {
        return new LdapGroupQuery(Context.getProcessEngineConfiguration().getCommandExecutorTxRequired());
    }

    public GroupQuery createGroupQuery(CommandContext commandContext) {
        return new LdapGroupQuery();
    }

    public long findGroupCountByQueryCriteria(LdapGroupQuery ldapGroupQuery) {
        ensureContextInitialized();
        return findGroupByQueryCriteria(ldapGroupQuery).size();
    }

    public List<Group> findGroupByQueryCriteria(LdapGroupQuery ldapGroupQuery) {
        ensureContextInitialized();
        String composeDn = composeDn(this.ldapConfiguration.getGroupSearchBase(), this.ldapConfiguration.getBaseDn());
        if (this.ldapConfiguration.isSortControlSupported()) {
            applyRequestControls(ldapGroupQuery);
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = this.initialContext.search(composeDn, getGroupSearchFilter(ldapGroupQuery), this.ldapConfiguration.getSearchControls());
                int i = 0;
                ArrayList arrayList = new ArrayList();
                while (namingEnumeration.hasMoreElements() && arrayList.size() < ldapGroupQuery.getMaxResults()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                    if (i >= ldapGroupQuery.getFirstResult()) {
                        GroupEntity transformGroup = transformGroup(searchResult);
                        if (isAuthorized(Permissions.READ, Resources.GROUP, transformGroup.getId())) {
                            arrayList.add(transformGroup);
                        }
                    }
                    i++;
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                    }
                }
                return arrayList;
            } catch (NamingException e2) {
                throw new IdentityProviderException("Could not query for users", e2);
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (Exception e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    protected String getGroupSearchFilter(LdapGroupQuery ldapGroupQuery) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.write("(&");
        stringWriter.write(this.ldapConfiguration.getGroupSearchFilter());
        if (ldapGroupQuery.getId() != null) {
            addFilter(this.ldapConfiguration.getGroupIdAttribute(), ldapGroupQuery.getId(), stringWriter);
        }
        if (ldapGroupQuery.getName() != null) {
            addFilter(this.ldapConfiguration.getGroupNameAttribute(), ldapGroupQuery.getName(), stringWriter);
        }
        if (ldapGroupQuery.getNameLike() != null) {
            addFilter(this.ldapConfiguration.getGroupNameAttribute(), ldapGroupQuery.getNameLike(), stringWriter);
        }
        if (ldapGroupQuery.getUserId() != null) {
            addFilter(this.ldapConfiguration.getGroupMemberAttribute(), escapeLDAPSearchFilter(this.ldapConfiguration.isUsePosixGroups() ? ldapGroupQuery.getUserId() : getDnForUser(ldapGroupQuery.getUserId())), stringWriter);
        }
        stringWriter.write(")");
        return stringWriter.toString();
    }

    protected String getDnForUser(String str) {
        LdapUserEntity ldapUserEntity = (LdapUserEntity) m1createUserQuery(Context.getCommandContext()).userId(str).singleResult();
        return ldapUserEntity == null ? "" : ldapUserEntity.getDn();
    }

    protected String getDnForGroup(String str) {
        LdapGroupEntity ldapGroupEntity = (LdapGroupEntity) createGroupQuery(Context.getCommandContext()).groupId(str).singleResult();
        return ldapGroupEntity == null ? "" : ldapGroupEntity.getDn();
    }

    protected String getStringAttributeValue(String str, Attributes attributes) throws NamingException {
        Attribute attribute = attributes.get(str);
        if (attribute != null) {
            return (String) attribute.get();
        }
        return null;
    }

    protected void addFilter(String str, String str2, StringWriter stringWriter) {
        stringWriter.write("(");
        stringWriter.write(str);
        stringWriter.write("=");
        stringWriter.write(str2);
        stringWriter.write(")");
    }

    protected LdapUserEntity transformUser(SearchResult searchResult) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        LdapUserEntity ldapUserEntity = new LdapUserEntity();
        ldapUserEntity.setDn(searchResult.getNameInNamespace());
        ldapUserEntity.setId(getStringAttributeValue(this.ldapConfiguration.getUserIdAttribute(), attributes));
        ldapUserEntity.setFirstName(getStringAttributeValue(this.ldapConfiguration.getUserFirstnameAttribute(), attributes));
        ldapUserEntity.setLastName(getStringAttributeValue(this.ldapConfiguration.getUserLastnameAttribute(), attributes));
        ldapUserEntity.setEmail(getStringAttributeValue(this.ldapConfiguration.getUserEmailAttribute(), attributes));
        return ldapUserEntity;
    }

    protected GroupEntity transformGroup(SearchResult searchResult) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        LdapGroupEntity ldapGroupEntity = new LdapGroupEntity();
        ldapGroupEntity.setDn(searchResult.getNameInNamespace());
        ldapGroupEntity.setId(getStringAttributeValue(this.ldapConfiguration.getGroupIdAttribute(), attributes));
        ldapGroupEntity.setName(getStringAttributeValue(this.ldapConfiguration.getGroupNameAttribute(), attributes));
        ldapGroupEntity.setType(getStringAttributeValue(this.ldapConfiguration.getGroupTypeAttribute(), attributes));
        return ldapGroupEntity;
    }

    protected void applyRequestControls(AbstractQuery abstractQuery) {
        try {
            ArrayList arrayList = new ArrayList();
            String orderBy = abstractQuery.getOrderBy();
            if (orderBy != null) {
                String substring = orderBy.substring(0, orderBy.length() - 4);
                if (UserQueryProperty.USER_ID.getName().equals(substring)) {
                    arrayList.add(new SortControl(this.ldapConfiguration.getUserIdAttribute(), true));
                } else if (UserQueryProperty.EMAIL.getName().equals(substring)) {
                    arrayList.add(new SortControl(this.ldapConfiguration.getUserEmailAttribute(), true));
                } else if (UserQueryProperty.FIRST_NAME.getName().equals(substring)) {
                    arrayList.add(new SortControl(this.ldapConfiguration.getUserFirstnameAttribute(), true));
                } else if (UserQueryProperty.LAST_NAME.getName().equals(substring)) {
                    arrayList.add(new SortControl(this.ldapConfiguration.getUserLastnameAttribute(), true));
                }
            }
            this.initialContext.setRequestControls((Control[]) arrayList.toArray(new Control[0]));
        } catch (Exception e) {
            throw new IdentityProviderException("Exception while setting paging settings", e);
        }
    }

    protected String composeDn(String... strArr) {
        StringWriter stringWriter = new StringWriter();
        for (int i = 0; i < strArr.length; i++) {
            String str = strArr[i];
            if (str != null && str.length() != 0) {
                if (str.endsWith(",")) {
                    str = str.substring(str.length() - 2, str.length() - 1);
                }
                if (str.startsWith(",")) {
                    str = str.substring(1);
                }
                String stringWriter2 = stringWriter.toString();
                if (!stringWriter2.endsWith(",") && stringWriter2.length() > 0) {
                    stringWriter.write(",");
                }
                stringWriter.write(str);
            }
        }
        return stringWriter.toString();
    }

    protected boolean isAuthenticatedUser(UserEntity userEntity) {
        if (userEntity.getId() == null) {
            return false;
        }
        return userEntity.getId().equals(Context.getCommandContext().getAuthenticatedUserId());
    }

    protected boolean isAuthorized(Permission permission, Resource resource, String str) {
        return Context.getCommandContext().getAuthorizationManager().isAuthorized(permission, resource, str);
    }

    protected final String escapeLDAPSearchFilter(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }
}
