package org.wso2.carbon.user.core.ldap;

import java.util.ArrayList;
import java.util.List;
import javax.naming.directory.SearchControls;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.model.ExpressionAttribute;
import org.wso2.carbon.user.core.model.ExpressionCondition;
import org.wso2.carbon.user.core.model.ExpressionOperation;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.6.1-m1.jar:org/wso2/carbon/user/core/ldap/LDAPSearchSpecification.class */
public class LDAPSearchSpecification {
    private static final String EQUALS_SIGN = "=";
    private static final String SERVICE_NAME_ATTRIBUTE = "sn";
    private static final String VALUE_SEPARATOR = ",";
    private RealmConfiguration realmConfig;
    private boolean isUsernameFiltering;
    private boolean isClaimFiltering;
    private boolean isGroupFiltering;
    private boolean isMultiGroupFiltering;
    private SearchControls searchControls = new SearchControls();
    private String searchBases = null;
    private LDAPFilterQueryBuilder ldapFilterQueryBuilder = null;
    private boolean isMemberOfPropertyFound = false;
    private boolean isMemberShipPropertyFound = false;

    public LDAPSearchSpecification(RealmConfiguration realmConfiguration, List<ExpressionCondition> list) throws UserStoreException {
        this.isUsernameFiltering = false;
        this.isClaimFiltering = false;
        this.isGroupFiltering = false;
        this.isMultiGroupFiltering = false;
        this.realmConfig = realmConfiguration;
        this.searchControls.setSearchScope(2);
        for (ExpressionCondition expressionCondition : list) {
            if (ExpressionAttribute.ROLE.toString().equals(expressionCondition.getAttributeName()) && this.isGroupFiltering) {
                this.isMultiGroupFiltering = true;
            } else if (ExpressionAttribute.ROLE.toString().equals(expressionCondition.getAttributeName())) {
                this.isGroupFiltering = true;
            } else if (ExpressionAttribute.USERNAME.toString().equals(expressionCondition.getAttributeName())) {
                this.isUsernameFiltering = true;
            } else {
                this.isClaimFiltering = true;
            }
        }
        setLDAPSearchParamters(list);
    }

    private void setLDAPSearchParamters(List<ExpressionCondition> list) throws UserStoreException {
        ArrayList arrayList = new ArrayList();
        if (this.isGroupFiltering) {
            checkForMemberOfAttribute(list, arrayList);
            if (!this.isMemberOfPropertyFound) {
                checkForMembershipAttribute(arrayList);
            }
        } else {
            this.searchBases = this.realmConfig.getUserStoreProperty("UserSearchBase");
            arrayList.add(this.realmConfig.getUserStoreProperty("UserNameAttribute"));
            arrayList.add("sn");
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            this.searchControls.setReturningAttributes((String[]) arrayList.toArray(new String[0]));
        }
        searchFilterBuilder(this.isGroupFiltering, this.isMultiGroupFiltering, list);
    }

    private void checkForMembershipAttribute(List<String> list) throws UserStoreException {
        String userStoreProperty = this.realmConfig.getUserStoreProperty("MembershipAttribute");
        if (StringUtils.isEmpty(userStoreProperty)) {
            throw new UserStoreException("Please set member of attribute or membership attribute");
        }
        this.isMemberShipPropertyFound = true;
        this.searchBases = this.realmConfig.getUserStoreProperty("GroupSearchBase");
        list.add(userStoreProperty);
    }

    private void checkForMemberOfAttribute(List<ExpressionCondition> list, List<String> list2) {
        boolean z = false;
        boolean z2 = false;
        for (ExpressionCondition expressionCondition : list) {
            if (ExpressionAttribute.ROLE.toString().equals(expressionCondition.getAttributeName()) && ExpressionOperation.EQ.toString().equals(expressionCondition.getOperation())) {
                z = true;
            } else if (ExpressionAttribute.ROLE.toString().equals(expressionCondition.getAttributeName()) && !ExpressionOperation.EQ.toString().equals(expressionCondition.getOperation())) {
                z2 = true;
            }
        }
        if (z && !z2 && StringUtils.isNotEmpty(this.realmConfig.getUserStoreProperty("MemberOfAttribute"))) {
            this.isMemberOfPropertyFound = true;
            this.searchBases = this.realmConfig.getUserStoreProperty("UserSearchBase");
            list2.add(this.realmConfig.getUserStoreProperty("UserNameAttribute"));
        }
    }

    private void searchFilterBuilder(boolean z, boolean z2, List<ExpressionCondition> list) throws UserStoreException {
        StringBuilder sb;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserNameAttribute");
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("GroupNameAttribute");
        String userStoreProperty3 = this.realmConfig.getUserStoreProperty("MemberOfAttribute");
        String userStoreProperty4 = this.realmConfig.getUserStoreProperty("MembershipAttribute");
        initiateLDAPQueryBuilder(z);
        for (ExpressionCondition expressionCondition : list) {
            String attributeName = expressionCondition.getAttributeName();
            StringBuilder sb2 = new StringBuilder(expressionCondition.getAttributeValue());
            String operation = expressionCondition.getOperation();
            boolean z3 = false;
            if (ExpressionAttribute.ROLE.toString().equals(attributeName)) {
                if (this.isMemberOfPropertyFound) {
                    sb = getMemberOfProperty(userStoreProperty2, userStoreProperty3, sb2, operation);
                } else if (!z2 || this.isMemberOfPropertyFound) {
                    sb = new StringBuilder(userStoreProperty2);
                } else {
                    sb = new StringBuilder(userStoreProperty2);
                    z3 = true;
                }
            } else if (ExpressionAttribute.USERNAME.toString().equals(expressionCondition.getAttributeName())) {
                sb = getUserNameProperty(userStoreProperty, userStoreProperty4, sb2, operation);
                if (sb == null) {
                }
            } else {
                sb = getClaimProperty(expressionCondition);
                if (sb == null) {
                }
            }
            this.ldapFilterQueryBuilder.addFilter(new ExpressionCondition(operation, String.valueOf(sb), String.valueOf(sb2)), z3);
        }
    }

    private void initiateLDAPQueryBuilder(boolean z) {
        if (z && this.isMemberShipPropertyFound) {
            this.ldapFilterQueryBuilder = new LDAPFilterQueryBuilder(this.realmConfig.getUserStoreProperty("GroupNameListFilter"));
        } else {
            this.ldapFilterQueryBuilder = new LDAPFilterQueryBuilder(this.realmConfig.getUserStoreProperty("UserNameListFilter"));
        }
    }

    private StringBuilder getMemberOfProperty(String str, String str2, StringBuilder sb, String str3) throws UserStoreException {
        if (!ExpressionOperation.EQ.toString().equals(str3)) {
            throw new UserStoreException("MemberOf attribute only support 'EQ' filter operation.");
        }
        StringBuilder append = new StringBuilder(str2).append(EQUALS_SIGN).append(str);
        sb.append(",").append(this.realmConfig.getUserStoreProperty("GroupSearchBase"));
        return append;
    }

    private StringBuilder getUserNameProperty(String str, String str2, StringBuilder sb, String str3) {
        StringBuilder sb2;
        if (this.isMemberShipPropertyFound) {
            sb2 = getMembershipProperty(str, str2, sb, str3);
            if (sb2 == null) {
                return null;
            }
        } else {
            sb2 = new StringBuilder(str);
        }
        return sb2;
    }

    private StringBuilder getMembershipProperty(String str, String str2, StringBuilder sb, String str3) {
        StringBuilder append = new StringBuilder(str2).append(EQUALS_SIGN).append(str);
        if (ExpressionOperation.CO.toString().equals(str3) || ExpressionOperation.EW.toString().equals(str3)) {
            return null;
        }
        if (ExpressionOperation.EQ.toString().equals(str3)) {
            sb.append(",").append(this.realmConfig.getUserStoreProperty("UserSearchBase"));
        }
        return append;
    }

    private StringBuilder getClaimProperty(ExpressionCondition expressionCondition) {
        if (this.isMemberShipPropertyFound) {
            return null;
        }
        return new StringBuilder(expressionCondition.getAttributeName());
    }

    public SearchControls getSearchControls() {
        return this.searchControls;
    }

    public String getSearchBases() {
        return this.searchBases;
    }

    public boolean isGroupFiltering() {
        return this.isGroupFiltering;
    }

    public boolean isUsernameFiltering() {
        return this.isUsernameFiltering;
    }

    public boolean isClaimFiltering() {
        return this.isClaimFiltering;
    }

    public boolean isMemberOfPropertyFound() {
        return this.isMemberOfPropertyFound;
    }

    public boolean isMemberShipPropertyFound() {
        return this.isMemberShipPropertyFound;
    }

    public String getSearchFilterQuery() {
        return this.ldapFilterQueryBuilder.getSearchFilterQuery();
    }
}
