package gina.impl;

import gina.api.GinaApiLdapBaseAble;
import gina.impl.jndi.GinaLdapContext;
import gina.impl.jndi.GinaLdapQuery;
import gina.impl.util.DnPart;
import gina.impl.util.GinaLdapConfiguration;
import gina.impl.util.GinaLdapEncoder;
import gina.impl.util.GinaLdapUtils;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:gina/impl/GinaLdapAccess.class */
public class GinaLdapAccess implements GinaApiLdapBaseAble {
    public static final String NOT_IMPLEMENTED = "Not implemented";
    private static final Logger LOGGER = LoggerFactory.getLogger(GinaLdapAccess.class);
    private static final String ROLE_UTILISATEUR = "UTILISATEUR";
    private GinaLdapConfiguration ldapConf;
    private GinaLdapContext ldapContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:gina/impl/GinaLdapAccess$Rdn.class */
    public enum Rdn {
        APPLICATION_BASE("o=gina"),
        PROPERTY_BASE("o=gina-property"),
        ROLE("ou=Groups"),
        USER("ou=Users");

        public final String value;

        Rdn(String str) {
            this.value = str;
        }
    }

    public GinaLdapAccess(GinaLdapConfiguration ginaLdapConfiguration) {
        Validate.notNull(ginaLdapConfiguration);
        this.ldapConf = ginaLdapConfiguration;
        this.ldapContext = createLdapContext();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        closeDirContext();
    }

    private void closeDirContext() {
        if (this.ldapContext != null) {
            LOGGER.info("Fermeture du contexte LDAP");
            this.ldapContext.close();
            this.ldapContext = null;
        }
    }

    private GinaLdapContext createLdapContext() {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", GinaLdapConfiguration.LDAP_CONTEXT_FACTORY);
        properties.put("java.naming.security.authentication", GinaLdapConfiguration.LDAP_AUTHENTICATION_MODE);
        properties.put("java.naming.referral", GinaLdapConfiguration.LDAP_REFERRAL_MODE);
        properties.put("java.naming.ldap.version", "3");
        properties.put("com.sun.jndi.ldap.connect.pool", "true");
        properties.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(this.ldapConf.getLdapConnectionTimeout()));
        properties.put("com.sun.jndi.ldap.read.timeout", String.valueOf(this.ldapConf.getLdapReadTimeout()));
        String ldapServerUrl = this.ldapConf.getLdapServerUrl();
        if (ldapServerUrl.startsWith("ldaps")) {
            properties.put("java.naming.security.protocol", "ssl");
            ldapServerUrl = ldapServerUrl.replaceFirst("ldaps", "ldap");
        }
        properties.put("java.naming.provider.url", ldapServerUrl);
        String ldapUser = this.ldapConf.getLdapUser();
        if (StringUtils.isNotBlank(ldapUser)) {
            properties.put("java.naming.security.principal", ldapUser);
        }
        if (StringUtils.isNotBlank(this.ldapConf.getLdapPassword())) {
            properties.put("java.naming.security.credentials", this.ldapConf.getLdapPassword());
        }
        try {
            LOGGER.info("Creation du contexte LDAP");
            return new GinaLdapContext(properties);
        } catch (NamingException e) {
            logException(e);
            throw new GinaException(e.getMessage());
        }
    }

    private static String makeDn(String str, String str2) {
        return StringUtils.isBlank(str) ? str2 : str2 + "," + str;
    }

    protected String getUserBaseDn() {
        String ginaDomain = this.ldapConf.getGinaDomain();
        String ginaApplication = this.ldapConf.getGinaApplication();
        return makeDn(StringUtils.isBlank(ginaApplication) ? getDomainDn(ginaDomain) : getApplicationDn(ginaDomain, ginaApplication), Rdn.USER.value);
    }

    protected String getUserDn(String str) {
        return makeDn(getUserBaseDn(), DnPart.toString(GinaLdapUtils.ATTRIBUTE_CN, str));
    }

    protected String getApplicationBaseDn() {
        return Rdn.APPLICATION_BASE.value;
    }

    protected String getPropertyBaseDn() {
        return Rdn.PROPERTY_BASE.value;
    }

    protected String getUserPropertyBaseDn(String str, String str2) {
        return makeDn(makeDn(makeDn(getPropertyBaseDn(), DnPart.toString(GinaLdapUtils.ATTRIBUTE_OU, str2)), DnPart.toString(GinaLdapUtils.ATTRIBUTE_OU, getUser())), DnPart.toString(GinaLdapUtils.ATTRIBUTE_CN, str));
    }

    protected String getDomainDn(String str) {
        return makeDn(getApplicationBaseDn(), DnPart.toString(GinaLdapUtils.ATTRIBUTE_OU, str));
    }

    protected String getApplicationDn(String str, String str2) {
        return makeDn(getDomainDn(str), DnPart.toString(GinaLdapUtils.ATTRIBUTE_OU, str2));
    }

    protected String getApplicationDn(String str) {
        int indexOf = str.indexOf(46);
        if (indexOf < 0) {
            throw new IllegalArgumentException("Malformed application name [" + str + "]");
        }
        return getApplicationDn(str.substring(0, indexOf), str.substring(indexOf + 1));
    }

    protected String getRoleBaseDn(String str) {
        return makeDn(getApplicationDn(str), Rdn.ROLE.value);
    }

    protected String getRoleDn(String str, String str2) {
        return makeDn(getRoleBaseDn(str), DnPart.toString(GinaLdapUtils.ATTRIBUTE_CN, str2));
    }

    private GinaLdapContext getLdapContext() {
        if (this.ldapContext == null) {
            throw new GinaException("Pas de context LDAP. Il a probablement deja ete detruit par un appel a close()");
        }
        return this.ldapContext;
    }

    @Override // gina.api.GinaApiBaseAble
    public boolean isValidUser(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        Boolean bool = (Boolean) getLdapContext().newQuery().setBaseDn(getUserBaseDn()).setFilter(GinaLdapUtils.getLdapFilterUser(str)).setScope(GinaLdapQuery.Scope.ONELEVEL).unique((str2, attributes) -> {
            return true;
        });
        logExecutionTime("isValidUser(" + str + ")", currentTimeMillis);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    @Override // gina.api.GinaApiBaseAble
    public Map<String, String> getUserAttrs(String str, String[] strArr) {
        long currentTimeMillis = System.currentTimeMillis();
        Map<String, String> userDnAttrs = getUserDnAttrs(getUserDn(str), strArr);
        logExecutionTime("getUserAttrs(" + str + "," + Arrays.toString(strArr) + ")", currentTimeMillis);
        return userDnAttrs;
    }

    private Map<String, String> getUserDnAttrs(String str, String[] strArr) {
        return (Map) getLdapContext().newQuery().setFilter(GinaLdapUtils.getLdapFilterUser()).setAttributes(strArr).setScope(GinaLdapQuery.Scope.OBJECT).setBaseDn(str).unique((str2, attributes) -> {
            LOGGER.debug("consume dn = {}, names = {}  ->  {}", new Object[]{str2, attributes, GinaLdapUtils.attributesToUser(str2, attributes, strArr)});
            return GinaLdapUtils.attributesToUser(str2, attributes, strArr);
        });
    }

    @Override // gina.api.GinaApiLdapBaseAble
    public List<String> getUserRoles(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        List<String> list = (List) getLdapContext().newQuery().setBaseDn(getUserDn(str)).setFilter(GinaLdapUtils.getLdapFilterUser()).setScope(GinaLdapQuery.Scope.OBJECT).setAttributes(GinaLdapUtils.ATTRIBUTE_MEMBEROF).unique((str2, attributes) -> {
            return (List) GinaLdapUtils.allValues(attributes, GinaLdapUtils.ATTRIBUTE_MEMBEROF).stream().map(str2 -> {
                return GinaLdapUtils.roleDnToString(str2);
            }).collect(Collectors.toList());
        });
        logExecutionTime("getUserRoles(" + str + ")", currentTimeMillis);
        return list == null ? Collections.emptyList() : list;
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getUserRoles(String str, String str2) {
        long currentTimeMillis = System.currentTimeMillis();
        String str3 = "," + getRoleBaseDn(str2);
        List<String> list = (List) getLdapContext().newQuery().setBaseDn(getUserDn(str)).setFilter(GinaLdapUtils.getLdapFilterUser()).setScope(GinaLdapQuery.Scope.OBJECT).setAttributes(GinaLdapUtils.ATTRIBUTE_MEMBEROF).unique((str4, attributes) -> {
            return (List) GinaLdapUtils.allValues(attributes, GinaLdapUtils.ATTRIBUTE_MEMBEROF).stream().filter(str4 -> {
                return str4.endsWith(str3);
            }).map(str5 -> {
                return DnPart.parse(str5.substring(0, str5.length() - str3.length()));
            }).filter(dnPartArr -> {
                return dnPartArr != null && dnPartArr.length == 1 && dnPartArr[0].getAttr().equalsIgnoreCase(GinaLdapUtils.ATTRIBUTE_CN);
            }).map(dnPartArr2 -> {
                return dnPartArr2[0].getValue();
            }).collect(Collectors.toList());
        });
        List<String> emptyList = list == null ? Collections.emptyList() : list;
        logExecutionTime("getUserRoles(" + str + "," + str2 + ")", currentTimeMillis);
        return emptyList;
    }

    @Override // gina.api.GinaApiLdapBaseAble
    public boolean hasUserRole(String str, String str2) {
        return getUserRoles(str).contains(str2);
    }

    @Override // gina.api.GinaApiBaseAble
    public boolean hasUserRole(String str, String str2, String str3) {
        long currentTimeMillis = System.currentTimeMillis();
        Boolean valueOf = Boolean.valueOf(hasUserDnRole(getUserDn(str), str2, str3));
        logExecutionTime("hasUserRole(" + str + "," + str2 + "," + str3 + ")", currentTimeMillis);
        if (valueOf != null) {
            return valueOf.booleanValue();
        }
        return false;
    }

    private boolean hasUserDnRole(String str, String str2, String str3) {
        Boolean bool = (Boolean) getLdapContext().newQuery().setBaseDn(str).setFilter(GinaLdapUtils.ldapFilterAnd(GinaLdapUtils.getLdapFilterUser(), GinaLdapUtils.ldapFilterEquals(GinaLdapUtils.ATTRIBUTE_MEMBEROF, getRoleDn(str2, str3)))).setScope(GinaLdapQuery.Scope.OBJECT).first((str4, attributes) -> {
            return true;
        });
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getAppRoles(String str) {
        long currentTimeMillis = System.currentTimeMillis();
        List<String> forEach = getLdapContext().newQuery().setBaseDn(getRoleBaseDn(str)).setFilter(GinaLdapUtils.getLdapFilterGroup()).setScope(GinaLdapQuery.Scope.ONELEVEL).setAttributes(GinaLdapUtils.ATTRIBUTE_CN).forEach((str2, attributes) -> {
            return GinaLdapUtils.firstValue(attributes, GinaLdapUtils.ATTRIBUTE_CN);
        });
        logExecutionTime("getAppRoles(" + str + ")", currentTimeMillis);
        return forEach;
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getBusinessRoles(String str) {
        return (List) getAppRoles(GinaLdapEncoder.filterEncode(str)).stream().filter(str2 -> {
            return str2.startsWith("RM-");
        }).collect(Collectors.toList());
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getUsers(String str, String[] strArr) {
        return getUsers(str, ROLE_UTILISATEUR, strArr);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getUsers(String str, String str2, String[] strArr) {
        long currentTimeMillis = System.currentTimeMillis();
        List<Map<String, String>> queryUsers = queryUsers(GinaLdapUtils.ldapFilterEquals(GinaLdapUtils.ATTRIBUTE_MEMBEROF, getRoleDn(str, str2)), strArr);
        logExecutionTime("getUsers(" + str + "," + str2 + "," + Arrays.toString(strArr) + ")", currentTimeMillis);
        return queryUsers;
    }

    private List<Map<String, String>> queryUsers(String str, String[] strArr) {
        String ldapFilterUser = GinaLdapUtils.getLdapFilterUser();
        if (str != null) {
            ldapFilterUser = GinaLdapUtils.ldapFilterAnd(ldapFilterUser, str);
        }
        return getLdapContext().newQuery().setBaseDn(getUserBaseDn()).setFilter(ldapFilterUser).setAttributes(strArr).setScope(GinaLdapQuery.Scope.ONELEVEL).forEach((str2, attributes) -> {
            return GinaLdapUtils.attributesToUser(str2, attributes, strArr);
        });
    }

    @Override // gina.api.GinaApiBaseAble
    @Deprecated
    public void sendMail(String str, String[] strArr, String[] strArr2, String str2, String str3, String str4) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public String getUser() {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public String getLanguage() {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public String getEnvironment() {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getIntegrationUserRoles(String str, String str2) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    @Deprecated
    public List<String> getIntegrationUserAttributes(String str, String str2) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    @Deprecated
    public List<String> getInheritingRoles(String str, String str2) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getPMProprieteMetier(String str) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    @Deprecated
    public String getOwnIDUniqueForPPorPseudo() {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getOwnPMProprieteMetier(String str) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getPPProprieteMetier(String str) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getOwnPPProprieteMetier(String str) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getUsersByPhone(String str, Boolean bool, String[] strArr) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getUsersBySIRHNumber(String str, Boolean bool, String[] strArr) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getUsersByName(String str, Boolean bool, String[] strArr) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public boolean hasRole(String str, String str2) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<String> getRoles(String str) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public List<Map<String, String>> getAllUsers(String str, String[] strArr) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    @Override // gina.api.GinaApiBaseAble
    public Map<String, String> getUserAttrs(String[] strArr) {
        throw new GinaException(NOT_IMPLEMENTED);
    }

    private void logExecutionTime(String str, long j) {
        LOGGER.debug(str + " effectue' en " + (System.currentTimeMillis() - j) + "ms");
    }

    protected void logException(Throwable th) {
        LOGGER.error("Erreur : ", th);
    }

    protected void finalize() throws Throwable {
        if (this.ldapContext != null) {
            LOGGER.warn("Appel au finaliseur pour fermer le contexte LDAP : mauvaise pratique. Le contexte LDAP aurait deja du etre ferme par un appel a close()");
        }
        super.finalize();
    }
}
