package org.apache.ranger.ldapusersync.process;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.AbstractUserGroupSource;
import org.apache.ranger.usergroupsync.UserGroupSink;

/* loaded from: input_file:org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.class */
public class LdapUserGroupBuilder extends AbstractUserGroupSource {
    private static final Logger LOG = Logger.getLogger(LdapUserGroupBuilder.class);
    private static final int PAGE_SIZE = 500;
    private String ldapUrl;
    private String ldapBindDn;
    private String ldapBindPassword;
    private String ldapAuthenticationMechanism;
    private String ldapReferral;
    private String searchBase;
    private String[] userSearchBase;
    private String userNameAttribute;
    private int userSearchScope;
    private String userObjectClass;
    private String userSearchFilter;
    private String extendedUserSearchFilter;
    private SearchControls userSearchControls;
    private Set<String> userGroupNameAttributeSet;
    private String[] groupSearchBase;
    private int groupSearchScope;
    private String groupObjectClass;
    private String groupSearchFilter;
    private String extendedGroupSearchFilter;
    private String extendedAllGroupsSearchFilter;
    private SearchControls groupSearchControls;
    private String groupMemberAttributeName;
    private String groupNameAttribute;
    private LdapContext ldapContext;
    StartTlsResponse tls;
    private boolean userNameCaseConversionFlag;
    private boolean groupNameCaseConversionFlag;
    private boolean userNameLowerCaseFlag;
    private boolean groupNameLowerCaseFlag;
    private Map<String, UserInfo> userGroupMap;
    private boolean pagedResultsEnabled = true;
    private int pagedResultsSize = PAGE_SIZE;
    private boolean groupSearchFirstEnabled = false;
    private boolean userSearchEnabled = false;
    private boolean groupSearchEnabled = true;
    private boolean groupUserMapSyncEnabled = false;

    public static void main(String[] strArr) throws Throwable {
        new LdapUserGroupBuilder().init();
    }

    public LdapUserGroupBuilder() {
        this.userNameCaseConversionFlag = false;
        this.groupNameCaseConversionFlag = false;
        this.userNameLowerCaseFlag = false;
        this.groupNameLowerCaseFlag = false;
        LOG.info("LdapUserGroupBuilder created");
        String userNameCaseConversion = this.config.getUserNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion)) {
            this.userNameCaseConversionFlag = false;
        } else {
            this.userNameCaseConversionFlag = true;
            this.userNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
        }
        String groupNameCaseConversion = this.config.getGroupNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion)) {
            this.groupNameCaseConversionFlag = false;
        } else {
            this.groupNameCaseConversionFlag = true;
            this.groupNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void init() throws Throwable {
        setConfig();
    }

    private void createLdapContext() throws Throwable {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.provider.url", this.ldapUrl);
        if (this.ldapUrl.startsWith("ldaps") && this.config.getSSLTrustStorePath() != null && !this.config.getSSLTrustStorePath().trim().isEmpty()) {
            properties.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory");
        }
        this.ldapContext = new InitialLdapContext(properties, (Control[]) null);
        if (!this.ldapUrl.startsWith("ldaps") && this.config.isStartTlsEnabled()) {
            this.tls = this.ldapContext.extendedOperation(new StartTlsRequest());
            if (this.config.getSSLTrustStorePath() == null || this.config.getSSLTrustStorePath().trim().isEmpty()) {
                this.tls.negotiate();
            } else {
                this.tls.negotiate(CustomSSLSocketFactory.getDefault());
            }
            LOG.info("Starting TLS session...");
        }
        this.ldapContext.addToEnvironment("java.naming.security.principal", this.ldapBindDn);
        this.ldapContext.addToEnvironment("java.naming.security.credentials", this.ldapBindPassword);
        this.ldapContext.addToEnvironment("java.naming.security.authentication", this.ldapAuthenticationMechanism);
        this.ldapContext.addToEnvironment("java.naming.referral", this.ldapReferral);
    }

    private void setConfig() throws Throwable {
        LOG.info("LdapUserGroupBuilder initialization started");
        this.groupSearchFirstEnabled = this.config.isGroupSearchFirstEnabled();
        this.userSearchEnabled = this.config.isUserSearchEnabled();
        this.groupSearchEnabled = this.config.isGroupSearchEnabled();
        this.ldapUrl = this.config.getLdapUrl();
        this.ldapBindDn = this.config.getLdapBindDn();
        this.ldapBindPassword = this.config.getLdapBindPassword();
        this.ldapAuthenticationMechanism = this.config.getLdapAuthenticationMechanism();
        this.ldapReferral = this.config.getContextReferral();
        this.searchBase = this.config.getSearchBase();
        this.userSearchBase = this.config.getUserSearchBase().split(";");
        this.userSearchScope = this.config.getUserSearchScope();
        this.userObjectClass = this.config.getUserObjectClass();
        this.userSearchFilter = this.config.getUserSearchFilter();
        this.extendedUserSearchFilter = "(objectclass=" + this.userObjectClass + ")";
        if (this.userSearchFilter != null && !this.userSearchFilter.trim().isEmpty()) {
            String trim = this.userSearchFilter.trim();
            if (!trim.startsWith("(")) {
                trim = "(" + trim + ")";
            }
            this.extendedUserSearchFilter = "(&" + this.extendedUserSearchFilter + trim + ")";
        }
        this.userNameAttribute = this.config.getUserNameAttribute();
        HashSet hashSet = new HashSet();
        hashSet.add(this.userNameAttribute);
        if (!this.groupSearchFirstEnabled && !this.groupSearchEnabled) {
            this.userGroupNameAttributeSet = this.config.getUserGroupNameAttributeSet();
            Iterator<String> it = this.userGroupNameAttributeSet.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next());
            }
        }
        this.userSearchControls = new SearchControls();
        this.userSearchControls.setSearchScope(this.userSearchScope);
        this.userSearchControls.setReturningAttributes((String[]) hashSet.toArray(new String[hashSet.size()]));
        this.pagedResultsEnabled = this.config.isPagedResultsEnabled();
        this.pagedResultsSize = this.config.getPagedResultsSize();
        this.groupSearchBase = this.config.getGroupSearchBase().split(";");
        this.groupSearchScope = this.config.getGroupSearchScope();
        this.groupObjectClass = this.config.getGroupObjectClass();
        this.groupSearchFilter = this.config.getGroupSearchFilter();
        this.groupMemberAttributeName = this.config.getUserGroupMemberAttributeName();
        this.groupNameAttribute = this.config.getGroupNameAttribute();
        this.extendedGroupSearchFilter = "(objectclass=" + this.groupObjectClass + ")";
        if (this.groupSearchFilter != null && !this.groupSearchFilter.trim().isEmpty()) {
            String trim2 = this.groupSearchFilter.trim();
            if (!trim2.startsWith("(")) {
                trim2 = "(" + trim2 + ")";
            }
            this.extendedGroupSearchFilter += trim2;
        }
        this.extendedAllGroupsSearchFilter = "(&" + this.extendedGroupSearchFilter + ")";
        if (!this.groupSearchFirstEnabled) {
            this.extendedGroupSearchFilter = "(&" + this.extendedGroupSearchFilter + "(|(" + this.groupMemberAttributeName + "={0})(" + this.groupMemberAttributeName + "={1})))";
        }
        this.groupUserMapSyncEnabled = this.config.isGroupUserMapSyncEnabled();
        this.groupSearchControls = new SearchControls();
        this.groupSearchControls.setSearchScope(this.groupSearchScope);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(this.groupNameAttribute);
        hashSet2.add(this.groupMemberAttributeName);
        this.groupSearchControls.setReturningAttributes((String[]) hashSet2.toArray(new String[hashSet2.size()]));
        if (LOG.isInfoEnabled()) {
            LOG.info("LdapUserGroupBuilder initialization completed with --  ldapUrl: " + this.ldapUrl + ",  ldapBindDn: " + this.ldapBindDn + ",  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: " + this.ldapAuthenticationMechanism + ",  searchBase: " + this.searchBase + ",  userSearchBase: " + Arrays.toString(this.userSearchBase) + ",  userSearchScope: " + this.userSearchScope + ",  userObjectClass: " + this.userObjectClass + ",  userSearchFilter: " + this.userSearchFilter + ",  extendedUserSearchFilter: " + this.extendedUserSearchFilter + ",  userNameAttribute: " + this.userNameAttribute + ",  userSearchAttributes: " + hashSet + ",  userGroupNameAttributeSet: " + this.userGroupNameAttributeSet + ",  pagedResultsEnabled: " + this.pagedResultsEnabled + ",  pagedResultsSize: " + this.pagedResultsSize + ",  groupSearchEnabled: " + this.groupSearchEnabled + ",  groupSearchBase: " + Arrays.toString(this.groupSearchBase) + ",  groupSearchScope: " + this.groupSearchScope + ",  groupObjectClass: " + this.groupObjectClass + ",  groupSearchFilter: " + this.groupSearchFilter + ",  extendedGroupSearchFilter: " + this.extendedGroupSearchFilter + ",  extendedAllGroupsSearchFilter: " + this.extendedAllGroupsSearchFilter + ",  groupMemberAttributeName: " + this.groupMemberAttributeName + ",  groupNameAttribute: " + this.groupNameAttribute + ", groupSearchAttributes: " + hashSet2 + ",  groupUserMapSyncEnabled: " + this.groupUserMapSyncEnabled + ", groupSearchFirstEnabled: " + this.groupSearchFirstEnabled + ", userSearchEnabled: " + this.userSearchEnabled + ",  ldapReferral: " + this.ldapReferral);
        }
    }

    private void closeLdapContext() throws Throwable {
        if (this.tls != null) {
            this.tls.close();
        }
        if (this.ldapContext != null) {
            this.ldapContext.close();
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public boolean isChanged() {
        return true;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void updateSink(UserGroupSink userGroupSink) throws Throwable {
        LOG.info("LDAPUserGroupBuilder updateSink started");
        this.userGroupMap = new HashMap();
        if (!this.groupSearchFirstEnabled) {
            LOG.info("Performing user search first");
            getUsers(userGroupSink);
            LOG.debug("Total No. of users saved = " + this.userGroupMap.size());
            for (UserInfo userInfo : this.userGroupMap.values()) {
                String userName = userInfo.getUserName();
                if (this.groupSearchEnabled) {
                    LOG.info("groupSearch is enabled, would search for groups and compute memberships");
                    getGroups(userGroupSink, userInfo);
                }
                List<String> groups = userInfo.getGroups();
                if (this.userNameCaseConversionFlag) {
                    userName = this.userNameLowerCaseFlag ? userName.toLowerCase() : userName.toUpperCase();
                }
                if (this.userNameRegExInst != null) {
                    userName = this.userNameRegExInst.transform(userName);
                }
                try {
                    userGroupSink.addOrUpdateUser(userName, groups);
                } catch (Throwable th) {
                    LOG.error("sink.addOrUpdateUser failed with exception: " + th.getMessage() + ", for user: " + userName + ", groups: " + groups);
                }
            }
            return;
        }
        LOG.info("Performing Group search first");
        getGroups(userGroupSink, null);
        if (this.userSearchEnabled) {
            LOG.info("User search is enabled and hence computing user membership.");
            getUsers(userGroupSink);
            return;
        }
        LOG.info("User search is disabled and hence using the group member attribute for username.");
        for (UserInfo userInfo2 : this.userGroupMap.values()) {
            String shortUserName = getShortUserName(userInfo2.getUserFullName());
            List<String> groups2 = userInfo2.getGroups();
            if (this.userNameCaseConversionFlag) {
                shortUserName = this.userNameLowerCaseFlag ? shortUserName.toLowerCase() : shortUserName.toUpperCase();
            }
            if (this.userNameRegExInst != null) {
                shortUserName = this.userNameRegExInst.transform(shortUserName);
            }
            try {
                userGroupSink.addOrUpdateUser(shortUserName, groups2);
            } catch (Throwable th2) {
                LOG.error("sink.addOrUpdateUser failed with exception: " + th2.getMessage() + ", for user: " + shortUserName + ", groups: " + groups2);
            }
        }
    }

    private void getUsers(UserGroupSink userGroupSink) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        NamingEnumeration namingEnumeration2 = null;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            for (int i = 0; i < this.userSearchBase.length; i++) {
                byte[] bArr = null;
                int i2 = 0;
                do {
                    try {
                        namingEnumeration = this.ldapContext.search(this.userSearchBase[i], this.extendedUserSearchFilter, this.userSearchControls);
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult != null) {
                                Attributes attributes = searchResult.getAttributes();
                                if (attributes != null) {
                                    Attribute attribute = attributes.get(this.userNameAttribute);
                                    if (attribute != null) {
                                        String str = (String) attribute.get();
                                        if (str == null || str.trim().isEmpty()) {
                                            if (LOG.isInfoEnabled()) {
                                                LOG.info(this.userNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                            }
                                        } else if (this.groupSearchFirstEnabled) {
                                            String lowerCase = searchResult.getNameInNamespace().toLowerCase();
                                            LOG.debug("Chekcing if the user " + lowerCase + " is part of the retrieved groups");
                                            UserInfo userInfo = this.userGroupMap.get(lowerCase);
                                            if (userInfo == null) {
                                                userInfo = this.userGroupMap.get(str.toLowerCase());
                                            }
                                            if (userInfo != null) {
                                                i2++;
                                                LOG.info("Updating username for " + lowerCase + " with " + str);
                                                userInfo.updateUserName(str);
                                                List<String> groups = userInfo.getGroups();
                                                if (this.userNameCaseConversionFlag) {
                                                    str = this.userNameLowerCaseFlag ? str.toLowerCase() : str.toUpperCase();
                                                }
                                                if (this.userNameRegExInst != null) {
                                                    str = this.userNameRegExInst.transform(str);
                                                }
                                                try {
                                                    userGroupSink.addOrUpdateUser(str, groups);
                                                } catch (Throwable th) {
                                                    LOG.error("sink.addOrUpdateUser failed with exception: " + th.getMessage() + ", for user: " + str + ", groups: " + groups);
                                                }
                                            }
                                        } else {
                                            UserInfo userInfo2 = new UserInfo(str, searchResult.getNameInNamespace());
                                            HashSet hashSet = new HashSet();
                                            if (!this.groupSearchEnabled) {
                                                Iterator<String> it = this.userGroupNameAttributeSet.iterator();
                                                while (it.hasNext()) {
                                                    Attribute attribute2 = searchResult.getAttributes().get(it.next());
                                                    if (attribute2 != null) {
                                                        NamingEnumeration all = attribute2.getAll();
                                                        while (all.hasMore()) {
                                                            String shortGroupName = getShortGroupName((String) all.next());
                                                            if (this.groupNameCaseConversionFlag) {
                                                                shortGroupName = this.groupNameLowerCaseFlag ? shortGroupName.toLowerCase() : shortGroupName.toUpperCase();
                                                            }
                                                            if (this.groupNameRegExInst != null) {
                                                                shortGroupName = this.groupNameRegExInst.transform(shortGroupName);
                                                            }
                                                            hashSet.add(shortGroupName);
                                                        }
                                                    }
                                                }
                                            }
                                            userInfo2.addGroups(hashSet);
                                            if (this.userGroupMap.containsKey(str)) {
                                                LOG.warn("user object with username " + str + " already exists and is replaced with the latest user object.");
                                            }
                                            this.userGroupMap.put(str, userInfo2);
                                            List<String> groups2 = userInfo2.getGroups();
                                            i2++;
                                            if (i2 <= 2000) {
                                                if (LOG.isInfoEnabled()) {
                                                    LOG.info("Updating user count: " + i2 + ", userName: " + str + ", groupList: " + groups2);
                                                }
                                                if (i2 == 2000) {
                                                    LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                                                }
                                            } else if (LOG.isTraceEnabled()) {
                                                LOG.trace("Updating user count: " + i2 + ", userName: " + str + ", groupList: " + groups2);
                                            } else if (i2 % 100 == 0) {
                                                LOG.info("Synced " + i2 + " users till now");
                                            }
                                        }
                                    } else if (LOG.isInfoEnabled()) {
                                        LOG.info(this.userNameAttribute + " missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                    }
                                } else if (LOG.isInfoEnabled()) {
                                    LOG.info("attributes  missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                }
                            } else if (LOG.isInfoEnabled()) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i3 = 0; i3 < responseControls.length; i3++) {
                                if (responseControls[i3] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i3];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        LOG.debug("END-OF-PAGE total : " + resultSize);
                                    } else {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(PAGE_SIZE, bArr, true)});
                        }
                    } catch (Throwable th2) {
                        LOG.error("LDAPUserGroupBuilder.getUsers() failed with exception: " + th2);
                        LOG.info("LDAPUserGroupBuilder.getUsers() user count: " + i2);
                    }
                } while (bArr != null);
                LOG.info("LDAPUserGroupBuilder.getUsers() completed with user count: " + i2);
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                namingEnumeration2.close();
            }
            closeLdapContext();
        }
    }

    private void getGroups(UserGroupSink userGroupSink, UserInfo userInfo) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            for (int i = 0; i < this.groupSearchBase.length; i++) {
                byte[] bArr = null;
                int i2 = 0;
                do {
                    try {
                        if (this.groupSearchFirstEnabled) {
                            namingEnumeration = this.ldapContext.search(this.groupSearchBase[i], this.extendedAllGroupsSearchFilter, this.groupSearchControls);
                        } else {
                            if (userInfo == null) {
                                LOG.error("No user information provided for group search!");
                                if (namingEnumeration != null) {
                                    namingEnumeration.close();
                                }
                                closeLdapContext();
                                return;
                            }
                            namingEnumeration = this.ldapContext.search(this.groupSearchBase[i], this.extendedGroupSearchFilter, new Object[]{userInfo.getUserFullName(), userInfo.getUserName()}, this.groupSearchControls);
                        }
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult != null) {
                                i2++;
                                Attribute attribute = searchResult.getAttributes().get(this.groupNameAttribute);
                                if (attribute != null) {
                                    String str = (String) attribute.get();
                                    if (this.groupNameCaseConversionFlag) {
                                        str = this.groupNameLowerCaseFlag ? str.toLowerCase() : str.toUpperCase();
                                    }
                                    if (this.groupNameRegExInst != null) {
                                        str = this.groupNameRegExInst.transform(str);
                                    }
                                    if (this.groupSearchFirstEnabled) {
                                        Attribute attribute2 = searchResult.getAttributes().get(this.groupMemberAttributeName);
                                        LOG.debug("Update Ranger admin with " + str);
                                        userGroupSink.addOrUpdateGroup(str);
                                        int i3 = 0;
                                        if (attribute2 == null || attribute2.size() <= 0) {
                                            LOG.info("No members available for " + str);
                                        } else {
                                            NamingEnumeration all = attribute2.getAll();
                                            while (all.hasMore()) {
                                                String str2 = (String) all.next();
                                                if (str2 != null && !str2.trim().isEmpty()) {
                                                    String lowerCase = str2.toLowerCase();
                                                    i3++;
                                                    if (this.userGroupMap.containsKey(lowerCase)) {
                                                        userInfo = this.userGroupMap.get(lowerCase);
                                                    } else {
                                                        userInfo = new UserInfo(lowerCase, str2);
                                                        this.userGroupMap.put(lowerCase, userInfo);
                                                    }
                                                    LOG.info("Adding " + str + " to user " + userInfo.getUserFullName());
                                                    userInfo.addGroup(str);
                                                }
                                            }
                                            LOG.info("No. of members in the group " + str + " = " + i3);
                                        }
                                    } else {
                                        if (LOG.isInfoEnabled()) {
                                            LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + str);
                                        }
                                        userInfo.addGroup(str);
                                    }
                                } else if (LOG.isInfoEnabled()) {
                                    LOG.info(this.groupNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                }
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i4 = 0; i4 < responseControls.length; i4++) {
                                if (responseControls[i4] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i4];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        LOG.debug("END-OF-PAGE total : " + resultSize);
                                    } else {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(PAGE_SIZE, bArr, true)});
                        }
                    } catch (Throwable th) {
                        LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + th);
                        LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + i2);
                    }
                } while (bArr != null);
                LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + i2);
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }

    private static String getShortGroupName(String str) throws InvalidNameException {
        if (str == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new StringTokenizer(str, ",").nextToken(), "=");
        String nextToken = stringTokenizer.nextToken();
        if (stringTokenizer.hasMoreTokens()) {
            nextToken = stringTokenizer.nextToken();
        }
        String trim = nextToken.trim();
        LOG.info("longGroupName: " + str + ", groupName: " + trim);
        return trim;
    }

    private static String getShortUserName(String str) throws InvalidNameException {
        if (str == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new StringTokenizer(str, ",").nextToken(), "=");
        String nextToken = stringTokenizer.nextToken();
        if (stringTokenizer.hasMoreTokens()) {
            nextToken = stringTokenizer.nextToken();
        }
        String trim = nextToken.trim();
        LOG.info("longUserName: " + str + ", userName: " + trim);
        return trim;
    }
}
