package org.exist.security.realm.ldap;

import com.evolvedbinary.j8fu.function.BiFunction3E;
import com.evolvedbinary.j8fu.tuple.Tuple;
import com.evolvedbinary.j8fu.tuple.Tuple2;
import java.lang.reflect.Field;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nullable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.config.Configuration;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsAttribute;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.security.AXSchemaType;
import org.exist.security.AbstractAccount;
import org.exist.security.AbstractRealm;
import org.exist.security.Account;
import org.exist.security.AuthenticationException;
import org.exist.security.Group;
import org.exist.security.PermissionDeniedException;
import org.exist.security.SchemaType;
import org.exist.security.Subject;
import org.exist.security.internal.SecurityManagerImpl;
import org.exist.security.internal.SubjectAccreditedImpl;
import org.exist.security.internal.aider.GroupAider;
import org.exist.security.internal.aider.UserAider;
import org.exist.security.realm.ldap.AbstractLDAPSearchPrincipal;
import org.exist.storage.DBBroker;
import org.exist.storage.txn.Txn;

@ConfigurationClass("realm")
/* loaded from: input_file:org/exist/security/realm/ldap/LDAPRealm.class */
public class LDAPRealm extends AbstractRealm {
    private static final Logger LOG = LogManager.getLogger(LDAPRealm.class);

    @ConfigurationFieldAsAttribute("id")
    public static String ID = "LDAP";

    @ConfigurationFieldAsAttribute("version")
    public static final String version = "1.0";

    @ConfigurationFieldAsAttribute("principals-are-case-insensitive")
    private boolean principalsAreCaseInsensitive;

    @ConfigurationFieldAsElement("context")
    protected LdapContextFactory ldapContextFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exist/security/realm/ldap/LDAPRealm$AuthenticatedLdapSubjectAccreditedImpl.class */
    public final class AuthenticatedLdapSubjectAccreditedImpl extends SubjectAccreditedImpl {
        private final String authenticatedCredentials;

        private AuthenticatedLdapSubjectAccreditedImpl(AbstractAccount abstractAccount, LdapContext ldapContext, String str) {
            super(abstractAccount, ldapContext);
            this.authenticatedCredentials = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getAuthenticatedCredentials() {
            return this.authenticatedCredentials;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exist/security/realm/ldap/LDAPRealm$LDAPFunction.class */
    public interface LDAPFunction<R> extends BiFunction3E<LdapContext, DBBroker, R, EXistException, PermissionDeniedException, NamingException> {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/exist/security/realm/ldap/LDAPRealm$SearchAttribute.class */
    public class SearchAttribute {
        private final String name;
        private final String value;

        SearchAttribute(String str, String str2) {
            this.name = str;
            this.value = str2;
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }
    }

    public LDAPRealm(SecurityManagerImpl securityManagerImpl, Configuration configuration) {
        super(securityManagerImpl, configuration);
    }

    protected LdapContextFactory ensureContextFactory() {
        if (this.ldapContextFactory == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No LdapContextFactory specified - creating a default instance.");
            }
            this.ldapContextFactory = new LdapContextFactory(this.configuration);
        }
        return this.ldapContextFactory;
    }

    public String getId() {
        return ID;
    }

    public void start(DBBroker dBBroker, Txn txn) throws EXistException {
        super.start(dBBroker, txn);
    }

    private String ensureCase(String str) {
        if (str == null) {
            return null;
        }
        return this.principalsAreCaseInsensitive ? str.toLowerCase() : str;
    }

    public Subject authenticate(String str, Object obj) throws AuthenticationException {
        String ensureCase = ensureCase(str);
        try {
            try {
                LdapContext contextWithCredentials = getContextWithCredentials(Optional.of(Tuple.Tuple(ensureCase, String.valueOf(obj))));
                AbstractAccount account = getAccount(contextWithCredentials, ensureCase);
                if (account == null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Account '" + ensureCase + "' can not be found.");
                    }
                    throw new AuthenticationException(0, "Account '" + ensureCase + "' can not be found.");
                }
                AuthenticatedLdapSubjectAccreditedImpl authenticatedLdapSubjectAccreditedImpl = new AuthenticatedLdapSubjectAccreditedImpl(account, contextWithCredentials, String.valueOf(obj));
                LdapUtils.closeContext(contextWithCredentials);
                return authenticatedLdapSubjectAccreditedImpl;
            } catch (NamingException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(e.getMessage(), e);
                }
                if (e instanceof javax.naming.AuthenticationException) {
                    throw new AuthenticationException(0, e.getMessage());
                }
                throw new AuthenticationException(-1, e.getMessage());
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(null);
            throw th;
        }
    }

    private List<Group> getGroupMembershipForLdapUser(LdapContext ldapContext, DBBroker dBBroker, SearchResult searchResult) throws NamingException {
        List<String> additionalGroups;
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = findGroupnamesForUserDistinguishedName(ldapContext, (String) searchResult.getAttributes().get(ensureContextFactory().getSearch().getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.DN)).get()).iterator();
        while (it.hasNext()) {
            arrayList.add(getGroup(ldapContext, dBBroker, it.next()));
        }
        if (ensureContextFactory().getTransformationContext() != null && (additionalGroups = ensureContextFactory().getTransformationContext().getAdditionalGroups()) != null) {
            Iterator<String> it2 = additionalGroups.iterator();
            while (it2.hasNext()) {
                Group group = getSecurityManager().getGroup(it2.next());
                if (group != null) {
                    arrayList.add(group);
                }
            }
        }
        return arrayList;
    }

    private List<AbstractMap.SimpleEntry<AXSchemaType, String>> getMetadataForLdapUser(SearchResult searchResult) throws NamingException {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        LDAPSearchAccount searchAccount = ensureContextFactory().getSearch().getSearchAccount();
        Attributes attributes = searchResult.getAttributes();
        for (AXSchemaType aXSchemaType : searchAccount.getMetadataSearchAttributeKeys()) {
            String metadataSearchAttribute = searchAccount.getMetadataSearchAttribute(aXSchemaType);
            if (attributes != null && (attribute = attributes.get(metadataSearchAttribute)) != null) {
                arrayList.add(new AbstractMap.SimpleEntry(aXSchemaType, attribute.get().toString()));
            }
        }
        return arrayList;
    }

    public Account refreshAccountFromLdap(Account account) throws PermissionDeniedException, AuthenticationException {
        Subject currentSubject = getSecurityManager().getCurrentSubject();
        if (!currentSubject.hasDbaRole() && currentSubject.getId() != account.getId()) {
            throw new PermissionDeniedException("You do not have permission to modify the account");
        }
        try {
            try {
                LdapContext context = getContext(currentSubject);
                SearchResult findAccountByAccountName = findAccountByAccountName(context, account.getName());
                if (findAccountByAccountName == null) {
                    throw new AuthenticationException(0, "Could not find the account in the LDAP");
                }
                Account account2 = (Account) executeAsSystemUser(context, (ldapContext, dBBroker) -> {
                    ?? r12 = false;
                    List<Group> groupMembershipForLdapUser = getGroupMembershipForLdapUser(ldapContext, dBBroker, findAccountByAccountName);
                    String findGroupBySID = findGroupBySID(ldapContext, getPrimaryGroupSID(findAccountByAccountName));
                    groupMembershipForLdapUser.add(0, getGroup(ldapContext, dBBroker, findGroupBySID));
                    String[] groups = account.getGroups();
                    if (!groups[0].equals(ensureCase(findGroupBySID))) {
                        r12 = false | true;
                    } else if (groups.length == groupMembershipForLdapUser.size()) {
                        int length = groups.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            String str = groups[i];
                            ?? r20 = false;
                            Iterator<Group> it = groupMembershipForLdapUser.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (str.equals(ensureCase(it.next().getName()))) {
                                    r20 = true;
                                    break;
                                }
                            }
                            if (r20 != true) {
                                r12 = false | true;
                                break;
                            }
                            i++;
                        }
                    } else {
                        r12 = false | true;
                    }
                    List<AbstractMap.SimpleEntry<AXSchemaType, String>> metadataForLdapUser = getMetadataForLdapUser(findAccountByAccountName);
                    Set metadataKeys = account.getMetadataKeys();
                    if (metadataKeys.size() == metadataForLdapUser.size()) {
                        Iterator it2 = metadataKeys.iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            SchemaType schemaType = (SchemaType) it2.next();
                            String metadataValue = account.getMetadataValue(schemaType);
                            ?? r21 = false;
                            Iterator<AbstractMap.SimpleEntry<AXSchemaType, String>> it3 = metadataForLdapUser.iterator();
                            while (true) {
                                if (!it3.hasNext()) {
                                    break;
                                }
                                AbstractMap.SimpleEntry<AXSchemaType, String> next = it3.next();
                                if (schemaType.equals(next.getKey()) && metadataValue.equals(next.getValue())) {
                                    r21 = true;
                                    break;
                                }
                            }
                            if (r21 == false) {
                                r12 = ((r12 == true ? 1 : 0) | 2) == true ? 1 : 0;
                                break;
                            }
                        }
                    } else {
                        r12 = ((r12 == true ? 1 : 0) | 2) == true ? 1 : 0;
                    }
                    if ((r12 & true) == true) {
                        try {
                            Field declaredField = account.getClass().getSuperclass().getDeclaredField("groups");
                            declaredField.setAccessible(true);
                            declaredField.set(account, groupMembershipForLdapUser);
                        } catch (IllegalAccessException | NoSuchFieldException e) {
                            throw new EXistException(e.getMessage(), (Throwable) e);
                        }
                    }
                    if (((r12 == true ? 1 : 0) & 2) == 2) {
                        account.clearMetadata();
                        for (AbstractMap.SimpleEntry<AXSchemaType, String> simpleEntry : metadataForLdapUser) {
                            account.setMetadataValue(simpleEntry.getKey(), simpleEntry.getValue());
                        }
                    }
                    if (r12 != false && !getSecurityManager().updateAccount(account)) {
                        LOG.error("Could not update account");
                    }
                    return account;
                });
                LdapUtils.closeContext(context);
                return account2;
            } catch (NamingException | EXistException e) {
                throw new AuthenticationException(-1, e.getMessage(), e);
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(null);
            throw th;
        }
    }

    private Account createAccountInDatabase(LdapContext ldapContext, String str, SearchResult searchResult, String str2) throws AuthenticationException {
        try {
            return (Account) executeAsSystemUser(ldapContext, (ldapContext2, dBBroker) -> {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Saving account '" + str + "'.");
                }
                UserAider userAider = new UserAider(ID, str, getGroup(ldapContext, dBBroker, str2));
                Iterator<Group> it = getGroupMembershipForLdapUser(ldapContext, dBBroker, searchResult).iterator();
                while (it.hasNext()) {
                    userAider.addGroup(it.next());
                }
                for (AbstractMap.SimpleEntry<AXSchemaType, String> simpleEntry : getMetadataForLdapUser(searchResult)) {
                    userAider.setMetadataValue(simpleEntry.getKey(), simpleEntry.getValue());
                }
                return getSecurityManager().addAccount(userAider);
            });
        } catch (Exception e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(e);
            }
            throw new AuthenticationException(-1, e.getMessage(), e);
        }
    }

    private <R> R executeAsSystemUser(LdapContext ldapContext, LDAPFunction<R> lDAPFunction) throws EXistException, PermissionDeniedException, NamingException {
        DBBroker dBBroker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()));
        Throwable th = null;
        try {
            try {
                R r = (R) lDAPFunction.apply(ldapContext, dBBroker);
                if (dBBroker != null) {
                    if (0 != 0) {
                        try {
                            dBBroker.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dBBroker.close();
                    }
                }
                return r;
            } finally {
            }
        } catch (Throwable th3) {
            if (dBBroker != null) {
                if (th != null) {
                    try {
                        dBBroker.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dBBroker.close();
                }
            }
            throw th3;
        }
    }

    private Group createGroupInDatabase(DBBroker dBBroker, String str) throws AuthenticationException {
        try {
            return getSecurityManager().addGroup(dBBroker, new GroupAider(ID, str));
        } catch (Exception e) {
            throw new AuthenticationException(-1, e.getMessage(), e);
        }
    }

    private LdapContext getContext(@Nullable Subject subject) throws NamingException {
        return getContext(Optional.ofNullable(subject));
    }

    private LdapContext getContext(Optional<Subject> optional) throws NamingException {
        return getContextWithCredentials(optional.filter(subject -> {
            return subject instanceof AuthenticatedLdapSubjectAccreditedImpl;
        }).map(subject2 -> {
            return (AuthenticatedLdapSubjectAccreditedImpl) subject2;
        }).map(authenticatedLdapSubjectAccreditedImpl -> {
            return Tuple.Tuple(authenticatedLdapSubjectAccreditedImpl.getUsername(), authenticatedLdapSubjectAccreditedImpl.getAuthenticatedCredentials());
        }));
    }

    private LdapContext getContextWithCredentials(Optional<Tuple2<String, String>> optional) throws NamingException {
        LdapContextFactory ensureContextFactory = ensureContextFactory();
        Tuple2<String, String> orElseGet = optional.orElseGet(() -> {
            return defaultCredentials(ensureContextFactory);
        });
        return ensureContextFactory.getLdapContext((String) orElseGet._1, (String) orElseGet._2, null);
    }

    private Tuple2<String, String> defaultCredentials(LdapContextFactory ldapContextFactory) {
        LDAPSearchContext search = ldapContextFactory.getSearch();
        return Tuple.Tuple(search.getDefaultUsername(), search.getDefaultPassword());
    }

    public final synchronized Account getAccount(String str) {
        String ensureCase = ensureCase(str);
        Account account = super.getAccount(ensureCase);
        if (account != null) {
            return account;
        }
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getDatabase().getActiveBroker().getCurrentSubject());
                Account account2 = getAccount(ldapContext, ensureCase);
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
                return account2;
            } catch (NamingException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(e.getMessage(), e);
                }
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
                return null;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    private synchronized Account getAccount(LdapContext ldapContext, String str) {
        String ensureCase = ensureCase(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Get request for account '" + ensureCase + "'.");
        }
        Account account = super.getAccount(ensureCase);
        if (account != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Cached used.");
            }
            return account;
        }
        try {
            SearchResult findAccountByAccountName = findAccountByAccountName(ldapContext, ensureCase);
            if (LOG.isDebugEnabled()) {
                LOG.debug("LDAP search return '" + findAccountByAccountName + "'.");
            }
            if (findAccountByAccountName == null) {
                return null;
            }
            try {
                String primaryGroupSID = getPrimaryGroupSID(findAccountByAccountName);
                String findGroupBySID = findGroupBySID(ldapContext, primaryGroupSID);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("LDAP search for primary group by SID '" + primaryGroupSID + "', found '" + findGroupBySID + "'.");
                }
                if (findGroupBySID == null) {
                    return null;
                }
                return createAccountInDatabase(ldapContext, ensureCase, findAccountByAccountName, ensureCase(findGroupBySID));
            } catch (AuthenticationException e) {
                LOG.error(e.getMessage(), e);
                return null;
            }
        } catch (NamingException e2) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug(e2.getMessage(), e2);
            return null;
        }
    }

    public boolean hasAccount(String str) {
        return getAccount(str) != null;
    }

    private static String decodeSID(byte[] bArr) {
        StringBuilder sb = new StringBuilder("S-");
        sb.append(Integer.toString(bArr[0]));
        int i = bArr[1] & 255;
        long j = 0;
        for (int i2 = 2; i2 <= 7; i2++) {
            j |= bArr[i2] << (8 * (5 - (i2 - 2)));
        }
        sb.append("-");
        sb.append(Long.toHexString(j));
        int i3 = 8;
        for (int i4 = 0; i4 < i; i4++) {
            long j2 = 0;
            for (int i5 = 0; i5 < 4; i5++) {
                j2 |= (bArr[i3 + i5] & 255) << (8 * i5);
            }
            sb.append("-");
            sb.append(j2);
            i3 += 4;
        }
        return sb.toString();
    }

    private String getPrimaryGroupSID(SearchResult searchResult) throws NamingException {
        LDAPSearchContext search = ensureContextFactory().getSearch();
        Object obj = searchResult.getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.OBJECT_SID)).get();
        String obj2 = obj instanceof String ? obj.toString() : decodeSID((byte[]) obj);
        return obj2.substring(0, obj2.lastIndexOf(45) + 1) + ((String) searchResult.getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.PRIMARY_GROUP_ID)).get());
    }

    public final synchronized Group getGroup(Subject subject, DBBroker dBBroker, String str) {
        String ensureCase = ensureCase(str);
        Group group = getGroup(ensureCase);
        if (group != null) {
            return group;
        }
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(subject);
                Group group2 = getGroup(ldapContext, dBBroker, ensureCase);
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
                return group2;
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
                return null;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    private synchronized Group getGroup(LdapContext ldapContext, DBBroker dBBroker, String str) {
        if (str == null) {
            return null;
        }
        String ensureCase = ensureCase(str);
        Group group = getGroup(ensureCase);
        if (group != null) {
            return group;
        }
        try {
            if (findGroupByGroupName(ldapContext, removeDomainPostfix(ensureCase)) == null) {
                return null;
            }
            try {
                return createGroupInDatabase(dBBroker, ensureCase);
            } catch (AuthenticationException e) {
                LOG.error(e.getMessage(), e);
                return null;
            }
        } catch (NamingException e2) {
            LOG.error(new AuthenticationException(-1, e2.getMessage()));
            return null;
        }
    }

    public boolean hasGroup(String str) {
        return getGroup((Subject) null, getSecurityManager().getDatabase().getActiveBroker(), str) != null;
    }

    private String addDomainPostfix(String str) {
        String str2 = str;
        if (!str2.contains("@")) {
            str2 = str2 + '@' + ensureContextFactory().getDomain();
        }
        return str2;
    }

    private String removeDomainPostfix(String str) {
        String str2 = str;
        if (str2.contains("@") && str2.endsWith(ensureContextFactory().getDomain())) {
            str2 = str2.substring(0, str2.indexOf(64));
        }
        return str2;
    }

    private boolean checkAccountRestrictionList(String str) {
        return checkPrincipalRestrictionList(str, ensureContextFactory().getSearch().getSearchAccount());
    }

    private boolean checkGroupRestrictionList(String str) {
        return checkPrincipalRestrictionList(str, ensureContextFactory().getSearch().getSearchGroup());
    }

    private boolean checkPrincipalRestrictionList(String str, AbstractLDAPSearchPrincipal abstractLDAPSearchPrincipal) {
        String ensureCase = ensureCase(str);
        if (ensureCase.indexOf(64) > -1) {
            ensureCase = ensureCase.substring(0, ensureCase.indexOf(64));
        }
        List<String> list = null;
        if (abstractLDAPSearchPrincipal.getBlackList() != null) {
            list = abstractLDAPSearchPrincipal.getBlackList().getPrincipals();
        }
        List<String> list2 = null;
        if (abstractLDAPSearchPrincipal.getWhiteList() != null) {
            list2 = abstractLDAPSearchPrincipal.getWhiteList().getPrincipals();
        }
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                if (ensureCase(it.next()).equals(ensureCase)) {
                    return false;
                }
            }
        }
        if (list2 == null || list2.size() <= 0) {
            return true;
        }
        Iterator<String> it2 = list2.iterator();
        while (it2.hasNext()) {
            if (ensureCase(it2.next()).equals(ensureCase)) {
                return true;
            }
        }
        return false;
    }

    private String escapeSearchAttribute(String str) {
        return str.replace("\\", "\\5c").replace("(", "\\28").replace(")", "\\29");
    }

    private SearchResult findAccountByAccountName(DirContext dirContext, String str) throws NamingException {
        if (!checkAccountRestrictionList(str)) {
            return null;
        }
        String escapeSearchAttribute = escapeSearchAttribute(removeDomainPostfix(str));
        LDAPSearchContext search = ensureContextFactory().getSearch();
        String buildSearchFilter = buildSearchFilter(search.getSearchAccount().getSearchFilterPrefix(), new SearchAttribute(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME), escapeSearchAttribute));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search2 = dirContext.search(search.getBase(), buildSearchFilter, searchControls);
        SearchResult searchResult = null;
        if (search2.hasMoreElements()) {
            searchResult = (SearchResult) search2.nextElement();
            if (search2.hasMoreElements()) {
                LOG.error("Matched multiple users for the accountName: " + str);
            }
        }
        return searchResult;
    }

    private String findGroupBySID(DirContext dirContext, String str) throws NamingException {
        LDAPSearchContext search = ensureContextFactory().getSearch();
        String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.OBJECT_SID), str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search2 = dirContext.search(search.getAbsoluteBase(), buildSearchFilter, searchControls);
        if (!search2.hasMoreElements()) {
            LOG.error("Matched no group with SID: " + str);
            return null;
        }
        SearchResult searchResult = (SearchResult) search2.nextElement();
        if (!search2.hasMoreElements()) {
            return addDomainPostfix((String) searchResult.getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get());
        }
        LOG.error("Matched multiple groups for the group with SID: " + str);
        return null;
    }

    @Nullable
    private SearchResult findGroupByGroupName(DirContext dirContext, String str) throws NamingException {
        if (!checkGroupRestrictionList(str)) {
            return null;
        }
        LDAPSearchContext search = ensureContextFactory().getSearch();
        String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME), escapeSearchAttribute(str)));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search2 = dirContext.search(search.getAbsoluteBase(), buildSearchFilter, searchControls);
        if (!search2.hasMoreElements()) {
            LOG.error("Matched no groups for the groupName: " + str);
            return null;
        }
        SearchResult searchResult = (SearchResult) search2.nextElement();
        if (!search2.hasMoreElements()) {
            return searchResult;
        }
        LOG.error("Matched multiple groups for the groupName: " + str);
        return null;
    }

    public boolean isConfigured() {
        return this.configuration != null;
    }

    public Configuration getConfiguration() {
        return this.configuration;
    }

    public boolean updateAccount(Account account) throws PermissionDeniedException, EXistException {
        return super.updateAccount(account);
    }

    public boolean deleteAccount(Account account) {
        return false;
    }

    public boolean updateGroup(Group group) throws PermissionDeniedException, EXistException {
        return super.updateGroup(group);
    }

    public boolean deleteGroup(Group group) {
        return false;
    }

    private String buildSearchFilter(String str, SearchAttribute searchAttribute) {
        StringBuilder sb = new StringBuilder();
        sb.append("(");
        sb.append(buildSearchCriteria(str));
        if (searchAttribute.getName() != null && searchAttribute.getValue() != null) {
            sb.append("(");
            sb.append(searchAttribute.getName());
            sb.append("=");
            sb.append(searchAttribute.getValue());
            sb.append(")");
        }
        sb.append(")");
        return sb.toString();
    }

    private String buildSearchFilterUnion(String str, List<SearchAttribute> list) {
        StringBuilder sb = new StringBuilder();
        sb.append("(");
        sb.append(buildSearchCriteria(str));
        if (!list.isEmpty()) {
            sb.append("(|");
            for (SearchAttribute searchAttribute : list) {
                sb.append("(");
                sb.append(searchAttribute.getName());
                sb.append("=");
                sb.append(searchAttribute.getValue());
                sb.append(")");
            }
            sb.append(")");
        }
        sb.append(")");
        return sb.toString();
    }

    private String buildSearchCriteria(String str) {
        return "&(" + str + ")";
    }

    public List<String> findUsernamesWhereNameStarts(String str) {
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchAccount().getSearchFilterPrefix(), new SearchAttribute(search.getSearchAccount().getMetadataSearchAttribute(AXSchemaType.FULLNAME), escapeSearchAttribute + "*"));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkAccountRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    public List<String> findUsernamesWhereNamePartStarts(String str) {
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                SearchAttribute searchAttribute = new SearchAttribute(search.getSearchAccount().getMetadataSearchAttribute(AXSchemaType.FIRSTNAME), escapeSearchAttribute + "*");
                SearchAttribute searchAttribute2 = new SearchAttribute(search.getSearchAccount().getMetadataSearchAttribute(AXSchemaType.LASTNAME), escapeSearchAttribute + "*");
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(searchAttribute);
                arrayList2.add(searchAttribute2);
                String buildSearchFilterUnion = buildSearchFilterUnion(search.getSearchAccount().getSearchFilterPrefix(), arrayList2);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilterUnion, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkAccountRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    public List<String> findUsernamesWhereUsernameStarts(String str) {
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchAccount().getSearchFilterPrefix(), new SearchAttribute(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME), escapeSearchAttribute + "*"));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkAccountRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    private List<String> findGroupnamesForUserDistinguishedName(LdapContext ldapContext, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            LDAPSearchContext search = ensureContextFactory().getSearch();
            String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.MEMBER), escapeSearchAttribute(str)));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
            NamingEnumeration search2 = ldapContext.search(search.getAbsoluteBase(), buildSearchFilter, searchControls);
            while (search2.hasMoreElements()) {
                String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                if (checkGroupRestrictionList(ensureCase)) {
                    arrayList.add(ensureCase);
                }
            }
        } catch (NamingException e) {
            LOG.error(new AuthenticationException(-1, e.getMessage()));
        }
        return arrayList;
    }

    /* renamed from: findGroupnamesWhereGroupnameStarts, reason: merged with bridge method [inline-methods] */
    public List<String> m3findGroupnamesWhereGroupnameStarts(String str) {
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME), escapeSearchAttribute + "*"));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkGroupRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    /* renamed from: findGroupnamesWhereGroupnameContains, reason: merged with bridge method [inline-methods] */
    public List<String> m2findGroupnamesWhereGroupnameContains(String str) {
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME), "*" + escapeSearchAttribute + "*"));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkGroupRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(e);
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    public List<String> findAllGroupNames() {
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), new SearchAttribute(null, null));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkGroupRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    public List<String> findAllUserNames() {
        ArrayList arrayList = new ArrayList();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = getContext(getSecurityManager().getCurrentSubject());
                LDAPSearchContext search = ensureContextFactory().getSearch();
                String buildSearchFilter = buildSearchFilter(search.getSearchAccount().getSearchFilterPrefix(), new SearchAttribute(null, null));
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(new String[]{search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
                NamingEnumeration search2 = ldapContext.search(search.getBase(), buildSearchFilter, searchControls);
                while (search2.hasMoreElements()) {
                    String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                    if (checkAccountRestrictionList(ensureCase)) {
                        arrayList.add(ensureCase);
                    }
                }
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (ldapContext != null) {
                    LdapUtils.closeContext(ldapContext);
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                LdapUtils.closeContext(ldapContext);
            }
            throw th;
        }
    }

    public List<String> findAllGroupMembers(String str) {
        SearchResult findGroupByGroupName;
        String escapeSearchAttribute = escapeSearchAttribute(ensureCase(str));
        ArrayList arrayList = new ArrayList();
        if (!checkGroupRestrictionList(escapeSearchAttribute)) {
            return arrayList;
        }
        DirContext dirContext = null;
        try {
            try {
                dirContext = getContext(getSecurityManager().getCurrentSubject());
                findGroupByGroupName = findGroupByGroupName(dirContext, removeDomainPostfix(escapeSearchAttribute));
            } catch (NamingException e) {
                LOG.error(new AuthenticationException(-1, e.getMessage()));
                if (dirContext != null) {
                    LdapUtils.closeContext(dirContext);
                }
            }
            if (findGroupByGroupName == null) {
                if (dirContext != null) {
                    LdapUtils.closeContext(dirContext);
                }
                return arrayList;
            }
            LDAPSearchContext search = ensureContextFactory().getSearch();
            String buildSearchFilter = buildSearchFilter(search.getSearchAccount().getSearchFilterPrefix(), new SearchAttribute(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.MEMBER_OF), escapeSearchAttribute((String) findGroupByGroupName.getAttributes().get(search.getSearchGroup().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.DN)).get())));
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)});
            NamingEnumeration search2 = dirContext.search(search.getBase(), buildSearchFilter, searchControls);
            while (search2.hasMoreElements()) {
                String ensureCase = ensureCase(addDomainPostfix((String) ((SearchResult) search2.nextElement()).getAttributes().get(search.getSearchAccount().getSearchAttribute(AbstractLDAPSearchPrincipal.LDAPSearchAttributeKey.NAME)).get()));
                if (checkAccountRestrictionList(ensureCase)) {
                    arrayList.add(ensureCase);
                }
            }
            if (dirContext != null) {
                LdapUtils.closeContext(dirContext);
            }
            return arrayList;
        } catch (Throwable th) {
            if (dirContext != null) {
                LdapUtils.closeContext(dirContext);
            }
            throw th;
        }
    }
}
