package nl.nn.credentialprovider;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import nl.nn.credentialprovider.rolemapping.RoleGroupMapper;
import nl.nn.credentialprovider.rolemapping.RoleGroupMappingRuleSet;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.realm.JNDIRealm;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.digester.Digester;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.xml.sax.SAXException;

/* loaded from: input_file:nl/nn/credentialprovider/RoleToGroupMappingJndiRealm.class */
public class RoleToGroupMappingJndiRealm extends JNDIRealm implements RoleGroupMapper {
    private final Log log = LogFactory.getLog(getClass());
    private String pathname = null;
    private static Digester digester = null;

    public List<String> getRoles(String str) {
        List<String> roles;
        JNDIRealm.JNDIConnection jNDIConnection = null;
        try {
            jNDIConnection = get();
            try {
                roles = getRoles(jNDIConnection, str);
            } catch (NullPointerException | NamingException e) {
                this.containerLog.info(sm.getString("jndiRealm.exception.retry"), e);
                close(jNDIConnection);
                closePooledConnections();
                jNDIConnection = get();
                roles = getRoles(jNDIConnection, str);
            }
            release(jNDIConnection);
            return roles;
        } catch (NamingException e2) {
            this.containerLog.error(sm.getString("jndiRealm.exception"), e2);
            close(jNDIConnection);
            closePooledConnections();
            if (!this.containerLog.isDebugEnabled()) {
                return null;
            }
            this.containerLog.debug("Returning null roles.");
            return null;
        }
    }

    public List<String> getRoles(JNDIRealm.JNDIConnection jNDIConnection, String str) throws NamingException {
        if (str == null || str.equals("")) {
            if (!this.containerLog.isDebugEnabled()) {
                return null;
            }
            this.containerLog.debug("username null or empty: returning null roles.");
            return null;
        }
        if (this.userPatternArray == null) {
            JNDIRealm.User user = getUser(jNDIConnection, str, null, -1);
            if (user == null) {
                return null;
            }
            List<String> roles = getRoles(jNDIConnection, user);
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("Found roles: " + roles.toString());
            }
            return roles;
        }
        for (int i = 0; i < this.userPatternArray.length; i++) {
            JNDIRealm.User user2 = getUser(jNDIConnection, str, null, i);
            if (user2 != null) {
                try {
                    List<String> roles2 = getRoles(jNDIConnection, user2);
                    if (this.containerLog.isDebugEnabled()) {
                        this.containerLog.debug("Found roles: " + roles2.toString());
                    }
                    return roles2;
                } catch (InvalidNameException e) {
                    this.containerLog.warn(sm.getString("jndiRealm.exception"), e);
                }
            }
        }
        return null;
    }

    protected List<String> getRoles(JNDIRealm.JNDIConnection jNDIConnection, JNDIRealm.User user) throws NamingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(user.getRoles());
        LinkedList linkedList = new LinkedList(linkedHashSet);
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("allRoles in: " + linkedHashSet);
        }
        String[] strArr = {getRoleName()};
        while (true) {
            String str = (String) linkedList.poll();
            if (str == null) {
                break;
            }
            NamingEnumeration all = jNDIConnection.context.getAttributes(str, strArr).getAll();
            while (all.hasMoreElements()) {
                NamingEnumeration all2 = ((Attribute) all.next()).getAll();
                while (all2.hasMoreElements()) {
                    String obj = all2.next().toString();
                    if (this.containerLog.isTraceEnabled()) {
                        this.containerLog.trace("nestedRole: " + obj);
                    }
                    if (!linkedHashSet.contains(obj)) {
                        linkedList.add(obj);
                        linkedHashSet.add(obj);
                    }
                }
            }
        }
        if (this.containerLog.isTraceEnabled()) {
            this.containerLog.trace("allRoles out: " + linkedHashSet);
        }
        return new ArrayList(linkedHashSet);
    }

    protected void startInternal() throws LifecycleException {
        if (this.log.isTraceEnabled()) {
            this.log.trace(">>> startInternal");
        }
        super.startInternal();
        try {
            initMappingConfig();
            if (this.log.isTraceEnabled()) {
                this.log.trace("<<< startInternal");
            }
        } catch (IOException e) {
            throw new LifecycleException(e);
        }
    }

    protected synchronized Digester getDigester() {
        if (digester == null) {
            digester = new Digester();
            digester.setValidating(false);
            try {
                digester.setFeature("http://apache.org/xml/features/allow-java-encodings", true);
            } catch (Exception e) {
                this.log.warn(sm.getString("memoryRealm.xmlFeatureEncoding"), e);
            }
            digester.addRuleSet(new RoleGroupMappingRuleSet());
        }
        return digester;
    }

    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.applyWithWiderIgnSame(TypeUpdate.java:70)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.applyResolvedVars(TypeSearch.java:100)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:76)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00b2: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:54:0x00b2 */
    protected void initMappingConfig() throws IOException {
        Digester digester2;
        if (this.log.isTraceEnabled()) {
            this.log.trace(">>> initMappingConfig");
        }
        String pathname = getPathname();
        if (pathname == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("<<< initMappingConfig no path configured");
                return;
            }
            return;
        }
        InputStream inputStream = ConfigFileLoader.getSource().getResource(pathname).getInputStream();
        Throwable th = null;
        try {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Loading mapping: " + pathname);
            }
            try {
                Digester digester3 = getDigester();
                try {
                    synchronized (digester3) {
                        digester3.push(this);
                        digester3.parse(inputStream);
                    }
                    digester3.reset();
                    reportMappingConfig();
                    if (this.log.isTraceEnabled()) {
                        this.log.trace("<<< initMappingConfig");
                    }
                } catch (IOException | SAXException e) {
                    throw new IOException("Exception while reading role-group-mapping file", e);
                }
            } catch (Throwable th2) {
                digester2.reset();
                reportMappingConfig();
                throw th2;
            }
        } finally {
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    inputStream.close();
                }
            }
        }
    }

    protected void reportMappingConfig() {
        if (this.log.isTraceEnabled()) {
            this.log.trace(">>> reportMappingConfig");
        }
        Context container = getContainer();
        if (container instanceof Context) {
            Context context = container;
            String[] findSecurityRoles = context.findSecurityRoles();
            if (findSecurityRoles != null) {
                this.log.info(String.format("Security role mappings:", new Object[0]));
                for (String str : findSecurityRoles) {
                    this.log.info(String.format("Security [role]: %s [link]: %s", str, context.findRoleMapping(str)));
                }
            } else {
                this.log.info(String.format("No security roles found.", new Object[0]));
            }
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("<<< reportMappingConfig");
        }
    }

    @Override // nl.nn.credentialprovider.rolemapping.RoleGroupMapper
    public void addRoleGroupMapping(String str, String str2) {
        if (str == null || str.length() <= 0 || str2 == null || str2.length() <= 0) {
            this.log.warn(">>> skipped addRoleGroupMapping role: " + str + ", group: " + str2);
            return;
        }
        Context container = getContainer();
        this.log.info(">>> addRoleGroupMapping container: " + container);
        if (!(container instanceof Context)) {
            this.log.warn(">>> skipped addRoleGroupMapping no Context found in container: " + container + " for role: " + str + ", group: " + str2);
        } else {
            container.addRoleMapping(str, str2);
            this.log.info(">>> addRoleGroupMapping role: " + str + ", group: " + str2);
        }
    }

    public String getPathname() {
        return this.pathname;
    }

    public void setPathname(String str) {
        this.pathname = str;
    }
}
