package org.forgerock.openam.ldap;

import com.sun.identity.shared.Constants;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import org.forgerock.openam.sdk.org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Attribute;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteString;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Connection;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Connections;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Filter;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LDAPConnectionFactory;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LdapException;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LoadBalancerEventListener;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.RDN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.SSLContextBuilder;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.SearchResultReferenceIOException;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.forgerock.openam.sdk.org.forgerock.util.Option;
import org.forgerock.openam.sdk.org.forgerock.util.Options;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;
import org.forgerock.openam.sdk.org.forgerock.util.time.Duration;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/ldap/LDAPUtils.class */
public final class LDAPUtils {
    private static final String LDAP_SCOPE_BASE = "SCOPE_BASE";
    private static final String LDAP_SCOPE_ONE = "SCOPE_ONE";
    private static final String LDAP_SCOPE_SUB = "SCOPE_SUB";
    private static final Map<String, SearchScope> SCOPES;
    private static final int DEFAULT_HEARTBEAT_TIMEOUT = 3;
    static final Pattern dnRule;
    public static final Option<Boolean> AFFINITY_ENABLED = Option.withDefault(false);
    private static final char[] ESCAPED_CHAR = {',', '+', '\"', '\\', '<', '>', ';', '='};
    private static final Debug DEBUG = Debug.getInstance("LDAPUtils");

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:org/forgerock/openam/ldap/LDAPUtils$LoggingLBEventListener.class */
    private static class LoggingLBEventListener implements LoadBalancerEventListener {
        private LoggingLBEventListener() {
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LoadBalancerEventListener
        public void handleConnectionFactoryOffline(ConnectionFactory connectionFactory, LdapException ldapException) {
            LDAPUtils.DEBUG.error("Connection factory became offline: " + connectionFactory, ldapException);
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LoadBalancerEventListener
        public void handleConnectionFactoryOnline(ConnectionFactory connectionFactory) {
            LDAPUtils.DEBUG.error("Connection factory became online: " + connectionFactory);
        }
    }

    private LDAPUtils() {
    }

    public static ConnectionFactory newPrioritizedFailoverConnectionPool(Set<String> set, String str, String str2, String str3, char[] cArr, int i, int i2, String str4, Options options) {
        return newFailoverConnectionPool(prioritizeServers(set, str, str2), str3, cArr, i, i2, str4, options);
    }

    public static ConnectionFactory newFailoverConnectionPool(Set<LDAPURL> set, String str, char[] cArr, int i, int i2, String str2, Options options) {
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<LDAPURL> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(Connections.newCachedConnectionPool(newConnectionFactory(it.next(), str, cArr, i2, str2, options), 1, i, 60L, TimeUnit.SECONDS));
        }
        return loadBalanceFactories(arrayList, options);
    }

    public static ConnectionFactory newPrioritizedFailoverConnectionFactory(Set<String> set, String str, String str2, String str3, char[] cArr, int i, String str4, Options options) {
        return newFailoverConnectionFactory(prioritizeServers(set, str, str2), str3, cArr, i, str4, options);
    }

    public static ConnectionFactory newFailoverConnectionFactory(Set<LDAPURL> set, String str, char[] cArr, int i, String str2, Options options) {
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<LDAPURL> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(newConnectionFactory(it.next(), str, cArr, i, str2, options));
        }
        return loadBalanceFactories(arrayList, options);
    }

    private static ConnectionFactory newConnectionFactory(LDAPURL ldapurl, String str, char[] cArr, int i, String str2, Options options) {
        Boolean isSSL = ldapurl.isSSL();
        int asInt = SystemPropertiesManager.getAsInt(Constants.LDAP_HEARTBEAT_TIMEOUT, 3);
        if (isSSL != null && isSSL.booleanValue()) {
            try {
                options = Options.copyOf(options).set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().setProtocol(SystemPropertiesManager.get(Constants.LDAP_SERVER_TLS_VERSION, SSLContextBuilder.PROTOCOL_TLS)).getSSLContext());
            } catch (GeneralSecurityException e) {
                DEBUG.error("An error occurred while creating SSLContext", e);
            }
        }
        if (i > 0 && str2 != null) {
            TimeUnit valueOf = TimeUnit.valueOf(str2.toUpperCase());
            options = options.set(LDAPConnectionFactory.HEARTBEAT_ENABLED, true).set(LDAPConnectionFactory.HEARTBEAT_INTERVAL, new Duration(Long.valueOf(valueOf.toSeconds(i)), TimeUnit.SECONDS)).set(LDAPConnectionFactory.HEARTBEAT_TIMEOUT, new Duration(Long.valueOf(valueOf.toSeconds(asInt)), TimeUnit.SECONDS));
        }
        if (str != null) {
            options = options.set(LDAPConnectionFactory.AUTHN_BIND_REQUEST, LDAPRequests.newSimpleBindRequest(str, cArr));
        }
        return new LDAPConnectionFactory(ldapurl.getHost(), ldapurl.getPort(), options);
    }

    private static ConnectionFactory loadBalanceFactories(List<ConnectionFactory> list, Options options) {
        return ((Boolean) options.get(AFFINITY_ENABLED)).booleanValue() ? Connections.newAffinityRequestLoadBalancer(list, options) : Connections.newFailoverLoadBalancer(list, options);
    }

    public static Set<LDAPURL> prioritizeServers(Set<String> set, String str, String str2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set.size());
        LinkedHashSet linkedHashSet2 = new LinkedHashSet(set.size());
        LinkedHashSet linkedHashSet3 = new LinkedHashSet(set.size());
        LinkedHashSet linkedHashSet4 = new LinkedHashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            StringTokenizer stringTokenizer = new StringTokenizer(it.next(), "|");
            String nextToken = stringTokenizer.nextToken();
            String nextToken2 = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : "";
            String nextToken3 = stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken() : "";
            if (!nextToken2.isEmpty() && nextToken2.equals(str)) {
                linkedHashSet2.add(LDAPURL.valueOf(nextToken));
            } else if (nextToken3.isEmpty() || !nextToken3.equals(str2)) {
                linkedHashSet4.add(LDAPURL.valueOf(nextToken));
            } else {
                linkedHashSet3.add(LDAPURL.valueOf(nextToken));
            }
        }
        linkedHashSet.addAll(shuffle(linkedHashSet2));
        linkedHashSet.addAll(shuffle(linkedHashSet3));
        linkedHashSet.addAll(shuffle(linkedHashSet4));
        return linkedHashSet;
    }

    static Collection<LDAPURL> shuffle(Set<LDAPURL> set) {
        if (set.size() <= 1) {
            return set;
        }
        ArrayList arrayList = new ArrayList(set);
        Collections.shuffle(arrayList);
        return arrayList;
    }

    public static SearchScope getSearchScope(String str, SearchScope searchScope) {
        SearchScope searchScope2 = SCOPES.get(str);
        return searchScope2 == null ? searchScope : searchScope2;
    }

    public static Filter parseFilter(String str, Filter filter) {
        if (str == null) {
            return filter;
        }
        try {
            return Filter.valueOf(str);
        } catch (LocalizedIllegalArgumentException e) {
            DEBUG.error("Unable to construct Filter from " + str + " -> " + e.getMessage() + "\nFalling back to " + filter.toString());
            return filter;
        }
    }

    public static String getName(DN dn) {
        return dn.rdn().getFirstAVA().getAttributeValue().toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void addAttributeToMapAsByteArray(Attribute attribute, Map<String, byte[][]> map) {
        byte[] bArr = new byte[attribute.size()];
        int i = 0;
        Iterator<ByteString> it = attribute.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            bArr[i2] = it.next().toByteArray();
        }
        map.put(attribute.getAttributeDescriptionAsString(), bArr);
    }

    public static void addAttributeToMapAsString(Attribute attribute, Map<String, Set<String>> map) {
        map.put(attribute.getAttributeDescriptionAsString(), getAttributeValuesAsStringSet(attribute));
    }

    public static Set<String> getAttributeValuesAsStringSet(Attribute attribute) {
        HashSet hashSet = new HashSet(attribute.size());
        Iterator<ByteString> it = attribute.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().toString());
        }
        return hashSet;
    }

    public static Set<LDAPURL> convertToLDAPURLs(Set<String> set) {
        if (set == null) {
            return new LinkedHashSet(0);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(set.size());
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(LDAPURL.valueOf(it.next()));
        }
        return linkedHashSet;
    }

    public static String rdnValueFromDn(String str) {
        return rdnValueFromDn(DN.valueOf(str));
    }

    public static String rdnValueFromDn(DN dn) {
        return dn.size() > 0 ? rdnValue(dn.rdn()) : "";
    }

    public static String rdnValue(RDN rdn) {
        Reject.ifTrue(rdn.isMultiValued(), "Multivalued RDNs not supported");
        return rdn.getFirstAVA().getAttributeValue().toString();
    }

    public static String rdnTypeFromDn(String str) {
        return rdnTypeFromDn(DN.valueOf(str));
    }

    public static String rdnTypeFromDn(DN dn) {
        return dn.size() > 0 ? rdnType(dn.rdn()) : "";
    }

    public static String rdnType(RDN rdn) {
        Reject.ifTrue(rdn.size() != 1, "Multivalued RDNs not supported");
        return rdn.getFirstAVA().getAttributeType().getNameOrOID();
    }

    public static Set<String> collectNonIdenticalValues(DN dn, Set<String> set) throws InvalidNameException {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            DN valueOf = DN.valueOf(it.next());
            if (valueOf.size() > 0 && dn.compareTo(valueOf) != 0) {
                hashSet.add(rdnValueFromDn(valueOf));
            }
        }
        return hashSet;
    }

    public static String getDBName(String str, Connection connection) {
        try {
            ConnectionEntryReader search = connection.search(LDAPRequests.newSearchRequest("cn=mapping tree,cn=config", SearchScope.WHOLE_SUBTREE, "cn=" + str, new String[0]));
            while (search.hasNext()) {
                Attribute attribute = search.readEntry().getAttribute("nsslapd-backend");
                if (attribute != null) {
                    return attribute.firstValueAsString();
                }
            }
            return "userRoot";
        } catch (LdapException e) {
            return "userRoot";
        } catch (SearchResultReferenceIOException e2) {
            DEBUG.error("LDAPUtils.getDBName: Did not expect to get a reference", e2);
            return "userRoot";
        }
    }

    public static boolean isDN(String str) {
        return isDN(str, 0);
    }

    public static boolean isDN(String str, int i) {
        try {
            return newDN(str).size() > i;
        } catch (LocalizedIllegalArgumentException e) {
            DEBUG.error("LDAPUtils.isDN: Invalid DN", e);
            return false;
        }
    }

    public static String escapeValue(String str) {
        return DN.escapeAttributeValue(str);
    }

    public static String unescapeValue(String str) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            if (charAt == '\\') {
                char charAt2 = str.charAt(i + 1);
                if (isEscapeCharacter(charAt2)) {
                    charAt = charAt2;
                    i++;
                }
            }
            sb.append(charAt);
            i++;
        }
        return sb.toString();
    }

    private static boolean isEscapeCharacter(char c) {
        for (char c2 : ESCAPED_CHAR) {
            if (c == c2) {
                return true;
            }
        }
        return false;
    }

    public static String normalizeDN(String str) {
        return newDN(str).toString().toLowerCase();
    }

    public static DN newDN(String str) {
        return (str == null || str.startsWith("/") || !dnRule.matcher(str).matches()) ? DN.rootDN() : DN.valueOf(str);
    }

    public static String formatToRFC(String str) {
        return DN.valueOf(str).toString().toLowerCase();
    }

    public static boolean dnEquals(String str, String str2) {
        return DN.valueOf(str).equals(DN.valueOf(str2));
    }

    public static ConnectionFactory createFailoverConnectionFactory(String str, int i, String str2, String str3, Options options) {
        StringTokenizer stringTokenizer = new StringTokenizer(str);
        String[] strArr = new String[stringTokenizer.countTokens()];
        int[] iArr = new int[stringTokenizer.countTokens()];
        int i2 = 0;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf(58);
            if (indexOf > 0) {
                strArr[i2] = nextToken.substring(0, indexOf);
                iArr[i2] = Integer.parseInt(nextToken.substring(indexOf + 1));
            } else {
                strArr[i2] = nextToken;
                iArr[i2] = i;
            }
            i2++;
        }
        if (i2 <= 1) {
            return createSingleHostConnectionFactory(strArr[0], iArr[0], str2, str3, options);
        }
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 < i2; i3++) {
            arrayList.add(createSingleHostConnectionFactory(strArr[i3], iArr[i3], str2, str3, options));
        }
        return loadBalanceFactories(arrayList, options);
    }

    private static ConnectionFactory createSingleHostConnectionFactory(String str, int i, String str2, String str3, Options options) {
        return new LDAPConnectionFactory(str, i, options.set(LDAPConnectionFactory.AUTHN_BIND_REQUEST, LDAPRequests.newSimpleBindRequest(str2, str3.toCharArray())));
    }

    static {
        HashMap hashMap = new HashMap(3);
        hashMap.put(LDAP_SCOPE_BASE, SearchScope.BASE_OBJECT);
        hashMap.put(LDAP_SCOPE_ONE, SearchScope.SINGLE_LEVEL);
        hashMap.put(LDAP_SCOPE_SUB, SearchScope.WHOLE_SUBTREE);
        SCOPES = Collections.unmodifiableMap(hashMap);
        dnRule = Pattern.compile("^(?:[A-Za-z][\\w-]*|\\d+(?:\\.\\d+)*)=(?:#(?:[\\dA-Fa-f]{2})+|(?:[^,=\\+<>#;\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*|\"(?:[^\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*\")(?:\\+(?:[A-Za-z][\\w-]*|\\d+(?:\\.\\d+)*)=(?:#(?:[\\dA-Fa-f]{2})+|(?:[^,=\\+<>#;\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*|\"(?:[^\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*\"))*(?:,(?:[A-Za-z][\\w-]*|\\d+(?:\\.\\d+)*)=(?:#(?:[\\dA-Fa-f]{2})+|(?:[^,=\\+<>#;\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*|\"(?:[^\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*\")(?:\\+(?:[A-Za-z][\\w-]*|\\d+(?:\\.\\d+)*)=(?:#(?:[\\dA-Fa-f]{2})+|(?:[^,=\\+<>#;\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*|\"(?:[^\\\\\"]|\\\\[,=\\+<>#;\\\\\"]|\\\\[\\dA-Fa-f]{2})*\"))*)*$");
    }
}
