package com.identity4j.connector.directory;

import com.identity4j.connector.AbstractConnector;
import com.identity4j.connector.BrowseNode;
import com.identity4j.connector.BrowseableConnector;
import com.identity4j.connector.ConnectorCapability;
import com.identity4j.connector.ConnectorConfigurationParameters;
import com.identity4j.connector.exception.ConnectorException;
import com.identity4j.connector.exception.PasswordChangeRequiredException;
import com.identity4j.connector.exception.PrincipalNotFoundException;
import com.identity4j.connector.principal.Identity;
import com.identity4j.connector.principal.Role;
import com.identity4j.util.StringUtil;
import com.identity4j.util.crypt.impl.DefaultEncoderManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.Name;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.OperationNotSupportedException;
import org.springframework.ldap.UncategorizedLdapException;
import org.springframework.ldap.control.PagedResultsCookie;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DirContextProcessor;
import org.springframework.ldap.core.simple.AbstractParameterizedContextMapper;
import org.springframework.ldap.core.simple.ParameterizedContextMapper;
import org.springframework.ldap.core.simple.SimpleLdapOperations;
import org.springframework.ldap.core.simple.SimpleLdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.core.support.SingleContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.LikeFilter;

/* loaded from: input_file:com/identity4j/connector/directory/DirectoryConnector.class */
public class DirectoryConnector extends AbstractConnector implements BrowseableConnector {
    public static final String WILDCARD_SEARCH = "*";
    public static final String OBJECT_CLASS_ATTRIBUTE = "objectClass";
    private DirectoryConfiguration directoryConfiguration;
    private SimpleLdapOperations ldapTemplate;
    static final Log LOG = LogFactory.getLog(DirectoryConnector.class);
    protected static Set<ConnectorCapability> capabilities = new HashSet(Arrays.asList(ConnectorCapability.passwordChange, ConnectorCapability.passwordSet, ConnectorCapability.createUser, ConnectorCapability.deleteUser, ConnectorCapability.updateUser, ConnectorCapability.hasFullName, ConnectorCapability.hasEmail, ConnectorCapability.roles, ConnectorCapability.authentication, ConnectorCapability.identities, ConnectorCapability.tracksLastPasswordChange, ConnectorCapability.tracksLastSignOnDate));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/identity4j/connector/directory/DirectoryConnector$SearchResultsIterator.class */
    public class SearchResultsIterator<T> implements Iterator<T> {
        private ParameterizedContextMapper<T> filteredMapper;
        private Name[] dns;
        private int dnIdx = 0;
        private T next;
        private PagedResultsCookie cookie;
        private Name dn;
        private String filter;
        private Iterator<T> listIterator;
        private SimpleLdapTemplate singleLdapTemplate;
        private SingleContextSource singleContextSource;
        private SearchControls searchControls;

        SearchResultsIterator(ParameterizedContextMapper<T> parameterizedContextMapper, Collection<? extends Name> collection, String str, SearchControls searchControls) {
            this.singleContextSource = new SingleContextSource(DirectoryConnector.this.buildContextSource(DirectoryConnector.this.directoryConfiguration, DirectoryConnector.this.directoryConfiguration.getServiceAccountDn(), DirectoryConnector.this.directoryConfiguration.getServiceAccountPassword()).getReadOnlyContext());
            this.singleLdapTemplate = new SimpleLdapTemplate(this.singleContextSource);
            this.singleLdapTemplate.getLdapOperations().setIgnorePartialResultException(true);
            this.searchControls = searchControls;
            this.filteredMapper = parameterizedContextMapper;
            this.dns = (Name[]) collection.toArray(new Name[0]);
            this.filter = str;
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            fetchNext();
            if (this.next == null) {
                close();
            }
            return this.next != null;
        }

        private void close() {
            if (this.singleContextSource != null) {
                this.singleContextSource.destroy();
                this.singleContextSource = null;
            }
        }

        @Override // java.util.Iterator
        public T next() {
            try {
                if (this.next == null) {
                    fetchNext();
                }
                if (this.next != null) {
                    return this.next;
                }
                close();
                throw new NoSuchElementException();
            } catch (Error e) {
                close();
                throw e;
            }
        }

        @Override // java.util.Iterator
        public void remove() {
        }

        void fetchNext() {
            this.next = null;
            while (this.next == null) {
                if (this.dn == null) {
                    if (this.dnIdx >= this.dns.length) {
                        this.next = null;
                        return;
                    }
                    Name[] nameArr = this.dns;
                    int i = this.dnIdx;
                    this.dnIdx = i + 1;
                    this.dn = nameArr[i];
                    this.cookie = null;
                }
                while (this.next == null && this.dn != null) {
                    if (this.listIterator == null) {
                        PagedResultsDirContextProcessor pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(DirectoryConnector.this.directoryConfiguration.getMaxPageSize(), this.cookie);
                        this.listIterator = this.singleLdapTemplate.search(this.dn, this.filter, this.searchControls, this.filteredMapper, pagedResultsDirContextProcessor).iterator();
                        this.cookie = pagedResultsDirContextProcessor.getCookie();
                    } else {
                        while (this.next == null && this.listIterator.hasNext()) {
                            this.next = this.listIterator.next();
                        }
                        if (this.next == null) {
                            this.listIterator = null;
                            if (this.cookie != null && this.cookie.getCookie() == null) {
                                this.dn = null;
                            }
                        }
                    }
                }
            }
        }
    }

    public Set<ConnectorCapability> getCapabilities() {
        return capabilities;
    }

    public boolean isOpen() {
        try {
            this.ldapTemplate.lookupContext(this.directoryConfiguration.getBaseDn());
            return true;
        } catch (NamingException e) {
            return false;
        }
    }

    public boolean isReadOnly() {
        return this.directoryConfiguration.getSecurityProtocol().equals(DirectoryConfiguration.PLAIN);
    }

    protected final DirectoryConfiguration getConfiguration() {
        return this.directoryConfiguration;
    }

    protected final SimpleLdapOperations getLdapTemplate() {
        return this.ldapTemplate;
    }

    protected final boolean areCredentialsValid(Identity identity, char[] cArr) throws ConnectorException {
        try {
            DirectoryIdentity directoryIdentity = (DirectoryIdentity) identity;
            getLdapTemplate(directoryIdentity, cArr).lookupContext(directoryIdentity.getDn());
            return true;
        } catch (AuthenticationException e) {
            if (new DirectoryExceptionParser(e).getData().equals("773")) {
                throw new PasswordChangeRequiredException();
            }
            return false;
        } catch (NamingException e2) {
            return false;
        }
    }

    protected SimpleLdapOperations getLdapTemplate(DirectoryIdentity directoryIdentity, char[] cArr) {
        return buildLdapTemplate(directoryIdentity.getDn().toString(), String.valueOf(cArr));
    }

    protected void changePassword(Identity identity, char[] cArr, char[] cArr2) {
        setPassword(getLdapTemplate(), (DirectoryIdentity) identity, cArr2, false);
    }

    protected void setPassword(Identity identity, char[] cArr, boolean z) throws ConnectorException {
        buildLdapTemplate();
        setPassword(this.ldapTemplate, (DirectoryIdentity) identity, cArr, z);
    }

    protected void setPassword(SimpleLdapOperations simpleLdapOperations, DirectoryIdentity directoryIdentity, char[] cArr, boolean z) throws ConnectorException {
        try {
            simpleLdapOperations.getLdapOperations().modifyAttributes(directoryIdentity.getDn(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(this.directoryConfiguration.getIdentityPasswordAttribute(), DefaultEncoderManager.getInstance().encode(cArr, this.directoryConfiguration.getIdentityPasswordEncoding(), "UTF-8", (byte[]) null, (byte[]) null)))});
            setForcePasswordChangeAtNextLogon(directoryIdentity, z);
        } catch (OperationNotSupportedException e) {
            throw new ConnectorException("Failed to set password. Reason code " + processNamingException(e) + ". Please see the logs for more detail.");
        }
    }

    protected String processNamingException(NamingException namingException) {
        return getReason(namingException);
    }

    protected void setForcePasswordChangeAtNextLogon(DirectoryIdentity directoryIdentity, boolean z) {
    }

    public final Identity getIdentityByName(String str) throws PrincipalNotFoundException, ConnectorException {
        String buildIdentityFilter = buildIdentityFilter(str);
        return getPrincipal(buildIdentityFilter, getIdentities(buildIdentityFilter));
    }

    public final Iterator<Identity> allIdentities() throws ConnectorException {
        return getIdentities(buildIdentityFilter(WILDCARD_SEARCH));
    }

    public long countIdentities() throws ConnectorException {
        return -1L;
    }

    public long countRoles() throws ConnectorException {
        return -1L;
    }

    protected String buildIdentityFilter(String str) {
        return buildObjectClassFilter(this.directoryConfiguration.getIdentityObjectClass(), this.directoryConfiguration.getIdentityNameAttribute(), str);
    }

    protected Iterator<Identity> getIdentities(String str) {
        return searchForResults(str, new PrincipalContextMapper<Identity>() { // from class: com.identity4j.connector.directory.DirectoryConnector.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.identity4j.connector.directory.PrincipalContextMapper
            public Identity mapFromContext(DirContextOperations dirContextOperations) {
                return DirectoryConnector.this.mapIdentity(dirContextOperations);
            }
        }, configureSearchControls(new SearchControls()));
    }

    protected Identity mapIdentity(DirContextOperations dirContextOperations) {
        return new DirectoryIdentity(StringUtil.nonNull(dirContextOperations.getStringAttribute(this.directoryConfiguration.getIdentityGuidAttribute())), StringUtil.nonNull(dirContextOperations.getStringAttribute(this.directoryConfiguration.getIdentityNameAttribute())), dirContextOperations.getDn());
    }

    public final Role getRoleByName(String str) throws PrincipalNotFoundException, ConnectorException {
        if (!getConfiguration().isEnableRoles()) {
            throw new PrincipalNotFoundException("Roles are not enabled");
        }
        String buildRoleFilter = buildRoleFilter(str);
        return getPrincipal(buildRoleFilter, getRoles(buildRoleFilter));
    }

    public final Iterator<Role> allRoles() throws ConnectorException {
        return !getConfiguration().isEnableRoles() ? new ArrayList().iterator() : getRoles(buildRoleFilter(WILDCARD_SEARCH));
    }

    private String buildRoleFilter(String str) {
        return buildObjectClassFilter(this.directoryConfiguration.getRoleObjectClass(), this.directoryConfiguration.getRoleNameAttribute(), str);
    }

    protected Iterator<Role> getRoles() {
        return getRoles(buildRoleFilter(WILDCARD_SEARCH));
    }

    protected Iterator<Role> getRoles(String str) {
        return searchForResults(str, new PrincipalContextMapper<Role>() { // from class: com.identity4j.connector.directory.DirectoryConnector.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.identity4j.connector.directory.PrincipalContextMapper
            public Role mapFromContext(DirContextOperations dirContextOperations) {
                return DirectoryConnector.this.mapRole(dirContextOperations);
            }
        }, configureRoleSearchControls(new SearchControls()));
    }

    protected Role mapRole(DirContextOperations dirContextOperations) {
        return new DirectoryRole(StringUtil.nonNull(dirContextOperations.getStringAttribute(this.directoryConfiguration.getRoleGuidAttribute())), StringUtil.nonNull(dirContextOperations.getStringAttribute(this.directoryConfiguration.getRoleNameAttribute())), dirContextOperations.getDn());
    }

    protected final String buildObjectClassFilter(String str, String str2, String str3) {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, str));
        andFilter.and(new LikeFilter(str2, str3));
        return andFilter.encode();
    }

    protected SearchControls configureSearchControls(SearchControls searchControls) {
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(true);
        return searchControls;
    }

    protected SearchControls configureRoleSearchControls(SearchControls searchControls) {
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(true);
        return searchControls;
    }

    protected final <T> Iterator<T> searchForResults(String str, final ParameterizedContextMapper<T> parameterizedContextMapper, SearchControls searchControls) {
        return new SearchResultsIterator(new AbstractFilteredContextMapper<T>(this.directoryConfiguration.getIncludes(), this.directoryConfiguration.getExcludes()) { // from class: com.identity4j.connector.directory.DirectoryConnector.3
            @Override // com.identity4j.connector.directory.AbstractFilteredContextMapper
            protected T onMapFromContext(DirContextOperations dirContextOperations) {
                return (T) parameterizedContextMapper.mapFromContext(dirContextOperations);
            }
        }, Collections.singleton(this.directoryConfiguration.getBaseDn()), str, searchControls);
    }

    protected final String getAttributeValue(Name name, String str) {
        return this.ldapTemplate.lookupContext(name).getStringAttribute(str);
    }

    protected final String getByteValue(String str, DirContextOperations dirContextOperations) {
        byte[] bArr = (byte[]) dirContextOperations.getObjectAttribute(str);
        if (bArr == null) {
            throw new IllegalArgumentException(String.valueOf(str) + " cannot be null");
        }
        return StringUtil.convertByteToString(bArr);
    }

    protected void onOpen(ConnectorConfigurationParameters connectorConfigurationParameters) {
        this.directoryConfiguration = (DirectoryConfiguration) connectorConfigurationParameters;
        try {
            this.ldapTemplate = buildLdapTemplate();
            Name baseDn = this.directoryConfiguration.getBaseDn();
            LOG.info("Looking up " + baseDn);
            this.ldapTemplate.lookupContext(baseDn);
        } catch (NameNotFoundException e) {
            LOG.error("Failed to open connector.", e);
            throw new ConnectorException("Failed to connect to directory because it appears your Base DN is incorrect. Check advanced configuration for this directory. ");
        } catch (AuthenticationException e2) {
            throw new ConnectorException("Failed to authenticate. Check your username and password.", e2);
        } catch (NamingException e3) {
            e3.printStackTrace();
            DirectoryExceptionParser directoryExceptionParser = new DirectoryExceptionParser(e3);
            String message = directoryExceptionParser.getMessage();
            int code = directoryExceptionParser.getCode();
            String reason = directoryExceptionParser.getReason();
            if (code == 1 && reason.equals("000020D6")) {
                throw new ConnectorException("Connected OK, but the initial directory could not be read. Is your Base DN correct?");
            }
            LOG.error("Connected OK, but an error occurred retrieving information from the directory server (operationsErrror). " + message, e3);
            throw new ConnectorException("Failed to connect. " + message + ". Please see the logs for more detail.");
        }
    }

    private SimpleLdapOperations buildLdapTemplate() {
        return buildLdapTemplate(this.directoryConfiguration.getServiceAccountDn(), this.directoryConfiguration.getServiceAccountPassword());
    }

    protected SimpleLdapOperations buildLdapTemplate(String str, String str2) {
        SimpleLdapTemplate simpleLdapTemplate = new SimpleLdapTemplate(new SingleContextSource(buildContextSource(this.directoryConfiguration, str, str2).getReadOnlyContext()));
        simpleLdapTemplate.getLdapOperations().setIgnorePartialResultException(true);
        return simpleLdapTemplate;
    }

    protected String getReason(NamingException namingException) {
        int indexOf;
        String message = getMessage(namingException);
        if (StringUtil.isNullOrEmpty(message) || (indexOf = message.indexOf("LDAP: error code ")) == -1) {
            return "Unknown reason";
        }
        StringTokenizer stringTokenizer = new StringTokenizer(message.substring(indexOf + "LDAP: error code ".length()));
        stringTokenizer.nextToken();
        stringTokenizer.nextToken();
        String nextToken = stringTokenizer.nextToken();
        while (true) {
            String str = nextToken;
            if (!str.endsWith(":")) {
                return str;
            }
            nextToken = str.substring(0, str.length() - 1);
        }
    }

    protected int getCode(NamingException namingException) {
        int indexOf;
        String message = getMessage(namingException);
        if (StringUtil.isNullOrEmpty(message) || (indexOf = message.indexOf("LDAP: error code ")) == -1) {
            return 0;
        }
        return Integer.parseInt(new StringTokenizer(message.substring(indexOf + "LDAP: error code ".length())).nextToken());
    }

    protected String getMessage(NamingException namingException) {
        String explanation = namingException.getExplanation();
        if (StringUtil.isNullOrEmpty(explanation)) {
            return StringUtil.isNullOrEmpty(namingException.getMessage()) ? "No actual error message supplied." : namingException.getMessage();
        }
        if (explanation.startsWith("[")) {
            explanation = explanation.substring(1);
        }
        if (explanation.endsWith("]")) {
            explanation = explanation.substring(0, explanation.length() - 1);
        }
        return explanation;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ContextSource buildContextSource(DirectoryConfiguration directoryConfiguration, String str, String str2) {
        for (String str3 : directoryConfiguration.getControllerHosts()) {
            String controllerHostWithoutPort = DirectoryConfiguration.getControllerHostWithoutPort(str3);
            if (controllerHostWithoutPort.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")) {
                try {
                    if (InetAddress.getByName(controllerHostWithoutPort).getHostName().equals(controllerHostWithoutPort)) {
                        throw new UncategorizedLdapException("LDAP controller host address " + str3 + " is not resolvable by a reverse DNS lookup. Please check your DNS configuration.");
                        break;
                    }
                    continue;
                } catch (UnknownHostException e) {
                }
            }
        }
        try {
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setPassword(str2);
            ldapContextSource.setUrls(directoryConfiguration.getProviderURLList());
            ldapContextSource.setUserDn(str);
            ldapContextSource.setBaseEnvironmentProperties(this.directoryConfiguration.getConnectorConfigurationParameters());
            ldapContextSource.afterPropertiesSet();
            return ldapContextSource;
        } catch (Exception e2) {
            throw new UncategorizedLdapException("Failed to build LdapTemplate", e2);
        }
    }

    public Role createRole(Role role) throws ConnectorException {
        throw new UnsupportedOperationException("Role maintenance is not yet supported");
    }

    public void deleteRole(String str) throws ConnectorException {
        throw new UnsupportedOperationException("Role maintenance is not yet supported");
    }

    public void updateRole(Role role) throws ConnectorException {
        throw new UnsupportedOperationException("Role maintenance is not yet supported");
    }

    public Iterator<BrowseNode> getBrowseableNodes(BrowseNode browseNode) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        searchControls.setReturningObjFlag(true);
        Iterator it = this.ldapTemplate.search("", "(objectclass=*)", searchControls, new AbstractParameterizedContextMapper<List<BrowseNode>>() { // from class: com.identity4j.connector.directory.DirectoryConnector.4
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
            public List<BrowseNode> m3doMapFromContext(DirContextOperations dirContextOperations) {
                ArrayList arrayList = new ArrayList();
                String[] stringAttributes = dirContextOperations.getStringAttributes("namingContexts");
                if (stringAttributes == null || stringAttributes.length == 0) {
                    System.err.println("******* NO ROOT DSES");
                } else {
                    for (final String str : stringAttributes) {
                        arrayList.add(new BrowseNode() { // from class: com.identity4j.connector.directory.DirectoryConnector.4.1
                            public boolean isLeaf() {
                                return false;
                            }

                            public String toString() {
                                return str;
                            }
                        });
                    }
                }
                return arrayList;
            }
        }, (DirContextProcessor) null).iterator();
        return it.hasNext() ? ((List) it.next()).iterator() : new ArrayList().iterator();
    }
}
