package org.apache.doris.ldap;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.doris.catalog.Env;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.LdapConfig;
import org.apache.doris.common.util.NetUtils;
import org.apache.doris.common.util.SymmetricEncryption;
import org.apache.doris.persist.LdapInfo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.pool.factory.PoolingContextSource;
import org.springframework.ldap.pool.validation.DefaultDirContextValidator;
import org.springframework.ldap.query.LdapQuery;
import org.springframework.ldap.query.LdapQueryBuilder;
import org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy;

/* loaded from: input_file:org/apache/doris/ldap/LdapClient.class */
public class LdapClient {
    private static final Logger LOG = LogManager.getLogger(LdapClient.class);
    private volatile ClientInfo clientInfo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/doris/ldap/LdapClient$ClientInfo.class */
    public static class ClientInfo {
        private LdapTemplate ldapTemplateNoPool;
        private LdapTemplate ldapTemplatePool;
        private String ldapPassword;

        public ClientInfo(String str) {
            this.ldapPassword = str;
            setLdapTemplateNoPool(str);
            setLdapTemplatePool(str);
        }

        private void setLdapTemplateNoPool(String str) {
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setUrl("ldap://" + NetUtils.getHostPortInAccessibleFormat(LdapConfig.ldap_host, LdapConfig.ldap_port));
            ldapContextSource.setUserDn(LdapConfig.ldap_admin_name);
            ldapContextSource.setPassword(str);
            ldapContextSource.afterPropertiesSet();
            this.ldapTemplateNoPool = new LdapTemplate(ldapContextSource);
        }

        private void setLdapTemplatePool(String str) {
            LdapContextSource ldapContextSource = new LdapContextSource();
            ldapContextSource.setUrl("ldap://" + NetUtils.getHostPortInAccessibleFormat(LdapConfig.ldap_host, LdapConfig.ldap_port));
            ldapContextSource.setUserDn(LdapConfig.ldap_admin_name);
            ldapContextSource.setPassword(str);
            ldapContextSource.setPooled(true);
            ldapContextSource.afterPropertiesSet();
            PoolingContextSource poolingContextSource = new PoolingContextSource();
            poolingContextSource.setDirContextValidator(new DefaultDirContextValidator());
            poolingContextSource.setContextSource(ldapContextSource);
            poolingContextSource.setMaxActive(LdapConfig.ldap_pool_max_active);
            poolingContextSource.setMaxTotal(LdapConfig.ldap_pool_max_total);
            poolingContextSource.setMaxIdle(LdapConfig.ldap_pool_max_idle);
            poolingContextSource.setMaxWait(LdapConfig.ldap_pool_max_wait);
            poolingContextSource.setMinIdle(LdapConfig.ldap_pool_min_idle);
            poolingContextSource.setWhenExhaustedAction(LdapConfig.ldap_pool_when_exhausted);
            poolingContextSource.setTestOnBorrow(LdapConfig.ldap_pool_test_on_borrow);
            poolingContextSource.setTestOnReturn(LdapConfig.ldap_pool_test_on_return);
            poolingContextSource.setTestWhileIdle(LdapConfig.ldap_pool_test_while_idle);
            this.ldapTemplatePool = new LdapTemplate(new TransactionAwareContextSourceProxy(poolingContextSource));
        }

        public boolean checkUpdate(String str) {
            return this.ldapPassword == null || !this.ldapPassword.equals(str);
        }

        public LdapTemplate getLdapTemplateNoPool() {
            return this.ldapTemplateNoPool;
        }

        public LdapTemplate getLdapTemplatePool() {
            return this.ldapTemplatePool;
        }

        public String getLdapPassword() {
            return this.ldapPassword;
        }

        public void setLdapPassword(String str) {
            this.ldapPassword = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ClientInfo)) {
                return false;
            }
            ClientInfo clientInfo = (ClientInfo) obj;
            if (!clientInfo.canEqual(this)) {
                return false;
            }
            LdapTemplate ldapTemplateNoPool = getLdapTemplateNoPool();
            LdapTemplate ldapTemplateNoPool2 = clientInfo.getLdapTemplateNoPool();
            if (ldapTemplateNoPool == null) {
                if (ldapTemplateNoPool2 != null) {
                    return false;
                }
            } else if (!ldapTemplateNoPool.equals(ldapTemplateNoPool2)) {
                return false;
            }
            LdapTemplate ldapTemplatePool = getLdapTemplatePool();
            LdapTemplate ldapTemplatePool2 = clientInfo.getLdapTemplatePool();
            if (ldapTemplatePool == null) {
                if (ldapTemplatePool2 != null) {
                    return false;
                }
            } else if (!ldapTemplatePool.equals(ldapTemplatePool2)) {
                return false;
            }
            String ldapPassword = getLdapPassword();
            String ldapPassword2 = clientInfo.getLdapPassword();
            return ldapPassword == null ? ldapPassword2 == null : ldapPassword.equals(ldapPassword2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof ClientInfo;
        }

        public int hashCode() {
            LdapTemplate ldapTemplateNoPool = getLdapTemplateNoPool();
            int hashCode = (1 * 59) + (ldapTemplateNoPool == null ? 43 : ldapTemplateNoPool.hashCode());
            LdapTemplate ldapTemplatePool = getLdapTemplatePool();
            int hashCode2 = (hashCode * 59) + (ldapTemplatePool == null ? 43 : ldapTemplatePool.hashCode());
            String ldapPassword = getLdapPassword();
            return (hashCode2 * 59) + (ldapPassword == null ? 43 : ldapPassword.hashCode());
        }

        public String toString() {
            return "LdapClient.ClientInfo(ldapTemplateNoPool=" + getLdapTemplateNoPool() + ", ldapTemplatePool=" + getLdapTemplatePool() + ", ldapPassword=" + getLdapPassword() + ")";
        }
    }

    private void init() {
        LdapInfo ldapInfo = Env.getCurrentEnv().getAuth().getLdapInfo();
        if (ldapInfo == null || !ldapInfo.isValid()) {
            LOG.error("info is null, maybe no ldap admin password is set.");
            ErrorReport.report(ErrorCode.ERROR_LDAP_CONFIGURATION_ERR, new Object[0]);
            throw new RuntimeException("ldapTemplate is not initialized");
        }
        String decrypt = SymmetricEncryption.decrypt(ldapInfo.getLdapPasswdEncrypted(), ldapInfo.getSecretKey(), ldapInfo.getIv());
        if (this.clientInfo == null || this.clientInfo.checkUpdate(decrypt)) {
            synchronized (LdapClient.class) {
                if (this.clientInfo == null || this.clientInfo.checkUpdate(decrypt)) {
                    this.clientInfo = new ClientInfo(decrypt);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean doesUserExist(String str) {
        if (getUserDn(str) != null) {
            return true;
        }
        LOG.debug("User:{} does not exist in LDAP.", str);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkPassword(String str, String str2) {
        init();
        try {
            this.clientInfo.getLdapTemplateNoPool().authenticate(LdapQueryBuilder.query().base(LdapConfig.ldap_user_basedn).filter(getUserFilter(LdapConfig.ldap_user_filter, str)), str2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getGroups(String str) {
        String userDn;
        List<String> dn;
        ArrayList newArrayList = Lists.newArrayList();
        if (!LdapConfig.ldap_group_basedn.isEmpty() && (userDn = getUserDn(str)) != null && (dn = getDn(LdapQueryBuilder.query().base(LdapConfig.ldap_group_basedn).where("member").is(userDn))) != null) {
            Iterator<String> it = dn.iterator();
            while (it.hasNext()) {
                String[] split = it.next().split("[,=]", 3);
                if (split.length > 2) {
                    newArrayList.add(split[1]);
                }
            }
            return newArrayList;
        }
        return newArrayList;
    }

    private String getUserDn(String str) {
        List<String> dn = getDn(LdapQueryBuilder.query().base(LdapConfig.ldap_user_basedn).filter(getUserFilter(LdapConfig.ldap_user_filter, str)));
        if (dn == null || dn.isEmpty()) {
            return null;
        }
        if (dn.size() <= 1) {
            return dn.get(0);
        }
        LOG.error("{} not unique in LDAP server:{}", getUserFilter(LdapConfig.ldap_user_filter, str), dn);
        ErrorReport.report(ErrorCode.ERROR_LDAP_USER_NOT_UNIQUE_ERR, str);
        throw new RuntimeException("User is not unique");
    }

    private List<String> getDn(LdapQuery ldapQuery) {
        init();
        try {
            return this.clientInfo.getLdapTemplatePool().search(ldapQuery, new AbstractContextMapper<String>() { // from class: org.apache.doris.ldap.LdapClient.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* renamed from: doMapFromContext, reason: merged with bridge method [inline-methods] */
                public String m1698doMapFromContext(DirContextOperations dirContextOperations) {
                    return dirContextOperations.getNameInNamespace();
                }
            });
        } catch (Exception e) {
            LOG.error("Get user dn fail.", e);
            ErrorReport.report(ErrorCode.ERROR_LDAP_CONFIGURATION_ERR, new Object[0]);
            throw e;
        }
    }

    private String getUserFilter(String str, String str2) {
        return str.replaceAll("\\{login}", str2);
    }
}
