package org.keycloak.models.map.storage.ldap.store;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.Binding;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLSocketFactory;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.map.storage.ldap.config.LdapMapConfig;
import org.keycloak.models.map.storage.ldap.model.LdapMapDn;
import org.keycloak.truststore.TruststoreProvider;

/* loaded from: input_file:org/keycloak/models/map/storage/ldap/store/LdapMapOperationManager.class */
public class LdapMapOperationManager implements AutoCloseable {
    private static final Logger logger = Logger.getLogger(LdapMapOperationManager.class);
    private static final Logger perfLogger = Logger.getLogger(LdapMapOperationManager.class, "perf");
    private final KeycloakSession session;
    private final LdapMapConfig config;
    private LdapMapContextManager ldapMapContextManager;

    /* loaded from: input_file:org/keycloak/models/map/storage/ldap/store/LdapMapOperationManager$LdapOperation.class */
    public interface LdapOperation<R> {
        R execute(LdapContext ldapContext) throws NamingException;
    }

    public LdapMapOperationManager(KeycloakSession keycloakSession, LdapMapConfig ldapMapConfig) {
        this.session = keycloakSession;
        this.config = ldapMapConfig;
    }

    public void modifyAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(2, attribute)}, null);
    }

    public void modifyAttributes(String str, NamingEnumeration<Attribute> namingEnumeration) {
        try {
            ArrayList arrayList = new ArrayList();
            while (namingEnumeration.hasMore()) {
                arrayList.add(new ModificationItem(2, (Attribute) namingEnumeration.next()));
            }
            modifyAttributes(str, (ModificationItem[]) arrayList.toArray(new ModificationItem[0]), null);
        } catch (NamingException e) {
            throw new ModelException("Could not modify attributes on entry from DN [" + str + "]", e);
        }
    }

    public void removeAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(3, attribute)}, null);
    }

    public void addAttribute(String str, Attribute attribute) {
        modifyAttributes(str, new ModificationItem[]{new ModificationItem(1, attribute)}, null);
    }

    public void removeEntry(final String str) {
        try {
            execute(new LdapOperation<SearchResult>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
                public SearchResult execute(LdapContext ldapContext) {
                    if (LdapMapOperationManager.logger.isTraceEnabled()) {
                        LdapMapOperationManager.logger.tracef("Removing entry with DN [%s]", str);
                    }
                    LdapMapOperationManager.this.destroySubcontext(ldapContext, str);
                    return null;
                }

                public String toString() {
                    return "LdapOperation: remove\n dn: " + str;
                }
            });
        } catch (NamingException e) {
            throw new ModelException("Could not remove entry from DN [" + str + "]", e);
        }
    }

    public String renameEntry(final String str, final String str2, final boolean z) {
        try {
            return (String) execute(new LdapOperation<String>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
                public String execute(LdapContext ldapContext) throws NamingException {
                    String str3 = str2;
                    for (int i = 0; i < 5; i++) {
                        try {
                            ldapContext.rename(new LdapName(str), new LdapName(str3));
                            return str3;
                        } catch (NameAlreadyBoundException e) {
                            if (!z) {
                                throw e;
                            }
                            String str4 = str3;
                            str3 = LdapMapOperationManager.this.findNextDNForFallback(str2, i);
                            LdapMapOperationManager.logger.warnf("Failed to rename DN [%s] to [%s]. Will try to fallback to DN [%s]", str, str4, str3);
                        }
                    }
                    throw new ModelException("Could not rename entry from DN [" + str + "] to new DN [" + str2 + "]. All fallbacks failed");
                }

                public String toString() {
                    return "LdapOperation: renameEntry\n oldDn: " + str + "\n newDn: " + str2;
                }
            });
        } catch (NamingException e) {
            throw new ModelException("Could not rename entry from DN [" + str + "] to new DN [" + str2 + "]", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String findNextDNForFallback(String str, int i) {
        LdapMapDn fromString = LdapMapDn.fromString(str);
        LdapMapDn.RDN firstRdn = fromString.getFirstRdn();
        String str2 = firstRdn.getAllKeys().get(0);
        String attrValue = firstRdn.getAttrValue(str2);
        LdapMapDn parentDn = fromString.getParentDn();
        parentDn.addFirst(str2, attrValue + i);
        return parentDn.toString();
    }

    public List<SearchResult> search(final String str, final String str2, final Collection<String> collection, final int i) throws NamingException {
        final ArrayList arrayList = new ArrayList();
        final SearchControls searchControls = getSearchControls(collection, i);
        return (List) execute(new LdapOperation<List<SearchResult>>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
            public List<SearchResult> execute(LdapContext ldapContext) throws NamingException {
                NamingEnumeration search = ldapContext.search(new LdapName(str), str2, searchControls);
                while (search.hasMoreElements()) {
                    arrayList.add((SearchResult) search.nextElement());
                }
                search.close();
                return arrayList;
            }

            public String toString() {
                return "LdapOperation: search\n baseDn: " + str + "\n filter: " + str2 + "\n searchScope: " + i + "\n returningAttrs: " + collection + "\n resultSize: " + arrayList.size();
            }
        });
    }

    private SearchControls getSearchControls(Collection<String> collection, int i) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(i);
        searchControls.setReturningObjFlag(false);
        searchControls.setReturningAttributes((String[]) getReturningAttributes(collection).toArray(new String[0]));
        return searchControls;
    }

    public String getFilterById(String str) {
        StringBuilder sb = new StringBuilder();
        sb.insert(0, "(&");
        if (this.config.isObjectGUID()) {
            sb.append("(objectClass=*)(").append(getUuidAttributeName()).append("=").append(LdapMapUtil.convertObjectGUIDToByteString(LdapMapUtil.encodeObjectGUID(str))).append(")");
        } else if (this.config.isEdirectoryGUID()) {
            sb.append("(objectClass=*)(").append(getUuidAttributeName().toUpperCase()).append("=").append(LdapMapUtil.convertGUIDToEdirectoryHexString(str)).append(")");
        } else {
            sb.append("(objectClass=*)(").append(getUuidAttributeName()).append("=").append(str).append(")");
        }
        if (this.config.getCustomUserSearchFilter() != null) {
            sb.append(this.config.getCustomUserSearchFilter());
        }
        sb.append(")");
        String sb2 = sb.toString();
        logger.tracef("Using filter for lookup user by LDAP ID: %s", sb2);
        return sb2;
    }

    public SearchResult lookupById(final String str, String str2, final Collection<String> collection) {
        final String filterById = getFilterById(str2);
        try {
            final SearchControls searchControls = getSearchControls(collection, this.config.getSearchScope());
            return (SearchResult) execute(new LdapOperation<SearchResult>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
                public SearchResult execute(LdapContext ldapContext) throws NamingException {
                    NamingEnumeration search = ldapContext.search(new LdapName(str), filterById, searchControls);
                    try {
                        if (!search.hasMoreElements()) {
                        }
                        SearchResult searchResult = (SearchResult) search.next();
                        if (search != null) {
                            search.close();
                        }
                        return searchResult;
                    } finally {
                        if (search != null) {
                            search.close();
                        }
                    }
                }

                public String toString() {
                    return "LdapOperation: lookupById\n baseDN: " + str + "\n filter: " + filterById + "\n searchScope: " + searchControls.getSearchScope() + "\n returningAttrs: " + collection;
                }
            });
        } catch (NamingException e) {
            throw new ModelException("Could not query server using DN [" + str + "] and filter [" + filterById + "]", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void destroySubcontext(LdapContext ldapContext, String str) {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = ldapContext.listBindings(new LdapName(str));
                while (namingEnumeration.hasMore()) {
                    destroySubcontext(ldapContext, ((Binding) namingEnumeration.next()).getNameInNamespace());
                }
                ldapContext.unbind(new LdapName(str));
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (Exception e) {
                        logger.warn("problem during close", e);
                    }
                }
            } finally {
            }
        } catch (Exception e2) {
            throw new ModelException("Could not unbind DN [" + str + "]", e2);
        }
    }

    public void authenticate(String str, String str2) throws AuthenticationException {
        if (str2 == null || str2.isEmpty()) {
            throw new AuthenticationException("Empty password used");
        }
        LdapContext ldapContext = null;
        StartTlsResponse startTlsResponse = null;
        try {
            try {
                Hashtable<Object, Object> nonAuthConnectionProperties = LdapMapContextManager.getNonAuthConnectionProperties(this.config);
                nonAuthConnectionProperties.put("com.sun.jndi.ldap.connect.pool", "false");
                if (!this.config.isStartTls()) {
                    nonAuthConnectionProperties.put("java.naming.security.authentication", "simple");
                    nonAuthConnectionProperties.put("java.naming.security.principal", str);
                    nonAuthConnectionProperties.put("java.naming.security.credentials", str2);
                }
                ldapContext = new InitialLdapContext(nonAuthConnectionProperties, (Control[]) null);
                if (this.config.isStartTls()) {
                    SSLSocketFactory sSLSocketFactory = null;
                    String useTruststoreSpi = this.config.getUseTruststoreSpi();
                    if (useTruststoreSpi != null && useTruststoreSpi.equals("always")) {
                        sSLSocketFactory = this.session.getProvider(TruststoreProvider.class).getSSLSocketFactory();
                    }
                    startTlsResponse = LdapMapContextManager.startTLS(ldapContext, "simple", str, str2.toCharArray(), sSLSocketFactory);
                    if (startTlsResponse == null) {
                        throw new AuthenticationException("Null TLS Response returned from the authentication");
                    }
                }
                if (startTlsResponse != null) {
                    try {
                        startTlsResponse.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e2) {
                        e2.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (startTlsResponse != null) {
                    try {
                        startTlsResponse.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e4) {
                        e4.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (RuntimeException e5) {
            if (logger.isDebugEnabled()) {
                logger.debugf(e5, "LDAP Connection TimeOut for DN [%s]", str);
            }
            throw e5;
        } catch (AuthenticationException e6) {
            if (logger.isDebugEnabled()) {
                logger.debugf(e6, "Authentication failed for DN [%s]", str);
            }
            throw e6;
        } catch (Exception e7) {
            logger.errorf(e7, "Unexpected exception when validating password of DN [%s]", str);
            throw new AuthenticationException("Unexpected exception when validating password of user");
        }
    }

    public void modifyAttributesNaming(final String str, final ModificationItem[] modificationItemArr, LdapMapOperationDecorator ldapMapOperationDecorator) throws NamingException {
        if (logger.isTraceEnabled()) {
            logger.tracef("Modifying attributes for entry [%s]: [", str);
            for (ModificationItem modificationItem : modificationItemArr) {
                String str2 = modificationItem.getAttribute().size() > 0 ? modificationItem.getAttribute().get() : "No values";
                String upperCase = modificationItem.getAttribute().getID().toUpperCase();
                if (upperCase.contains("PASSWORD") || upperCase.contains("UNICODEPWD")) {
                    str2 = "********************";
                }
                logger.tracef("  Op [%s]: %s = %s", modificationItem.getModificationOp(), modificationItem.getAttribute().getID(), str2);
            }
            logger.tracef("]", new Object[0]);
        }
        execute(new LdapOperation<Void>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
            public Void execute(LdapContext ldapContext) throws NamingException {
                ldapContext.modifyAttributes(new LdapName(str), modificationItemArr);
                return null;
            }

            public String toString() {
                return "LdapOperation: modify\n dn: " + str + "\n modificationsSize: " + modificationItemArr.length;
            }
        }, ldapMapOperationDecorator);
    }

    public void modifyAttributes(String str, ModificationItem[] modificationItemArr, LdapMapOperationDecorator ldapMapOperationDecorator) {
        try {
            modifyAttributesNaming(str, modificationItemArr, ldapMapOperationDecorator);
        } catch (NamingException e) {
            throw new ModelException("Could not modify attribute for DN [" + str + "]", e);
        }
    }

    public void createSubContext(final String str, final Attributes attributes) {
        try {
            if (logger.isTraceEnabled()) {
                logger.tracef("Creating entry [%s] with attributes: [", str);
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    String upperCase = attribute.getID().toUpperCase();
                    Object obj = attribute.get();
                    if (upperCase.contains("PASSWORD") || upperCase.contains("UNICODEPWD")) {
                        obj = "********************";
                    }
                    logger.tracef("  %s = %s", attribute.getID(), obj);
                }
                logger.tracef("]", new Object[0]);
            }
            execute(new LdapOperation<Void>() { // from class: org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.keycloak.models.map.storage.ldap.store.LdapMapOperationManager.LdapOperation
                public Void execute(LdapContext ldapContext) throws NamingException {
                    ldapContext.createSubcontext(new LdapName(str), attributes).close();
                    return null;
                }

                public String toString() {
                    return "LdapOperation: create\n dn: " + str + "\n attributesSize: " + attributes.size();
                }
            });
        } catch (NamingException e) {
            throw new ModelException("Error creating subcontext [" + str + "]", e);
        }
    }

    private String getUuidAttributeName() {
        return this.config.getUuidLDAPAttributeName();
    }

    public Attributes getAttributes(String str, String str2, Set<String> set) {
        SearchResult lookupById = lookupById(str2, str, set);
        if (lookupById == null) {
            throw new ModelException("Couldn't find item with ID [" + str + " under base DN [" + str2 + "]");
        }
        return lookupById.getAttributes();
    }

    public String decodeEntryUUID(Object obj) {
        if (obj instanceof byte[]) {
            if (this.config.isObjectGUID()) {
                return LdapMapUtil.decodeObjectGUID((byte[]) obj);
            }
            if (this.config.isEdirectory() && this.config.isEdirectoryGUID()) {
                return LdapMapUtil.decodeGuid((byte[]) obj);
            }
        }
        return obj.toString();
    }

    private <R> R execute(LdapOperation<R> ldapOperation) throws NamingException {
        return (R) execute(ldapOperation, null);
    }

    private <R> R execute(LdapOperation<R> ldapOperation, LdapMapOperationDecorator ldapMapOperationDecorator) throws NamingException {
        return (R) execute(ldapOperation, getLdapContextManager().getLdapContext(), ldapMapOperationDecorator);
    }

    private LdapMapContextManager getLdapContextManager() {
        if (this.ldapMapContextManager == null) {
            this.ldapMapContextManager = LdapMapContextManager.create(this.session, this.config);
        }
        return this.ldapMapContextManager;
    }

    /* JADX WARN: Finally extract failed */
    private <R> R execute(LdapOperation<R> ldapOperation, LdapContext ldapContext, LdapMapOperationDecorator ldapMapOperationDecorator) throws NamingException {
        if (ldapContext == null) {
            throw new IllegalArgumentException("Ldap context cannot be null");
        }
        Long l = null;
        if (perfLogger.isDebugEnabled()) {
            l = Long.valueOf(Time.currentTimeMillis());
        }
        if (ldapMapOperationDecorator != null) {
            try {
                ldapMapOperationDecorator.beforeLDAPOperation(ldapContext, ldapOperation);
            } catch (Throwable th) {
                if (l != null) {
                    long currentTimeMillis = Time.currentTimeMillis() - l.longValue();
                    if (currentTimeMillis > 100) {
                        perfLogger.debugf("\n%s\ntook: %d ms\n", ldapOperation.toString(), Long.valueOf(currentTimeMillis));
                    } else if (perfLogger.isTraceEnabled()) {
                        perfLogger.tracef("\n%s\ntook: %d ms\n", ldapOperation.toString(), Long.valueOf(currentTimeMillis));
                    }
                }
                throw th;
            }
        }
        R execute = ldapOperation.execute(ldapContext);
        if (l != null) {
            long currentTimeMillis2 = Time.currentTimeMillis() - l.longValue();
            if (currentTimeMillis2 > 100) {
                perfLogger.debugf("\n%s\ntook: %d ms\n", ldapOperation.toString(), Long.valueOf(currentTimeMillis2));
            } else if (perfLogger.isTraceEnabled()) {
                perfLogger.tracef("\n%s\ntook: %d ms\n", ldapOperation.toString(), Long.valueOf(currentTimeMillis2));
            }
        }
        return execute;
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.ldapMapContextManager.close();
    }

    private Set<String> getReturningAttributes(Collection<String> collection) {
        HashSet hashSet = new HashSet(collection);
        hashSet.add(getUuidAttributeName());
        hashSet.add("objectclass");
        return hashSet;
    }
}
