package org.eclipse.emf.cdo.internal.server;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.StringJoiner;
import java.util.StringTokenizer;
import java.util.WeakHashMap;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.eclipse.emf.cdo.internal.server.bundle.OM;
import org.eclipse.emf.cdo.server.IRepositoryProtector;
import org.eclipse.emf.cdo.spi.server.RepositoryConfigurator;
import org.eclipse.net4j.util.ObjectUtil;
import org.eclipse.net4j.util.StringUtil;
import org.eclipse.net4j.util.collection.Tree;
import org.eclipse.net4j.util.ref.Interner;
import org.eclipse.net4j.util.security.SecurityUtil;

/* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator.class */
public class LDAPUserAuthenticator extends IRepositoryProtector.UserAuthenticator {
    public static final String SCOPE_OBJECT = "object";
    public static final String SCOPE_ONELEVEL = "onelevel";
    public static final String SCOPE_SUBTREE = "subtree";
    public static final String FILTER_ANY = "(objectClass=*)";
    private final Tree config;
    private final Map<String, EnvironmentConfig> environmentConfigs = new HashMap();
    private final Map<LDAPDN, LDAPEntry> entries = new WeakHashMap();

    /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$EnvironmentConfig.class */
    public static final class EnvironmentConfig {
        private final String id;
        private final List<String> inherits;
        private final Map<String, String> properties;

        public EnvironmentConfig(String str, String str2, Map<String, String> map) {
            this.id = checkID(str);
            this.inherits = LDAPUserAuthenticator.parseStrings(str2, (List<String>) Collections.emptyList());
            this.properties = Collections.unmodifiableMap(map);
        }

        public final String id() {
            return this.id;
        }

        public final List<String> inherits() {
            return this.inherits;
        }

        public Map<String, String> properties() {
            return this.properties;
        }

        public int hashCode() {
            return Objects.hash(this.id, this.inherits, this.properties);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            EnvironmentConfig environmentConfig = (EnvironmentConfig) obj;
            return Objects.equals(this.id, environmentConfig.id) && Objects.equals(this.inherits, environmentConfig.inherits) && Objects.equals(this.properties, environmentConfig.properties);
        }

        public String toString() {
            return "EnvironmentConfig[" + this.id + "]";
        }

        private static String checkID(String str) throws IllegalArgumentException {
            if (StringUtil.isEmpty(str)) {
                return null;
            }
            if (str.indexOf(44) != -1) {
                throw new IllegalArgumentException("Illegal environment ID: " + str);
            }
            return str.trim();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @FunctionalInterface
    /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$LDAPCallable.class */
    public interface LDAPCallable<T> {
        T call(DirContext dirContext) throws NamingException;
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$LDAPDN.class */
    public static final class LDAPDN {
        private static final DNInterner INTERNER = new DNInterner(null);
        private final String value;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$LDAPDN$DNInterner.class */
        public static final class DNInterner extends Interner<LDAPDN> {
            private DNInterner() {
            }

            public synchronized LDAPDN intern(String str) {
                int hashCode = LDAPDN.getHashCode(str);
                Interner.Entry entry = getEntry(hashCode);
                while (true) {
                    Interner.Entry entry2 = entry;
                    if (entry2 == null) {
                        LDAPDN ldapdn = new LDAPDN(str, null);
                        addEntry(createEntry(ldapdn, hashCode));
                        return ldapdn;
                    }
                    LDAPDN ldapdn2 = (LDAPDN) entry2.get();
                    if (ldapdn2 != null && Objects.equals(ldapdn2.value, str)) {
                        return ldapdn2;
                    }
                    entry = entry2.getNextEntry();
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public int hashCode(LDAPDN ldapdn) {
                return LDAPDN.getHashCode(ldapdn.value);
            }

            /* synthetic */ DNInterner(DNInterner dNInterner) {
                this();
            }
        }

        private LDAPDN(String str) {
            this.value = (String) Objects.requireNonNull(str);
        }

        public String toString() {
            return this.value;
        }

        public int hashCode() {
            return getHashCode(this.value);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static int getHashCode(String str) {
            return Objects.hashCode(str);
        }

        public static LDAPDN create(String str) {
            if (str == null) {
                return null;
            }
            return INTERNER.intern(str);
        }

        /* synthetic */ LDAPDN(String str, LDAPDN ldapdn) {
            this(str);
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$LDAPEntry.class */
    public static final class LDAPEntry {
        private final LDAPDN dn;
        private final String rdn;
        private final Attributes attributes;
        private final Object object;

        private LDAPEntry(LDAPDN ldapdn, String str, Attributes attributes, Object obj) {
            this.dn = (LDAPDN) Objects.requireNonNull(ldapdn);
            this.rdn = str;
            this.attributes = attributes;
            this.object = obj;
        }

        public LDAPDN DN() {
            return this.dn;
        }

        public String RDN() {
            return this.rdn;
        }

        public String PDN() {
            if (this.rdn == null) {
                return null;
            }
            String ldapdn = this.dn.toString();
            String trim = ldapdn.substring(this.rdn.length()).trim();
            if (trim.length() != 0 && trim.charAt(0) == ',') {
                trim = ldapdn.substring(1).trim();
            }
            return trim;
        }

        public Attributes attributes() {
            return this.attributes;
        }

        public Object object() {
            return this.object;
        }

        public int hashCode() {
            return this.dn.hashCode();
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            return obj != null && getClass() == obj.getClass() && this.dn == ((LDAPEntry) obj).dn;
        }

        public String toString() {
            return "LDAPEntry[" + this.dn + "]";
        }

        /* synthetic */ LDAPEntry(LDAPDN ldapdn, String str, Attributes attributes, Object obj, LDAPEntry lDAPEntry) {
            this(ldapdn, str, attributes, obj);
        }
    }

    /* loaded from: input_file:org/eclipse/emf/cdo/internal/server/LDAPUserAuthenticator$LDAPUserInfo.class */
    public static class LDAPUserInfo extends IRepositoryProtector.UserInfo {
        private final LDAPDN userDN;
        private final Set<LDAPDN> groupDNs;

        public LDAPUserInfo(String str, LDAPDN ldapdn, Set<LDAPDN> set) {
            super((String) Objects.requireNonNull(str));
            this.userDN = (LDAPDN) Objects.requireNonNull(ldapdn);
            this.groupDNs = ObjectUtil.isEmpty(set) ? Collections.emptySet() : Collections.unmodifiableSet(set);
        }

        public LDAPUserInfo(String str, LDAPDN ldapdn) {
            this(str, ldapdn, null);
        }

        public final LDAPDN userDN() {
            return this.userDN;
        }

        public Set<LDAPDN> groupDNs() {
            return this.groupDNs;
        }

        public boolean groupMember(LDAPDN ldapdn) {
            return this.groupDNs.contains(ldapdn);
        }

        @Override // org.eclipse.emf.cdo.server.IRepositoryProtector.UserInfo
        protected boolean isStructurallyEqual(IRepositoryProtector.UserInfo userInfo) {
            LDAPUserInfo lDAPUserInfo = (LDAPUserInfo) userInfo;
            return this.userDN == lDAPUserInfo.userDN && this.groupDNs.equals(lDAPUserInfo.groupDNs());
        }
    }

    public LDAPUserAuthenticator(Tree tree) {
        this.config = tree;
    }

    @Override // org.eclipse.emf.cdo.server.IRepositoryProtector.UserAuthenticator
    public Class<? extends IRepositoryProtector.UserInfo> getUserInfoClass() {
        return LDAPUserInfo.class;
    }

    @Override // org.eclipse.emf.cdo.server.IRepositoryProtector.UserAuthenticator
    public IRepositoryProtector.UserInfo authenticateUser(String str, char[] cArr) {
        String securityUtil = SecurityUtil.toString(cArr);
        if (StringUtil.isEmpty(securityUtil)) {
            return null;
        }
        try {
            LDAPEntry searchUser = searchUser(str);
            if (searchUser != null) {
                return loginUser(str, securityUtil, searchUser);
            }
            return null;
        } catch (AuthenticationException e) {
            return null;
        } catch (Exception e2) {
            OM.LOG.error(e2);
            return null;
        }
    }

    protected LDAPEntry searchUser(String str) throws NamingException {
        Tree child = this.config.child("searchUser");
        if (child == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(stringSubstitutionKey("USER_ID"), str);
        List<LDAPEntry> ldapSearch = ldapSearch(child, hashMap, null);
        if (ldapSearch.size() > 1) {
            throw new IllegalStateException("User " + str + " has multiple LDAP entries: " + ldapSearch);
        }
        if (ldapSearch.isEmpty()) {
            return null;
        }
        return ldapSearch.get(0);
    }

    protected LDAPUserInfo loginUser(String str, String str2, LDAPEntry lDAPEntry) throws NamingException {
        HashMap hashMap = new HashMap();
        hashMap.put(stringSubstitutionKey("USER_ID"), str);
        hashMap.put(stringSubstitutionKey("USER_PW"), str2);
        addStringSubstitutions(hashMap, "USER_", lDAPEntry);
        Tree child = this.config.child("loginUser");
        return (LDAPUserInfo) ldapCall(createEnvironment(expandValue((String) child.attributes().get("environment"), hashMap), hashMap), dirContext -> {
            return createUserInfo(str, lDAPEntry, child, dirContext);
        });
    }

    protected LDAPUserInfo createUserInfo(String str, LDAPEntry lDAPEntry, Tree tree, DirContext dirContext) throws NamingException {
        List<LDAPEntry> searchGroups;
        List<LDAPEntry> extractGroups;
        HashSet hashSet = new HashSet();
        Tree child = tree.child("extractGroups");
        if (child != null && (extractGroups = extractGroups(str, lDAPEntry, child, dirContext)) != null) {
            extractGroups.forEach(lDAPEntry2 -> {
                hashSet.add(lDAPEntry2.DN());
            });
        }
        Tree child2 = tree.child("searchGroups");
        if (child2 != null && (searchGroups = searchGroups(str, lDAPEntry, child2, dirContext)) != null) {
            searchGroups.forEach(lDAPEntry3 -> {
                hashSet.add(lDAPEntry3.DN());
            });
        }
        return new LDAPUserInfo(str, lDAPEntry.DN(), hashSet);
    }

    protected List<LDAPEntry> extractGroups(String str, LDAPEntry lDAPEntry, Tree tree, DirContext dirContext) throws NamingException {
        return null;
    }

    protected List<LDAPEntry> searchGroups(String str, LDAPEntry lDAPEntry, Tree tree, DirContext dirContext) throws NamingException {
        HashMap hashMap = new HashMap();
        hashMap.put(stringSubstitutionKey("USER_ID"), str);
        addStringSubstitutions(hashMap, "USER_", lDAPEntry);
        return ldapSearch(tree, hashMap, dirContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.Map<org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPDN, org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPEntry>] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8 */
    public final Map<LDAPDN, LDAPEntry> ldapEntries(Collection<LDAPDN> collection) {
        HashMap hashMap = new HashMap();
        ?? r0 = this.entries;
        synchronized (r0) {
            for (LDAPDN ldapdn : collection) {
                LDAPEntry lDAPEntry = this.entries.get(ldapdn);
                if (lDAPEntry != null) {
                    hashMap.put(ldapdn, lDAPEntry);
                }
            }
            r0 = r0;
            return hashMap;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPDN, org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPEntry>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPEntry] */
    public final LDAPEntry ldapEntry(LDAPDN ldapdn) {
        LDAPEntry lDAPEntry = this.entries;
        synchronized (lDAPEntry) {
            lDAPEntry = this.entries.get(ldapdn);
        }
        return lDAPEntry;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.util.Map<org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPDN, org.eclipse.emf.cdo.internal.server.LDAPUserAuthenticator$LDAPEntry>] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    protected final LDAPEntry ldapEntry(LDAPDN ldapdn, String str, Attributes attributes, Object obj) {
        LDAPEntry lDAPEntry = new LDAPEntry(ldapdn, str, attributes, obj, null);
        ?? r0 = this.entries;
        synchronized (r0) {
            this.entries.put(ldapdn, lDAPEntry);
            r0 = r0;
            return lDAPEntry;
        }
    }

    protected final LDAPEntry ldapEntry(SearchResult searchResult) {
        return ldapEntry(LDAPDN.create(searchResult.getNameInNamespace()), searchResult.getName(), searchResult.getAttributes(), searchResult.getObject());
    }

    protected final List<LDAPEntry> ldapSearch(Tree tree, Map<String, String> map, DirContext dirContext) throws NamingException {
        Map attributes = tree.attributes();
        String expandValue = expandValue((String) attributes.get("start"), map);
        int parseSearchScope = parseSearchScope(expandValue((String) attributes.get("scope"), map));
        String parseFilter = parseFilter(expandValue((String) attributes.get("filter"), map));
        long parseLong = parseLong(expandValue((String) attributes.get("countLimit"), map), 0L);
        int parseInt = parseInt(expandValue((String) attributes.get("timeLimit"), map), 0);
        String[] parseStrings = parseStrings(expandValue((String) attributes.get("returnAttributes"), map), new String[0]);
        boolean parseBoolean = parseBoolean(expandValue((String) attributes.get("returnObject"), map), false);
        LDAPCallable lDAPCallable = dirContext2 -> {
            ArrayList arrayList = new ArrayList();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(parseSearchScope);
            searchControls.setCountLimit(parseLong);
            searchControls.setTimeLimit(parseInt);
            searchControls.setReturningAttributes(parseStrings);
            searchControls.setReturningObjFlag(parseBoolean);
            NamingEnumeration search = dirContext2.search(expandValue, parseFilter, searchControls);
            while (search.hasMore()) {
                arrayList.add(ldapEntry((SearchResult) search.next()));
            }
            return arrayList;
        };
        String expandValue2 = expandValue((String) attributes.get("environment"), map);
        return (expandValue2 != null || dirContext == null) ? (List) ldapCall(createEnvironment(expandValue2, map), lDAPCallable) : (List) lDAPCallable.call(dirContext);
    }

    protected Hashtable<String, String> createEnvironment(String str, Map<String, String> map) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        fillEnvironment(str, map, hashtable, new HashSet());
        return hashtable;
    }

    protected void fillEnvironment(String str, Map<String, String> map, Hashtable<String, String> hashtable, Set<String> set) {
        if (!set.add(str)) {
            throw new IllegalStateException("Environment cycle detected: " + str);
        }
        EnvironmentConfig environmentConfig = this.environmentConfigs.get(str);
        if (environmentConfig == null) {
            throw new IllegalStateException("Environment not found: " + str);
        }
        Iterator<String> it = environmentConfig.inherits().iterator();
        while (it.hasNext()) {
            fillEnvironment(it.next(), map, hashtable, set);
        }
        environmentConfig.properties().forEach((str2, str3) -> {
            hashtable.put(str2, expandValue(str3, map));
        });
    }

    protected String expandValue(String str, Map<String, String> map) {
        if (str == null) {
            return null;
        }
        return RepositoryConfigurator.expandValue(str, map, getContainer());
    }

    protected String stringSubstitutionKey(String str) {
        return String.valueOf('$') + str + '$';
    }

    protected void addStringSubstitutions(Map<String, String> map, String str, LDAPEntry lDAPEntry) throws NamingException {
        String safe = StringUtil.safe(str);
        map.put(stringSubstitutionKey(String.valueOf(safe) + "DN"), lDAPEntry.DN().toString());
        map.put(stringSubstitutionKey(String.valueOf(safe) + "RDN"), lDAPEntry.RDN());
        map.put(stringSubstitutionKey(String.valueOf(safe) + "PDN"), lDAPEntry.PDN());
        Attributes attributes = lDAPEntry.attributes();
        if (attributes != null) {
            NamingEnumeration all = attributes.getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                String stringSubstitutionKey = stringSubstitutionKey(String.valueOf(safe) + "ATTR_" + attribute.getID());
                int size = attribute.size();
                if (size == 1) {
                    Object obj = attribute.get();
                    if (obj instanceof String) {
                        map.put(stringSubstitutionKey, (String) obj);
                    }
                } else if (size > 1) {
                    StringJoiner stringJoiner = new StringJoiner(", ");
                    NamingEnumeration all2 = attribute.getAll();
                    while (all2.hasMore()) {
                        Object next = all2.next();
                        if (next instanceof String) {
                            stringJoiner.add((String) next);
                        }
                    }
                    if (stringJoiner.length() != 0) {
                        map.put(stringSubstitutionKey, "{" + stringJoiner + "}");
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.emf.cdo.server.IRepositoryProtector.Element
    public void doBeforeActivate() throws Exception {
        super.doBeforeActivate();
        checkState(this.config, "config");
    }

    protected void doActivate() throws Exception {
        this.config.children("environment", tree -> {
            String attribute = tree.attribute("id");
            this.environmentConfigs.put(attribute, new EnvironmentConfig(attribute, tree.attribute("inherits"), tree.properties()));
        });
    }

    protected void doDeactivate() throws Exception {
        this.environmentConfigs.clear();
        this.entries.clear();
    }

    protected static <T> T ldapCall(Hashtable<String, String> hashtable, LDAPCallable<T> lDAPCallable) throws NamingException {
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            return lDAPCallable.call(initialDirContext);
        } finally {
            initialDirContext.close();
        }
    }

    protected static boolean parseBoolean(String str, boolean z) {
        return str == null ? z : Boolean.parseBoolean(str);
    }

    protected static int parseInt(String str, int i) {
        return str == null ? i : Integer.parseInt(str);
    }

    protected static long parseLong(String str, long j) {
        return str == null ? j : Long.parseLong(str);
    }

    protected static List<String> parseStrings(String str, List<String> list) {
        if (str == null) {
            return list;
        }
        if (str.length() != 0) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (!StringUtil.isEmpty(trim)) {
                    linkedHashSet.add(trim);
                }
            }
            if (!linkedHashSet.isEmpty()) {
                return Collections.unmodifiableList(new ArrayList(linkedHashSet));
            }
        }
        return Collections.emptyList();
    }

    protected static String[] parseStrings(String str, String[] strArr) {
        if (str == null) {
            return strArr;
        }
        List<String> parseStrings = parseStrings(str, (List<String>) (strArr == null ? null : Arrays.asList(strArr)));
        return (String[]) parseStrings.toArray(new String[parseStrings.size()]);
    }

    protected static int parseSearchScope(String str) {
        if (str == null || str.equals(SCOPE_SUBTREE)) {
            return 2;
        }
        if (str.equals(SCOPE_ONELEVEL)) {
            return 1;
        }
        if (str.equals(SCOPE_OBJECT)) {
            return 0;
        }
        throw new IllegalArgumentException("Illegal search scope: " + str);
    }

    protected static String parseFilter(String str) {
        return str == null ? FILTER_ANY : str;
    }
}
