package org.josso.gateway.identity.service.store.ldap;

import java.io.IOException;
import java.lang.reflect.Array;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.apache.axis.components.jms.JNDIVendorAdapter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.BaseCredential;
import org.josso.auth.Credential;
import org.josso.auth.CredentialKey;
import org.josso.auth.CredentialProvider;
import org.josso.auth.scheme.AuthenticationScheme;
import org.josso.auth.scheme.PasswordCredential;
import org.josso.auth.scheme.UsernameCredential;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSONameValuePair;
import org.josso.gateway.identity.exceptions.NoSuchUserException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.identity.service.BaseRole;
import org.josso.gateway.identity.service.BaseRoleImpl;
import org.josso.gateway.identity.service.BaseUser;
import org.josso.gateway.identity.service.BaseUserImpl;
import org.josso.gateway.identity.service.store.AbstractStore;
import org.josso.gateway.identity.service.store.CertificateUserKey;
import org.josso.gateway.identity.service.store.ExtendedIdentityStore;
import org.josso.gateway.identity.service.store.SimpleUserKey;
import org.josso.gateway.identity.service.store.UserKey;
import org.josso.gateway.session.SSOSession;
import org.josso.selfservices.ChallengeResponseCredential;
import org.springframework.beans.PropertyAccessor;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:WEB-INF/lib/josso-ldap-identitystore-1.8.9-SNAPSHOT.jar:org/josso/gateway/identity/service/store/ldap/LDAPIdentityStore.class */
public class LDAPIdentityStore extends AbstractStore implements ExtendedIdentityStore {
    private static final Log logger = LogFactory.getLog(LDAPIdentityStore.class);
    private static final String USERPASSWORD_SCHEME_MD5 = "{md5}";
    private static final String USERPASSWORD_SCHEME_CRYPT = "{crypt}";
    private static final String USERPASSWORD_SCHEME_SHA = "{sha}";
    private String _initialContextFactory;
    private String _providerUrl;
    private String _securityAuthentication;
    private String _rolesCtxDN;
    private String _uidAttributeID;
    private String _roleAttributeID;
    private String _roleMatchingMode;
    private String _securityProtocol;
    private String _securityPrincipal;
    private String _securityCredential;
    private String _principalUidAttributeID;
    private String _principalLookupAttributeID;
    private String _usersCtxDN;
    private String _credentialQueryString;
    private String _userPropertiesQueryString;
    private String _ldapSearchScope;
    private String _updateableCredentialAttribute;
    private String _trustStore;
    private String _trustStorePassword;
    private String _userCertificateAtrributeID = "userCertificate";
    private Boolean _useBindCredentials = false;
    private Boolean _enableStartTls = false;

    @Override // org.josso.gateway.identity.service.store.IdentityStore
    public BaseUser loadUser(UserKey userKey) throws NoSuchUserException, SSOIdentityException {
        try {
            if (!(userKey instanceof SimpleUserKey)) {
                throw new SSOIdentityException("Unsupported key type : " + userKey.getClass().getName());
            }
            String selectUser = selectUser(((SimpleUserKey) userKey).getId());
            if (selectUser == null) {
                throw new NoSuchUserException(userKey);
            }
            BaseUserImpl baseUserImpl = new BaseUserImpl();
            baseUserImpl.setName(selectUser);
            ArrayList arrayList = new ArrayList();
            if (getUserPropertiesQueryString() != null) {
                HashMap selectUserProperties = selectUserProperties(((SimpleUserKey) userKey).getId());
                for (String str : selectUserProperties.keySet()) {
                    arrayList.add(new SSONameValuePair(str, (String) selectUserProperties.get(str)));
                }
            }
            arrayList.add(new SSONameValuePair("josso.user.dn", selectUserDN(((SimpleUserKey) userKey).getId())));
            baseUserImpl.setProperties((SSONameValuePair[]) arrayList.toArray(new SSONameValuePair[arrayList.size()]));
            return baseUserImpl;
        } catch (IOException e) {
            logger.error("StartTLS error", e);
            throw new SSOIdentityException("StartTLS error : " + e.getMessage());
        } catch (NamingException e2) {
            logger.error("NamingException while obtaining user", e2);
            throw new SSOIdentityException("Error obtaining user : " + userKey);
        }
    }

    @Override // org.josso.gateway.identity.service.store.IdentityStore
    public BaseRole[] findRolesByUserKey(UserKey userKey) throws SSOIdentityException {
        try {
            if (!(userKey instanceof SimpleUserKey)) {
                throw new SSOIdentityException("Unsupported key type : " + userKey.getClass().getName());
            }
            String[] selectRolesByUsername = selectRolesByUsername(((SimpleUserKey) userKey).getId());
            ArrayList arrayList = new ArrayList();
            for (String str : selectRolesByUsername) {
                BaseRoleImpl baseRoleImpl = new BaseRoleImpl();
                baseRoleImpl.setName(str);
                arrayList.add(baseRoleImpl);
            }
            return (BaseRole[]) arrayList.toArray(new BaseRole[arrayList.size()]);
        } catch (IOException e) {
            logger.error("StartTLS error", e);
            throw new SSOIdentityException("StartTLS error : " + e.getMessage());
        } catch (NamingException e2) {
            logger.error("NamingException while obtaining roles", e2);
            throw new SSOIdentityException("Error obtaining roles for user : " + userKey);
        }
    }

    @Override // org.josso.gateway.identity.service.store.ExtendedIdentityStore
    public String loadUsernameByRelayCredential(ChallengeResponseCredential challengeResponseCredential) throws SSOIdentityException {
        try {
            return selectUser(challengeResponseCredential.getId(), challengeResponseCredential.getResponse());
        } catch (IOException e) {
            logger.error("StartTLS error", e);
            throw new SSOIdentityException("StartTLS error : " + e.getMessage());
        } catch (NamingException e2) {
            logger.error("NamingException while obtaining user with relay credential", e2);
            throw new SSOIdentityException("Error obtaining user with relay credential: ID[" + challengeResponseCredential.getId() + "] = RESPONSE[" + challengeResponseCredential.getResponse() + PropertyAccessor.PROPERTY_KEY_SUFFIX);
        }
    }

    @Override // org.josso.gateway.identity.service.store.ExtendedIdentityStore
    public void updateAccountPassword(UserKey userKey, Credential credential) throws SSOIdentityException {
        try {
            if (!(userKey instanceof SimpleUserKey)) {
                throw new SSOIdentityException("Unsupported key type : " + userKey.getClass().getName());
            }
            BasicAttributes basicAttributes = new BasicAttributes();
            basicAttributes.put(getUpdateableCredentialAttribute(), ((BaseCredential) credential).getValue());
            replaceAttributes(selectUserDN(((SimpleUserKey) userKey).getId()), basicAttributes);
        } catch (NamingException e) {
            logger.error("NamingException while updating password account", e);
            throw new SSOIdentityException("Error updating password account for user : " + userKey);
        } catch (IOException e2) {
            logger.error("StartTLS error", e2);
            throw new SSOIdentityException("StartTLS error : " + e2.getMessage());
        }
    }

    @Override // org.josso.auth.CredentialStore
    public Credential[] loadCredentials(CredentialKey credentialKey, CredentialProvider credentialProvider) throws SSOIdentityException {
        try {
            if (!(credentialKey instanceof CredentialKey)) {
                throw new SSOIdentityException("Unsupported key type : " + credentialKey.getClass().getName());
            }
            ArrayList arrayList = new ArrayList();
            HashMap selectCredentials = selectCredentials(((SimpleUserKey) credentialKey).getId(), credentialProvider);
            for (String str : selectCredentials.keySet()) {
                Iterator it = ((List) selectCredentials.get(str)).iterator();
                while (it.hasNext()) {
                    arrayList.add(credentialProvider.newCredential(str, it.next()));
                }
            }
            return (Credential[]) arrayList.toArray(new Credential[selectCredentials.size()]);
        } catch (NamingException e) {
            logger.error("NamingException while obtaining Credentials", e);
            throw new SSOIdentityException("Error obtaining credentials for user : " + credentialKey);
        } catch (IOException e2) {
            logger.error("StartTLS error", e2);
            throw new SSOIdentityException("StartTLS error : " + e2.getMessage());
        }
    }

    @Override // org.josso.auth.CredentialStore
    public String loadUID(CredentialKey credentialKey, CredentialProvider credentialProvider) throws SSOIdentityException {
        try {
            if (credentialKey instanceof CertificateUserKey) {
                return loadUID(((CertificateUserKey) credentialKey).getId(), ((CertificateUserKey) credentialKey).getCertificate(), credentialProvider);
            }
            if (credentialKey instanceof SimpleUserKey) {
                return ((SimpleUserKey) credentialKey).getId();
            }
            throw new SSOIdentityException("Unsupported key type : " + credentialKey.getClass().getName());
        } catch (IOException e) {
            logger.error("StartTLS error", e);
            throw new SSOIdentityException("StartTLS error : " + e.getMessage());
        } catch (NamingException e2) {
            logger.error("Failed to locate user", e2);
            throw new SSOIdentityException("Failed to locate user for certificate : " + ((CertificateUserKey) credentialKey).getCertificate().getSubjectX500Principal().getName());
        }
    }

    @Override // org.josso.gateway.identity.service.store.AbstractStore, org.josso.gateway.identity.service.store.IdentityStore
    public boolean userExists(UserKey userKey) throws SSOIdentityException {
        if (!getUseBindCredentials().booleanValue()) {
            return super.userExists(userKey);
        }
        try {
            return selectUser(((SimpleUserKey) userKey).getId()) != null;
        } catch (IOException e) {
            logger.error("StartTLS error", e);
            throw new SSOIdentityException("StartTLS error : " + e.getMessage());
        } catch (NamingException e2) {
            logger.error("NamingException while obtaining user", e2);
            throw new SSOIdentityException("Error obtaining user : " + userKey);
        }
    }

    protected String[] selectRolesByUsername(String str) throws NamingException, IOException {
        ArrayList arrayList = new ArrayList();
        try {
            InitialLdapContext createLdapInitialContext = createLdapInitialContext(getUseBindCredentials());
            StartTlsResponse startTls = getEnableStartTls().booleanValue() ? startTls(createLdapInitialContext) : null;
            String rolesCtxDN = getRolesCtxDN();
            if (rolesCtxDN != null) {
                String uidAttributeID = getUidAttributeID();
                if (uidAttributeID == null) {
                    uidAttributeID = "uniquemember";
                }
                String roleAttributeID = getRoleAttributeID();
                if (roleAttributeID == null) {
                    roleAttributeID = "roles";
                }
                String selectUserDN = "UID".equals(getRoleMatchingMode()) ? str : selectUserDN(str);
                if (selectUserDN != null) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Searching Roles for user '" + selectUserDN + "' in Uid attribute name '" + uidAttributeID + "'");
                    }
                    try {
                        if (selectUserDN.contains("\\")) {
                            logger.debug("Escaping '\\' character");
                            selectUserDN = selectUserDN.replace("\\", "\\\\\\");
                        }
                        NamingEnumeration search = createLdapInitialContext.search(rolesCtxDN, "(&(" + uidAttributeID + "=" + selectUserDN + "))", getSearchControls());
                        if (logger.isDebugEnabled()) {
                            logger.debug("Search Name:  " + rolesCtxDN);
                        }
                        if (logger.isDebugEnabled()) {
                            logger.debug("Search Filter:  (&(" + uidAttributeID + "=" + selectUserDN + "))");
                        }
                        if (!search.hasMore()) {
                            logger.info("No role where found for user " + str);
                        }
                        while (search.hasMore()) {
                            Attribute attribute = ((SearchResult) search.next()).getAttributes().get(roleAttributeID);
                            for (int i = 0; i < attribute.size(); i++) {
                                String obj = attribute.get(i).toString();
                                if (obj != null) {
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Saving role '" + obj + "' for user '" + str + "'");
                                    }
                                    arrayList.add(obj);
                                }
                            }
                        }
                    } catch (NamingException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Failed to locate roles", e);
                        }
                    }
                }
            }
            if (startTls != null) {
                startTls.close();
            }
            createLdapInitialContext.close();
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (NamingException e2) {
            if (getUseBindCredentials().booleanValue()) {
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String selectUserDN(String str) throws NamingException, IOException {
        String str2 = null;
        InitialLdapContext createLdapInitialContext = createLdapInitialContext(false);
        StartTlsResponse startTlsResponse = null;
        if (getEnableStartTls().booleanValue()) {
            startTlsResponse = startTls(createLdapInitialContext);
        }
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, "(&(" + principalUidAttributeID + "=" + str + "))", getSearchControls());
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attribute attribute = searchResult.getAttributes().get(principalUidAttributeID);
                    if (attribute == null) {
                        logger.warn("Invalid user uid attribute '" + principalUidAttributeID + "'");
                    } else {
                        String obj = attribute.get().toString();
                        if (obj != null) {
                            str2 = searchResult.getName() + "," + usersCtxDN;
                            if (logger.isDebugEnabled()) {
                                logger.debug("Found user '" + principalUidAttributeID + "=" + obj + "' for user '" + str + "' DN=" + str2);
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("User not found for user '" + str + "'");
                        }
                    }
                }
                if (startTlsResponse != null) {
                    startTlsResponse.close();
                }
                createLdapInitialContext.close();
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                if (startTlsResponse != null) {
                    startTlsResponse.close();
                }
                createLdapInitialContext.close();
            }
            return str2;
        } catch (Throwable th) {
            if (startTlsResponse != null) {
                startTlsResponse.close();
            }
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected String selectUser(String str) throws NamingException, IOException {
        return selectUser(getPrincipalUidAttributeID(), str);
    }

    protected String selectUser(String str, String str2) throws NamingException, IOException {
        String str3 = null;
        InitialLdapContext createLdapInitialContext = createLdapInitialContext(false);
        StartTlsResponse startTlsResponse = null;
        if (getEnableStartTls().booleanValue()) {
            startTlsResponse = startTls(createLdapInitialContext);
        }
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String principalUidAttributeID = getPrincipalUidAttributeID();
        String usersCtxDN = getUsersCtxDN();
        basicAttributes.put(str, str2);
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, "(&(" + str + "=" + str2 + "))", getSearchControls());
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(principalUidAttributeID);
                    if (attribute == null) {
                        logger.warn("Invalid user attrValue attribute '" + principalUidAttributeID + "'");
                    } else {
                        str3 = attribute.get().toString();
                        if (str3 != null) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Found user '" + principalUidAttributeID + "=" + str3 + "' for user '" + str2 + "'");
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("User not found for user '" + str2 + "'");
                        }
                    }
                }
                if (startTlsResponse != null) {
                    startTlsResponse.close();
                }
                createLdapInitialContext.close();
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                if (startTlsResponse != null) {
                    startTlsResponse.close();
                }
                createLdapInitialContext.close();
            }
            return str3;
        } catch (Throwable th) {
            if (startTlsResponse != null) {
                startTlsResponse.close();
            }
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected HashMap selectCredentials(String str, CredentialProvider credentialProvider) throws NamingException, IOException {
        HashMap hashMap = new HashMap();
        InitialLdapContext createLdapInitialContext = createLdapInitialContext(false);
        StartTlsResponse startTls = getEnableStartTls().booleanValue() ? startTls(createLdapInitialContext) : null;
        String name = credentialProvider instanceof AuthenticationScheme ? ((AuthenticationScheme) credentialProvider).getName() : null;
        String principalLookupAttributeID = getPrincipalLookupAttributeID();
        if (principalLookupAttributeID == null || principalLookupAttributeID.trim().equals("") || !"strong-authentication".equals(name)) {
            principalLookupAttributeID = getPrincipalUidAttributeID();
        }
        String usersCtxDN = getUsersCtxDN();
        HashMap parseQueryString = parseQueryString(getCredentialQueryString());
        Iterator it = parseQueryString.keySet().iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add((String) it.next());
        }
        String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        try {
            try {
                NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, "(&(" + principalLookupAttributeID + "=" + str + "))", getSearchControls());
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes = searchResult.getAttributes();
                    String nameInNamespace = searchResult.getNameInNamespace();
                    if (logger.isDebugEnabled()) {
                        logger.debug("Processing results for entry '" + nameInNamespace + "'");
                    }
                    for (int i = 0; i < strArr.length; i++) {
                        if (attributes.get(strArr[i]) != null) {
                            String str2 = (String) parseQueryString.get(strArr[i]);
                            String str3 = null;
                            NamingEnumeration all = attributes.get(strArr[i]).getAll();
                            while (all.hasMore()) {
                                Object next = all.next();
                                if (next != null) {
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Found user credential '" + str2 + "' of type '" + next.getClass().getName() + "" + (next.getClass().isArray() ? PropertyAccessor.PROPERTY_KEY_PREFIX + Array.getLength(next) + PropertyAccessor.PROPERTY_KEY_SUFFIX : "") + "'");
                                    }
                                    if (next.getClass().isArray()) {
                                        try {
                                            byte[] bArr = (byte[]) next;
                                            ByteBuffer allocate = ByteBuffer.allocate(bArr.length);
                                            allocate.put(bArr);
                                            allocate.flip();
                                            str3 = Charset.forName("UTF-8").newDecoder().decode(allocate).toString();
                                        } catch (CharacterCodingException e) {
                                            if (logger.isDebugEnabled()) {
                                                logger.debug("Can't convert credential value to String using UTF-8");
                                            }
                                        }
                                    } else if (next instanceof String) {
                                        str3 = (String) next;
                                    }
                                    List list = (List) hashMap.get(str2);
                                    if (list == null) {
                                        list = new ArrayList();
                                    }
                                    if (str3 != null) {
                                        str3 = getSchemeFreeValue(str3);
                                        list.add(str3);
                                    } else {
                                        list.add(next);
                                    }
                                    hashMap.put(str2, list);
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Found user credential '" + str2 + "' with value '" + (str3 != null ? str3 : next) + "'");
                                    }
                                }
                            }
                        }
                    }
                }
                if (startTls != null) {
                    startTls.close();
                }
                createLdapInitialContext.close();
            } catch (NamingException e2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e2);
                }
                if (startTls != null) {
                    startTls.close();
                }
                createLdapInitialContext.close();
            }
            return hashMap;
        } catch (Throwable th) {
            if (startTls != null) {
                startTls.close();
            }
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected String loadUID(String str, X509Certificate x509Certificate, CredentialProvider credentialProvider) throws NamingException, IOException {
        String str2 = null;
        InitialLdapContext createLdapInitialContext = createLdapInitialContext(false);
        StartTlsResponse startTlsResponse = null;
        if (getEnableStartTls().booleanValue()) {
            startTlsResponse = startTls(createLdapInitialContext);
        }
        String str3 = null;
        if (credentialProvider instanceof AuthenticationScheme) {
            str3 = ((AuthenticationScheme) credentialProvider).getName();
        }
        String principalLookupAttributeID = getPrincipalLookupAttributeID();
        if (principalLookupAttributeID == null || principalLookupAttributeID.trim().equals("") || !"strong-authentication".equals(str3)) {
            principalLookupAttributeID = getPrincipalUidAttributeID();
        }
        String principalUidAttributeID = getPrincipalUidAttributeID();
        try {
            try {
                try {
                    NamingEnumeration search = createLdapInitialContext.search(getUsersCtxDN(), "(&(" + principalLookupAttributeID + "={0})(" + getUserCertificateAtrributeID() + "={1}))", new Object[]{str, x509Certificate.getEncoded()}, getSearchControls());
                    while (search.hasMore()) {
                        Attribute attribute = ((SearchResult) search.next()).getAttributes().get(principalUidAttributeID);
                        if (attribute == null) {
                            logger.warn("Invalid user uid attribute '" + principalUidAttributeID + "'");
                        } else {
                            str2 = attribute.get().toString();
                            if (str2 != null) {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("Found user " + principalUidAttributeID + "=" + str2);
                                }
                            } else if (logger.isDebugEnabled()) {
                                logger.debug("User not found for certificate '" + x509Certificate.getSubjectX500Principal().getName() + "'");
                            }
                        }
                    }
                    if (startTlsResponse != null) {
                        startTlsResponse.close();
                    }
                    createLdapInitialContext.close();
                } catch (CertificateEncodingException e) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Certificate encoding exception", e);
                    }
                    if (startTlsResponse != null) {
                        startTlsResponse.close();
                    }
                    createLdapInitialContext.close();
                }
            } catch (NamingException e2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e2);
                }
                if (startTlsResponse != null) {
                    startTlsResponse.close();
                }
                createLdapInitialContext.close();
            }
            return str2;
        } catch (Throwable th) {
            if (startTlsResponse != null) {
                startTlsResponse.close();
            }
            createLdapInitialContext.close();
            throw th;
        }
    }

    protected HashMap selectUserProperties(String str) throws NamingException, IOException {
        HashMap hashMap = new HashMap();
        try {
            InitialLdapContext createLdapInitialContext = createLdapInitialContext(getUseBindCredentials());
            StartTlsResponse startTls = getEnableStartTls().booleanValue() ? startTls(createLdapInitialContext) : null;
            BasicAttributes basicAttributes = new BasicAttributes(true);
            String principalUidAttributeID = getPrincipalUidAttributeID();
            String usersCtxDN = getUsersCtxDN();
            basicAttributes.put(principalUidAttributeID, str);
            HashMap parseQueryString = parseQueryString(getUserPropertiesQueryString());
            Iterator it = parseQueryString.keySet().iterator();
            ArrayList arrayList = new ArrayList();
            while (it.hasNext()) {
                arrayList.add((String) it.next());
            }
            String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
            try {
                try {
                    NamingEnumeration search = createLdapInitialContext.search(usersCtxDN, "(&(" + principalUidAttributeID + "=" + str + "))", getSearchControls());
                    while (search.hasMore()) {
                        Attributes attributes = ((SearchResult) search.next()).getAttributes();
                        for (int i = 0; i < strArr.length; i++) {
                            if (attributes.get(strArr[i]) == null) {
                                logger.warn("Invalid user property attribute '" + strArr[i] + "'");
                            } else {
                                Object obj = attributes.get(strArr[i]).get();
                                if (obj == null) {
                                    logger.warn("Found a 'null' value for user property '" + strArr[i] + "'");
                                } else {
                                    String obj2 = obj.toString();
                                    String str2 = (String) parseQueryString.get(strArr[i]);
                                    hashMap.put(str2, obj2);
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Found user property '" + str2 + "' with value '" + obj2 + "'");
                                    }
                                }
                            }
                        }
                    }
                    if (startTls != null) {
                        startTls.close();
                    }
                    createLdapInitialContext.close();
                } catch (Throwable th) {
                    if (startTls != null) {
                        startTls.close();
                    }
                    createLdapInitialContext.close();
                    throw th;
                }
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Failed to locate user", e);
                }
                if (startTls != null) {
                    startTls.close();
                }
                createLdapInitialContext.close();
            }
            return hashMap;
        } catch (NamingException e2) {
            if (getUseBindCredentials().booleanValue()) {
                return hashMap;
            }
            throw e2;
        }
    }

    protected void replaceAttributes(String str, Attributes attributes) throws NamingException, IOException {
        try {
            createLdapInitialContext(getUseBindCredentials()).modifyAttributes(str, 2, attributes);
        } catch (NamingException e) {
            if (!getUseBindCredentials().booleanValue()) {
                throw e;
            }
        }
    }

    protected InitialLdapContext createLdapInitialContext(Boolean bool) throws NamingException, IOException {
        String securityPrincipal = getSecurityPrincipal();
        if (securityPrincipal == null) {
            securityPrincipal = "";
        }
        String securityCredential = getSecurityCredential();
        if (securityCredential == null) {
            securityCredential = "";
        }
        SSOSession session = SSOContext.getCurrent().getSession();
        if (bool.booleanValue() && session != null) {
            securityPrincipal = selectUserDN(getUsername(session.getSubject().getPublicCredentials()));
            if (securityPrincipal == null) {
                throw new NamingException("User not found.");
            }
            securityCredential = getPassword(session.getSubject().getPrivateCredentials());
        }
        return createLdapInitialContext(securityPrincipal, securityCredential);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InitialLdapContext createLdapInitialContext(String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.setProperty(JNDIVendorAdapter.CONTEXT_FACTORY, getInitialContextFactory());
        properties.setProperty("java.naming.security.authentication", getSecurityAuthentication());
        properties.setProperty(JNDIVendorAdapter.PROVIDER_URL, getProviderUrl());
        properties.setProperty("java.naming.security.protocol", getSecurityProtocol() == null ? "" : getSecurityProtocol());
        if (properties.getProperty(JNDIVendorAdapter.CONTEXT_FACTORY) == null) {
            properties.setProperty(JNDIVendorAdapter.CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (properties.getProperty("java.naming.security.authentication") == null) {
            properties.setProperty("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        }
        String property = properties.getProperty("java.naming.security.protocol");
        String providerUrl = getProviderUrl();
        if (providerUrl == null) {
            providerUrl = (property == null || !property.equals("ssl")) ? "ldap://localhost:389" : "ldaps://localhost:636";
        }
        properties.setProperty(JNDIVendorAdapter.PROVIDER_URL, providerUrl);
        properties.setProperty("java.naming.security.principal", str);
        properties.put("java.naming.security.credentials", str2);
        properties.put("java.naming.referral", "follow");
        if (logger.isDebugEnabled()) {
            logger.debug("Logging into LDAP server, env=" + properties);
        }
        InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
        if (logger.isDebugEnabled()) {
            logger.debug("Logged into LDAP server, " + initialLdapContext);
        }
        return initialLdapContext;
    }

    protected StartTlsResponse startTls(InitialLdapContext initialLdapContext) throws NamingException, IOException {
        if (getTrustStore() != null && !getTrustStore().equals("")) {
            System.setProperty("javax.net.ssl.trustStore", getTrustStore());
        }
        if (getTrustStorePassword() != null && !getTrustStorePassword().equals("")) {
            System.setProperty("javax.net.ssl.trustStorePassword", getTrustStorePassword());
        }
        StartTlsResponse extendedOperation = initialLdapContext.extendedOperation(new StartTlsRequest());
        extendedOperation.negotiate();
        return extendedOperation;
    }

    protected String getUsername(Set set) {
        UsernameCredential usernameCredential = getUsernameCredential(set);
        if (usernameCredential == null) {
            return null;
        }
        return (String) usernameCredential.getValue();
    }

    protected UsernameCredential getUsernameCredential(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Credential credential = (Credential) it.next();
            if (credential instanceof UsernameCredential) {
                return (UsernameCredential) credential;
            }
        }
        return null;
    }

    protected String getPassword(Set set) {
        PasswordCredential passwordCredential = getPasswordCredential(set);
        if (passwordCredential == null) {
            return null;
        }
        return (String) passwordCredential.getValue();
    }

    protected PasswordCredential getPasswordCredential(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Credential credential = (Credential) it.next();
            if (credential instanceof PasswordCredential) {
                return (PasswordCredential) credential;
            }
        }
        return null;
    }

    protected String getSchemeFreeValue(String str) {
        String str2 = str;
        if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_CRYPT)) {
            str2 = str.substring(USERPASSWORD_SCHEME_CRYPT.length());
        } else if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_MD5)) {
            str2 = str.substring(USERPASSWORD_SCHEME_MD5.length());
        } else if (str.toLowerCase().startsWith(USERPASSWORD_SCHEME_SHA)) {
            str2 = str.substring(USERPASSWORD_SCHEME_SHA.length());
        }
        return str2;
    }

    protected HashMap parseQueryString(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        HashMap hashMap = new HashMap();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf(61);
            if (indexOf == -1) {
                throw new IllegalArgumentException();
            }
            hashMap.put(nextToken.substring(0, indexOf), nextToken.substring(indexOf + 1, nextToken.length()));
        }
        return hashMap;
    }

    protected SearchControls getSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope((this._ldapSearchScope == null || this._ldapSearchScope.equalsIgnoreCase("ONELEVEL")) ? 1 : 2);
        return searchControls;
    }

    public void setInitialContextFactory(String str) {
        this._initialContextFactory = str;
    }

    public String getInitialContextFactory() {
        return this._initialContextFactory;
    }

    public void setProviderUrl(String str) {
        this._providerUrl = str;
    }

    public String getProviderUrl() {
        return this._providerUrl;
    }

    public void setSecurityAuthentication(String str) {
        this._securityAuthentication = str;
    }

    public String getSecurityAuthentication() {
        return this._securityAuthentication;
    }

    public void setSecurityProtocol(String str) {
        this._securityProtocol = str;
    }

    public String getSecurityProtocol() {
        return this._securityProtocol;
    }

    public void setSecurityPrincipal(String str) {
        this._securityPrincipal = str;
    }

    public String getSecurityPrincipal() {
        return this._securityPrincipal;
    }

    public void setSecurityCredential(String str) {
        this._securityCredential = str;
    }

    protected String getSecurityCredential() {
        return this._securityCredential;
    }

    public String getLdapSearchScope() {
        return this._ldapSearchScope;
    }

    public void setLdapSearchScope(String str) {
        this._ldapSearchScope = str;
    }

    public void setUsersCtxDN(String str) {
        this._usersCtxDN = str;
    }

    public String getUsersCtxDN() {
        return this._usersCtxDN;
    }

    public void setRolesCtxDN(String str) {
        this._rolesCtxDN = str;
    }

    public String getRolesCtxDN() {
        return this._rolesCtxDN;
    }

    public void setPrincipalUidAttributeID(String str) {
        this._principalUidAttributeID = str;
    }

    public String getPrincipalUidAttributeID() {
        return this._principalUidAttributeID;
    }

    public void setUidAttributeID(String str) {
        this._uidAttributeID = str;
    }

    public void setPrincipalLookupAttributeID(String str) {
        this._principalLookupAttributeID = str;
    }

    public String getPrincipalLookupAttributeID() {
        return this._principalLookupAttributeID;
    }

    public void setUserCertificateAtrributeID(String str) {
        this._userCertificateAtrributeID = str;
    }

    public String getUserCertificateAtrributeID() {
        return this._userCertificateAtrributeID;
    }

    public String getRoleMatchingMode() {
        return this._roleMatchingMode;
    }

    public void setRoleMatchingMode(String str) {
        this._roleMatchingMode = str;
    }

    public String getUidAttributeID() {
        return this._uidAttributeID;
    }

    public void setRoleAttributeID(String str) {
        this._roleAttributeID = str;
    }

    public String getRoleAttributeID() {
        return this._roleAttributeID;
    }

    public void setCredentialQueryString(String str) {
        this._credentialQueryString = str;
    }

    public String getCredentialQueryString() {
        return this._credentialQueryString;
    }

    public void setUserPropertiesQueryString(String str) {
        this._userPropertiesQueryString = str;
    }

    public String getUserPropertiesQueryString() {
        return this._userPropertiesQueryString;
    }

    public String getUpdateableCredentialAttribute() {
        return this._updateableCredentialAttribute;
    }

    public void setUpdateableCredentialAttribute(String str) {
        this._updateableCredentialAttribute = str;
    }

    public Boolean getUseBindCredentials() {
        return this._useBindCredentials;
    }

    public void setUseBindCredentials(Boolean bool) {
        this._useBindCredentials = bool;
    }

    public Boolean getEnableStartTls() {
        return this._enableStartTls;
    }

    public void setEnableStartTls(Boolean bool) {
        this._enableStartTls = bool;
    }

    public String getTrustStore() {
        return this._trustStore;
    }

    public void setTrustStore(String str) {
        this._trustStore = str;
    }

    public String getTrustStorePassword() {
        return this._trustStorePassword;
    }

    public void setTrustStorePassword(String str) {
        this._trustStorePassword = str;
    }
}
