package no.kantega.security.api.impl.ldap.profile;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPReferralException;
import com.novell.ldap.LDAPSearchConstraints;
import com.novell.ldap.LDAPSearchResults;
import com.novell.ldap.util.Base64;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import no.kantega.security.api.common.SystemException;
import no.kantega.security.api.identity.DefaultIdentity;
import no.kantega.security.api.identity.Identity;
import no.kantega.security.api.impl.ldap.CloseableLdapConnection;
import no.kantega.security.api.impl.ldap.LdapConfigurable;
import no.kantega.security.api.profile.DefaultProfile;
import no.kantega.security.api.profile.Profile;
import no.kantega.security.api.profile.ProfileComparator;
import no.kantega.security.api.profile.ProfileManager;
import no.kantega.security.api.search.DefaultProfileSearchResult;
import no.kantega.security.api.search.SearchResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/kantega/security/api/impl/ldap/profile/LdapProfileManager.class */
public class LdapProfileManager extends LdapConfigurable implements ProfileManager {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String domain = "";

    public SearchResult<Profile> searchProfiles(String str) throws SystemException {
        String str2;
        DefaultProfileSearchResult defaultProfileSearchResult = new DefaultProfileSearchResult();
        if (str == null) {
            str = "";
        }
        String trim = escapeChars(str).trim();
        if (trim.length() < 3) {
            return defaultProfileSearchResult;
        }
        try {
            CloseableLdapConnection ldapConnection = getLdapConnection();
            Throwable th = null;
            try {
                ldapConnection.bind(3, this.adminUser, this.adminPassword.getBytes());
                str2 = "(&";
                str2 = this.objectClassUsers.length() > 0 ? str2 + "(objectclass=" + this.objectClassUsers + ")" : "(&";
                if (trim.length() > 0) {
                    String str3 = trim;
                    String str4 = "";
                    if (trim.contains(" ")) {
                        str3 = trim.substring(0, trim.lastIndexOf(" ")).trim();
                        str4 = trim.substring(trim.lastIndexOf(" "), trim.length()).trim();
                    }
                    String escapeChars = escapeChars(str3);
                    String escapeChars2 = escapeChars(str4);
                    str2 = escapeChars2.length() > 0 ? str2 + "(" + this.givenNameAttribute + "=" + escapeChars + "*)(" + this.surnameAttribute + "=" + escapeChars2 + "*)" : str2 + "(|(" + this.givenNameAttribute + "=" + escapeChars + "*)(" + this.surnameAttribute + "=" + escapeChars + "*)(" + this.usernameAttribute + "=" + escapeChars + "))";
                }
                String str5 = str2 + ")";
                String[] strArr = this.departmentAttribute.length() > 0 ? new String[]{this.usernameAttribute, this.givenNameAttribute, this.surnameAttribute, this.emailAttribute, this.departmentAttribute} : new String[]{this.usernameAttribute, this.givenNameAttribute, this.surnameAttribute, this.emailAttribute};
                LDAPSearchConstraints lDAPSearchConstraints = new LDAPSearchConstraints();
                lDAPSearchConstraints.setMaxResults(this.maxSearchResults);
                ldapConnection.setConstraints(lDAPSearchConstraints);
                this.log.debug("c.search({}, LDAPConnection.SCOPE_SUB, {}, {}, false)", new Object[]{this.searchBaseUsers, str5, strArr});
                LDAPSearchResults search = ldapConnection.search(this.searchBaseUsers, 2, str5, strArr, false);
                ArrayList arrayList = new ArrayList();
                while (search.hasMore()) {
                    try {
                        LDAPEntry next = search.next();
                        this.log.debug("Got entry {}", next);
                        Profile profileFromLDAPEntry = getProfileFromLDAPEntry(next, false);
                        if (profileFromLDAPEntry != null) {
                            arrayList.add(profileFromLDAPEntry);
                        }
                    } catch (LDAPReferralException e) {
                    }
                }
                Collections.sort(arrayList, new ProfileComparator());
                defaultProfileSearchResult.setResults(arrayList);
                if (ldapConnection != null) {
                    if (0 != 0) {
                        try {
                            ldapConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        ldapConnection.close();
                    }
                }
                return defaultProfileSearchResult;
            } finally {
            }
        } catch (Exception e2) {
            throw new SystemException("Feil ved lesing av LDAP directory", e2);
        }
    }

    public Profile getProfileForUser(Identity identity) throws SystemException {
        if (!identity.getDomain().equals(this.domain)) {
            return null;
        }
        Profile profile = null;
        String escapeChars = escapeChars(identity.getUserId());
        try {
            CloseableLdapConnection ldapConnection = getLdapConnection();
            Throwable th = null;
            try {
                try {
                    String str = this.objectClassUsers.length() > 0 ? "(&(objectclass=" + this.objectClassUsers + ")(" + this.usernameAttribute + "=" + escapeChars + "))" : "(" + this.usernameAttribute + "=" + escapeChars + ")";
                    ldapConnection.bind(3, this.adminUser, this.adminPassword.getBytes());
                    this.log.debug("c.search({}, LDAPConnection.SCOPE_SUB, {}, new String[0], false)", this.searchBaseUsers, str);
                    LDAPSearchResults search = ldapConnection.search(this.searchBaseUsers, 2, str, new String[0], false);
                    if (search.hasMore()) {
                        try {
                            LDAPEntry next = search.next();
                            this.log.debug("Got entry {}", next);
                            profile = getProfileFromLDAPEntry(ldapConnection.read(next.getDN()), true);
                            if (ldapConnection != null) {
                                if (0 != 0) {
                                    try {
                                        ldapConnection.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    ldapConnection.close();
                                }
                            }
                            return profile;
                        } catch (LDAPReferralException e) {
                        }
                    }
                    if (ldapConnection != null) {
                        if (0 != 0) {
                            try {
                                ldapConnection.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            ldapConnection.close();
                        }
                    }
                    return profile;
                } finally {
                }
            } finally {
            }
        } catch (LDAPException | IOException e2) {
            throw new SystemException("Feil ved lesing av LDAP directory for:" + identity.getUserId(), e2);
        }
    }

    public SearchResult<Profile> getProfileForUsers(List<Identity> list) throws SystemException {
        ArrayList arrayList = new ArrayList();
        Iterator<Identity> it = list.iterator();
        while (it.hasNext()) {
            Profile profileForUser = getProfileForUser(it.next());
            if (profileForUser != null) {
                arrayList.add(profileForUser);
            }
        }
        DefaultProfileSearchResult defaultProfileSearchResult = new DefaultProfileSearchResult();
        defaultProfileSearchResult.setResults(arrayList);
        return defaultProfileSearchResult;
    }

    public boolean userHasProfile(Identity identity) throws SystemException {
        return getProfileForUser(identity) != null;
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    private Profile getProfileFromLDAPEntry(LDAPEntry lDAPEntry, boolean z) {
        DefaultProfile defaultProfile = null;
        String value = getValue(lDAPEntry, this.usernameAttribute);
        String value2 = getValue(lDAPEntry, this.givenNameAttribute);
        String value3 = getValue(lDAPEntry, this.surnameAttribute);
        if (value.length() > 0 && (value2.length() > 0 || value3.length() > 0)) {
            defaultProfile = new DefaultProfile();
            DefaultIdentity defaultIdentity = new DefaultIdentity();
            defaultIdentity.setUserId(value);
            defaultIdentity.setDomain(this.domain);
            defaultProfile.setIdentity(defaultIdentity);
            defaultProfile.setGivenName(value2);
            defaultProfile.setSurname(value3);
            defaultProfile.setEmail(getValue(lDAPEntry, this.emailAttribute));
            if (this.departmentAttribute.length() > 0) {
                defaultProfile.setDepartment(getValue(lDAPEntry, this.departmentAttribute));
            }
            if (z) {
                Properties properties = new Properties();
                Iterator it = lDAPEntry.getAttributeSet().iterator();
                while (it.hasNext()) {
                    LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
                    String name = lDAPAttribute.getName();
                    properties.setProperty(lDAPAttribute.getName(), ("photo".equalsIgnoreCase(name) || "jpegPhoto".equalsIgnoreCase(name)) ? Base64.encode(lDAPAttribute.getByteValue()) : lDAPAttribute.getStringValue());
                }
                defaultProfile.setRawAttributes(properties);
            }
        }
        return defaultProfile;
    }
}
