package org.nhindirect.stagent.cert.impl;

import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.impl.util.Lookup;
import org.nhindirect.stagent.cert.impl.util.LookupFactory;
import org.xbill.DNS.ExtendedResolver;
import org.xbill.DNS.Name;
import org.xbill.DNS.Record;
import org.xbill.DNS.ResolverConfig;
import org.xbill.DNS.SRVRecord;

/* loaded from: input_file:org/nhindirect/stagent/cert/impl/LdapPublicCertUtilImpl.class */
public class LdapPublicCertUtilImpl implements LdapCertUtil {
    private static final Log LOGGER = LogFactory.getFactory().getInstance(LdapPublicCertUtilImpl.class);
    private static final String DEFAULT_LDAP_TIMEOUT = "5000";
    private static final String LDAP_TIMEOUT = "com.sun.jndi.ldap.read.timeout";
    private static final String LDAP_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String LDAP_SRV_PREFIX = "_ldap._tcp.";
    private static final String CERT_ATTRIBUTE_BINARY = "userCertificate;binary";
    private static final String CERT_ATTRIBUTE = "userCertificate";
    private static final String EMAIL_ATTRIBUTE = "mail";
    private static final String BASE_DN_ATTRIBUTE = "namingContexts";
    private List<String> servers = new ArrayList();

    @Inject
    public LdapPublicCertUtilImpl() {
        String[] servers = ResolverConfig.getCurrentConfig().servers();
        if (servers != null) {
            this.servers.addAll(Arrays.asList(servers));
        }
    }

    @Override // org.nhindirect.stagent.cert.impl.LdapCertUtil
    public Collection<X509Certificate> ldapSearch(String str) {
        Attributes attributes;
        ArrayList arrayList = new ArrayList();
        int indexOf = str.indexOf("@");
        InitialDirContext initialDirContext = null;
        try {
            try {
                initialDirContext = getDirContext(LDAP_SRV_PREFIX + (indexOf > -1 ? str.substring(indexOf + 1) : str));
                if (initialDirContext != null) {
                    List<String> baseNamingContexts = getBaseNamingContexts(initialDirContext);
                    if (!baseNamingContexts.isEmpty()) {
                        Iterator<String> it = baseNamingContexts.iterator();
                        while (it.hasNext()) {
                            NamingEnumeration search = initialDirContext.search(it.next(), "mail=" + str, getDefaultSearchControls());
                            while (search != null && search.hasMore()) {
                                SearchResult searchResult = (SearchResult) search.nextElement();
                                if (searchResult != null && (attributes = searchResult.getAttributes()) != null) {
                                    Attribute attribute = attributes.get(CERT_ATTRIBUTE_BINARY);
                                    if (attribute == null) {
                                        attribute = attributes.get(CERT_ATTRIBUTE);
                                    }
                                    if (attribute != null) {
                                        NamingEnumeration all = attribute.getAll();
                                        while (all.hasMoreElements()) {
                                            byte[] bArr = (byte[]) all.nextElement();
                                            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                                            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                                            try {
                                                arrayList.add((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream));
                                                IOUtils.closeQuietly(byteArrayInputStream);
                                            } finally {
                                            }
                                        }
                                    } else {
                                        continue;
                                    }
                                }
                            }
                        }
                    }
                }
                closeDirContext(initialDirContext);
                return arrayList;
            } catch (Exception e) {
                throw new NHINDException(e);
            }
        } catch (Throwable th) {
            closeDirContext(initialDirContext);
            throw th;
        }
    }

    protected InitialDirContext getDirContext(String str) throws Exception {
        InitialDirContext initialDirContext = null;
        Lookup lookupFactory = LookupFactory.getFactory().getInstance(new Name(str), 33);
        lookupFactory.setResolver(createExResolver((String[]) this.servers.toArray(new String[this.servers.size()]), 2, 3));
        Record[] run = lookupFactory.run();
        if (run != null && run.length > 0) {
            String createLDAPUrl = createLDAPUrl(run);
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", LDAP_FACTORY);
            hashtable.put("java.naming.provider.url", createLDAPUrl);
            hashtable.put("java.naming.security.authentication", "none");
            hashtable.put(LDAP_TIMEOUT, DEFAULT_LDAP_TIMEOUT);
            hashtable.put("java.naming.ldap.attributes.binary", "userCertificate, usercertificate");
            initialDirContext = new InitialDirContext(hashtable);
        }
        return initialDirContext;
    }

    protected String createLDAPUrl(Record[] recordArr) {
        StringBuilder sb = new StringBuilder();
        for (Record record : recordArr) {
            SRVRecord sRVRecord = (SRVRecord) record;
            if (sb.length() > 0) {
                sb.append(" ");
            }
            String name = sRVRecord.getTarget().toString();
            sb.append("ldap://" + (name.endsWith(".") ? name.substring(0, name.length() - 1) : name) + ":" + sRVRecord.getPort());
        }
        return sb.toString();
    }

    protected ExtendedResolver createExResolver(String[] strArr, int i, int i2) {
        ExtendedResolver extendedResolver = null;
        try {
            extendedResolver = new ExtendedResolver(strArr);
            extendedResolver.setRetries(i);
            extendedResolver.setTimeout(i2);
            extendedResolver.setTCP(false);
        } catch (UnknownHostException e) {
        }
        return extendedResolver;
    }

    protected List<String> getBaseNamingContexts(InitialDirContext initialDirContext) {
        ArrayList arrayList = new ArrayList();
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningObjFlag(true);
            searchControls.setSearchScope(0);
            searchControls.setReturningAttributes(new String[]{BASE_DN_ATTRIBUTE});
            NamingEnumeration search = initialDirContext.search("", "objectclass=*", searchControls);
            while (search != null && search.hasMore()) {
                Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
                if (attributes != null) {
                    NamingEnumeration all = attributes.get(BASE_DN_ATTRIBUTE).getAll();
                    while (all.hasMoreElements()) {
                        arrayList.add((String) all.nextElement());
                    }
                }
            }
            if (arrayList.isEmpty()) {
                LOGGER.warn("No base DNs could be located for LDAP context");
            }
        } catch (Exception e) {
            LOGGER.warn("ERROR looking up base DNs for LDAP context", e);
        }
        return arrayList;
    }

    protected SearchControls getDefaultSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningObjFlag(true);
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{CERT_ATTRIBUTE, CERT_ATTRIBUTE_BINARY});
        return searchControls;
    }

    protected void closeDirContext(DirContext dirContext) {
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e) {
            }
        }
    }
}
