package org.camunda.bpm.identity.impl.ldap;

import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.SortKey;
import org.camunda.bpm.engine.BadUserRequestException;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.GroupQuery;
import org.camunda.bpm.engine.identity.NativeUserQuery;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.TenantQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.identity.UserQuery;
import org.camunda.bpm.engine.impl.AbstractQuery;
import org.camunda.bpm.engine.impl.Direction;
import org.camunda.bpm.engine.impl.GroupQueryProperty;
import org.camunda.bpm.engine.impl.QueryOrderingProperty;
import org.camunda.bpm.engine.impl.UserQueryImpl;
import org.camunda.bpm.engine.impl.UserQueryProperty;
import org.camunda.bpm.engine.impl.context.Context;
import org.camunda.bpm.engine.impl.db.DbEntity;
import org.camunda.bpm.engine.impl.identity.IdentityProviderException;
import org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.entity.GroupEntity;
import org.camunda.bpm.engine.impl.persistence.entity.UserEntity;
import org.camunda.bpm.identity.impl.ldap.util.LdapPluginLogger;

/* loaded from: input_file:org/camunda/bpm/identity/impl/ldap/LdapIdentityProviderSession.class */
public class LdapIdentityProviderSession implements ReadOnlyIdentityProvider {
    protected LdapConfiguration ldapConfiguration;
    protected LdapClient ldapClient;

    public LdapIdentityProviderSession(LdapConfiguration ldapConfiguration) {
        this.ldapConfiguration = ldapConfiguration;
        this.ldapClient = new LdapClient(ldapConfiguration);
    }

    public void flush() {
    }

    public void close() {
        this.ldapClient.closeLdapCtx();
    }

    public User findUserById(String str) {
        return (User) m1createUserQuery(Context.getCommandContext()).userId(str).singleResult();
    }

    public UserQuery createUserQuery() {
        return new LdapUserQueryImpl(Context.getProcessEngineConfiguration().getCommandExecutorTxRequired(), this.ldapConfiguration);
    }

    /* renamed from: createUserQuery, reason: merged with bridge method [inline-methods] */
    public UserQueryImpl m1createUserQuery(CommandContext commandContext) {
        return new LdapUserQueryImpl(this.ldapConfiguration);
    }

    public NativeUserQuery createNativeUserQuery() {
        throw new BadUserRequestException("Native user queries are not supported for LDAP identity service provider.");
    }

    public long findUserCountByQueryCriteria(LdapUserQueryImpl ldapUserQueryImpl) {
        this.ldapClient.ensureContextInitialized();
        return findUserByQueryCriteria(ldapUserQueryImpl).size();
    }

    public List<User> findUserByQueryCriteria(LdapUserQueryImpl ldapUserQueryImpl) {
        this.ldapClient.ensureContextInitialized();
        if (ldapUserQueryImpl.getEmailLike() != null) {
            ldapUserQueryImpl.userEmailLike(ldapUserQueryImpl.getEmailLike().replaceAll(LdapConfiguration.DB_QUERY_WILDCARD, LdapConfiguration.LDAP_QUERY_WILDCARD));
        }
        if (ldapUserQueryImpl.getFirstNameLike() != null) {
            ldapUserQueryImpl.userFirstNameLike(ldapUserQueryImpl.getFirstNameLike().replaceAll(LdapConfiguration.DB_QUERY_WILDCARD, LdapConfiguration.LDAP_QUERY_WILDCARD));
        }
        if (ldapUserQueryImpl.getLastNameLike() != null) {
            ldapUserQueryImpl.userLastNameLike(ldapUserQueryImpl.getLastNameLike().replaceAll(LdapConfiguration.DB_QUERY_WILDCARD, LdapConfiguration.LDAP_QUERY_WILDCARD));
        }
        return ldapUserQueryImpl.getGroupId() != null ? findUsersByGroupId(ldapUserQueryImpl) : findUsersWithoutGroupId(ldapUserQueryImpl, composeDn(this.ldapConfiguration.getUserSearchBase(), this.ldapConfiguration.getBaseDn()), false);
    }

    protected boolean paginationContinues(int i, int i2) {
        return nextPageDetected() && i < i2;
    }

    protected List<User> findUsersByGroupId(LdapUserQueryImpl ldapUserQueryImpl) {
        String dnForGroup = getDnForGroup(ldapUserQueryImpl.getGroupId());
        String str = "(& " + this.ldapConfiguration.getGroupSearchFilter() + ")";
        initializeControls(ldapUserQueryImpl);
        ArrayList<String> arrayList = new ArrayList();
        int i = 0;
        do {
            LdapSearchResults search = this.ldapClient.search(dnForGroup, str);
            while (search.hasMoreElements()) {
                try {
                    NamingEnumeration<String> allMembers = LdapClient.getAllMembers(this.ldapConfiguration.getGroupMemberAttribute(), search);
                    if (allMembers != null) {
                        while (allMembers.hasMoreElements()) {
                            if (i >= ldapUserQueryImpl.getFirstResult()) {
                                arrayList.add((String) allMembers.nextElement());
                            }
                            i++;
                        }
                    }
                } catch (Throwable th) {
                    if (search != null) {
                        try {
                            search.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (search != null) {
                search.close();
            }
        } while (paginationContinues(arrayList.size(), ldapUserQueryImpl.getMaxResults()));
        ArrayList arrayList2 = new ArrayList();
        String composeDn = composeDn(this.ldapConfiguration.getUserSearchBase(), this.ldapConfiguration.getBaseDn());
        int i2 = 0;
        for (String str2 : arrayList) {
            if (arrayList2.size() < ldapUserQueryImpl.getMaxResults() && i2 >= ldapUserQueryImpl.getFirstResult()) {
                if (this.ldapConfiguration.isUsePosixGroups()) {
                    ldapUserQueryImpl.userId(str2);
                }
                List<User> findUsersWithoutGroupId = this.ldapConfiguration.isUsePosixGroups() ? findUsersWithoutGroupId(ldapUserQueryImpl, composeDn, true) : findUsersWithoutGroupId(ldapUserQueryImpl, str2, true);
                if (!findUsersWithoutGroupId.isEmpty()) {
                    arrayList2.add(findUsersWithoutGroupId.get(0));
                }
            }
            i2++;
        }
        return arrayList2;
    }

    public boolean checkPassword(String str, String str2) {
        if (str2 == null || str == null || str.isEmpty()) {
            return false;
        }
        if (!this.ldapConfiguration.isAllowAnonymousLogin() && str2.isEmpty()) {
            return false;
        }
        LdapUserEntity findUserById = findUserById(str);
        close();
        if (findUserById == null) {
            return false;
        }
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = this.ldapClient.openContext(findUserById.getDn(), str2);
                this.ldapClient.closeLdapCtx(ldapContext);
                return true;
            } catch (LdapAuthenticationException e) {
                if (!this.ldapConfiguration.isPasswordCheckCatchAuthenticationException()) {
                    throw e;
                }
                this.ldapClient.closeLdapCtx(ldapContext);
                return false;
            }
        } catch (Throwable th) {
            this.ldapClient.closeLdapCtx(ldapContext);
            throw th;
        }
    }

    protected String getUserSearchFilter(LdapUserQueryImpl ldapUserQueryImpl) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.write("(&");
        stringWriter.write(this.ldapConfiguration.getUserSearchFilter());
        if (ldapUserQueryImpl.getId() != null) {
            addFilter(this.ldapConfiguration.getUserIdAttribute(), escapeLDAPSearchFilter(ldapUserQueryImpl.getId()), stringWriter);
        }
        if (ldapUserQueryImpl.getIds() != null && ldapUserQueryImpl.getIds().length > 0) {
            stringWriter.write("(|");
            for (String str : ldapUserQueryImpl.getIds()) {
                addFilter(this.ldapConfiguration.getUserIdAttribute(), escapeLDAPSearchFilter(str), stringWriter);
            }
            stringWriter.write(")");
        }
        if (ldapUserQueryImpl.getEmail() != null) {
            addFilter(this.ldapConfiguration.getUserEmailAttribute(), ldapUserQueryImpl.getEmail(), stringWriter);
        }
        if (ldapUserQueryImpl.getEmailLike() != null) {
            addFilter(this.ldapConfiguration.getUserEmailAttribute(), ldapUserQueryImpl.getEmailLike(), stringWriter);
        }
        if (ldapUserQueryImpl.getFirstName() != null) {
            addFilter(this.ldapConfiguration.getUserFirstnameAttribute(), ldapUserQueryImpl.getFirstName(), stringWriter);
        }
        if (ldapUserQueryImpl.getFirstNameLike() != null) {
            addFilter(this.ldapConfiguration.getUserFirstnameAttribute(), ldapUserQueryImpl.getFirstNameLike(), stringWriter);
        }
        if (ldapUserQueryImpl.getLastName() != null) {
            addFilter(this.ldapConfiguration.getUserLastnameAttribute(), ldapUserQueryImpl.getLastName(), stringWriter);
        }
        if (ldapUserQueryImpl.getLastNameLike() != null) {
            addFilter(this.ldapConfiguration.getUserLastnameAttribute(), ldapUserQueryImpl.getLastNameLike(), stringWriter);
        }
        stringWriter.write(")");
        return stringWriter.toString();
    }

    protected boolean isAuthenticatedAndAuthorized(String str) {
        return isAuthenticatedUser(str) || isAuthorizedToRead(Resources.USER, str);
    }

    public List<User> findUsersWithoutGroupId(LdapUserQueryImpl ldapUserQueryImpl, String str, boolean z) {
        initializeControls(ldapUserQueryImpl);
        return retrieveResults(str, getUserSearchFilter(ldapUserQueryImpl), this::transformUser, this::isAuthenticatedAndAuthorized, ldapUserQueryImpl.getMaxResults(), ldapUserQueryImpl.getFirstResult(), z);
    }

    public Group findGroupById(String str) {
        return (Group) createGroupQuery(Context.getCommandContext()).groupId(str).singleResult();
    }

    public GroupQuery createGroupQuery() {
        return new LdapGroupQuery(Context.getProcessEngineConfiguration().getCommandExecutorTxRequired());
    }

    public GroupQuery createGroupQuery(CommandContext commandContext) {
        return new LdapGroupQuery();
    }

    public long findGroupCountByQueryCriteria(LdapGroupQuery ldapGroupQuery) {
        this.ldapClient.ensureContextInitialized();
        return findGroupByQueryCriteria(ldapGroupQuery).size();
    }

    protected boolean isAuthorizedToReadGroup(String str) {
        return isAuthorizedToRead(Resources.GROUP, str);
    }

    public List<Group> findGroupByQueryCriteria(LdapGroupQuery ldapGroupQuery) {
        if (ldapGroupQuery.getNameLike() != null) {
            ldapGroupQuery.groupNameLike(ldapGroupQuery.getNameLike().replaceAll(LdapConfiguration.DB_QUERY_WILDCARD, LdapConfiguration.LDAP_QUERY_WILDCARD));
        }
        this.ldapClient.ensureContextInitialized();
        String composeDn = composeDn(this.ldapConfiguration.getGroupSearchBase(), this.ldapConfiguration.getBaseDn());
        initializeControls(ldapGroupQuery);
        return retrieveResults(composeDn, getGroupSearchFilter(ldapGroupQuery), this::transformGroup, this::isAuthorizedToReadGroup, ldapGroupQuery.getMaxResults(), ldapGroupQuery.getFirstResult(), false);
    }

    protected String getGroupSearchFilter(LdapGroupQuery ldapGroupQuery) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.write("(&");
        stringWriter.write(this.ldapConfiguration.getGroupSearchFilter());
        if (ldapGroupQuery.getId() != null) {
            addFilter(this.ldapConfiguration.getGroupIdAttribute(), ldapGroupQuery.getId(), stringWriter);
        }
        if (ldapGroupQuery.getIds() != null && ldapGroupQuery.getIds().length > 0) {
            stringWriter.write("(|");
            for (String str : ldapGroupQuery.getIds()) {
                addFilter(this.ldapConfiguration.getGroupIdAttribute(), str, stringWriter);
            }
            stringWriter.write(")");
        }
        if (ldapGroupQuery.getName() != null) {
            addFilter(this.ldapConfiguration.getGroupNameAttribute(), ldapGroupQuery.getName(), stringWriter);
        }
        if (ldapGroupQuery.getNameLike() != null) {
            addFilter(this.ldapConfiguration.getGroupNameAttribute(), ldapGroupQuery.getNameLike(), stringWriter);
        }
        if (ldapGroupQuery.getUserId() != null) {
            addFilter(this.ldapConfiguration.getGroupMemberAttribute(), escapeLDAPSearchFilter(this.ldapConfiguration.isUsePosixGroups() ? ldapGroupQuery.getUserId() : getDnForUser(ldapGroupQuery.getUserId())), stringWriter);
        }
        stringWriter.write(")");
        return stringWriter.toString();
    }

    protected <E extends DbEntity, T> List<T> retrieveResults(String str, String str2, Function<SearchResult, E> function, Predicate<String> predicate, int i, int i2, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (LdapPluginLogger.INSTANCE.isDebugEnabled()) {
            sb.append("LDAP query results: [");
        }
        ArrayList arrayList = new ArrayList();
        int i3 = 0;
        do {
            LdapSearchResults search = this.ldapClient.search(str, str2);
            while (search.hasMoreElements() && (arrayList.size() < i || z)) {
                try {
                    SearchResult m3nextElement = search.m3nextElement();
                    E apply = function.apply(m3nextElement);
                    String id = apply.getId();
                    if (id == null || !predicate.test(id)) {
                        LdapPluginLogger.INSTANCE.invalidLdapEntityReturned(apply, m3nextElement);
                    } else {
                        if (i3 >= i2 || z) {
                            if (LdapPluginLogger.INSTANCE.isDebugEnabled()) {
                                sb.append(apply);
                                sb.append(" based on ");
                                sb.append(m3nextElement);
                                sb.append(", ");
                            }
                            arrayList.add(apply);
                        }
                        i3++;
                    }
                } catch (Throwable th) {
                    if (search != null) {
                        try {
                            search.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (search != null) {
                search.close();
            }
        } while (paginationContinues(arrayList.size(), i));
        if (LdapPluginLogger.INSTANCE.isDebugEnabled()) {
            sb.append("]");
            LdapPluginLogger.INSTANCE.queryResult(sb.toString());
        }
        return arrayList;
    }

    protected String getDnForUser(String str) {
        LdapUserEntity ldapUserEntity = (LdapUserEntity) m1createUserQuery(Context.getCommandContext()).userId(str).singleResult();
        return ldapUserEntity == null ? "" : ldapUserEntity.getDn();
    }

    protected String getDnForGroup(String str) {
        LdapGroupEntity ldapGroupEntity = (LdapGroupEntity) createGroupQuery(Context.getCommandContext()).groupId(str).singleResult();
        return ldapGroupEntity == null ? "" : ldapGroupEntity.getDn();
    }

    protected void addFilter(String str, String str2, StringWriter stringWriter) {
        stringWriter.write("(");
        stringWriter.write(str);
        stringWriter.write("=");
        stringWriter.write(str2);
        stringWriter.write(")");
    }

    protected UserEntity transformUser(SearchResult searchResult) {
        Attributes attributes = searchResult.getAttributes();
        LdapUserEntity ldapUserEntity = new LdapUserEntity();
        ldapUserEntity.setDn(searchResult.getNameInNamespace());
        ldapUserEntity.setId(LdapClient.getValue(this.ldapConfiguration.getUserIdAttribute(), attributes));
        ldapUserEntity.setFirstName(LdapClient.getValue(this.ldapConfiguration.getUserFirstnameAttribute(), attributes));
        ldapUserEntity.setLastName(LdapClient.getValue(this.ldapConfiguration.getUserLastnameAttribute(), attributes));
        ldapUserEntity.setEmail(LdapClient.getValue(this.ldapConfiguration.getUserEmailAttribute(), attributes));
        return ldapUserEntity;
    }

    protected GroupEntity transformGroup(SearchResult searchResult) {
        Attributes attributes = searchResult.getAttributes();
        LdapGroupEntity ldapGroupEntity = new LdapGroupEntity();
        ldapGroupEntity.setDn(searchResult.getNameInNamespace());
        ldapGroupEntity.setId(LdapClient.getValue(this.ldapConfiguration.getGroupIdAttribute(), attributes));
        ldapGroupEntity.setName(LdapClient.getValue(this.ldapConfiguration.getGroupNameAttribute(), attributes));
        ldapGroupEntity.setType(LdapClient.getValue(this.ldapConfiguration.getGroupTypeAttribute(), attributes));
        return ldapGroupEntity;
    }

    protected List<Control> getSortingControls(AbstractQuery<?, ?> abstractQuery) {
        ArrayList arrayList = new ArrayList();
        List<QueryOrderingProperty> orderingProperties = abstractQuery.getOrderingProperties();
        if (orderingProperties != null) {
            for (QueryOrderingProperty queryOrderingProperty : orderingProperties) {
                SortKey sortKey = getSortKey(abstractQuery, queryOrderingProperty.getQueryProperty().getName(), queryOrderingProperty);
                if (sortKey != null) {
                    LdapClient.addSortKey(sortKey, arrayList);
                }
            }
        }
        return arrayList;
    }

    protected SortKey getSortKey(AbstractQuery<?, ?> abstractQuery, String str, QueryOrderingProperty queryOrderingProperty) {
        if (!(abstractQuery instanceof LdapUserQueryImpl)) {
            if (!(abstractQuery instanceof LdapGroupQuery)) {
                return null;
            }
            if (GroupQueryProperty.GROUP_ID.getName().equals(str)) {
                return new SortKey(this.ldapConfiguration.getGroupIdAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
            }
            if (GroupQueryProperty.NAME.getName().equals(str)) {
                return new SortKey(this.ldapConfiguration.getGroupNameAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
            }
            return null;
        }
        if (UserQueryProperty.USER_ID.getName().equals(str)) {
            return new SortKey(this.ldapConfiguration.getUserIdAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
        }
        if (UserQueryProperty.EMAIL.getName().equals(str)) {
            return new SortKey(this.ldapConfiguration.getUserEmailAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
        }
        if (UserQueryProperty.FIRST_NAME.getName().equals(str)) {
            return new SortKey(this.ldapConfiguration.getUserFirstnameAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
        }
        if (UserQueryProperty.LAST_NAME.getName().equals(str)) {
            return new SortKey(this.ldapConfiguration.getUserLastnameAttribute(), Direction.ASCENDING.equals(queryOrderingProperty.getDirection()), (String) null);
        }
        return null;
    }

    protected String composeDn(String... strArr) {
        StringWriter stringWriter = new StringWriter();
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            String str = strArr[i];
            if (str != null && str.length() != 0) {
                if (str.endsWith(",")) {
                    str = str.substring(str.length() - 2, str.length() - 1);
                }
                if (str.startsWith(",")) {
                    str = str.substring(1);
                }
                String stringWriter2 = stringWriter.toString();
                if (!stringWriter2.endsWith(",") && stringWriter2.length() > 0) {
                    stringWriter.write(",");
                }
                stringWriter.write(str);
            }
        }
        return stringWriter.toString();
    }

    protected boolean isAuthenticatedUser(String str) {
        if (str == null) {
            return false;
        }
        return str.equalsIgnoreCase(Context.getCommandContext().getAuthenticatedUserId());
    }

    protected boolean isAuthorizedToRead(Resource resource, String str) {
        return !this.ldapConfiguration.isAuthorizationCheckEnabled() || Context.getCommandContext().getAuthorizationManager().isAuthorized(Permissions.READ, resource, str);
    }

    protected final String escapeLDAPSearchFilter(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    protected void initializeControls(AbstractQuery<?, ?> abstractQuery) {
        ArrayList arrayList = new ArrayList();
        if (this.ldapConfiguration.isSortControlSupported()) {
            arrayList.addAll(getSortingControls(abstractQuery));
        }
        try {
            if (isPaginationSupported()) {
                LdapClient.addPaginationControl(arrayList, null, getPageSize());
            }
            if (arrayList.isEmpty()) {
                return;
            }
            this.ldapClient.setRequestControls(arrayList);
        } catch (IdentityProviderException e) {
            if (arrayList.isEmpty()) {
                return;
            }
            this.ldapClient.setRequestControls(arrayList);
        } catch (Throwable th) {
            if (!arrayList.isEmpty()) {
                this.ldapClient.setRequestControls(arrayList);
            }
            throw th;
        }
    }

    protected boolean nextPageDetected() {
        PagedResultsResponseControl[] responseControls;
        if (!isPaginationSupported() || (responseControls = this.ldapClient.getResponseControls()) == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
            if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                byte[] cookie = pagedResultsResponseControl.getCookie();
                try {
                    LdapClient.addPaginationControl(arrayList, cookie, getPageSize());
                    z = cookie != null;
                } catch (IdentityProviderException e) {
                    return false;
                }
            }
        }
        if (!arrayList.isEmpty()) {
            this.ldapClient.setRequestControls(arrayList);
        }
        return z;
    }

    protected boolean isPaginationSupported() {
        return getPageSize() != null;
    }

    protected Integer getPageSize() {
        return this.ldapConfiguration.getPageSize();
    }

    public TenantQuery createTenantQuery() {
        return new LdapTenantQuery(Context.getProcessEngineConfiguration().getCommandExecutorTxRequired());
    }

    public TenantQuery createTenantQuery(CommandContext commandContext) {
        return new LdapTenantQuery();
    }

    public Tenant findTenantById(String str) {
        return null;
    }
}
