package io.confluent.security.auth.provider.ldap;

import com.yammer.metrics.core.MetricName;
import io.confluent.security.auth.provider.ldap.LdapConfig;
import io.confluent.security.auth.store.data.UserKey;
import io.confluent.security.auth.store.data.UserValue;
import io.confluent.security.auth.store.external.ExternalStoreListener;
import io.confluent.security.auth.utils.MetricsUtils;
import io.confluent.security.auth.utils.RetryBackoff;
import io.confluent.security.authorizer.provider.ProviderFailedException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.HasControls;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapGroupManager.class */
public class LdapGroupManager {
    private static final String METRIC_GROUP = "confluent.metadata";
    private static final int CLOSE_TIMEOUT_MS = 30000;
    private final LdapConfig config;
    private final Time time;
    private final LdapContextCreator contextCreator;
    private final Map<String, Set<String>> userGroupCache;
    private final ScheduledExecutorService executorService;
    private final ResultEntryConfig resultEntryConfig;
    private final SearchControls searchControls;
    private final RetryBackoff retryBackoff;
    private final AtomicLong failureStartMs;
    private final AtomicInteger retryCount;
    private final AtomicBoolean alive;
    private final PersistentSearch persistentSearch;
    private final ExternalStoreListener<UserKey, UserValue> listener;
    private final Set<MetricName> metricNames;
    private volatile LdapContext context;
    private volatile Future<?> searchFuture;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LdapGroupManager.class);
    private static final String METRIC_TYPE = LdapGroupManager.class.getSimpleName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapGroupManager$ChangeType.class */
    public enum ChangeType {
        ADD(1),
        DELETE(2),
        MODIFY(4),
        RENAME(8),
        UNKNOWN(-1);

        final int value;

        ChangeType(int i) {
            this.value = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapGroupManager$PersistentSearch.class */
    public static class PersistentSearch {
        final Control control;
        private Class<? extends Control> entryChangeResponseControlClass;
        private final Method changeTypeMethod;
        private final Method previousDnMethod;

        PersistentSearch() {
            try {
                this.control = (Control) Utils.loadClass("com.sun.jndi.ldap.PersistentSearchControl", Control.class).getConstructor(Integer.TYPE, Boolean.TYPE, Boolean.TYPE, Boolean.TYPE).newInstance(15, false, true, true);
                this.entryChangeResponseControlClass = Utils.loadClass("com.sun.jndi.ldap.EntryChangeResponseControl", Control.class);
                this.changeTypeMethod = this.entryChangeResponseControlClass.getMethod("getChangeType", new Class[0]);
                this.previousDnMethod = this.entryChangeResponseControlClass.getMethod("getPreviousDN", new Class[0]);
            } catch (Exception e) {
                throw new ConfigException("Persistent search could not be enabled", e);
            }
        }

        ChangeType changeType(Control control) {
            try {
                Integer num = (Integer) this.changeTypeMethod.invoke(control, new Object[0]);
                for (ChangeType changeType : ChangeType.values()) {
                    if (changeType.value == num.intValue()) {
                        return changeType;
                    }
                }
                return ChangeType.UNKNOWN;
            } catch (IllegalAccessException | InvocationTargetException e) {
                throw new LdapException("Could not get change type", e);
            }
        }

        String previousDn(Control control) {
            try {
                return (String) this.previousDnMethod.invoke(control, new Object[0]);
            } catch (IllegalAccessException | InvocationTargetException e) {
                throw new LdapException("Could not get change type", e);
            }
        }

        boolean isEntryChangeResponseControl(Control control) {
            return this.entryChangeResponseControlClass.isInstance(control);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapGroupManager$ResultEntry.class */
    public static class ResultEntry {
        final String name;
        final Set<String> members;

        ResultEntry(String str, Set<String> set) {
            this.name = str;
            this.members = set;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapGroupManager$ResultEntryConfig.class */
    public static class ResultEntryConfig {
        final String nameAttribute;
        final Pattern nameAttributePattern;
        final String memberAttribute;
        final Pattern memberAttributePattern;

        ResultEntryConfig(String str, Pattern pattern, String str2, Pattern pattern2) {
            this.nameAttribute = str;
            this.nameAttributePattern = pattern;
            this.memberAttribute = str2;
            this.memberAttributePattern = pattern2;
        }
    }

    public LdapGroupManager(LdapConfig ldapConfig, Time time) {
        this(ldapConfig, time, null);
    }

    public LdapGroupManager(LdapConfig ldapConfig, Time time, ExternalStoreListener<UserKey, UserValue> externalStoreListener) {
        this.config = ldapConfig;
        this.time = time;
        this.listener = externalStoreListener;
        this.contextCreator = new LdapContextCreator(ldapConfig);
        this.userGroupCache = new ConcurrentHashMap();
        this.persistentSearch = ldapConfig.persistentSearch ? new PersistentSearch() : null;
        this.searchControls = new SearchControls();
        switch (ldapConfig.searchMode) {
            case GROUPS:
                this.searchControls.setReturningAttributes(new String[]{ldapConfig.groupNameAttribute, ldapConfig.groupMemberAttribute});
                this.resultEntryConfig = new ResultEntryConfig(ldapConfig.groupNameAttribute, ldapConfig.groupNameAttributePattern, ldapConfig.groupMemberAttribute, ldapConfig.groupMemberAttributePattern);
                this.searchControls.setSearchScope(ldapConfig.groupSearchScope);
                break;
            case USERS:
                this.searchControls.setReturningAttributes(new String[]{ldapConfig.userNameAttribute, ldapConfig.userMemberOfAttribute});
                this.resultEntryConfig = new ResultEntryConfig(ldapConfig.userNameAttribute, ldapConfig.userNameAttributePattern, ldapConfig.userMemberOfAttribute, ldapConfig.userMemberOfAttributePattern);
                this.searchControls.setSearchScope(ldapConfig.userSearchScope);
                break;
            default:
                throw new IllegalArgumentException("Unsupported search mode " + ldapConfig.searchMode);
        }
        this.alive = new AtomicBoolean(true);
        this.failureStartMs = new AtomicLong(0L);
        this.retryCount = new AtomicInteger(0);
        this.retryBackoff = new RetryBackoff(ldapConfig.retryBackoffMs, ldapConfig.retryMaxBackoffMs);
        this.metricNames = new HashSet();
        this.metricNames.add(MetricsUtils.newGauge("confluent.metadata", METRIC_TYPE, "failure-start-seconds-ago", Collections.emptyMap(), () -> {
            return Long.valueOf(MetricsUtils.elapsedSeconds(time, this.failureStartMs.get()));
        }));
        this.executorService = Executors.newSingleThreadScheduledExecutor(runnable -> {
            Thread thread = new Thread(runnable, "ldap-group-manager");
            thread.setDaemon(true);
            return thread;
        });
        log.info("LDAP group manager created with config: {}", ldapConfig);
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0063 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x006d  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void start() {
        /*
            r6 = this;
            org.slf4j.Logger r0 = io.confluent.security.auth.provider.ldap.LdapGroupManager.log
            java.lang.String r1 = "Starting LDAP group manager"
            r0.trace(r1)
            r0 = 0
            r7 = r0
        Lc:
            r0 = r6
            io.confluent.security.auth.store.external.ExternalStoreListener<io.confluent.security.auth.store.data.UserKey, io.confluent.security.auth.store.data.UserValue> r0 = r0.listener     // Catch: java.lang.Throwable -> L35
            if (r0 == 0) goto L2a
            r0 = r6
            r1 = 0
            java.util.Set r0 = r0.searchAndProcessResults(r1)     // Catch: java.lang.Throwable -> L35
            r8 = r0
            r0 = r6
            io.confluent.security.auth.store.external.ExternalStoreListener<io.confluent.security.auth.store.data.UserKey, io.confluent.security.auth.store.data.UserValue> r0 = r0.listener     // Catch: java.lang.Throwable -> L35
            r0.start()     // Catch: java.lang.Throwable -> L35
            r0 = r6
            r1 = r8
            r0.removeDeletedEntries(r1)     // Catch: java.lang.Throwable -> L35
            goto L30
        L2a:
            r0 = r6
            r1 = 0
            java.util.Set r0 = r0.searchAndProcessResults(r1)     // Catch: java.lang.Throwable -> L35
        L30:
            r0 = 1
            r7 = r0
            goto L59
        L35:
            r8 = move-exception
            r0 = r6
            boolean r0 = r0.failed()     // Catch: java.lang.Throwable -> L4d
            if (r0 == 0) goto L3f
            r0 = r8
            throw r0     // Catch: java.lang.Throwable -> L4d
        L3f:
            r0 = r6
            r1 = r8
            int r0 = r0.processFailureAndGetBackoff(r1)     // Catch: java.lang.Throwable -> L4d
            r9 = r0
            r0 = r9
            long r0 = (long) r0     // Catch: java.lang.Throwable -> L4d
            java.lang.Thread.sleep(r0)     // Catch: java.lang.Throwable -> L4d
            goto L59
        L4d:
            r9 = move-exception
            io.confluent.security.auth.provider.ldap.LdapException r0 = new io.confluent.security.auth.provider.ldap.LdapException
            r1 = r0
            java.lang.String r2 = "Ldap group manager initialization failed"
            r3 = r9
            r1.<init>(r2, r3)
            throw r0
        L59:
            r0 = r6
            java.util.concurrent.atomic.AtomicBoolean r0 = r0.alive
            boolean r0 = r0.get()
            if (r0 != 0) goto L6d
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            r1 = r0
            java.lang.String r2 = "LDAP group manager has been shutdown"
            r1.<init>(r2)
            throw r0
        L6d:
            r0 = r7
            if (r0 == 0) goto Lc
            r0 = r6
            r0.onStartup()
            r0 = r6
            io.confluent.security.auth.provider.ldap.LdapConfig r0 = r0.config
            boolean r0 = r0.persistentSearch
            if (r0 == 0) goto L88
            r0 = r6
            r1 = 0
            r2 = 0
            r0.schedulePersistentSearch(r1, r2)
            goto L9c
        L88:
            r0 = r6
            r1 = r6
            io.confluent.security.auth.provider.ldap.LdapConfig r1 = r1.config
            int r1 = r1.refreshIntervalMs
            long r1 = (long) r1
            r2 = r6
            io.confluent.security.auth.provider.ldap.LdapConfig r2 = r2.config
            int r2 = r2.refreshIntervalMs
            long r2 = (long) r2
            r0.schedulePeriodicSearch(r1, r2)
        L9c:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: io.confluent.security.auth.provider.ldap.LdapGroupManager.start():void");
    }

    public void close() {
        this.alive.set(false);
        if (this.searchFuture != null) {
            this.searchFuture.cancel(true);
        }
        this.executorService.shutdownNow();
        try {
            this.executorService.awaitTermination(30000L, TimeUnit.MILLISECONDS);
        } catch (InterruptedException e) {
            log.debug("LdapGroupManager.close() was interrupted", (Throwable) e);
        }
        try {
            if (this.context != null) {
                this.context.close();
            }
        } catch (NamingException e2) {
            log.debug("Could not close LDAP context", e2);
        }
        MetricsUtils.removeMetrics(this.metricNames);
    }

    public Set<String> groups(String str) {
        if (!this.alive.get()) {
            throw new IllegalStateException("LDAP Group manager is not active");
        }
        if (failed()) {
            throw new ProviderFailedException("LDAP Group provider has failed");
        }
        return this.userGroupCache.getOrDefault(str, Collections.emptySet());
    }

    public boolean failed() {
        long j = this.failureStartMs.get();
        return j != 0 && this.time.milliseconds() > j + this.config.retryTimeoutMs;
    }

    private void resetFailure() {
        if (this.retryCount.getAndSet(0) != 0) {
            log.info("LDAP search succeeded, resetting failed status");
        }
        this.failureStartMs.set(0L);
        if (this.listener != null) {
            this.listener.resetFailure();
        }
    }

    private int processFailureAndGetBackoff(Throwable th) {
        if (!this.alive.get()) {
            return 0;
        }
        this.failureStartMs.compareAndSet(0L, this.time.milliseconds());
        if (failed()) {
            log.error("LDAP search failed. Configured retry timeout of " + this.config.retryTimeoutMs + " has expired without a successful search. All requests will fail authorization until the next successful search.", th);
            if (this.listener != null) {
                this.listener.fail("LDAP search failed with exception: " + th);
            }
        } else {
            log.error("LDAP search failed, search will be retried. Groups from the last successful search will continue to be applied until the configured retry timeout or the next successful search.", th);
        }
        try {
            if (this.searchFuture != null) {
                this.searchFuture.cancel(false);
            }
            if (this.context != null) {
                this.context.close();
            }
        } catch (Exception e) {
            log.error("Context could not be closed", (Throwable) e);
        }
        this.context = null;
        return this.retryBackoff.backoffMs(this.retryCount.getAndIncrement());
    }

    private void persistentSearch() throws NamingException, IOException {
        if (this.context == null) {
            this.context = this.contextCreator.createLdapContext();
        }
        try {
            this.context.setRequestControls(new Control[]{this.persistentSearch.control});
            this.searchControls.setTimeLimit(0);
            log.trace("Starting persistent search");
            NamingEnumeration<SearchResult> search = search(this.searchControls);
            resetFailure();
            while (this.alive.get()) {
                processPersistentSearchResults(search);
            }
        } catch (Exception e) {
            throw new LdapException("Request controls could not be created");
        }
    }

    private void schedulePersistentSearch(long j, boolean z) {
        log.trace("Scheduling persistent search, initialDelayMs={}, initializeCache={}", Long.valueOf(j), Boolean.valueOf(z));
        this.searchFuture = this.executorService.schedule(() -> {
            if (z) {
                try {
                    searchAndProcessResults();
                } catch (Throwable th) {
                    schedulePersistentSearch(processFailureAndGetBackoff(th), true);
                    return;
                }
            }
            persistentSearch();
        }, j, TimeUnit.MILLISECONDS);
    }

    private void schedulePeriodicSearch(long j, long j2) {
        log.trace("Scheduling periodic search with initialDelayMs={}, refreshIntervalMs {}", Long.valueOf(j), Long.valueOf(j2));
        this.searchFuture = this.executorService.scheduleWithFixedDelay(() -> {
            try {
                searchAndProcessResults();
            } catch (Throwable th) {
                schedulePeriodicSearch(processFailureAndGetBackoff(th), this.config.refreshIntervalMs);
            }
        }, j, j2, TimeUnit.MILLISECONDS);
    }

    protected Set<String> searchAndProcessResults() throws NamingException, IOException {
        return searchAndProcessResults(true);
    }

    protected Set<String> searchAndProcessResults(boolean z) throws NamingException, IOException {
        if (this.context == null) {
            this.context = this.contextCreator.createLdapContext();
            maybeSetPagingControl(null);
        }
        HashSet hashSet = new HashSet();
        byte[] bArr = null;
        do {
            hashSet.addAll(processFullSearchResults(search(this.searchControls)));
            resetFailure();
            PagedResultsResponseControl[] responseControls = this.context.getResponseControls();
            if (this.config.searchPageSize > 0 && responseControls != null) {
                int length = responseControls.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i];
                    if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                        PagedResultsResponseControl pagedResultsResponseControl2 = pagedResultsResponseControl;
                        bArr = pagedResultsResponseControl2.getCookie();
                        log.debug("Search returned page, totalSize {}", Integer.valueOf(pagedResultsResponseControl2.getResultSize()));
                        break;
                    }
                    log.debug("Ignoring response control {}", pagedResultsResponseControl);
                    i++;
                }
            }
            maybeSetPagingControl(bArr);
        } while (bArr != null);
        if (z) {
            removeDeletedEntries(hashSet);
        }
        log.debug("Search completed, group cache is {}", this.userGroupCache);
        return hashSet;
    }

    private void removeDeletedEntries(Set<String> set) {
        HashSet hashSet = new HashSet();
        if (this.config.searchMode == LdapConfig.SearchMode.USERS) {
            hashSet.addAll(this.userGroupCache.keySet());
        } else {
            Collection<Set<String>> values = this.userGroupCache.values();
            hashSet.getClass();
            values.forEach((v1) -> {
                r1.addAll(v1);
            });
        }
        hashSet.stream().filter(str -> {
            return !set.contains(str);
        }).forEach(this::processSearchResultDelete);
    }

    private void onUpdate(Set<String> set) {
        if (this.listener != null) {
            set.forEach(str -> {
                Set<String> set2 = this.userGroupCache.get(str);
                if (set2 != null) {
                    this.listener.update(userKey(str), userValue(set2));
                } else {
                    this.listener.delete(userKey(str));
                }
            });
        }
    }

    private void onStartup() {
        if (this.listener != null) {
            this.listener.initialize((Map) this.userGroupCache.entrySet().stream().collect(Collectors.toMap(entry -> {
                return userKey((String) entry.getKey());
            }, entry2 -> {
                return userValue((Set) entry2.getValue());
            })));
        }
    }

    private UserKey userKey(String str) {
        return new UserKey(new KafkaPrincipal("User", str));
    }

    private UserValue userValue(Set<String> set) {
        return new UserValue((Collection) set.stream().map(str -> {
            return new KafkaPrincipal("Group", str);
        }).collect(Collectors.toSet()));
    }

    private NamingEnumeration<SearchResult> search(SearchControls searchControls) throws NamingException {
        if (this.config.searchMode == LdapConfig.SearchMode.GROUPS) {
            log.trace("Searching groups with base {} filter {}: ", this.config.groupSearchBase, this.config.groupSearchFilter);
            return this.context.search(this.config.groupSearchBase, this.config.groupSearchFilter, searchControls);
        }
        log.trace("Searching users with base {} filter {}: ", this.config.userSearchBase, this.config.userSearchFilter);
        return this.context.search(this.config.userSearchBase, this.config.userSearchFilter, searchControls);
    }

    private Set<String> processFullSearchResults(NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        HashSet hashSet = new HashSet();
        while (namingEnumeration.hasMore()) {
            try {
                SearchResult searchResult = (SearchResult) namingEnumeration.next();
                log.trace("Processing full search result {}", searchResult);
                ResultEntry searchResultEntry = searchResultEntry(searchResult);
                if (searchResultEntry != null) {
                    hashSet.add(searchResultEntry.name);
                    processSearchResultModify(searchResultEntry);
                }
            } catch (PartialResultException e) {
                log.debug(Arrays.toString(e.getStackTrace()));
                if (!ignorePartialResultException()) {
                    throw e;
                }
            }
        }
        return hashSet;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:24:0x00aa. Please report as an issue. */
    private void processPersistentSearchResults(NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        while (namingEnumeration.hasMore()) {
            try {
                HasControls hasControls = (SearchResult) namingEnumeration.next();
                log.trace("Processing search result {}", hasControls);
                ResultEntry searchResultEntry = searchResultEntry(hasControls);
                if (searchResultEntry != null) {
                    Control control = null;
                    if (hasControls instanceof HasControls) {
                        for (Control control2 : hasControls.getControls()) {
                            if (this.persistentSearch.isEntryChangeResponseControl(control2)) {
                                control = control2;
                                log.debug("Entry change search response control {}", control2);
                            } else {
                                log.debug("Ignoring search response control {}", control2);
                            }
                        }
                    }
                    ChangeType changeType = control != null ? this.persistentSearch.changeType(control) : ChangeType.MODIFY;
                    switch (changeType) {
                        case ADD:
                        case MODIFY:
                            processSearchResultModify(searchResultEntry);
                            log.debug("Group cache after change notification is {}", this.userGroupCache);
                            break;
                        case DELETE:
                            processSearchResultDelete(searchResultEntry.name);
                            log.debug("Group cache after change notification is {}", this.userGroupCache);
                            break;
                        case RENAME:
                            String previousDn = this.persistentSearch.previousDn(control);
                            Pattern pattern = this.config.searchMode == LdapConfig.SearchMode.GROUPS ? this.config.groupDnNamePattern : this.config.userDnNamePattern;
                            String str = null;
                            if (pattern == null) {
                                for (Rdn rdn : new LdapName(previousDn).getRdns()) {
                                    if (this.resultEntryConfig.nameAttribute.equals(rdn.getType())) {
                                        str = (String) rdn.getValue();
                                    }
                                }
                            } else {
                                str = attributeValue(previousDn, pattern, "", "rename entry", this.config.searchMode);
                            }
                            if (str != null) {
                                processSearchResultDelete(str);
                            }
                            processSearchResultModify(searchResultEntry);
                            log.debug("Group cache after change notification is {}", this.userGroupCache);
                            break;
                        default:
                            throw new IllegalArgumentException("Unsupported response control type " + changeType);
                    }
                }
            } catch (PartialResultException e) {
                log.debug(Arrays.toString(e.getStackTrace()));
                if (!ignorePartialResultException()) {
                    throw e;
                }
                return;
            }
        }
    }

    private void processSearchResultModify(ResultEntry resultEntry) {
        HashSet hashSet = new HashSet();
        if (resultEntry != null) {
            if (this.config.searchMode == LdapConfig.SearchMode.GROUPS) {
                String str = resultEntry.name;
                Set<String> set = resultEntry.members;
                for (String str2 : set) {
                    Set<String> computeIfAbsent = this.userGroupCache.computeIfAbsent(str2, str3 -> {
                        return new HashSet();
                    });
                    if (!computeIfAbsent.contains(str)) {
                        computeIfAbsent.add(str);
                        hashSet.add(str2);
                    }
                }
                for (Map.Entry<String, Set<String>> entry : this.userGroupCache.entrySet()) {
                    String key = entry.getKey();
                    Set<String> value = entry.getValue();
                    if (value.contains(str) && !set.contains(key)) {
                        value.remove(str);
                        if (value.isEmpty()) {
                            this.userGroupCache.remove(key);
                        }
                        hashSet.add(key);
                    }
                }
            } else {
                String str4 = resultEntry.name;
                Set<String> set2 = resultEntry.members;
                Set<String> put = this.userGroupCache.put(str4, set2);
                if (put == null || !put.equals(set2)) {
                    hashSet.add(str4);
                }
            }
        }
        onUpdate(hashSet);
    }

    private void processSearchResultDelete(String str) {
        if (this.config.searchMode == LdapConfig.SearchMode.GROUPS) {
            processSearchResultModify(new ResultEntry(str, Collections.emptySet()));
        } else {
            this.userGroupCache.remove(str);
            onUpdate(Collections.singleton(str));
        }
    }

    private ResultEntry searchResultEntry(SearchResult searchResult) throws NamingException {
        String attributeValue;
        Attributes attributes = searchResult.getAttributes();
        Attribute attribute = attributes.get(this.resultEntryConfig.nameAttribute);
        if (attribute == null || (attributeValue = attributeValue(attribute.get(), this.resultEntryConfig.nameAttributePattern, "", "search result", this.config.searchMode)) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Attribute attribute2 = attributes.get(this.resultEntryConfig.memberAttribute);
        if (attribute2 != null) {
            NamingEnumeration all = attribute2.getAll();
            while (all.hasMore()) {
                String attributeValue2 = attributeValue(all.next(), this.resultEntryConfig.memberAttributePattern, attributeValue, "member", this.config.searchMode);
                if (attributeValue2 != null) {
                    hashSet.add(attributeValue2);
                }
            }
        }
        return new ResultEntry(attributeValue, hashSet);
    }

    private void maybeSetPagingControl(byte[] bArr) {
        try {
            if (this.config.searchPageSize > 0) {
                this.context.setRequestControls(new Control[]{new PagedResultsControl(this.config.searchPageSize, bArr, bArr != null)});
            }
        } catch (IOException | NamingException e) {
            log.warn("Paging control could not be set", (Throwable) e);
        }
    }

    private boolean ignorePartialResultException() {
        return this.config.ignorePartialResultException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String attributeValue(Object obj, Pattern pattern, String str, String str2, LdapConfig.SearchMode searchMode) {
        if (obj == null) {
            log.error("Ignoring null {} in LDAP {} {}", str2, searchMode, str);
            return null;
        }
        if (pattern == null) {
            return String.valueOf(obj);
        }
        Matcher matcher = pattern.matcher(obj.toString());
        if (matcher.matches()) {
            return matcher.group(1);
        }
        log.debug("Ignoring {} in LDAP {} {} that doesn't match pattern: {}", str2, searchMode, str, obj);
        return null;
    }
}
