package org.nuxeo.ecm.directory.ldap;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.directory.AbstractDirectory;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.DirectoryFieldMapper;
import org.nuxeo.ecm.directory.Reference;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPDirectory.class */
public class LDAPDirectory extends AbstractDirectory {
    private static final Log log = LogFactory.getLog(LDAPDirectory.class);
    public static final String DN_SPECIAL_ATTRIBUTE_KEY = "dn";
    protected Properties contextProperties;
    protected volatile SearchControls idSearchControls;
    protected volatile SearchControls searchControls;
    protected final LDAPDirectoryFactory factory;
    protected String baseFilter;
    protected ContextProvider testServer;

    /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPDirectory$TrustingSSLSocketFactory.class */
    public static class TrustingSSLSocketFactory extends SSLSocketFactory {
        private SSLSocketFactory factory;

        /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPDirectory$TrustingSSLSocketFactory$TrustingSSLSocketFactoryHolder.class */
        private static class TrustingSSLSocketFactoryHolder {
            public static final TrustingSSLSocketFactory INSTANCE = new TrustingSSLSocketFactory();

            private TrustingSSLSocketFactoryHolder() {
            }
        }

        /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPDirectory$TrustingSSLSocketFactory$TrustingX509TrustManager.class */
        private class TrustingX509TrustManager implements X509TrustManager {
            private TrustingX509TrustManager() {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }

        public TrustingSSLSocketFactory() {
            try {
                SSLContext sSLContext = SSLContext.getDefault();
                sSLContext.init(null, new TrustManager[]{new TrustingX509TrustManager()}, new SecureRandom());
                this.factory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e) {
                throw new RuntimeException("Unable to register a trust manager:  ", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("Unable to initialize the SSL context:  ", e2);
            }
        }

        public static SocketFactory getDefault() {
            return TrustingSSLSocketFactoryHolder.INSTANCE;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.factory.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.factory.getSupportedCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            return this.factory.createSocket(socket, str, i, z);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return this.factory.createSocket(str, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            return this.factory.createSocket(inetAddress, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return this.factory.createSocket(str, i, inetAddress, i2);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            return this.factory.createSocket(inetAddress, i, inetAddress2, i2);
        }
    }

    public LDAPDirectory(LDAPDirectoryDescriptor lDAPDirectoryDescriptor) {
        super(lDAPDirectoryDescriptor, LDAPReference.class);
        if (StringUtils.isEmpty(lDAPDirectoryDescriptor.getSearchBaseDn())) {
            throw new DirectoryException("searchBaseDn configuration is missing for directory " + getName());
        }
        this.factory = (LDAPDirectoryFactory) Framework.getService(LDAPDirectoryFactory.class);
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public LDAPDirectoryDescriptor m1getDescriptor() {
        return (LDAPDirectoryDescriptor) this.descriptor;
    }

    public List<Reference> getReferences(String str) {
        initLDAPConfigIfNeeded();
        return (List) this.references.get(str);
    }

    protected void initLDAPConfigIfNeeded() {
        if (this.searchControls == null) {
            synchronized (this) {
                if (this.searchControls == null) {
                    initLDAPConfig();
                }
            }
        }
    }

    protected void initLDAPConfig() {
        LDAPDirectoryDescriptor m1getDescriptor = m1getDescriptor();
        initSchemaFieldMap();
        this.fieldMapper = new DirectoryFieldMapper(m1getDescriptor.fieldMapping);
        this.contextProperties = computeContextProperties();
        this.baseFilter = m1getDescriptor.getAggregatedSearchFilter();
        addReferences(m1getDescriptor.getLdapReferences());
        this.idSearchControls = computeIdSearchControls();
        this.searchControls = computeSearchControls();
        log.debug(String.format("initialized LDAP directory %s with fields [%s] and references [%s]", getName(), StringUtils.join(getSchemaFieldMap().keySet().toArray(), ", "), StringUtils.join(this.references.keySet().toArray(), ", ")));
    }

    protected Properties computeContextProperties() {
        LDAPDirectoryDescriptor m1getDescriptor = m1getDescriptor();
        Properties properties = new Properties();
        LDAPServerDescriptor server = getServer();
        if (null == server) {
            throw new DirectoryException("LDAP server configuration not found: " + m1getDescriptor.getServerName());
        }
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        String ldapUrls = server.getLdapUrls();
        if (ldapUrls == null) {
            throw new DirectoryException("Server LDAP URL configuration is missing for directory " + getName());
        }
        properties.put("java.naming.provider.url", ldapUrls);
        if (m1getDescriptor().getFollowReferrals()) {
            properties.put("java.naming.referral", "follow");
        } else {
            properties.put("java.naming.referral", "ignore");
        }
        if (server.getConnectionTimeout() > -1) {
            if (server.useSsl()) {
                log.warn("SSL connections do not operate correctly when used with the connection timeout parameter, disabling timout");
            } else {
                properties.put("com.sun.jndi.ldap.connect.timeout", Integer.toString(server.getConnectionTimeout()));
            }
        }
        String bindDn = server.getBindDn();
        if (bindDn != null) {
            properties.put("java.naming.security.principal", bindDn);
            properties.put("java.naming.security.credentials", server.getBindPassword());
        }
        if (server.isPoolingEnabled()) {
            properties.put("com.sun.jndi.ldap.connect.pool", "true");
            setSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl");
            setSystemProperty("com.sun.jndi.ldap.connect.pool.authentication", "none simple DIGEST-MD5");
            setSystemProperty("com.sun.jndi.ldap.connect.pool.timeout", Integer.toString(server.getPoolingTimeout()));
        }
        if (!server.isVerifyServerCert() && server.useSsl) {
            properties.put("java.naming.ldap.factory.socket", "org.nuxeo.ecm.directory.ldap.LDAPDirectory$TrustingSSLSocketFactory");
        }
        return properties;
    }

    protected void setSystemProperty(String str, String str2) {
        if (System.getProperty(str) == null) {
            System.setProperty(str, str2);
        }
    }

    public Properties getContextProperties() {
        return this.contextProperties;
    }

    protected SearchControls computeIdSearchControls() {
        LDAPDirectoryDescriptor m1getDescriptor = m1getDescriptor();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(m1getDescriptor.getSearchScope());
        searchControls.setReturningAttributes(new String[]{this.fieldMapper.getBackendField(getIdField())});
        searchControls.setCountLimit(m1getDescriptor.getQuerySizeLimit());
        searchControls.setTimeLimit(m1getDescriptor.getQueryTimeLimit());
        return searchControls;
    }

    protected SearchControls computeSearchControls() {
        LDAPDirectoryDescriptor m1getDescriptor = m1getDescriptor();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(m1getDescriptor.getSearchScope());
        HashSet hashSet = new HashSet();
        for (String str : getSchemaFieldMap().keySet()) {
            if (!this.references.containsKey(str)) {
                hashSet.add(this.fieldMapper.getBackendField(str));
            }
        }
        hashSet.add("objectClass");
        for (LDAPReference lDAPReference : getReferences()) {
            if (lDAPReference instanceof LDAPReference) {
                LDAPReference lDAPReference2 = lDAPReference;
                hashSet.add(lDAPReference2.getStaticAttributeId(this.fieldMapper));
                hashSet.add(lDAPReference2.getDynamicAttributeId());
                for (LDAPDynamicReferenceDescriptor lDAPDynamicReferenceDescriptor : lDAPReference2.getDynamicAttributes()) {
                    hashSet.add(lDAPDynamicReferenceDescriptor.baseDN);
                    hashSet.add(lDAPDynamicReferenceDescriptor.filter);
                }
            }
        }
        if (getPasswordField() != null) {
            hashSet.remove(getPasswordField());
        }
        searchControls.setReturningAttributes((String[]) hashSet.toArray(new String[hashSet.size()]));
        searchControls.setCountLimit(m1getDescriptor.getQuerySizeLimit());
        searchControls.setTimeLimit(m1getDescriptor.getQueryTimeLimit());
        return searchControls;
    }

    public SearchControls getIdSearchControls() {
        return this.idSearchControls;
    }

    public SearchControls getSearchControls() {
        return getSearchControls(false);
    }

    public SearchControls getSearchControls(boolean z) {
        if (!z) {
            return this.searchControls;
        }
        LDAPDirectoryDescriptor m1getDescriptor = m1getDescriptor();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(m1getDescriptor.getSearchScope());
        return searchControls;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DirContext createContext() {
        try {
            if (StringUtils.isEmpty(m1getDescriptor().getServerName())) {
                throw new DirectoryException("server configuration is missing for directory " + getName());
            }
            LDAPServerDescriptor server = getServer();
            if (server.isDynamicServerList()) {
                this.contextProperties.put("java.naming.provider.url", server.getLdapUrls());
            }
            return new InitialDirContext(this.contextProperties);
        } catch (NamingException e) {
            throw new DirectoryException("Cannot connect to LDAP directory '" + getName() + "': " + e.getMessage(), e);
        }
    }

    public LDAPServerDescriptor getServer() {
        return this.factory.getServer(m1getDescriptor().getServerName());
    }

    public Session getSession() {
        initLDAPConfigIfNeeded();
        LDAPSession lDAPSession = new LDAPSession(this);
        addSession(lDAPSession);
        return lDAPSession;
    }

    public String getBaseFilter() {
        String format = String.format("(%s=*)", getFieldMapper().getBackendField(getIdField()));
        return (this.baseFilter == null || "".equals(this.baseFilter)) ? format : this.baseFilter.startsWith("(") ? String.format("(&%s%s)", this.baseFilter, format) : String.format("(&(%s)%s)", this.baseFilter, format);
    }

    public String addBaseFilter(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add('(' + getFieldMapper().getBackendField(getIdField()) + "=*)");
        if (StringUtils.isNotBlank(this.baseFilter)) {
            if (!this.baseFilter.startsWith("(")) {
                this.baseFilter = '(' + this.baseFilter + ')';
            }
            arrayList.add(this.baseFilter);
        }
        if (StringUtils.isNotBlank(str)) {
            arrayList.add(str);
        }
        return "(&" + StringUtils.join(arrayList, "") + ')';
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ContextProvider getTestServer() {
        return this.testServer;
    }

    public void setTestServer(ContextProvider contextProvider) {
        this.testServer = contextProvider;
    }
}
