package org.nuxeo.ecm.directory.ldap;

import com.sun.jndi.ldap.LdapURL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeSet;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SchemaViolationException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.xmap.annotation.XNode;
import org.nuxeo.common.xmap.annotation.XObject;
import org.nuxeo.ecm.directory.AbstractReference;
import org.nuxeo.ecm.directory.Directory;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.DirectoryFieldMapper;
import org.nuxeo.ecm.directory.Session;

@XObject("ldapReference")
/* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPReference.class */
public class LDAPReference extends AbstractReference {
    protected LDAPDirectoryDescriptor targetDirectoryDescriptor;
    private static final Log log = LogFactory.getLog(LDAPReference.class);
    public static final List<String> EMPTY_STRING_LIST = Collections.emptyList();

    @XNode("@forceDnConsistencyCheck")
    public Boolean forceDnConsistencyCheck = Boolean.FALSE;

    @XNode("@staticAttributeId")
    protected String staticAttributeId = null;

    @XNode("@dynamicAttributeId")
    protected String dynamicAttributeId = null;

    @XNode("@field")
    public void setFieldName(String str) {
        this.fieldName = str;
    }

    private LDAPFilterMatcher getFilterMatcher() {
        return new LDAPFilterMatcher();
    }

    public boolean isStatic() throws DirectoryException {
        return getStaticAttributeId() != null;
    }

    public String getStaticAttributeId() throws DirectoryException {
        return getStaticAttributeId(null);
    }

    public String getStaticAttributeId(DirectoryFieldMapper directoryFieldMapper) throws DirectoryException {
        if (this.staticAttributeId != null) {
            return this.staticAttributeId;
        }
        if (directoryFieldMapper == null) {
            directoryFieldMapper = getSourceDirectory().getFieldMapper();
        }
        String backendField = directoryFieldMapper.getBackendField(this.fieldName);
        if (this.fieldName.equals(backendField)) {
            return null;
        }
        log.warn(String.format("implicit static attribute definition through fieldMapping is deprecated, please update your setup with <ldapReference field=\"%s\" directory=\"%s\" staticAttributeId=\"%s\">", this.fieldName, this.sourceDirectoryName, backendField));
        return backendField;
    }

    public String getDynamicAttributeId() {
        return this.dynamicAttributeId;
    }

    public boolean isDynamic() {
        return this.dynamicAttributeId != null;
    }

    @XNode("@directory")
    public void setTargetDirectoryName(String str) {
        this.targetDirectoryName = str;
    }

    public Directory getSourceDirectory() throws DirectoryException {
        Directory sourceDirectory = super.getSourceDirectory();
        if (sourceDirectory instanceof LDAPDirectoryProxy) {
            return ((LDAPDirectoryProxy) sourceDirectory).getDirectory();
        }
        throw new DirectoryException(this.sourceDirectoryName + " is not a LDAPDirectory and thus cannot be used in a reference for " + this.fieldName);
    }

    public Directory getTargetDirectory() throws DirectoryException {
        Directory targetDirectory = super.getTargetDirectory();
        if (targetDirectory instanceof LDAPDirectoryProxy) {
            return ((LDAPDirectoryProxy) targetDirectory).getDirectory();
        }
        throw new DirectoryException(this.targetDirectoryName + " is not a LDAPDirectory and thus cannot be referenced as target by " + this.fieldName);
    }

    protected LDAPDirectory getTargetLDAPDirectory() throws DirectoryException {
        return getTargetDirectory();
    }

    protected LDAPDirectory getSourceLDAPDirectory() throws DirectoryException {
        return getSourceDirectory();
    }

    protected LDAPDirectoryDescriptor getTargetDirectoryDescriptor() throws DirectoryException {
        if (this.targetDirectoryDescriptor == null) {
            this.targetDirectoryDescriptor = getTargetLDAPDirectory().getConfig();
        }
        return this.targetDirectoryDescriptor;
    }

    public void addLinks(String str, List<String> list) throws DirectoryException {
        if (list.isEmpty()) {
            return;
        }
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId == null) {
            log.debug(String.format("trying to edit a non-static reference from %s in directory %s: ignoring", str, sourceDirectory.getName()));
            return;
        }
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        LDAPSession lDAPSession2 = (LDAPSession) sourceDirectory.getSession();
        try {
            try {
                if (!lDAPSession2.isReadOnly()) {
                    SearchResult ldapEntry = lDAPSession2.getLdapEntry(str);
                    if (ldapEntry == null) {
                        throw new DirectoryException(String.format("could not add links from unexisting %s in directory %s", str, sourceDirectory.getName()));
                    }
                    String nameInNamespace = ldapEntry.getNameInNamespace();
                    Attribute attribute = ldapEntry.getAttributes().get(staticAttributeId);
                    String emptyRefMarker = sourceDirectory.getConfig().getEmptyRefMarker();
                    BasicAttribute basicAttribute = new BasicAttribute(staticAttributeId);
                    for (String str2 : list) {
                        SearchResult ldapEntry2 = lDAPSession.getLdapEntry(str2);
                        if (ldapEntry2 == null) {
                            log.warn(String.format("entry %s in directory %s not found: could not add link from %s in directory %s", str2, targetDirectory.getName(), str, sourceDirectory.getName()));
                        } else {
                            String nameInNamespace2 = ldapEntry2.getNameInNamespace();
                            if (attribute == null || !attribute.contains(nameInNamespace2)) {
                                basicAttribute.add(nameInNamespace2);
                            }
                        }
                    }
                    if (basicAttribute.size() > 0) {
                        try {
                            BasicAttributes basicAttributes = new BasicAttributes();
                            basicAttributes.put(basicAttribute);
                            lDAPSession2.dirContext.modifyAttributes(nameInNamespace, 1, basicAttributes);
                            if (attribute.contains(emptyRefMarker)) {
                                lDAPSession2.dirContext.modifyAttributes(nameInNamespace, 3, new BasicAttributes(staticAttributeId, emptyRefMarker));
                            }
                        } catch (SchemaViolationException e) {
                            if (!isDynamic()) {
                                throw new DirectoryException(e);
                            }
                            log.warn(String.format("cannot update dynamic reference in field %s for source %s", getFieldName(), str));
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("addLinks failed: " + e2.getMessage(), e2);
            }
        } finally {
            lDAPSession2.close();
            lDAPSession.close();
        }
    }

    public void addLinks(List<String> list, String str) throws DirectoryException {
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId == null && !list.isEmpty()) {
            log.warn("trying to edit a non-static reference: ignoring");
            return;
        }
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession lDAPSession2 = (LDAPSession) sourceDirectory.getSession();
        String emptyRefMarker = sourceDirectory.getConfig().getEmptyRefMarker();
        try {
            try {
                if (!lDAPSession2.isReadOnly()) {
                    SearchResult ldapEntry = lDAPSession.getLdapEntry(str);
                    if (ldapEntry == null) {
                        throw new DirectoryException(String.format("could not add links to unexisting %s in directory %s", str, targetDirectory.getName()));
                    }
                    String nameInNamespace = ldapEntry.getNameInNamespace();
                    for (String str2 : list) {
                        SearchResult ldapEntry2 = lDAPSession2.getLdapEntry(str2);
                        if (ldapEntry2 == null) {
                            log.warn(String.format("entry %s in directory %s not found: could not add link to %s in directory %s", str2, sourceDirectory.getName(), str, targetDirectory.getName()));
                        } else {
                            String nameInNamespace2 = ldapEntry2.getNameInNamespace();
                            Attribute attribute = ldapEntry2.getAttributes().get(staticAttributeId);
                            try {
                                lDAPSession2.dirContext.modifyAttributes(nameInNamespace2, 1, new BasicAttributes(staticAttributeId, nameInNamespace));
                                if (attribute.contains(emptyRefMarker)) {
                                    lDAPSession2.dirContext.modifyAttributes(nameInNamespace2, 3, new BasicAttributes(staticAttributeId, emptyRefMarker));
                                }
                            } catch (SchemaViolationException e) {
                                if (!isDynamic()) {
                                    throw new DirectoryException(e);
                                }
                                log.warn(String.format("cannot add dynamic reference in field %s for target %s", getFieldName(), str));
                            }
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("addLinks failed: " + e2.getMessage(), e2);
            }
        } finally {
            lDAPSession2.close();
            lDAPSession.close();
        }
    }

    public List<String> getSourceIdsForTarget(String str) throws DirectoryException {
        Object obj;
        TreeSet treeSet = new TreeSet();
        SearchResult searchResult = null;
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId != null) {
            LDAPSession lDAPSession = (LDAPSession) getTargetLDAPDirectory().getSession();
            try {
                try {
                    searchResult = lDAPSession.getLdapEntry(str, true);
                    if (searchResult == null) {
                        throw new DirectoryException(str + " does not exist in " + this.targetDirectoryName);
                    }
                    String pseudoNormalizeDn = pseudoNormalizeDn(searchResult.getNameInNamespace());
                    lDAPSession.close();
                    LDAPDirectory sourceLDAPDirectory = getSourceLDAPDirectory();
                    String format = String.format("(&(%s={0})%s)", staticAttributeId, sourceLDAPDirectory.getBaseFilter());
                    String[] strArr = {pseudoNormalizeDn};
                    String searchBaseDn = sourceLDAPDirectory.getConfig().getSearchBaseDn();
                    lDAPSession = (LDAPSession) sourceLDAPDirectory.getSession();
                    try {
                        try {
                            NamingEnumeration search = lDAPSession.dirContext.search(searchBaseDn, format, strArr, sourceLDAPDirectory.getSearchControls());
                            while (search.hasMore()) {
                                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(lDAPSession.idAttribute);
                                if (attribute != null && (obj = attribute.get()) != null) {
                                    treeSet.add(obj.toString());
                                }
                            }
                            lDAPSession.close();
                        } catch (NamingException e) {
                            throw new DirectoryException("error during reference search for " + pseudoNormalizeDn, e);
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (NamingException e2) {
                throw new DirectoryException("error fetching " + str, e2);
            }
        }
        String str2 = this.dynamicAttributeId;
        if (str2 != null) {
            LDAPDirectory sourceLDAPDirectory2 = getSourceLDAPDirectory();
            LDAPDirectory targetLDAPDirectory = getTargetLDAPDirectory();
            String searchBaseDn2 = sourceLDAPDirectory2.getConfig().getSearchBaseDn();
            LDAPSession lDAPSession2 = (LDAPSession) sourceLDAPDirectory2.getSession();
            LDAPSession lDAPSession3 = (LDAPSession) targetLDAPDirectory.getSession();
            try {
                if (searchResult == null) {
                    try {
                        searchResult = lDAPSession3.getLdapEntry(str, true);
                    } catch (Exception e3) {
                        throw new DirectoryException("error during reference search for " + str, e3);
                    }
                }
                if (searchResult == null && searchResult == null) {
                    throw new DirectoryException(str + " does not exist in " + this.targetDirectoryName);
                }
                String pseudoNormalizeDn2 = pseudoNormalizeDn(searchResult.getNameInNamespace());
                Attributes attributes = searchResult.getAttributes();
                NamingEnumeration search2 = lDAPSession2.dirContext.search(searchBaseDn2, String.format("%s=*", str2), sourceLDAPDirectory2.getSearchControls());
                while (search2.hasMore()) {
                    Attributes attributes2 = ((SearchResult) search2.next()).getAttributes();
                    NamingEnumeration all = attributes2.get(str2).getAll();
                    while (all.hasMore()) {
                        LdapURL ldapURL = new LdapURL(all.next().toString());
                        if (pseudoNormalizeDn2.endsWith(ldapURL.getDN()) && (!"onelevel".equals(ldapURL.getScope()) || pseudoNormalizeDn2.split(",").length - ldapURL.getDN().split(",").length <= 1)) {
                            if (getFilterMatcher().match(attributes, ldapURL.getFilter())) {
                                treeSet.add(attributes2.get(lDAPSession2.idAttribute).get().toString());
                            }
                        }
                    }
                }
            } finally {
                lDAPSession2.close();
                lDAPSession3.close();
            }
        }
        return new ArrayList(treeSet);
    }

    public List<String> getTargetIdsForSource(String str) throws DirectoryException {
        Session session = getSourceDirectory().getSession();
        try {
            List<String> list = (List) session.getEntry(str).getProperty(getSourceDirectory().getSchema(), this.fieldName);
            session.close();
            return list;
        } catch (Throwable th) {
            session.close();
            throw th;
        }
    }

    protected static String pseudoNormalizeDn(String str) {
        return str.replaceAll(", ", ",").toLowerCase();
    }

    public List<String> getLdapTargetIds(Attributes attributes) throws DirectoryException {
        String obj;
        TreeSet treeSet = new TreeSet();
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectoryDescriptor targetDirectoryDescriptor = getTargetDirectoryDescriptor();
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        try {
            try {
                String pseudoNormalizeDn = pseudoNormalizeDn(targetDirectoryDescriptor.getSearchBaseDn());
                String staticAttributeId = getStaticAttributeId();
                Attribute attribute = null;
                if (staticAttributeId != null) {
                    attribute = attributes.get(staticAttributeId);
                }
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    String[] strArr = {lDAPSession.idAttribute};
                    while (all.hasMore()) {
                        String obj2 = all.next().toString();
                        if (pseudoNormalizeDn(obj2).endsWith(pseudoNormalizeDn)) {
                            String str = null;
                            if (lDAPSession.rdnMatchesIdField()) {
                                str = obj2.substring(obj2.indexOf("=") + 1, obj2.indexOf(",")).trim();
                            } else {
                                try {
                                    Attribute attribute2 = lDAPSession.dirContext.getAttributes(obj2, strArr).get(lDAPSession.idAttribute);
                                    if (attribute2 != null) {
                                        str = attribute2.get().toString();
                                    }
                                } catch (NamingException e) {
                                    log.error("could not find " + obj2);
                                }
                            }
                            if (this.forceDnConsistencyCheck.booleanValue() && !lDAPSession.hasEntry(str)) {
                                log.debug("ignoring: " + obj2 + " (not part of target directory)");
                            } else if (str != null) {
                                treeSet.add(str);
                            }
                        } else {
                            log.debug(String.format("ignoring: dn=%s (does not match %s)", obj2, pseudoNormalizeDn));
                        }
                    }
                }
                String str2 = this.dynamicAttributeId;
                Attribute attribute3 = null;
                if (str2 != null) {
                    attribute3 = attributes.get(str2);
                }
                if (attribute3 != null) {
                    NamingEnumeration all2 = attribute3.getAll();
                    while (all2.hasMore()) {
                        LdapURL ldapURL = new LdapURL(all2.next().toString());
                        String pseudoNormalizeDn2 = pseudoNormalizeDn(ldapURL.getDN());
                        String pseudoNormalizeDn3 = pseudoNormalizeDn(targetDirectoryDescriptor.getSearchBaseDn());
                        int i = "subtree".equalsIgnoreCase(ldapURL.getScope()) ? 2 : 1;
                        if (pseudoNormalizeDn2.endsWith(pseudoNormalizeDn3) || pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2)) {
                            if (!pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2) || pseudoNormalizeDn2.length() >= pseudoNormalizeDn3.length() || i != 1) {
                                SearchControls searchControls = new SearchControls();
                                searchControls.setSearchScope(Math.min(i, targetDirectoryDescriptor.getSearchScope()));
                                searchControls.setReturningAttributes(new String[]{lDAPSession.idAttribute});
                                String filter = ldapURL.getFilter();
                                String searchFilter = targetDirectoryDescriptor.getSearchFilter();
                                if (filter == null || filter.length() == 0) {
                                    filter = searchFilter;
                                } else if (searchFilter != null && searchFilter.length() > 0) {
                                    filter = String.format("(&(%s)(%s))", searchFilter, filter);
                                }
                                NamingEnumeration search = lDAPSession.dirContext.search(pseudoNormalizeDn2, filter, searchControls);
                                while (search.hasMore()) {
                                    Attribute attribute4 = ((SearchResult) search.next()).getAttributes().get(lDAPSession.idAttribute);
                                    if (attribute4 != null && (obj = attribute4.get().toString()) != null) {
                                        treeSet.add(obj);
                                    }
                                }
                            }
                        }
                    }
                }
                ArrayList arrayList = new ArrayList(treeSet);
                lDAPSession.close();
                return arrayList;
            } catch (NamingException e2) {
                throw new DirectoryException("error computing LDAP references", e2);
            }
        } catch (Throwable th) {
            lDAPSession.close();
            throw th;
        }
    }

    public void removeLinksForSource(String str) throws DirectoryException {
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession lDAPSession = (LDAPSession) sourceDirectory.getSession();
        String staticAttributeId = getStaticAttributeId();
        try {
            try {
                if (lDAPSession.isReadOnly() || staticAttributeId == null) {
                    return;
                }
                SearchResult ldapEntry = lDAPSession.getLdapEntry(str);
                if (ldapEntry == null) {
                    throw new DirectoryException(String.format("cannot edit the links hold by missing entry '%s' in directory '%s'", str, sourceDirectory.getName()));
                }
                String pseudoNormalizeDn = pseudoNormalizeDn(ldapEntry.getNameInNamespace());
                BasicAttribute basicAttribute = ldapEntry.getAttributes().get(staticAttributeId);
                if (basicAttribute == null) {
                    basicAttribute = new BasicAttribute(staticAttributeId);
                }
                BasicAttribute basicAttribute2 = new BasicAttribute(staticAttributeId);
                NamingEnumeration all = basicAttribute.getAll();
                String pseudoNormalizeDn2 = pseudoNormalizeDn(targetDirectory.getConfig().getSearchBaseDn());
                while (all.hasMore()) {
                    String pseudoNormalizeDn3 = pseudoNormalizeDn(all.next().toString());
                    if (pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2)) {
                        basicAttribute2.add(pseudoNormalizeDn3);
                    }
                }
                try {
                    if (basicAttribute2.size() == basicAttribute.size()) {
                        lDAPSession.dirContext.modifyAttributes(pseudoNormalizeDn, 2, new BasicAttributes(staticAttributeId, sourceDirectory.getConfig().getEmptyRefMarker()));
                    } else if (basicAttribute2.size() > 0) {
                        BasicAttributes basicAttributes = new BasicAttributes();
                        basicAttributes.put(basicAttribute2);
                        lDAPSession.dirContext.modifyAttributes(pseudoNormalizeDn, 3, basicAttributes);
                    }
                } catch (SchemaViolationException e) {
                    if (!isDynamic()) {
                        throw new DirectoryException(e);
                    }
                    log.warn(String.format("cannot remove dynamic reference in field %s for source %s", getFieldName(), str));
                }
                lDAPSession.close();
            } catch (NamingException e2) {
                throw new DirectoryException("removeLinksForSource failed: " + e2.getMessage(), e2);
            }
        } finally {
            lDAPSession.close();
        }
    }

    public void removeLinksForTarget(String str) throws DirectoryException {
        String pseudoNormalizeDn;
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession lDAPSession2 = (LDAPSession) sourceDirectory.getSession();
        String staticAttributeId = getStaticAttributeId();
        try {
            try {
                if (!lDAPSession2.isReadOnly()) {
                    SearchResult ldapEntry = lDAPSession.getLdapEntry(str);
                    if (ldapEntry == null) {
                        String rdnAttribute = targetDirectory.getConfig().getRdnAttribute();
                        if (!rdnAttribute.equals(lDAPSession.idAttribute)) {
                            log.warn(String.format("cannot remove links to missing entry %s in directory %s", str, targetDirectory.getName()));
                            lDAPSession2.close();
                            lDAPSession.close();
                            return;
                        }
                        pseudoNormalizeDn = String.format("%s=%s,%s", rdnAttribute, str, targetDirectory.getConfig().getSearchBaseDn());
                    } else {
                        pseudoNormalizeDn = pseudoNormalizeDn(ldapEntry.getNameInNamespace());
                    }
                    String format = String.format("(%s=%s)", staticAttributeId, pseudoNormalizeDn);
                    String baseFilter = sourceDirectory.getBaseFilter();
                    if (baseFilter != null && !"".equals(baseFilter)) {
                        format = String.format("(&(%s)(%s))", format, baseFilter);
                    }
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(sourceDirectory.getConfig().getSearchScope());
                    searchControls.setReturningAttributes(new String[]{staticAttributeId});
                    NamingEnumeration search = lDAPSession2.dirContext.search(lDAPSession2.searchBaseDn, format, searchControls);
                    BasicAttributes basicAttributes = new BasicAttributes(staticAttributeId, sourceDirectory.getConfig().getEmptyRefMarker());
                    while (search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        try {
                            if (searchResult.getAttributes().get(staticAttributeId).size() == 1) {
                                lDAPSession2.dirContext.modifyAttributes(searchResult.getNameInNamespace(), 1, basicAttributes);
                            }
                            BasicAttributes basicAttributes2 = new BasicAttributes();
                            BasicAttribute basicAttribute = new BasicAttribute(staticAttributeId);
                            basicAttribute.add(pseudoNormalizeDn);
                            basicAttributes2.put(basicAttribute);
                            lDAPSession2.dirContext.modifyAttributes(searchResult.getNameInNamespace(), 3, basicAttributes2);
                        } catch (SchemaViolationException e) {
                            if (!isDynamic()) {
                                throw new DirectoryException(e);
                            }
                            log.warn(String.format("cannot remove dynamic reference in field %s for target %s", getFieldName(), str));
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("removeLinksForTarget failed: " + e2.getMessage(), e2);
            }
        } finally {
            lDAPSession2.close();
            lDAPSession.close();
        }
    }

    public void setSourceIdsForTarget(String str, List<String> list) throws DirectoryException {
        removeLinksForTarget(str);
        addLinks(list, str);
    }

    public void setTargetIdsForSource(String str, List<String> list) throws DirectoryException {
        removeLinksForSource(str);
        addLinks(str, list);
    }
}
