package org.nuxeo.ecm.directory.ldap;

import com.sun.jndi.ldap.LdapURL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.nuxeo.common.xmap.annotation.XNode;
import org.nuxeo.common.xmap.annotation.XNodeList;
import org.nuxeo.common.xmap.annotation.XObject;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.ldap.dns.DNSServiceEntry;
import org.nuxeo.ecm.directory.ldap.dns.DNSServiceResolver;
import org.nuxeo.ecm.directory.ldap.dns.DNSServiceResolverImpl;

@XObject("server")
/* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPServerDescriptor.class */
public class LDAPServerDescriptor {
    public static final Log log = LogFactory.getLog(LDAPServerDescriptor.class);
    protected static final String LDAPS_SCHEME = "ldaps";
    protected static final String LDAP_SCHEME = "ldap";

    @XNode("@name")
    public String name;
    public String ldapUrls;
    public String bindDn;
    protected LinkedHashSet<LdapEntry> ldapEntries;

    @XNode("connectionTimeout")
    public int connectionTimeout = 10000;

    @XNode("poolingEnabled")
    public boolean poolingEnabled = true;

    @XNode("verifyServerCert")
    public boolean verifyServerCert = true;
    protected boolean isDynamicServerList = false;
    protected boolean useSsl = false;
    protected final DNSServiceResolver srvResolver = DNSServiceResolverImpl.getInstance();
    public String bindPassword = "";

    /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPServerDescriptor$LdapEntry.class */
    protected interface LdapEntry {
        String getUrl() throws NamingException;
    }

    /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPServerDescriptor$LdapEntryDescriptor.class */
    protected class LdapEntryDescriptor implements LdapEntry {
        protected LDAPUrlDescriptor url;

        public LdapEntryDescriptor(LDAPUrlDescriptor lDAPUrlDescriptor) {
            this.url = lDAPUrlDescriptor;
        }

        public String toString() {
            try {
                return getUrl();
            } catch (NamingException e) {
                LDAPServerDescriptor.log.error(e, e);
                return "[DNS lookup failed]";
            }
        }

        public boolean equals(Object obj) {
            if (obj instanceof LdapEntryDescriptor) {
                return this.url.equals(obj);
            }
            return false;
        }

        public int hashCode() {
            return this.url.hashCode();
        }

        @Override // org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor.LdapEntry
        public String getUrl() throws NamingException {
            return this.url.getValue();
        }
    }

    /* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPServerDescriptor$LdapEntryDomain.class */
    protected final class LdapEntryDomain extends LdapEntryDescriptor {
        protected final String domain;
        protected final boolean useSsl;

        public LdapEntryDomain(LDAPUrlDescriptor lDAPUrlDescriptor, String str, boolean z) {
            super(lDAPUrlDescriptor);
            this.domain = str;
            this.useSsl = z;
        }

        @Override // org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor.LdapEntryDescriptor, org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor.LdapEntry
        public String getUrl() throws NamingException {
            List<DNSServiceEntry> resolveLDAPDomainServers = LDAPServerDescriptor.this.getSRVResolver().resolveLDAPDomainServers(this.domain, this.url.getSrvPrefix());
            StringBuilder sb = new StringBuilder();
            for (DNSServiceEntry dNSServiceEntry : resolveLDAPDomainServers) {
                sb.append(this.useSsl ? "ldaps://" : "ldap://");
                sb.append(dNSServiceEntry);
                sb.append(' ');
            }
            return sb.toString().trim();
        }

        private LDAPServerDescriptor getOuterType() {
            return LDAPServerDescriptor.this;
        }

        @Override // org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor.LdapEntryDescriptor
        public int hashCode() {
            return (31 * ((31 * ((31 * super.hashCode()) + getOuterType().hashCode())) + (this.domain == null ? 0 : this.domain.hashCode()))) + (this.useSsl ? 1231 : 1237);
        }

        @Override // org.nuxeo.ecm.directory.ldap.LDAPServerDescriptor.LdapEntryDescriptor
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!super.equals(obj) || getClass() != obj.getClass()) {
                return false;
            }
            LdapEntryDomain ldapEntryDomain = (LdapEntryDomain) obj;
            if (!getOuterType().equals(ldapEntryDomain.getOuterType())) {
                return false;
            }
            if (this.domain == null) {
                if (ldapEntryDomain.domain != null) {
                    return false;
                }
            } else if (!this.domain.equals(ldapEntryDomain.domain)) {
                return false;
            }
            return this.useSsl == ldapEntryDomain.useSsl;
        }
    }

    public boolean isDynamicServerList() {
        return this.isDynamicServerList;
    }

    public String getName() {
        return this.name;
    }

    @XNode("bindDn")
    public void setBindDn(String str) {
        if (null == str || !str.trim().equals("")) {
            this.bindDn = str;
        } else {
            this.bindDn = null;
        }
    }

    public String getBindDn() {
        return this.bindDn;
    }

    @XNode("bindPassword")
    public void setBindPassword(String str) {
        if (str == null) {
            this.bindPassword = "";
        } else {
            this.bindPassword = str;
        }
    }

    public String getBindPassword() {
        return this.bindPassword;
    }

    public String getLdapUrls() {
        if (this.ldapUrls != null) {
            return this.ldapUrls;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<LdapEntry> it = this.ldapEntries.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(' ');
        }
        if (this.isDynamicServerList) {
            return sb.toString().trim();
        }
        String trim = sb.toString().trim();
        this.ldapUrls = trim;
        return trim;
    }

    @XNodeList(value = "ldapUrl", componentType = LDAPUrlDescriptor.class, type = LDAPUrlDescriptor[].class)
    public void setLdapUrls(LDAPUrlDescriptor[] lDAPUrlDescriptorArr) throws DirectoryException {
        if (lDAPUrlDescriptorArr == null) {
            throw new DirectoryException("At least one <ldapUrl/> server declaration is required");
        }
        this.ldapEntries = new LinkedHashSet<>();
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList(lDAPUrlDescriptorArr.length);
        for (LDAPUrlDescriptor lDAPUrlDescriptor : lDAPUrlDescriptorArr) {
            try {
                if (StringUtils.isEmpty(lDAPUrlDescriptor.getValue())) {
                    arrayList.add(lDAPUrlDescriptor.getValue());
                    this.ldapEntries.add(new LdapEntryDescriptor(lDAPUrlDescriptor));
                } else {
                    LdapURL ldapURL = new LdapURL(lDAPUrlDescriptor.getValue());
                    if (hashSet.add(lDAPUrlDescriptor)) {
                        this.useSsl = this.useSsl || ldapURL.useSsl();
                        if (ldapURL.getHost() == null) {
                            String convertDNtoFQDN = convertDNtoFQDN(ldapURL.getDN());
                            if (convertDNtoFQDN == null) {
                                throw new DirectoryException("Invalid LDAP SRV reference, this should be of the form ldap:///dc=example,dc=org");
                            }
                            try {
                                arrayList.addAll(discoverLdapServers(convertDNtoFQDN, ldapURL.useSsl(), lDAPUrlDescriptor.getSrvPrefix()));
                                this.ldapEntries.add(new LdapEntryDomain(lDAPUrlDescriptor, convertDNtoFQDN, ldapURL.useSsl()));
                                this.isDynamicServerList = true;
                            } catch (NamingException e) {
                                throw new DirectoryException(String.format("SRV record DNS lookup failed for %s.%s: %s", lDAPUrlDescriptor.getSrvPrefix(), convertDNtoFQDN, e.getMessage()), e);
                            }
                        } else {
                            arrayList.add(lDAPUrlDescriptor.getValue());
                            this.ldapEntries.add(new LdapEntryDescriptor(lDAPUrlDescriptor));
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException(e2);
            }
        }
        if (arrayList.isEmpty()) {
            throw new DirectoryException("No valid server urls returned from DNS query");
        }
    }

    public boolean useSsl() {
        return this.useSsl;
    }

    protected List<String> discoverLdapServers(String str, boolean z, String str2) throws NamingException {
        ArrayList arrayList = new ArrayList();
        for (DNSServiceEntry dNSServiceEntry : getSRVResolver().resolveLDAPDomainServers(str, str2)) {
            StringBuilder sb = z ? new StringBuilder("ldaps://") : new StringBuilder("ldap://");
            sb.append(dNSServiceEntry);
            arrayList.add(sb.toString());
        }
        return arrayList;
    }

    protected String convertDNtoFQDN(String str) throws DirectoryException {
        try {
            Enumeration all = new LdapDN(str).getAll();
            ArrayList arrayList = new ArrayList();
            while (all.hasMoreElements()) {
                String str2 = (String) all.nextElement();
                if (!str2.startsWith("dc=")) {
                    break;
                }
                arrayList.add(str2.substring(3));
            }
            Collections.reverse(arrayList);
            return StringUtils.join(arrayList, ".");
        } catch (InvalidNameException e) {
            throw new DirectoryException(e);
        }
    }

    public boolean isPoolingEnabled() {
        return this.poolingEnabled;
    }

    public boolean isVerifyServerCert() {
        return this.verifyServerCert;
    }

    public int getConnectionTimeout() {
        return this.connectionTimeout;
    }

    public void setConnectionTimeout(int i) {
        this.connectionTimeout = i;
    }

    protected DNSServiceResolver getSRVResolver() {
        return this.srvResolver;
    }
}
