package org.nuxeo.ecm.directory.ldap;

import java.io.IOException;
import java.io.Serializable;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SimpleTimeZone;
import javax.naming.LimitExceededException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.Blob;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.DataModel;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.RecoverableClientException;
import org.nuxeo.ecm.core.api.impl.DocumentModelListImpl;
import org.nuxeo.ecm.core.api.impl.blob.ByteArrayBlob;
import org.nuxeo.ecm.core.api.model.PropertyException;
import org.nuxeo.ecm.core.schema.types.Field;
import org.nuxeo.ecm.core.schema.types.Type;
import org.nuxeo.ecm.core.utils.SIDGenerator;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.directory.Directory;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.EntryAdaptor;
import org.nuxeo.ecm.directory.EntrySource;
import org.nuxeo.ecm.directory.PasswordHelper;
import org.nuxeo.ecm.directory.Reference;

/* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPSession.class */
public class LDAPSession extends BaseSession implements EntrySource {
    protected static final String MISSING_ID_LOWER_CASE = "lower";
    protected static final String MISSING_ID_UPPER_CASE = "upper";
    private static final Log log = LogFactory.getLog(LDAPSession.class);
    protected final String schemaName;
    protected final DirContext dirContext;
    protected final String idAttribute;
    protected final String idCase;
    protected final LDAPDirectory directory;
    protected final String searchBaseDn;
    protected final Set<String> emptySet = Collections.emptySet();
    protected final String sid = String.valueOf(SIDGenerator.next());
    protected final Map<String, Field> schemaFieldMap;
    protected String substringMatchType;
    protected final String rdnAttribute;
    protected final String rdnField;
    protected final String passwordHashAlgorithm;

    public LDAPSession(LDAPDirectory lDAPDirectory, DirContext dirContext) {
        this.directory = lDAPDirectory;
        this.dirContext = LdapRetryHandler.wrap(dirContext, lDAPDirectory.getServer().getRetries());
        this.idAttribute = lDAPDirectory.getFieldMapper().getBackendField(lDAPDirectory.getConfig().getIdField());
        this.idCase = lDAPDirectory.getConfig().getIdCase();
        this.schemaName = lDAPDirectory.getSchema();
        this.schemaFieldMap = lDAPDirectory.getSchemaFieldMap();
        this.searchBaseDn = lDAPDirectory.getConfig().getSearchBaseDn();
        this.substringMatchType = lDAPDirectory.getConfig().getSubstringMatchType();
        this.rdnAttribute = lDAPDirectory.getConfig().getRdnAttribute();
        this.rdnField = lDAPDirectory.getFieldMapper().getDirectoryField(this.rdnAttribute);
        this.passwordHashAlgorithm = lDAPDirectory.getConfig().getPasswordHashAlgorithmField();
        this.permissions = lDAPDirectory.getConfig().permissions;
    }

    public void setSubStringMatchType(String str) {
        this.substringMatchType = str;
    }

    public Directory getDirectory() {
        return this.directory;
    }

    public DirContext getContext() {
        return this.dirContext;
    }

    public DocumentModel createEntry(Map<String, Object> map) throws ClientException {
        if (!isCurrentUserAllowed("Write") || isReadOnly()) {
            return null;
        }
        LinkedList<String> linkedList = new LinkedList();
        try {
            String format = String.format("%s=%s,%s", this.rdnAttribute, map.get(this.rdnField), this.directory.getConfig().getCreationBaseDn());
            BasicAttributes basicAttributes = new BasicAttributes();
            Iterator<String> it = getMandatoryAttributes().iterator();
            while (it.hasNext()) {
                BasicAttribute basicAttribute = new BasicAttribute(it.next());
                basicAttribute.add(" ");
                basicAttributes.put(basicAttribute);
            }
            String[] creationClasses = this.directory.getConfig().getCreationClasses();
            if (creationClasses.length != 0) {
                BasicAttribute basicAttribute2 = new BasicAttribute("objectclass");
                for (String str : creationClasses) {
                    basicAttribute2.add(str);
                }
                basicAttributes.put(basicAttribute2);
            }
            for (String str2 : map.keySet()) {
                String backendField = this.directory.getFieldMapper().getBackendField(str2);
                if (backendField.equals(getPasswordField())) {
                    BasicAttribute basicAttribute3 = new BasicAttribute(backendField);
                    basicAttribute3.add(PasswordHelper.hashPassword((String) map.get(str2), this.passwordHashAlgorithm));
                    basicAttributes.put(basicAttribute3);
                } else if (this.directory.isReference(str2)) {
                    LDAPReference reference = this.directory.getReference(str2);
                    if (reference instanceof LDAPReference) {
                        BasicAttribute basicAttribute4 = new BasicAttribute(reference.getStaticAttributeId());
                        basicAttribute4.add(this.directory.getConfig().getEmptyRefMarker());
                        basicAttributes.put(basicAttribute4);
                    }
                    linkedList.add(str2);
                } else if (LDAPDirectory.DN_SPECIAL_ATTRIBUTE_KEY.equals(backendField)) {
                    log.warn(String.format("field %s is mapped to read only DN field: ignored", str2));
                } else {
                    Object obj = map.get(str2);
                    if (obj != null && !obj.equals("") && !Collections.emptyList().equals(obj)) {
                        basicAttributes.put(getAttributeValue(str2, obj));
                    }
                }
            }
            if (log.isDebugEnabled()) {
                String idField = this.directory.getConfig().getIdField();
                log.debug(String.format("LDAPSession.createEntry(%s=%s): LDAP bind dn='%s' attrs='%s' [%s]", idField, map.get(idField), format, basicAttributes, this));
            }
            this.dirContext.bind(format, (Object) null, basicAttributes);
            for (String str3 : linkedList) {
                this.directory.getReference(str3).addLinks((String) map.get(getIdField()), (List) map.get(str3));
            }
            String directoryField = this.directory.getFieldMapper().getDirectoryField(LDAPDirectory.DN_SPECIAL_ATTRIBUTE_KEY);
            if (this.directory.getSchemaFieldMap().containsKey(directoryField)) {
                map.put(directoryField, format);
            }
            this.directory.invalidateCaches();
            return fieldMapToDocumentModel(map);
        } catch (Exception e) {
            handleException(e, "createEntry failed");
            return null;
        }
    }

    public DocumentModel getEntry(String str) throws DirectoryException {
        return getEntry(str, true);
    }

    public DocumentModel getEntry(String str, boolean z) throws DirectoryException {
        if (isCurrentUserAllowed("Read")) {
            return this.directory.getCache().getEntry(str, this, z);
        }
        return null;
    }

    public DocumentModel getEntryFromSource(String str, boolean z) throws DirectoryException {
        try {
            SearchResult ldapEntry = getLdapEntry(str);
            if (ldapEntry == null) {
                return null;
            }
            return ldapResultToDocumentModel(ldapEntry, str, z);
        } catch (NamingException e) {
            throw new DirectoryException("getEntry failed: " + e.getMessage(), e);
        }
    }

    public boolean hasEntry(String str) throws DirectoryException {
        try {
            return getLdapEntry(str) != null;
        } catch (NamingException e) {
            throw new DirectoryException("hasEntry failed: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SearchResult getLdapEntry(String str) throws NamingException, DirectoryException {
        return getLdapEntry(str, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SearchResult getLdapEntry(String str, boolean z) throws NamingException {
        String nameInNamespace;
        if (StringUtils.isEmpty(str)) {
            log.warn("The application should not query for entries with an empty id => return no results");
            return null;
        }
        String format = this.directory.getBaseFilter().startsWith("(") ? String.format("(&(%s={0})%s)", this.idAttribute, this.directory.getBaseFilter()) : String.format("(&(%s={0})(%s))", this.idAttribute, this.directory.getBaseFilter());
        String[] strArr = {str};
        SearchControls searchControls = this.directory.getSearchControls(z);
        if (log.isDebugEnabled()) {
            log.debug(String.format("LDAPSession.getLdapEntry(%s, %s): LDAP search base='%s' filter='%s'  args='%s' scope='%s' [%s]", str, Boolean.valueOf(z), this.searchBaseDn, format, str, Integer.valueOf(searchControls.getSearchScope()), this));
        }
        try {
            NamingEnumeration search = this.dirContext.search(this.searchBaseDn, format, strArr, searchControls);
            if (!search.hasMore()) {
                log.debug("Entry not found: " + str);
                return null;
            }
            SearchResult searchResult = (SearchResult) search.next();
            try {
                nameInNamespace = searchResult.getNameInNamespace();
            } catch (UnsupportedOperationException e) {
            }
            if (search.hasMore()) {
                log.error(String.format("Unable to fetch entry for '%s': found more than one match, for instance: '%s' and '%s'", str, nameInNamespace, ((SearchResult) search.next()).getNameInNamespace()));
                return null;
            }
            if (log.isDebugEnabled()) {
                log.debug(String.format("LDAPSession.getLdapEntry(%s, %s): LDAP search base='%s' filter='%s'  args='%s' scope='%s' => found: %s [%s]", str, Boolean.valueOf(z), this.searchBaseDn, format, str, Integer.valueOf(searchControls.getSearchScope()), nameInNamespace, this));
            }
            return searchResult;
        } catch (NameNotFoundException e2) {
            log.error("Unexpected response from server while performing query: " + e2.getMessage(), e2);
            return null;
        }
    }

    public DocumentModelList getEntries() throws DirectoryException {
        try {
            SearchControls searchControls = this.directory.getSearchControls();
            if (log.isDebugEnabled()) {
                log.debug(String.format("LDAPSession.getEntries(): LDAP search base='%s' filter='%s'  args=* scope=%s [%s]", this.searchBaseDn, this.directory.getBaseFilter(), Integer.valueOf(searchControls.getSearchScope()), this));
            }
            return ldapResultsToDocumentModels(this.dirContext.search(this.searchBaseDn, this.directory.getBaseFilter(), searchControls), false);
        } catch (NamingException e) {
            throw new DirectoryException("getEntries failed", e);
        } catch (SizeLimitExceededException e2) {
            throw new org.nuxeo.ecm.directory.SizeLimitExceededException(e2);
        }
    }

    public void updateEntry(DocumentModel documentModel) throws ClientException {
        if (isCurrentUserAllowed("Write") && !isReadOnlyEntry(documentModel)) {
            ArrayList<String> arrayList = new ArrayList();
            LinkedList<String> linkedList = new LinkedList();
            try {
                DataModel dataModel = documentModel.getDataModel(this.schemaName);
                for (String str : this.schemaFieldMap.keySet()) {
                    if (dataModel.isDirty(str)) {
                        if (this.directory.isReference(str)) {
                            linkedList.add(str);
                        } else {
                            arrayList.add(str);
                        }
                    }
                }
                if (!isReadOnlyEntry(documentModel) && !arrayList.isEmpty()) {
                    BasicAttributes basicAttributes = new BasicAttributes();
                    SearchResult ldapEntry = getLdapEntry(documentModel.getId());
                    if (ldapEntry == null) {
                        throw new DirectoryException(documentModel.getId() + " not found");
                    }
                    Attributes attributes = ldapEntry.getAttributes();
                    String nameInNamespace = ldapEntry.getNameInNamespace();
                    BasicAttributes basicAttributes2 = new BasicAttributes();
                    for (String str2 : arrayList) {
                        Object property = documentModel.getProperty(this.schemaName, str2);
                        String backendField = this.directory.getFieldMapper().getBackendField(str2);
                        if (LDAPDirectory.DN_SPECIAL_ATTRIBUTE_KEY.equals(backendField)) {
                            log.warn(String.format("field %s is mapped to read only DN field: ignored", str2));
                        } else if (property == null || property.equals("")) {
                            if (getMandatoryAttributes(attributes.get("objectClass")).contains(backendField)) {
                                BasicAttribute basicAttribute = new BasicAttribute(backendField);
                                basicAttribute.add(" ");
                                basicAttributes.put(basicAttribute);
                            } else if (attributes.get(backendField) != null) {
                                BasicAttribute basicAttribute2 = new BasicAttribute(backendField);
                                basicAttribute2.add(attributes.get(backendField).get());
                                basicAttributes2.put(basicAttribute2);
                            }
                        } else if (str2.equals(getPasswordField())) {
                            BasicAttribute basicAttribute3 = new BasicAttribute(backendField);
                            basicAttribute3.add(PasswordHelper.hashPassword((String) property, this.passwordHashAlgorithm));
                            basicAttributes.put(basicAttribute3);
                        } else {
                            basicAttributes.put(getAttributeValue(str2, property));
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("LDAPSession.updateEntry(%s): LDAP modifyAttributes dn='%s' mod_op='REMOVE_ATTRIBUTE' attr='%s' [%s]", documentModel, nameInNamespace, basicAttributes2, this));
                    }
                    this.dirContext.modifyAttributes(nameInNamespace, 3, basicAttributes2);
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("LDAPSession.updateEntry(%s): LDAP modifyAttributes dn='%s' mod_op='REPLACE_ATTRIBUTE' attr='%s' [%s]", documentModel, nameInNamespace, basicAttributes, this));
                    }
                    this.dirContext.modifyAttributes(nameInNamespace, 2, basicAttributes);
                }
                for (String str3 : linkedList) {
                    this.directory.getReference(str3).setTargetIdsForSource(documentModel.getId(), (List) documentModel.getProperty(this.schemaName, str3));
                }
            } catch (Exception e) {
                handleException(e, "updateEntry failed:");
            }
            this.directory.invalidateCaches();
        }
    }

    protected void handleException(Exception exc, String str) throws ClientException {
        RecoverableClientException extractRecoverableException = this.directory.getConfig().getExceptionProcessor().extractRecoverableException(exc);
        if (extractRecoverableException == null) {
            throw new DirectoryException(str + " " + exc.getMessage(), exc);
        }
        throw extractRecoverableException;
    }

    public void deleteEntry(DocumentModel documentModel) throws ClientException {
        deleteEntry(documentModel.getId());
    }

    public void deleteEntry(String str) throws ClientException {
        if (isCurrentUserAllowed("Write") && !isReadOnly()) {
            try {
                for (String str2 : this.schemaFieldMap.keySet()) {
                    if (this.directory.isReference(str2)) {
                        this.directory.getReference(str2).removeLinksForSource(str);
                    }
                }
                SearchResult ldapEntry = getLdapEntry(str);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("LDAPSession.deleteEntry(%s): LDAP destroySubcontext dn='%s' [%s]", str, ldapEntry.getNameInNamespace(), this));
                }
                this.dirContext.destroySubcontext(ldapEntry.getNameInNamespace());
            } catch (Exception e) {
                handleException(e, "deleteEntry failed for: " + str);
            }
            this.directory.invalidateCaches();
        }
    }

    public void deleteEntry(String str, Map<String, String> map) throws ClientException {
        log.warn("Calling deleteEntry extended on LDAP directory");
        deleteEntry(str);
    }

    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, boolean z, Map<String, String> map2) throws DirectoryException {
        try {
            String[] strArr = new String[map.size()];
            String[] strArr2 = new String[map.size()];
            if (set == null) {
                set = Collections.emptySet();
            }
            int i = 0;
            for (String str : map.keySet()) {
                if (this.directory.isReference(str)) {
                    log.warn(str + " is a reference and will be ignored as a query criterion");
                } else {
                    String backendField = this.directory.getFieldMapper().getBackendField(str);
                    Serializable serializable = map.get(str);
                    StringBuilder sb = new StringBuilder();
                    sb.append("(");
                    if (serializable == null) {
                        sb.append("!(" + backendField + "=*)");
                    } else if (!"".equals(serializable)) {
                        sb.append(backendField + "=");
                        if (!set.contains(str)) {
                            sb.append("{" + i + "}");
                        } else if (LDAPSubstringMatchType.SUBFINAL.equals(this.substringMatchType)) {
                            sb.append("*{" + i + "}");
                        } else if (LDAPSubstringMatchType.SUBANY.equals(this.substringMatchType)) {
                            sb.append("*{" + i + "}*");
                        } else {
                            sb.append("{" + i + "}*");
                        }
                    } else if (set.contains(str)) {
                        sb.append(backendField + "=*");
                    } else {
                        sb.append("!(" + backendField + "=*)");
                    }
                    sb.append(")");
                    strArr[i] = sb.toString();
                    if (serializable != null && !"".equals(serializable)) {
                        if (serializable instanceof Blob) {
                            log.warn("Binary search is not supported");
                        } else {
                            strArr2[i] = serializable.toString();
                        }
                    }
                    i++;
                }
            }
            String str2 = "(&" + this.directory.getBaseFilter() + StringUtils.join(strArr) + ')';
            SearchControls searchControls = this.directory.getSearchControls();
            if (log.isDebugEnabled()) {
                log.debug(String.format("LDAPSession.query(...): LDAP search base='%s' filter='%s' args='%s' scope='%s' [%s]", this.searchBaseDn, str2, StringUtils.join(strArr2, ","), Integer.valueOf(searchControls.getSearchScope()), this));
            }
            try {
                List ldapResultsToDocumentModels = ldapResultsToDocumentModels(this.dirContext.search(this.searchBaseDn, str2, strArr2, searchControls), z);
                if (map2 != null && !map2.isEmpty()) {
                    this.directory.orderEntries(ldapResultsToDocumentModels, map2);
                }
                return ldapResultsToDocumentModels;
            } catch (NameNotFoundException e) {
                log.error("Unexpected response from server while performing query: " + e.getMessage(), e);
                return new DocumentModelListImpl();
            }
        } catch (NamingException e2) {
            throw new DirectoryException("executeQuery failed", e2);
        } catch (LimitExceededException e3) {
            throw new org.nuxeo.ecm.directory.SizeLimitExceededException(e3);
        }
    }

    public DocumentModelList query(Map<String, Serializable> map) throws DirectoryException {
        return query(map, this.emptySet, new HashMap());
    }

    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, Map<String, String> map2) throws DirectoryException {
        return query(map, set, false, map2);
    }

    public DocumentModelList query(Map<String, Serializable> map, Set<String> set, Map<String, String> map2, boolean z) throws DirectoryException {
        return query(map, set, z, map2);
    }

    public DocumentModelList query(Map<String, Serializable> map, Set<String> set) throws DirectoryException {
        return query(map, set, new HashMap());
    }

    public void close() throws DirectoryException {
        try {
            try {
                this.dirContext.close();
                this.directory.removeSession(this);
            } catch (NamingException e) {
                throw new DirectoryException("close failed", e);
            }
        } catch (Throwable th) {
            this.directory.removeSession(this);
            throw th;
        }
    }

    public List<String> getProjection(Map<String, Serializable> map, String str) throws DirectoryException {
        return getProjection(map, this.emptySet, str);
    }

    public List<String> getProjection(Map<String, Serializable> map, Set<String> set, String str) throws DirectoryException {
        ArrayList arrayList = new ArrayList();
        DocumentModelList query = query(map, set);
        String directoryField = this.directory.getFieldMapper().getDirectoryField(str);
        Iterator it = query.iterator();
        while (it.hasNext()) {
            try {
                Object property = ((DocumentModel) it.next()).getProperty(this.schemaName, directoryField);
                arrayList.add(property instanceof String ? (String) property : String.valueOf(property));
            } catch (ClientException e) {
                throw new DirectoryException(e);
            }
        }
        return arrayList;
    }

    protected DocumentModel fieldMapToDocumentModel(Map<String, Object> map) throws DirectoryException {
        try {
            DocumentModel createEntryModel = BaseSession.createEntryModel(this.sid, this.schemaName, String.valueOf(map.get(getIdField())), map, isReadOnly());
            EntryAdaptor entryAdaptor = this.directory.getConfig().getEntryAdaptor();
            if (entryAdaptor != null) {
                createEntryModel = entryAdaptor.adapt(this.directory, createEntryModel);
            }
            return createEntryModel;
        } catch (PropertyException e) {
            log.error(e, e);
            return null;
        }
    }

    protected Object getFieldValue(Attribute attribute, String str, String str2, boolean z) throws DirectoryException {
        Field field = this.schemaFieldMap.get(str);
        Type type = field.getType();
        Object defaultValue = field.getDefaultValue();
        String name = type.getName();
        if (attribute == null) {
            return defaultValue;
        }
        try {
            Object obj = attribute.get();
            if (obj == null) {
                return defaultValue;
            }
            String trim = obj.toString().trim();
            if ("string".equals(name)) {
                return trim;
            }
            if ("integer".equals(name) || "long".equals(name)) {
                if ("".equals(trim)) {
                    return defaultValue;
                }
                try {
                    return Long.valueOf(trim);
                } catch (NumberFormatException e) {
                    log.error(String.format("field %s of type %s has non-numeric value found on server: '%s' (ignoring and using default value instead)", str, name, trim));
                    return defaultValue;
                }
            }
            if (!type.isListType()) {
                if (!"date".equals(name)) {
                    if ("content".equals(name)) {
                        return new ByteArrayBlob((byte[]) obj);
                    }
                    throw new DirectoryException("Field type not supported in directories: " + name);
                }
                if ("".equals(trim)) {
                    return defaultValue;
                }
                try {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
                    simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
                    Date parse = simpleDateFormat.parse(trim);
                    Calendar calendar = Calendar.getInstance();
                    calendar.setTime(parse);
                    return calendar;
                } catch (ParseException e2) {
                    log.error(String.format("field %s of type %s has invalid value found on server: '%s' (ignoring and using default value instead)", str, name, trim));
                    return defaultValue;
                }
            }
            LinkedList linkedList = new LinkedList();
            NamingEnumeration namingEnumeration = null;
            try {
                try {
                    namingEnumeration = attribute.getAll();
                    while (namingEnumeration.hasMore()) {
                        linkedList.add(namingEnumeration.next().toString().trim());
                    }
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e3) {
                            log.error(e3, e3);
                        }
                    }
                    return linkedList;
                } catch (NamingException e4) {
                    Log log2 = log;
                    Object[] objArr = new Object[3];
                    objArr[0] = str;
                    objArr[1] = name;
                    objArr[2] = namingEnumeration != null ? namingEnumeration.toString() : trim;
                    log2.error(String.format("field %s of type %s has non list value found on server: '%s' (ignoring and using default value instead)", objArr));
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e5) {
                            log.error(e5, e5);
                        }
                    }
                    return defaultValue;
                }
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e6) {
                        log.error(e6, e6);
                    }
                }
                throw th;
            }
        } catch (NamingException e7) {
            throw new DirectoryException("Could not fetch value for " + attribute, e7);
        }
    }

    protected Attribute getAttributeValue(String str, Object obj) throws DirectoryException {
        Collection collection;
        BasicAttribute basicAttribute = new BasicAttribute(this.directory.getFieldMapper().getBackendField(str));
        Field field = this.schemaFieldMap.get(str);
        if (field == null) {
            throw new DirectoryException(String.format("Invalid field name '%s' for directory '%s' with schema '%s'", str, this.directory.getName(), this.directory.getSchema()));
        }
        Type type = field.getType();
        String name = type.getName();
        if ("string".equals(name)) {
            basicAttribute.add(obj);
        } else if ("integer".equals(name) || "long".equals(name)) {
            basicAttribute.add(obj.toString());
        } else if (type.isListType()) {
            if (obj instanceof String[]) {
                collection = Arrays.asList((String[]) obj);
            } else {
                if (!(obj instanceof Collection)) {
                    throw new DirectoryException(String.format("field %s with value %s does not match type %s", str, obj.toString(), type.getName()));
                }
                collection = (Collection) obj;
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                basicAttribute.add((String) it.next());
            }
        } else if ("date".equals(name)) {
            Date time = ((Calendar) obj).getTime();
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
            simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
            basicAttribute.add(simpleDateFormat.format(time));
        } else {
            if (!"content".equals(name)) {
                throw new DirectoryException("Field type not supported in directories: " + name);
            }
            try {
                basicAttribute.add(((Blob) obj).getByteArray());
            } catch (IOException e) {
                throw new DirectoryException("Failed to get ByteArray value", e);
            }
        }
        return basicAttribute;
    }

    protected DocumentModelList ldapResultsToDocumentModels(NamingEnumeration<SearchResult> namingEnumeration, boolean z) throws DirectoryException, NamingException {
        DocumentModelListImpl documentModelListImpl = new DocumentModelListImpl();
        if (!isCurrentUserAllowed("Read")) {
            return documentModelListImpl;
        }
        while (namingEnumeration.hasMore()) {
            try {
                try {
                    DocumentModel ldapResultToDocumentModel = ldapResultToDocumentModel((SearchResult) namingEnumeration.next(), null, z);
                    if (ldapResultToDocumentModel != null) {
                        documentModelListImpl.add(ldapResultToDocumentModel);
                    }
                } catch (SizeLimitExceededException e) {
                    if (documentModelListImpl.isEmpty()) {
                        throw e;
                    }
                    log.debug("SizeLimitExceededException caught, return truncated results. Original message: " + e.getMessage() + " explanation: " + e.getExplanation());
                    documentModelListImpl.setTotalSize(-2L);
                    namingEnumeration.close();
                }
            } catch (Throwable th) {
                namingEnumeration.close();
                throw th;
            }
        }
        namingEnumeration.close();
        log.debug("LDAP search returned " + documentModelListImpl.size() + " results");
        return documentModelListImpl;
    }

    protected DocumentModel ldapResultToDocumentModel(SearchResult searchResult, String str, boolean z) throws DirectoryException, NamingException {
        List<String> targetIdsForSource;
        Object obj;
        Attributes attributes = searchResult.getAttributes();
        String passwordField = getPasswordField();
        HashMap hashMap = new HashMap();
        Attribute attribute = attributes.get(this.idAttribute);
        if (attribute != null && (obj = attribute.get()) != null) {
            str = obj.toString();
        }
        String changeEntryIdCase = changeEntryIdCase(str, this.idCase);
        if (changeEntryIdCase == null) {
            return null;
        }
        for (String str2 : this.schemaFieldMap.keySet()) {
            Reference reference = this.directory.getReference(str2);
            if (reference == null) {
                String backendField = this.directory.getFieldMapper().getBackendField(str2);
                if (backendField.equals(LDAPDirectory.DN_SPECIAL_ATTRIBUTE_KEY)) {
                    try {
                        hashMap.put(str2, searchResult.getNameInNamespace());
                    } catch (UnsupportedOperationException e) {
                    }
                } else {
                    Attribute attribute2 = attributes.get(backendField);
                    if (!str2.equals(passwordField)) {
                        hashMap.put(str2, getFieldValue(attribute2, str2, changeEntryIdCase, z));
                    }
                }
            } else if (z) {
                if (reference instanceof LDAPReference) {
                    targetIdsForSource = ((LDAPReference) reference).getLdapTargetIds(attributes);
                } else if (reference instanceof LDAPTreeReference) {
                    targetIdsForSource = ((LDAPTreeReference) reference).getTargetIdsForSource(changeEntryIdCase);
                } else {
                    try {
                        targetIdsForSource = reference.getTargetIdsForSource(changeEntryIdCase);
                    } catch (ClientException e2) {
                        throw new DirectoryException(e2);
                    }
                }
                hashMap.put(str2, targetIdsForSource);
            } else {
                continue;
            }
        }
        String directoryField = this.directory.getFieldMapper().getDirectoryField(this.idAttribute);
        Object obj2 = hashMap.get(directoryField);
        if (obj2 == null) {
            hashMap.put(directoryField, changeEntryIdCase(changeEntryIdCase, this.directory.getConfig().missingIdFieldCase));
        } else if (obj2 instanceof String) {
            hashMap.put(directoryField, changeEntryIdCase((String) obj2, this.idCase));
        }
        return fieldMapToDocumentModel(hashMap);
    }

    protected String changeEntryIdCase(String str, String str2) {
        return MISSING_ID_LOWER_CASE.equals(str2) ? str.toLowerCase() : MISSING_ID_UPPER_CASE.equals(str2) ? str.toUpperCase() : str;
    }

    public boolean authenticate(String str, String str2) throws DirectoryException {
        if (str2 == null || "".equals(str2.trim())) {
            return false;
        }
        try {
            SearchResult ldapEntry = getLdapEntry(str);
            if (ldapEntry == null) {
                return false;
            }
            String nameInNamespace = ldapEntry.getNameInNamespace();
            Properties properties = (Properties) this.directory.getContextProperties().clone();
            properties.put("java.naming.security.principal", nameInNamespace);
            properties.put("java.naming.security.credentials", str2);
            InitialLdapContext initialLdapContext = null;
            try {
                try {
                    log.debug(String.format("LDAP bind dn='%s'", nameInNamespace));
                    initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
                    initialLdapContext.reconnect((Control[]) null);
                    log.debug("Bind succeeded, authentication ok");
                    if (initialLdapContext != null) {
                        try {
                            initialLdapContext.close();
                        } catch (NamingException e) {
                            log.error("Error closing authentication context when biding dn " + nameInNamespace, e);
                            return false;
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (initialLdapContext != null) {
                        try {
                            initialLdapContext.close();
                        } catch (NamingException e2) {
                            log.error("Error closing authentication context when biding dn " + nameInNamespace, e2);
                            return false;
                        }
                    }
                    throw th;
                }
            } catch (NamingException e3) {
                log.debug("Bind failed: " + e3.getMessage());
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e4) {
                        log.error("Error closing authentication context when biding dn " + nameInNamespace, e4);
                        return false;
                    }
                }
                return false;
            }
        } catch (NamingException e5) {
            throw new DirectoryException("failed to fetch the ldap entry for " + str, e5);
        }
    }

    public String getIdField() {
        return this.directory.getConfig().getIdField();
    }

    public String getPasswordField() {
        return this.directory.getConfig().getPasswordField();
    }

    public boolean isAuthenticating() throws DirectoryException {
        return this.schemaFieldMap.containsKey(getPasswordField());
    }

    public boolean isReadOnly() {
        return this.directory.getConfig().getReadOnly();
    }

    public boolean rdnMatchesIdField() {
        return this.directory.getConfig().rdnAttribute.equals(this.idAttribute);
    }

    /* JADX WARN: Finally extract failed */
    protected List<String> getMandatoryAttributes(Attribute attribute) throws DirectoryException {
        try {
            ArrayList arrayList = new ArrayList();
            DirContext schema = this.dirContext.getSchema("");
            ArrayList arrayList2 = new ArrayList();
            if (attribute == null) {
                arrayList2.addAll(Arrays.asList(this.directory.getConfig().getCreationClasses()));
            } else {
                NamingEnumeration namingEnumeration = null;
                try {
                    try {
                        NamingEnumeration all = attribute.getAll();
                        while (all.hasMore()) {
                            arrayList2.add(all.next().toString().trim());
                        }
                        if (all != null) {
                            all.close();
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            namingEnumeration.close();
                        }
                        throw th;
                    }
                } catch (NamingException e) {
                    throw new DirectoryException(e);
                }
            }
            arrayList2.remove("top");
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                Attribute attribute2 = schema.getAttributes("ClassDefinition/" + ((String) it.next())).get("MUST");
                if (attribute2 != null) {
                    NamingEnumeration all2 = attribute2.getAll();
                    while (all2.hasMore()) {
                        try {
                            arrayList.add((String) all2.next());
                        } catch (Throwable th2) {
                            all2.close();
                            throw th2;
                        }
                    }
                    all2.close();
                }
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new DirectoryException("getMandatoryAttributes failed", e2);
        }
    }

    protected List<String> getMandatoryAttributes() throws DirectoryException {
        return getMandatoryAttributes(null);
    }

    public String toString() {
        return String.format("LDAPSession '%s' for directory %s", this.sid, this.directory.getName());
    }

    public DocumentModel createEntry(DocumentModel documentModel) throws ClientException {
        Map properties = documentModel.getProperties(this.directory.getSchema());
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (str.contains(":")) {
                str = str.split(":")[1];
            }
            hashMap.put(str, entry.getValue());
        }
        return createEntry(hashMap);
    }
}
