package com.xpn.xwiki.plugin.ldap;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPConstraints;
import com.novell.ldap.LDAPDN;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPSearchResults;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.user.impl.LDAP.LDAPProfileXClass;
import java.io.UnsupportedEncodingException;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-4.5.3.jar:com/xpn/xwiki/plugin/ldap/XWikiLDAPConnection.class */
public class XWikiLDAPConnection {
    private static final Logger LOGGER = LoggerFactory.getLogger(XWikiLDAPConnection.class);
    private LDAPConnection connection;

    private int getTimeout(XWikiContext xWikiContext) {
        return XWikiLDAPConfig.getInstance().getLDAPTimeout(xWikiContext);
    }

    public LDAPConnection getConnection() {
        return this.connection;
    }

    public boolean open(String str, String str2, XWikiContext xWikiContext) throws XWikiLDAPException {
        boolean open;
        XWikiLDAPConfig xWikiLDAPConfig = XWikiLDAPConfig.getInstance();
        int lDAPPort = xWikiLDAPConfig.getLDAPPort(xWikiContext);
        String lDAPParam = xWikiLDAPConfig.getLDAPParam("ldap_server", "localhost", xWikiContext);
        String lDAPBindDN = xWikiLDAPConfig.getLDAPBindDN(str, str2, xWikiContext);
        String lDAPBindPassword = xWikiLDAPConfig.getLDAPBindPassword(str, str2, xWikiContext);
        if ("1".equals(xWikiLDAPConfig.getLDAPParam("ldap_ssl", "0", xWikiContext))) {
            String lDAPParam2 = xWikiLDAPConfig.getLDAPParam("ldap_ssl.keystore", "", xWikiContext);
            LOGGER.debug("Connecting to LDAP using SSL");
            open = open(lDAPParam, lDAPPort, lDAPBindDN, lDAPBindPassword, lDAPParam2, true, xWikiContext);
        } else {
            open = open(lDAPParam, lDAPPort, lDAPBindDN, lDAPBindPassword, null, false, xWikiContext);
        }
        return open;
    }

    public boolean open(String str, int i, String str2, String str3, String str4, boolean z, XWikiContext xWikiContext) throws XWikiLDAPException {
        int i2 = i;
        if (i2 <= 0) {
            i2 = z ? LDAPConnection.DEFAULT_SSL_PORT : 389;
        }
        try {
            if (z) {
                Security.addProvider(XWikiLDAPConfig.getInstance().getSecureProvider(xWikiContext));
                if (str4 != null && str4.length() > 0) {
                    System.setProperty("javax.net.ssl.trustStore", str4);
                }
                this.connection = new LDAPConnection(new LDAPJSSESecureSocketFactory());
            } else {
                this.connection = new LDAPConnection();
            }
            connect(str, i2);
            LDAPConstraints constraints = this.connection.getConstraints();
            constraints.setTimeLimit(getTimeout(xWikiContext));
            constraints.setReferralFollowing(true);
            constraints.setReferralHandler(new LDAPPluginReferralHandler(str2, str3, xWikiContext));
            this.connection.setConstraints(constraints);
            bind(str2, str3);
            return true;
        } catch (LDAPException e) {
            throw new XWikiLDAPException("LDAP bind failed with LDAPException.", e);
        } catch (UnsupportedEncodingException e2) {
            throw new XWikiLDAPException("LDAP bind failed with UnsupportedEncodingException.", e2);
        }
    }

    private void connect(String str, int i) throws LDAPException {
        LOGGER.debug("Connection to LDAP server [{}:{}]", str, Integer.valueOf(i));
        this.connection.connect(str, i);
    }

    public void bind(String str, String str2) throws UnsupportedEncodingException, LDAPException {
        LOGGER.debug("Binding to LDAP server with credentials login=[{}]", str);
        this.connection.bind(3, str, str2.getBytes("UTF8"));
    }

    public void close() {
        try {
            if (this.connection != null) {
                this.connection.disconnect();
            }
        } catch (LDAPException e) {
            LOGGER.debug("LDAP close failed.", (Throwable) e);
        }
    }

    public boolean checkPassword(String str, String str2) {
        return checkPassword(str, str2, "userPassword");
    }

    public boolean checkPassword(String str, String str2, String str3) {
        try {
            return this.connection.compare(str, new LDAPAttribute(str3, str2));
        } catch (LDAPException e) {
            if (e.getResultCode() == 32) {
                LOGGER.debug("Unable to locate user_dn [{}]", str, e);
                return false;
            }
            if (e.getResultCode() == 16) {
                LOGGER.debug("Unable to verify password because userPassword attribute not found.", (Throwable) e);
                return false;
            }
            LOGGER.debug("Unable to verify password", (Throwable) e);
            return false;
        }
    }

    public List<XWikiLDAPSearchAttribute> searchLDAP(String str, String str2, String[] strArr, int i) {
        ArrayList arrayList = null;
        LDAPSearchResults lDAPSearchResults = null;
        try {
            try {
                lDAPSearchResults = search(str, str2, strArr, i);
            } catch (LDAPException e) {
                LOGGER.debug("LDAP Search failed", (Throwable) e);
                if (lDAPSearchResults != null) {
                    try {
                        this.connection.abandon(lDAPSearchResults);
                    } catch (LDAPException e2) {
                        LOGGER.debug("LDAP Search clean up failed", (Throwable) e2);
                    }
                }
            }
            if (!lDAPSearchResults.hasMore()) {
                if (lDAPSearchResults != null) {
                    try {
                        this.connection.abandon(lDAPSearchResults);
                    } catch (LDAPException e3) {
                        LOGGER.debug("LDAP Search clean up failed", (Throwable) e3);
                    }
                }
                return null;
            }
            LDAPEntry next = lDAPSearchResults.next();
            String dn = next.getDN();
            arrayList = new ArrayList();
            arrayList.add(new XWikiLDAPSearchAttribute(LDAPProfileXClass.LDAP_XFIELD_DN, dn));
            ldapToXWikiAttribute(arrayList, next.getAttributeSet());
            if (lDAPSearchResults != null) {
                try {
                    this.connection.abandon(lDAPSearchResults);
                } catch (LDAPException e4) {
                    LOGGER.debug("LDAP Search clean up failed", (Throwable) e4);
                }
            }
            LOGGER.debug("LDAP search found attributes [{}]", arrayList);
            return arrayList;
        } catch (Throwable th) {
            if (lDAPSearchResults != null) {
                try {
                    this.connection.abandon(lDAPSearchResults);
                } catch (LDAPException e5) {
                    LOGGER.debug("LDAP Search clean up failed", (Throwable) e5);
                }
            }
            throw th;
        }
    }

    public LDAPSearchResults search(String str, String str2, String[] strArr, int i) throws LDAPException {
        if (LOGGER.isDebugEnabled()) {
            Logger logger = LOGGER;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = str2;
            objArr[2] = strArr != null ? Arrays.asList(strArr) : null;
            objArr[3] = Integer.valueOf(i);
            logger.debug("LDAP search: baseDN=[{}] query=[{}] attr=[{}] ldapScope=[{}]", objArr);
        }
        return this.connection.search(str, i, str2, strArr, false);
    }

    protected void ldapToXWikiAttribute(List<XWikiLDAPSearchAttribute> list, LDAPAttributeSet lDAPAttributeSet) {
        Iterator<E> it = lDAPAttributeSet.iterator();
        while (it.hasNext()) {
            LDAPAttribute lDAPAttribute = (LDAPAttribute) it.next();
            String name = lDAPAttribute.getName();
            LOGGER.debug("  - values for attribute [{}]", name);
            Enumeration stringValues = lDAPAttribute.getStringValues();
            if (stringValues != null) {
                while (stringValues.hasMoreElements()) {
                    String str = (String) stringValues.nextElement();
                    LOGGER.debug("    |- [{}]", str);
                    list.add(new XWikiLDAPSearchAttribute(name, str));
                }
            }
        }
    }

    public static String escapeLDAPDNValue(String str) {
        return StringUtils.isBlank(str) ? str : LDAPDN.escapeRDN("key=" + str).substring(4);
    }

    public static String escapeLDAPSearchFilter(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }
}
