package org.jahia.services.usermanager.ldap;

import com.sun.jndi.ldap.LdapURL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.naming.CannotProceedException;
import javax.naming.CommunicationException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NoInitialContextException;
import javax.naming.PartialResultException;
import javax.naming.ServiceUnavailableException;
import javax.naming.SizeLimitExceededException;
import javax.naming.TimeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import net.sf.ehcache.Element;
import org.apache.commons.lang.StringUtils;
import org.jahia.exceptions.JahiaException;
import org.jahia.exceptions.JahiaInitializationException;
import org.jahia.params.valves.CookieAuthConfig;
import org.jahia.services.SpringContextSingleton;
import org.jahia.services.cache.CacheHelper;
import org.jahia.services.cache.ModuleClassLoaderAwareCacheEntry;
import org.jahia.services.cache.ehcache.EhCacheProvider;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerProvider;
import org.jahia.services.usermanager.UserProperties;
import org.jahia.services.usermanager.UserProperty;
import org.jahia.services.usermanager.jcr.JCRUserManagerProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/services/usermanager/ldap/JahiaUserManagerLDAPProvider.class */
public class JahiaUserManagerLDAPProvider extends JahiaUserManagerProvider {
    public static final String FEATURE = "org.jahia.ldap";
    public static final String LDAP_USER_CACHE = "LDAPUsersCache";
    public static final String LDAP_NON_EXISTANT_USER_CACHE = "LDAPNonExistantUsersCache";
    public static final int ROOT_USER_ID = 0;
    public static final int GUEST_USER_ID = 1;
    private static Logger logger = LoggerFactory.getLogger(JahiaUserManagerLDAPProvider.class);
    public static String CONTEXT_FACTORY_PROP = "context.factory";
    public static String LDAP_URL_PROP = "url";
    public static String AUTHENTIFICATION_MODE_PROP = "authentification.mode";
    public static String PUBLIC_BIND_DN_PROP = "public.bind.dn";
    public static String PUBLIC_BIND_PASSWORD_PROP = "public.bind.password";
    public static String UID_SEARCH_ATTRIBUTE_PROP = "uid.search.attribute";
    public static String UID_SEARCH_NAME_PROP = "uid.search.name";
    public static String USERS_OBJECTCLASS_ATTRIBUTE = "search.objectclass";
    public static String LDAP_REFFERAL_PROP = "refferal";
    public static String SEARCH_COUNT_LIMIT_PROP = "search.countlimit";
    public static String SEARCH_WILDCARD_ATTRIBUTE_LIST = "search.wildcards.attributes";
    public static String LDAP_USERNAME_ATTRIBUTE = "username.attribute.map";
    public static String USE_CONNECTION_POOL = "ldap.connect.pool";
    public static String CONNECTION_TIMEOUT = "ldap.connect.timeout";
    public static final String DEFAULT_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public static final String DEFAULT_AUTHENTIFICATION_MODE = "simple";
    private Map<String, String> ldapProperties = null;
    private Map<String, String> defaultLdapProperties = null;
    private Map<String, String> mappedProperties = null;
    private List<String> searchWildCardAttributeList = null;
    private Ehcache userCache;
    private Ehcache nonExistantUserCache;
    private EhCacheProvider cacheProvider;
    private Map<String, String> overridenLdapProperties;
    private CookieAuthConfig cookieAuthConfig;
    private boolean postponePropertiesInit;
    private String keyPrefix;

    protected JahiaUserManagerLDAPProvider() throws JahiaException {
        initializeDefaults();
    }

    public void setCacheProvider(EhCacheProvider ehCacheProvider) {
        this.cacheProvider = ehCacheProvider;
    }

    public void setLdapProperties(Map<String, String> map) {
        this.overridenLdapProperties = map;
    }

    public void start() {
    }

    public void stop() {
    }

    public JahiaUser createUser(String str, String str2, Properties properties) {
        return null;
    }

    public boolean deleteUser(JahiaUser jahiaUser) {
        return false;
    }

    public int getNbUsers() {
        return -1;
    }

    public String getUrl() {
        return this.ldapProperties.get(LDAP_URL_PROP);
    }

    public List<String> getUserList() {
        ArrayList arrayList = new ArrayList();
        DirContext dirContext = null;
        try {
            try {
                dirContext = getPublicContext();
                Iterator<SearchResult> it = getUsers(dirContext, new Properties(), this.ldapProperties.get(UID_SEARCH_NAME_PROP), 2).iterator();
                while (it.hasNext()) {
                    JahiaLDAPUser ldapToJahiaUser = ldapToJahiaUser(it.next());
                    if (ldapToJahiaUser != null) {
                        arrayList.add(ldapToJahiaUser.getUserKey());
                    }
                }
                invalidateCtx(dirContext);
            } catch (NamingException e) {
                logger.warn("JNDI warning", e);
                arrayList = new ArrayList();
                invalidateCtx(dirContext);
            } catch (SizeLimitExceededException e2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Search generated more than configured maximum search limit, limiting to " + this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP) + " first results...");
                }
                invalidateCtx(dirContext);
            }
            return arrayList;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    public List<String> getUsernameList() {
        ArrayList arrayList = new ArrayList();
        DirContext dirContext = null;
        try {
            try {
                dirContext = getPublicContext();
                Iterator<SearchResult> it = getUsers(dirContext, new Properties(), this.ldapProperties.get(UID_SEARCH_NAME_PROP), 2).iterator();
                while (it.hasNext()) {
                    JahiaLDAPUser ldapToJahiaUser = ldapToJahiaUser(it.next());
                    if (ldapToJahiaUser != null) {
                        arrayList.add(ldapToJahiaUser.getUsername());
                    }
                }
                invalidateCtx(dirContext);
            } catch (NamingException e) {
                logger.warn("JNDI warning", e);
                arrayList = new ArrayList();
                invalidateCtx(dirContext);
            } catch (SizeLimitExceededException e2) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Search generated more than configured maximum search limit, limiting to " + this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP) + " first results...");
                }
                invalidateCtx(dirContext);
            }
            return arrayList;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    private List<SearchResult> getUsers(DirContext dirContext, Properties properties, String str, int i) throws NamingException {
        if (dirContext == null) {
            throw new NamingException("Context is null !");
        }
        if (properties == null) {
            properties = new Properties();
        }
        int parseInt = Integer.parseInt(this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP));
        if (properties.containsKey("countLimit")) {
            parseInt = Integer.parseInt((String) properties.get("countLimit"));
        }
        StringBuilder sb = new StringBuilder();
        if (properties.containsKey("ldap.url")) {
            String property = properties.getProperty("ldap.url");
            try {
                LdapURL ldapURL = new LdapURL(property);
                String dn = ldapURL.getDN();
                String filter = ldapURL.getFilter();
                int i2 = "one".equalsIgnoreCase(ldapURL.getScope()) ? 1 : "base".equalsIgnoreCase(ldapURL.getScope()) ? 0 : 2;
                if (properties.containsKey("user.key")) {
                    filter = "(&(" + this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP) + "=" + properties.get("user.key") + ")(" + ldapURL.getFilter() + "))";
                }
                return getUsers(dirContext, filter, dn, parseInt, i2);
            } catch (Exception e) {
                logger.error("Cannot get users for url : " + property);
                throw new PartialResultException("Cannot get users for url : " + property);
            }
        }
        sb.append("(&(objectClass=" + StringUtils.defaultString(this.ldapProperties.get(USERS_OBJECTCLASS_ATTRIBUTE), "*") + ")");
        Properties mapJahiaPropertiesToLDAP = mapJahiaPropertiesToLDAP(properties);
        String property2 = properties.getProperty(this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP));
        if (property2 != null) {
            mapJahiaPropertiesToLDAP.put(this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP), property2);
        }
        int size = properties.size();
        if (properties.containsKey("multi_criteria_search_op")) {
            size--;
        }
        if (properties.containsKey("countLimit")) {
            size--;
        }
        if (mapJahiaPropertiesToLDAP.size() < size) {
            return new ArrayList();
        }
        if (mapJahiaPropertiesToLDAP.size() > 1) {
            boolean z = true;
            if (properties.containsKey("multi_criteria_search_op") && ((String) properties.get("multi_criteria_search_op")).trim().toLowerCase().equals("and")) {
                z = false;
            }
            if (z) {
                sb.append("(|");
            } else {
                sb.append("(&");
            }
        }
        for (String str2 : mapJahiaPropertiesToLDAP.keySet()) {
            String replace = StringUtils.replace(StringUtils.replace(StringUtils.replace(mapJahiaPropertiesToLDAP.getProperty(str2), "\\", "\\5c"), "(", "\\28"), ")", "\\29");
            if (!"*".equals(str2)) {
                sb.append("(");
                sb.append(str2);
                sb.append("=");
                sb.append(replace);
                sb.append(")");
            } else if (this.searchWildCardAttributeList != null) {
                if (this.searchWildCardAttributeList.size() > 1) {
                    sb.append("(|");
                }
                for (String str3 : this.searchWildCardAttributeList) {
                    sb.append("(");
                    sb.append(str3);
                    sb.append("=");
                    sb.append(replace);
                    sb.append(")");
                }
                if (this.searchWildCardAttributeList.size() > 1) {
                    sb.append(")");
                }
            }
        }
        if (mapJahiaPropertiesToLDAP.size() > 1) {
            sb.append(")");
        }
        sb.append(")");
        return getUsers(dirContext, sb.toString(), str, parseInt, i);
    }

    private Properties mapJahiaPropertiesToLDAP(Properties properties) {
        if (properties.size() == 0) {
            return properties;
        }
        Properties properties2 = new Properties();
        if (properties.containsKey("*")) {
            properties2.setProperty("*", properties.getProperty("*"));
            if (properties.size() == 1) {
                return properties2;
            }
        }
        for (Map.Entry<String, String> entry : this.mappedProperties.entrySet()) {
            if (properties.getProperty(entry.getKey()) != null) {
                properties2.setProperty(entry.getValue(), (String) properties.get(entry.getKey()));
            }
        }
        return properties2;
    }

    public DirContext getPublicContext() throws NamingException {
        return connectToPublicDir();
    }

    private DirContext connectToPublicDir() throws NamingException {
        if (logger.isDebugEnabled()) {
            logger.debug("Attempting connection to LDAP repository on " + this.ldapProperties.get(LDAP_URL_PROP) + "...");
        }
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", StringUtils.defaultString(this.ldapProperties.get(CONTEXT_FACTORY_PROP), "com.sun.jndi.ldap.LdapCtxFactory"));
        hashtable.put("java.naming.provider.url", this.ldapProperties.get(LDAP_URL_PROP));
        hashtable.put("java.naming.security.authentication", StringUtils.defaultString(this.ldapProperties.get(AUTHENTIFICATION_MODE_PROP), "simple"));
        if (this.ldapProperties.get(PUBLIC_BIND_DN_PROP) != null) {
            hashtable.put("java.naming.security.principal", this.ldapProperties.get(PUBLIC_BIND_DN_PROP));
        }
        hashtable.put("java.naming.referral", StringUtils.defaultString(this.ldapProperties.get(LDAP_REFFERAL_PROP), "ignore"));
        hashtable.put("com.sun.jndi.ldap.connect.pool", StringUtils.defaultString(this.ldapProperties.get(USE_CONNECTION_POOL), "true"));
        String defaultString = StringUtils.defaultString(this.ldapProperties.get(CONNECTION_TIMEOUT), "-1");
        if (!defaultString.equals("-1") && !defaultString.equals("0")) {
            hashtable.put("com.sun.jndi.ldap.connect.timeout", defaultString);
        }
        if (this.ldapProperties.get(PUBLIC_BIND_PASSWORD_PROP) != null) {
            logger.debug("Using authentification mode to connect to public dir...");
            hashtable.put("java.naming.security.credentials", this.ldapProperties.get(PUBLIC_BIND_PASSWORD_PROP));
        }
        return new InitialDirContext(hashtable);
    }

    private JahiaLDAPUser ldapToJahiaUser(SearchResult searchResult) {
        return ldapToJahiaUser(searchResult.getAttributes(), searchResult.getName() + "," + this.ldapProperties.get(UID_SEARCH_NAME_PROP));
    }

    private List<SearchResult> getUsers(DirContext dirContext, String str, String str2, int i, int i2) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(i2);
        ArrayList arrayList = new ArrayList();
        searchControls.setCountLimit(i);
        if (logger.isDebugEnabled()) {
            logger.debug("Using filter string [" + str.toString() + "]...");
        }
        try {
            NamingEnumeration search = dirContext.search(str2, str.toString(), searchControls);
            while (search.hasMoreElements()) {
                arrayList.add(search.nextElement());
            }
        } catch (TimeLimitExceededException e) {
            logger.warn("Reconnection required", e);
        } catch (CannotProceedException e2) {
            logger.warn("Reconnection required", e2);
        } catch (CommunicationException e3) {
            logger.warn("Reconnection required", e3);
            throw e3;
        } catch (NoInitialContextException e4) {
            logger.warn("Reconnection required", e4);
        } catch (ServiceUnavailableException e5) {
            logger.warn("Reconnection required", e5);
            throw e5;
        } catch (SizeLimitExceededException e6) {
            logger.warn("User search generated more than configured maximum search limit, limiting to " + i + " first results...");
        }
        return arrayList;
    }

    public boolean login(String str, String str2) {
        String str3;
        JahiaLDAPUser lookupUserByKey;
        if ("".equals(str2)) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("Empty passwords are not authorized for LDAP login ! Failing user " + str + " login request.");
            return false;
        }
        try {
            try {
                lookupUserByKey = lookupUserByKey(str);
            } catch (CommunicationException e) {
                logger.warn("CommunicationException", e);
                logger.debug("Invalidating connection to public LDAP context...");
                str3 = null;
                invalidateCtx(null);
            } catch (NamingException e2) {
                logger.warn("Login failed for user " + str + ", active debug log level for more informations");
                if (logger.isDebugEnabled()) {
                    logger.debug("Login refused, server message : " + e2.getMessage());
                }
                str3 = null;
                invalidateCtx(null);
            }
            if (lookupUserByKey == null) {
                logger.warn("Couldn't lookup LDAP user by key " + str + ", aborting login.");
                invalidateCtx(null);
                return false;
            }
            str3 = lookupUserByKey.getDN();
            DirContext connectToPrivateDir = connectToPrivateDir(str3, str2);
            if (connectToPrivateDir == null) {
                str3 = null;
            }
            invalidateCtx(connectToPrivateDir);
            return str3 != null;
        } catch (Throwable th) {
            invalidateCtx(null);
            throw th;
        }
    }

    public boolean loginByDN(String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("Empty passwords are not authorized for LDAP login ! Failing user with DN=" + str + " login request.");
            return false;
        }
        boolean z = false;
        DirContext dirContext = null;
        try {
            try {
                dirContext = connectToPrivateDir(str, str2);
                z = dirContext != null;
                invalidateCtx(dirContext);
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Login refused, server message : " + e.getMessage());
                }
                invalidateCtx(dirContext);
            } catch (CommunicationException e2) {
                logger.warn(e2.getMessage(), e2);
                invalidateCtx(dirContext);
            }
            return z;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    private DirContext connectToPrivateDir(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", StringUtils.defaultString(this.ldapProperties.get(CONTEXT_FACTORY_PROP), "com.sun.jndi.ldap.LdapCtxFactory"));
        hashtable.put("java.naming.provider.url", this.ldapProperties.get(LDAP_URL_PROP));
        hashtable.put("java.naming.security.authentication", StringUtils.defaultString(this.ldapProperties.get(AUTHENTIFICATION_MODE_PROP), "simple"));
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        return new InitialDirContext(hashtable);
    }

    private void invalidateCtx(DirContext dirContext) {
        if (dirContext == null) {
            logger.debug("Context passed is null, ignoring it...");
            return;
        }
        try {
            dirContext.close();
        } catch (Exception e) {
            logger.warn(e.getMessage(), e);
        }
    }

    public JahiaUser lookupUserByKey(String str, String str2) {
        if (!str.startsWith(this.keyPrefix)) {
            return null;
        }
        String str3 = getKey() + "k" + str;
        JahiaLDAPUser jahiaLDAPUser = (JahiaUser) CacheHelper.getObjectValue(this.userCache, str3);
        if (jahiaLDAPUser == null) {
            if (this.nonExistantUserCache.get(str3) != null) {
                return null;
            }
            try {
                jahiaLDAPUser = lookupUserInLDAP(removeKeyPrefix(str), str2);
                if (jahiaLDAPUser != null) {
                    cachePut(str3, jahiaLDAPUser);
                    cachePut(getKey() + "n" + jahiaLDAPUser.getUsername(), jahiaLDAPUser);
                    cachePut(getKey() + "d" + jahiaLDAPUser.getDN(), jahiaLDAPUser);
                } else {
                    this.nonExistantUserCache.put(new Element(str3, true));
                }
            } catch (CommunicationException e) {
                logger.warn("Communications exception detected while trying to load user " + str + ". Returning null and not caching in non existant user cache", e);
                return null;
            } catch (ServiceUnavailableException e2) {
                logger.warn("Service unavailable detected while trying to load user " + str + ". Returning null and not caching in non existant user cache", e2);
                return null;
            }
        }
        return jahiaLDAPUser;
    }

    private JahiaLDAPUser lookupUserInLDAP(String str, String str2) throws ServiceUnavailableException, CommunicationException {
        JahiaLDAPUser jahiaLDAPUser;
        SearchResult publicUser;
        DirContext dirContext = null;
        try {
            try {
                try {
                    dirContext = getPublicContext();
                    publicUser = getPublicUser(dirContext, str2, str);
                } catch (CommunicationException e) {
                    throw e;
                } catch (ServiceUnavailableException e2) {
                    throw e2;
                }
            } catch (NamingException e3) {
                logger.warn("JNDI warning", e3);
                jahiaLDAPUser = null;
                invalidateCtx(dirContext);
            } catch (SizeLimitExceededException e4) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Search generated more than configured maximum search limit, limiting to " + this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP) + " first results...");
                }
                jahiaLDAPUser = null;
                invalidateCtx(dirContext);
            }
            if (publicUser == null) {
                invalidateCtx(dirContext);
                return null;
            }
            jahiaLDAPUser = ldapToJahiaUser(publicUser);
            invalidateCtx(dirContext);
            return jahiaLDAPUser;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    public JahiaLDAPUser lookupUserFromDN(String str) {
        JahiaUser jahiaUser;
        if (logger.isDebugEnabled()) {
            logger.debug("Lookup user from dn " + str);
        }
        String str2 = getKey() + "d" + str;
        JahiaLDAPUser jahiaLDAPUser = (JahiaLDAPUser) CacheHelper.getObjectValue(this.userCache, str2);
        if (jahiaLDAPUser != null) {
            return jahiaLDAPUser;
        }
        if (this.nonExistantUserCache.get(str2) != null) {
            return null;
        }
        try {
            try {
                DirContext publicContext = getPublicContext();
                jahiaUser = ldapToJahiaUser(getUser(publicContext, str), str);
                if (jahiaUser != null) {
                    cachePut(str2, jahiaUser);
                    cachePut(getKey() + "k" + jahiaUser.getUserKey(), jahiaUser);
                    cachePut(getKey() + "n" + jahiaUser.getUsername(), jahiaUser);
                } else {
                    this.nonExistantUserCache.put(new Element(str2, true));
                }
                invalidateCtx(publicContext);
            } catch (NamingException e) {
                logger.warn("JNDI warning", e);
                jahiaUser = null;
                invalidateCtx(null);
            } catch (NameNotFoundException e2) {
                jahiaUser = null;
                this.nonExistantUserCache.put(new Element(str2, true));
                invalidateCtx(null);
            }
            return jahiaUser;
        } catch (Throwable th) {
            invalidateCtx(null);
            throw th;
        }
    }

    private Attributes getUser(DirContext dirContext, String str) throws NamingException {
        Attributes attributes = null;
        if (str != null) {
            try {
                if (str.indexOf(47) != -1) {
                    str = StringUtils.replace(str, "/", "\\/");
                }
            } catch (ServiceUnavailableException e) {
                logger.debug("Reconnection required", e);
            } catch (NoInitialContextException e2) {
                logger.debug("Reconnection required", e2);
            } catch (CommunicationException e3) {
                logger.debug("Reconnection required", e3);
            } catch (CannotProceedException e4) {
                logger.debug("Reconnection required", e4);
            } catch (TimeLimitExceededException e5) {
                logger.debug("Reconnection required", e5);
            }
        }
        attributes = dirContext.getAttributes(str);
        return attributes;
    }

    private JahiaLDAPUser ldapToJahiaUser(Attributes attributes, String str) {
        JahiaLDAPUser jahiaLDAPUser = null;
        UserProperties userProperties = new UserProperties();
        String str2 = null;
        NamingEnumeration all = attributes.getAll();
        while (all.hasMoreElements()) {
            Attribute attribute = (Attribute) all.nextElement();
            String id = attribute.getID();
            StringBuilder sb = new StringBuilder();
            try {
                NamingEnumeration all2 = attribute.getAll();
                while (all2.hasMoreElements()) {
                    Object nextElement = all2.nextElement();
                    if (nextElement instanceof String) {
                        sb.append((String) nextElement);
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Converting attribute <" + id + "> from class " + nextElement.getClass().toString() + " to String...");
                        }
                        sb.append(nextElement);
                    }
                    sb.append('\n');
                }
            } catch (NamingException e) {
                logger.warn("JNDI warning", e);
                sb = new StringBuilder();
            }
            String sb2 = sb.toString();
            if (sb2.endsWith("\n")) {
                sb2 = sb2.substring(0, sb2.length() - 1);
            }
            if (id != null && sb2 != null) {
                if (str2 == null && id.equalsIgnoreCase(this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP))) {
                    int indexOf = sb2.indexOf(10);
                    str2 = indexOf != -1 ? sb2.substring(0, indexOf) : sb2;
                }
                userProperties.setUserProperty(id, new UserProperty(id, sb2, true));
            }
        }
        if (str2 != null) {
            String str3 = str2;
            if (this.ldapProperties.get(LDAP_USERNAME_ATTRIBUTE) != null && this.ldapProperties.get(LDAP_USERNAME_ATTRIBUTE).length() > 0) {
                str3 = userProperties.getProperty(this.ldapProperties.get(LDAP_USERNAME_ATTRIBUTE));
            }
            jahiaLDAPUser = new JahiaLDAPUser(getKey(), str3, str2, mapLDAPToJahiaProperties(userProperties), str);
        } else if (logger.isDebugEnabled()) {
            logger.debug("Ignoring entry " + str + " because it has no valid " + this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP) + " attribute to be mapped onto user key...");
        }
        return jahiaLDAPUser;
    }

    private UserProperties mapLDAPToJahiaProperties(UserProperties userProperties) {
        UserProperties userProperties2 = new UserProperties();
        for (Map.Entry<String, String> entry : this.mappedProperties.entrySet()) {
            if (userProperties.getUserProperty(entry.getValue()) != null) {
                UserProperty userProperty = userProperties.getUserProperty(entry.getValue());
                userProperties2.setUserProperty(entry.getKey(), new UserProperty(entry.getKey(), userProperty.getValue(), userProperty.isReadOnly()));
            } else {
                userProperties2.setUserProperty(entry.getKey(), new UserProperty(entry.getKey(), "", true));
            }
        }
        return userProperties2;
    }

    public Set<JahiaUser> searchUsers(Properties properties) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = searchLDAPUsersByDBProperties(properties).iterator();
        while (it.hasNext()) {
            JahiaUser lookupUserByKey = lookupUserByKey(it.next());
            if (lookupUserByKey != null) {
                hashSet.add(lookupUserByKey);
            }
        }
        if (properties != null && properties.size() == 1 && properties.containsKey(this.cookieAuthConfig.getUserPropertyName())) {
            return hashSet;
        }
        DirContext dirContext = null;
        try {
            try {
                try {
                    dirContext = getPublicContext();
                    Iterator<SearchResult> it2 = getUsers(dirContext, properties, this.ldapProperties.get(UID_SEARCH_NAME_PROP), 2).iterator();
                    while (it2.hasNext()) {
                        JahiaLDAPUser ldapToJahiaUser = ldapToJahiaUser(it2.next());
                        if (ldapToJahiaUser != null) {
                            hashSet.add(ldapToJahiaUser);
                        }
                    }
                    invalidateCtx(dirContext);
                } catch (SizeLimitExceededException e) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Search generated more than configured maximum search limit, limiting to " + this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP) + " first results...");
                    }
                    invalidateCtx(dirContext);
                }
            } catch (NamingException e2) {
                logger.warn("JNDI warning", e2);
                hashSet = new HashSet();
                invalidateCtx(dirContext);
            } catch (PartialResultException e3) {
                logger.warn(e3.getMessage(), e3);
                invalidateCtx(dirContext);
            }
            return hashSet;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    private Set<String> searchLDAPUsersByDBProperties(Properties properties) {
        if (properties == null) {
            return Collections.emptySet();
        }
        boolean z = true;
        Iterator it = properties.values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            String valueOf = String.valueOf(next);
            if (next != null && valueOf.length() > 0 && !"*".equals(valueOf)) {
                z = false;
                break;
            }
        }
        if (z) {
            return Collections.emptySet();
        }
        Set searchUsers = JCRUserManagerProvider.getInstance().searchUsers(properties, true, getKey());
        if (searchUsers.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(searchUsers.size());
        Iterator it2 = searchUsers.iterator();
        while (it2.hasNext()) {
            hashSet.add(this.keyPrefix + ((JahiaUser) it2.next()).getUsername());
        }
        return hashSet;
    }

    public JahiaUser lookupUserByKey(String str) {
        if (!str.startsWith(this.keyPrefix)) {
            return null;
        }
        String str2 = getKey() + "k" + str;
        JahiaLDAPUser jahiaLDAPUser = (JahiaUser) CacheHelper.getObjectValue(this.userCache, str2);
        if (jahiaLDAPUser == null) {
            if (this.nonExistantUserCache.get(str2) != null) {
                return null;
            }
            try {
                jahiaLDAPUser = lookupUserInLDAP(removeKeyPrefix(str));
                if (jahiaLDAPUser != null) {
                    cachePut(str2, jahiaLDAPUser);
                    cachePut(getKey() + "n" + jahiaLDAPUser.getUsername(), jahiaLDAPUser);
                    cachePut(getKey() + "d" + jahiaLDAPUser.getDN(), jahiaLDAPUser);
                } else {
                    this.nonExistantUserCache.put(new Element(str2, true));
                }
            } catch (ServiceUnavailableException e) {
                logger.warn("Service unavailable detected while trying to load user " + str + ". Returning null and not caching in non existant user cache", e);
                return null;
            } catch (CommunicationException e2) {
                logger.warn("Communications exception detected while trying to load user " + str + ". Returning null and not caching in non existant user cache", e2);
                return null;
            }
        }
        return jahiaLDAPUser;
    }

    private JahiaLDAPUser lookupUserInLDAP(String str) throws ServiceUnavailableException, CommunicationException {
        JahiaLDAPUser jahiaLDAPUser;
        SearchResult publicUser;
        DirContext dirContext = null;
        try {
            try {
                try {
                    try {
                        try {
                            dirContext = getPublicContext();
                            publicUser = getPublicUser(dirContext, this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP), str);
                        } catch (CommunicationException e) {
                            throw e;
                        }
                    } catch (ServiceUnavailableException e2) {
                        throw e2;
                    }
                } catch (NamingException e3) {
                    logger.warn("JNDI warning", e3);
                    jahiaLDAPUser = null;
                    invalidateCtx(dirContext);
                }
            } catch (SizeLimitExceededException e4) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Search generated more than configured maximum search limit, limiting to " + this.ldapProperties.get(SEARCH_COUNT_LIMIT_PROP) + " first results...");
                }
                jahiaLDAPUser = null;
                invalidateCtx(dirContext);
            }
            if (publicUser == null) {
                invalidateCtx(dirContext);
                return null;
            }
            jahiaLDAPUser = ldapToJahiaUser(publicUser);
            invalidateCtx(dirContext);
            return jahiaLDAPUser;
        } catch (Throwable th) {
            invalidateCtx(dirContext);
            throw th;
        }
    }

    private SearchResult getPublicUser(DirContext dirContext, String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.setProperty(str, str2);
        List<SearchResult> users = getUsers(dirContext, properties, this.ldapProperties.get(UID_SEARCH_NAME_PROP), 2);
        SearchResult searchResult = null;
        if (!users.isEmpty()) {
            searchResult = users.get(0);
            if (users.size() > 1) {
                logger.debug("Warning : multiple users with same UID in LDAP repository.");
            }
        }
        return searchResult;
    }

    private String removeKeyPrefix(String str) {
        return str.startsWith(this.keyPrefix) ? str.substring(this.keyPrefix.length()) : str;
    }

    public void updateCache(JahiaUser jahiaUser) {
        String str = getKey() + "k" + jahiaUser.getUserKey();
        String str2 = getKey() + "n" + jahiaUser.getUsername();
        this.userCache.remove(str);
        this.userCache.remove(str2);
        this.nonExistantUserCache.remove(str);
        this.nonExistantUserCache.remove(str2);
        if (jahiaUser instanceof JahiaLDAPUser) {
            this.nonExistantUserCache.remove(getKey() + "d" + ((JahiaLDAPUser) jahiaUser).getDN());
        }
    }

    public boolean userExists(String str) {
        return (str == null || str.length() == 0 || lookupUser(str) == null) ? false : true;
    }

    public JahiaUser lookupUser(String str) {
        return lookupUserByKey(this.keyPrefix + str);
    }

    public Map<String, String> getLdapProperties() {
        return this.ldapProperties;
    }

    public void setDefaultLdapProperties(Map<String, String> map) {
        this.defaultLdapProperties = map;
    }

    public void afterPropertiesSet() {
        if (this.postponePropertiesInit) {
            return;
        }
        try {
            initProperties();
        } catch (JahiaInitializationException e) {
            logger.error("A problem occured during properties initialization", e);
        }
    }

    public void initProperties() throws JahiaInitializationException {
        if (this.defaultLdapProperties == null) {
            this.defaultLdapProperties = new HashMap();
        }
        this.ldapProperties = this.defaultLdapProperties != null ? new HashMap(this.defaultLdapProperties) : new HashMap();
        if (this.overridenLdapProperties != null) {
            this.ldapProperties.putAll(this.overridenLdapProperties);
        }
        if (this.ldapProperties.containsKey("priority")) {
            setPriority(Integer.parseInt(this.ldapProperties.get("priority")));
        }
        if (this.userManagerService != null) {
            this.userManagerService.registerProvider(this);
        }
        if (!this.ldapProperties.containsKey(LDAP_USERNAME_ATTRIBUTE)) {
            this.ldapProperties.put(LDAP_USERNAME_ATTRIBUTE, this.ldapProperties.get(UID_SEARCH_ATTRIBUTE_PROP));
        }
        this.mappedProperties = new HashMap();
        for (Map.Entry<String, String> entry : this.ldapProperties.entrySet()) {
            if (entry.getKey().endsWith(".attribute.map")) {
                this.mappedProperties.put(StringUtils.substringBeforeLast(entry.getKey(), ".attribute.map"), entry.getValue());
            }
        }
        if (this.cacheProvider == null) {
            this.cacheProvider = (EhCacheProvider) SpringContextSingleton.getBean("ehCacheProvider");
        }
        if (this.cookieAuthConfig == null) {
            this.cookieAuthConfig = (CookieAuthConfig) SpringContextSingleton.getBean("cookieAuthConfig");
        }
        CacheManager cacheManager = this.cacheProvider.getCacheManager();
        this.userCache = cacheManager.getCache(LDAP_USER_CACHE);
        if (this.userCache == null) {
            cacheManager.addCache(LDAP_USER_CACHE);
            this.userCache = cacheManager.getCache(LDAP_USER_CACHE);
        }
        this.nonExistantUserCache = cacheManager.getCache(LDAP_NON_EXISTANT_USER_CACHE);
        if (this.nonExistantUserCache == null) {
            cacheManager.addCache(LDAP_NON_EXISTANT_USER_CACHE);
            this.nonExistantUserCache = cacheManager.getCache(LDAP_NON_EXISTANT_USER_CACHE);
        }
        String str = this.ldapProperties.get(SEARCH_WILDCARD_ATTRIBUTE_LIST);
        if (str != null) {
            this.searchWildCardAttributeList = new ArrayList();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ", ");
            while (stringTokenizer.hasMoreTokens()) {
                this.searchWildCardAttributeList.add(stringTokenizer.nextToken().trim());
            }
        }
        logger.debug("Initialized and connected to public repository");
    }

    public void unregister() {
        if (this.userManagerService != null) {
            this.userManagerService.unregisterProvider(this);
        }
    }

    public void setCookieAuthConfig(CookieAuthConfig cookieAuthConfig) {
        this.cookieAuthConfig = cookieAuthConfig;
    }

    private void initializeDefaults() {
        setKey("ldap");
        setPriority(2);
        setReadOnly(true);
        this.defaultLdapProperties = iniDefaultProperties();
    }

    private Map<String, String> iniDefaultProperties() {
        HashMap hashMap = new HashMap();
        hashMap.put(CONTEXT_FACTORY_PROP, "com.sun.jndi.ldap.LdapCtxFactory");
        hashMap.put(AUTHENTIFICATION_MODE_PROP, "simple");
        hashMap.put(USE_CONNECTION_POOL, "true");
        hashMap.put(CONNECTION_TIMEOUT, "5000");
        hashMap.put(SEARCH_COUNT_LIMIT_PROP, "100");
        hashMap.put(UID_SEARCH_ATTRIBUTE_PROP, "cn");
        hashMap.put(USERS_OBJECTCLASS_ATTRIBUTE, "person");
        hashMap.put(SEARCH_WILDCARD_ATTRIBUTE_LIST, "ou, cn, o, c, mail, uid, uniqueIdentifier, givenName, sn, dn");
        hashMap.put("j:firstName.attribute.map", "givenName");
        hashMap.put("j:lastName.attribute.map", "sn");
        hashMap.put("j:email.attribute.map", "mail");
        hashMap.put("j:organization.attribute.map", "ou");
        return hashMap;
    }

    public void setPostponePropertiesInit(boolean z) {
        this.postponePropertiesInit = z;
    }

    public void setKey(String str) {
        super.setKey(str);
        this.keyPrefix = "{" + str + "}";
    }

    protected void cachePut(String str, JahiaUser jahiaUser) {
        this.userCache.put(new Element(str, new ModuleClassLoaderAwareCacheEntry(jahiaUser, "ldap")));
    }
}
