package org.jahia.services.usermanager.ldap;

import com.google.common.collect.Lists;
import com.sun.jndi.ldap.LdapURL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicInteger;
import javax.jcr.RepositoryException;
import javax.naming.CommunicationException;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.reflect.FieldUtils;
import org.apache.jackrabbit.util.Text;
import org.jahia.modules.external.users.BaseUserGroupProvider;
import org.jahia.modules.external.users.ExternalUserGroupService;
import org.jahia.modules.external.users.GroupNotFoundException;
import org.jahia.modules.external.users.Member;
import org.jahia.modules.external.users.UserNotFoundException;
import org.jahia.services.content.decorator.JCRMountPointNode;
import org.jahia.services.usermanager.JahiaGroup;
import org.jahia.services.usermanager.JahiaGroupImpl;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserImpl;
import org.jahia.services.usermanager.ldap.cache.LDAPAbstractCacheEntry;
import org.jahia.services.usermanager.ldap.cache.LDAPCacheManager;
import org.jahia.services.usermanager.ldap.cache.LDAPGroupCacheEntry;
import org.jahia.services.usermanager.ldap.cache.LDAPUserCacheEntry;
import org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback;
import org.jahia.services.usermanager.ldap.communication.LdapTemplateWrapper;
import org.jahia.services.usermanager.ldap.config.AbstractConfig;
import org.jahia.services.usermanager.ldap.config.GroupConfig;
import org.jahia.services.usermanager.ldap.config.UserConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.InsufficientResourcesException;
import org.springframework.ldap.ServiceUnavailableException;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.NameClassPairCallbackHandler;
import org.springframework.ldap.core.support.DefaultIncrementalAttributesMapper;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.query.ConditionCriteria;
import org.springframework.ldap.query.ContainerCriteria;
import org.springframework.ldap.query.LdapQueryBuilder;
import org.springframework.ldap.query.SearchScope;
import org.springframework.ldap.support.LdapUtils;

/* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider.class */
public class LDAPUserGroupProvider extends BaseUserGroupProvider {
    protected static final String OBJECTCLASS_ATTRIBUTE = "objectclass";
    public static final int CONNECTION_ERROR_CACHE_TTL = 5;
    private static Logger logger = LoggerFactory.getLogger(LDAPUserGroupProvider.class);
    private LdapContextSource contextSource;
    private LdapTemplateWrapper ldapTemplateWrapper;
    private UserConfig userConfig;
    private GroupConfig groupConfig;
    private LDAPCacheManager ldapCacheManager;
    private ContainerCriteria searchGroupCriteria;
    private ContainerCriteria searchGroupDynamicCriteria;
    private ContainerCriteria groupSearchFilterCriteria;
    private ContainerCriteria userSearchFilterCriteria;
    private boolean distinctBase = false;
    private AtomicInteger timeoutCount = new AtomicInteger(0);
    private int maxLdapTimeoutCountBeforeDisconnect = 3;

    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$BaseLdapActionCallback.class */
    public abstract class BaseLdapActionCallback<T> implements LdapTemplateCallback<T> {
        private final ExternalUserGroupService externalUserGroupService;
        private final String key;

        protected BaseLdapActionCallback(ExternalUserGroupService externalUserGroupService, String str) {
            this.externalUserGroupService = externalUserGroupService;
            this.key = str;
        }

        @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
        public void onSuccess() {
            LDAPUserGroupProvider.this.timeoutCount.set(0);
        }

        @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
        public T onError(Exception exc) {
            Throwable cause = exc.getCause();
            LDAPUserGroupProvider.logger.error("An error occurred while communicating with the LDAP server " + this.key, exc);
            if (!(cause instanceof CommunicationException) && !(cause instanceof NamingException) && !(cause instanceof org.springframework.ldap.CommunicationException) && !(cause instanceof ServiceUnavailableException) && !(cause instanceof InsufficientResourcesException)) {
                this.externalUserGroupService.setMountStatus(this.key, JCRMountPointNode.MountStatus.error, exc.getMessage());
                return null;
            }
            if (LDAPUserGroupProvider.this.timeoutCount.incrementAndGet() < LDAPUserGroupProvider.this.maxLdapTimeoutCountBeforeDisconnect) {
                return null;
            }
            this.externalUserGroupService.setMountStatus(this.key, JCRMountPointNode.MountStatus.waiting, cause.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$DynMembersNameClassPairCallbackHandler.class */
    public class DynMembersNameClassPairCallbackHandler implements NameClassPairCallbackHandler {
        private List<Member> members;

        private DynMembersNameClassPairCallbackHandler() {
            this.members = Lists.newArrayList();
        }

        public List<Member> getMembers() {
            return this.members;
        }

        @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
        public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
            LDAPAbstractCacheEntry userCacheEntryByDn;
            if (!(nameClassPair instanceof SearchResult)) {
                LDAPUserGroupProvider.logger.error("Unexpected NameClassPair " + nameClassPair + " in " + getClass().getName());
                return;
            }
            SearchResult searchResult = (SearchResult) nameClassPair;
            Boolean guessUserOrGroupFromDN = LDAPUserGroupProvider.this.guessUserOrGroupFromDN(searchResult.getNameInNamespace());
            if (guessUserOrGroupFromDN != null) {
                userCacheEntryByDn = guessUserOrGroupFromDN.booleanValue() ? LDAPUserGroupProvider.this.ldapCacheManager.getUserCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), searchResult.getNameInNamespace()) : LDAPUserGroupProvider.this.ldapCacheManager.getGroupCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), searchResult.getNameInNamespace());
            } else {
                userCacheEntryByDn = LDAPUserGroupProvider.this.ldapCacheManager.getUserCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), searchResult.getNameInNamespace());
                if (userCacheEntryByDn == null) {
                    userCacheEntryByDn = LDAPUserGroupProvider.this.ldapCacheManager.getGroupCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), searchResult.getNameInNamespace());
                    guessUserOrGroupFromDN = userCacheEntryByDn != null ? false : null;
                } else {
                    guessUserOrGroupFromDN = true;
                }
            }
            if (userCacheEntryByDn != null) {
                if (guessUserOrGroupFromDN.booleanValue()) {
                    if (LDAPUserGroupProvider.logger.isDebugEnabled()) {
                        LDAPUserGroupProvider.logger.debug("Dynamic member {} retrieved from cache and resolved as a user", searchResult.getNameInNamespace());
                    }
                    this.members.add(new Member(userCacheEntryByDn.getName(), Member.MemberType.USER));
                } else {
                    if (LDAPUserGroupProvider.logger.isDebugEnabled()) {
                        LDAPUserGroupProvider.logger.debug("Dynamic member {} retrieved from cache and resolved as a group", searchResult.getNameInNamespace());
                    }
                    this.members.add(new Member(userCacheEntryByDn.getName(), Member.MemberType.GROUP));
                }
            }
            Boolean bool = false;
            searchResult.getAttributes().get(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).getAll();
            ArrayList arrayList = new ArrayList();
            LdapUtils.collectAttributeValues(searchResult.getAttributes(), LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE, arrayList, String.class);
            if (arrayList.contains(LDAPUserGroupProvider.this.userConfig.getSearchObjectclass())) {
                guessUserOrGroupFromDN = true;
            } else if (arrayList.contains(LDAPUserGroupProvider.this.groupConfig.getSearchObjectclass())) {
                guessUserOrGroupFromDN = false;
            } else if (LDAPUserGroupProvider.this.groupConfig.isDynamicEnabled() && arrayList.contains(LDAPUserGroupProvider.this.groupConfig.getDynamicSearchObjectclass())) {
                guessUserOrGroupFromDN = false;
                bool = true;
            }
            if (guessUserOrGroupFromDN != null) {
                if (guessUserOrGroupFromDN.booleanValue()) {
                    handleUserNameClassPair(nameClassPair, searchResult);
                    return;
                } else {
                    handleGroupNameClassPair(nameClassPair, searchResult, bool);
                    return;
                }
            }
            ArrayList arrayList2 = new ArrayList();
            NamingEnumeration iDs = searchResult.getAttributes().getIDs();
            while (iDs.hasMore()) {
                arrayList2.add(iDs.next());
            }
            List commonAttributes = LDAPUserGroupProvider.this.getCommonAttributes(arrayList2, LDAPUserGroupProvider.this.getUserAttributes());
            List commonAttributes2 = LDAPUserGroupProvider.this.getCommonAttributes(arrayList2, LDAPUserGroupProvider.this.getGroupAttributes(bool.booleanValue()));
            if (commonAttributes.contains(LDAPUserGroupProvider.this.userConfig.getUidSearchAttribute()) && commonAttributes.size() > commonAttributes2.size()) {
                handleUserNameClassPair(nameClassPair, searchResult);
            } else if (commonAttributes2.contains(LDAPUserGroupProvider.this.groupConfig.getSearchAttribute())) {
                handleGroupNameClassPair(nameClassPair, searchResult, false);
            } else {
                LDAPUserGroupProvider.logger.warn("Dynamic member: " + searchResult.getNameInNamespace() + " not resolved as a user or a group");
            }
        }

        private void handleGroupNameClassPair(NameClassPair nameClassPair, SearchResult searchResult, Boolean bool) throws NamingException {
            GroupNameClassPairCallbackHandler groupNameClassPairCallbackHandler = new GroupNameClassPairCallbackHandler(null, bool.booleanValue());
            groupNameClassPairCallbackHandler.handleNameClassPair(nameClassPair);
            LDAPGroupCacheEntry cacheEntry = groupNameClassPairCallbackHandler.getCacheEntry();
            LDAPUserGroupProvider.this.ldapCacheManager.cacheGroup(LDAPUserGroupProvider.this.getKey(), cacheEntry);
            this.members.add(new Member(cacheEntry.getName(), Member.MemberType.GROUP));
            if (LDAPUserGroupProvider.logger.isDebugEnabled()) {
                LDAPUserGroupProvider.logger.debug("Dynamic member {} resolved as a {}", searchResult.getNameInNamespace(), bool.booleanValue() ? " dynamic group" : " group");
            }
        }

        private void handleUserNameClassPair(NameClassPair nameClassPair, SearchResult searchResult) throws NamingException {
            UserNameClassPairCallbackHandler userNameClassPairCallbackHandler = new UserNameClassPairCallbackHandler(null);
            userNameClassPairCallbackHandler.handleNameClassPair(nameClassPair);
            LDAPUserCacheEntry cacheEntry = userNameClassPairCallbackHandler.getCacheEntry();
            if (cacheEntry != null) {
                LDAPUserGroupProvider.this.ldapCacheManager.cacheUser(LDAPUserGroupProvider.this.getKey(), cacheEntry);
                this.members.add(new Member(cacheEntry.getName(), Member.MemberType.USER));
                LDAPUserGroupProvider.logger.debug("Dynamic member {} resolved as a user", searchResult.getNameInNamespace());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$GroupNameClassPairCallbackHandler.class */
    public class GroupNameClassPairCallbackHandler implements NameClassPairCallbackHandler {
        private LDAPGroupCacheEntry cacheEntry;
        private boolean isDynamic;

        public LDAPGroupCacheEntry getCacheEntry() {
            return this.cacheEntry;
        }

        private GroupNameClassPairCallbackHandler(LDAPGroupCacheEntry lDAPGroupCacheEntry, boolean z) {
            this.cacheEntry = lDAPGroupCacheEntry;
            this.isDynamic = z;
        }

        @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
        public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
            if (!(nameClassPair instanceof SearchResult)) {
                LDAPUserGroupProvider.logger.error("Unexpected NameClassPair " + nameClassPair + " in " + getClass().getName());
                return;
            }
            SearchResult searchResult = (SearchResult) nameClassPair;
            this.cacheEntry = LDAPUserGroupProvider.this.attributesToGroupCacheEntry(searchResult.getAttributes(), this.cacheEntry);
            this.cacheEntry.setDynamic(this.isDynamic);
            if (this.isDynamic && searchResult.getAttributes().get(LDAPUserGroupProvider.this.groupConfig.getDynamicMembersAttribute()) != null) {
                this.cacheEntry.setDynamicMembersURL(searchResult.getAttributes().get(LDAPUserGroupProvider.this.groupConfig.getDynamicMembersAttribute()).get().toString());
            }
            this.cacheEntry.setDn(searchResult.getNameInNamespace());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$GroupsNameClassPairCallbackHandler.class */
    public class GroupsNameClassPairCallbackHandler implements NameClassPairCallbackHandler {
        private List<String> names;
        private boolean isDynamic;

        public List<String> getNames() {
            return this.names;
        }

        private GroupsNameClassPairCallbackHandler(boolean z) {
            this.names = new LinkedList();
            this.isDynamic = z;
        }

        @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
        public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
            if (!(nameClassPair instanceof SearchResult)) {
                LDAPUserGroupProvider.logger.error("Unexpected NameClassPair " + nameClassPair + " in " + getClass().getName());
                return;
            }
            LDAPGroupCacheEntry groupCacheEntryByDn = LDAPUserGroupProvider.this.ldapCacheManager.getGroupCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), ((SearchResult) nameClassPair).getNameInNamespace());
            if (groupCacheEntryByDn == null || groupCacheEntryByDn.getExist() == null || !groupCacheEntryByDn.getExist().booleanValue()) {
                GroupNameClassPairCallbackHandler groupNameClassPairCallbackHandler = new GroupNameClassPairCallbackHandler(groupCacheEntryByDn, this.isDynamic);
                groupNameClassPairCallbackHandler.handleNameClassPair(nameClassPair);
                groupCacheEntryByDn = groupNameClassPairCallbackHandler.getCacheEntry();
                if (groupCacheEntryByDn != null) {
                    LDAPUserGroupProvider.this.ldapCacheManager.cacheGroup(LDAPUserGroupProvider.this.getKey(), groupCacheEntryByDn);
                }
            }
            if (groupCacheEntryByDn != null) {
                this.names.add(groupCacheEntryByDn.getName());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$UserNameClassPairCallbackHandler.class */
    public class UserNameClassPairCallbackHandler implements NameClassPairCallbackHandler {
        private LDAPUserCacheEntry cacheEntry;

        public LDAPUserCacheEntry getCacheEntry() {
            return this.cacheEntry;
        }

        private UserNameClassPairCallbackHandler(LDAPUserCacheEntry lDAPUserCacheEntry) {
            this.cacheEntry = lDAPUserCacheEntry;
        }

        @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
        public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
            if (!(nameClassPair instanceof SearchResult)) {
                LDAPUserGroupProvider.logger.error("Unexpected NameClassPair " + nameClassPair + " in " + getClass().getName());
                return;
            }
            SearchResult searchResult = (SearchResult) nameClassPair;
            this.cacheEntry = LDAPUserGroupProvider.this.attributesToUserCacheEntry(searchResult.getAttributes(), this.cacheEntry);
            if (this.cacheEntry != null) {
                this.cacheEntry.setDn(searchResult.getNameInNamespace());
            }
        }
    }

    /* loaded from: input_file:org/jahia/services/usermanager/ldap/LDAPUserGroupProvider$UsersNameClassPairCallbackHandler.class */
    private class UsersNameClassPairCallbackHandler implements NameClassPairCallbackHandler {
        private List<String> names;

        private UsersNameClassPairCallbackHandler() {
            this.names = new ArrayList();
        }

        public List<String> getNames() {
            return this.names;
        }

        @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
        public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
            if (!(nameClassPair instanceof SearchResult)) {
                LDAPUserGroupProvider.logger.error("Unexpected NameClassPair " + nameClassPair + " in " + getClass().getName());
                return;
            }
            LDAPUserCacheEntry userCacheEntryByDn = LDAPUserGroupProvider.this.ldapCacheManager.getUserCacheEntryByDn(LDAPUserGroupProvider.this.getKey(), ((SearchResult) nameClassPair).getNameInNamespace());
            if (userCacheEntryByDn == null || userCacheEntryByDn.getExist() == null || !userCacheEntryByDn.getExist().booleanValue()) {
                UserNameClassPairCallbackHandler userNameClassPairCallbackHandler = new UserNameClassPairCallbackHandler(userCacheEntryByDn);
                userNameClassPairCallbackHandler.handleNameClassPair(nameClassPair);
                userCacheEntryByDn = userNameClassPairCallbackHandler.getCacheEntry();
                if (userCacheEntryByDn != null) {
                    LDAPUserGroupProvider.this.ldapCacheManager.cacheUser(LDAPUserGroupProvider.this.getKey(), userCacheEntryByDn);
                }
            }
            if (userCacheEntryByDn != null) {
                this.names.add(userCacheEntryByDn.getName());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ContainerCriteria applyPredefinedGroupFilter(ContainerCriteria containerCriteria) {
        ContainerCriteria groupSearchFilterCriteria = getGroupSearchFilterCriteria();
        if (groupSearchFilterCriteria != null) {
            containerCriteria.and(groupSearchFilterCriteria);
        }
        return containerCriteria;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ContainerCriteria applyPredefinedUserFilter(ContainerCriteria containerCriteria, boolean z) {
        ContainerCriteria userSearchFilterCriteria = getUserSearchFilterCriteria();
        if (userSearchFilterCriteria != null) {
            containerCriteria.and(userSearchFilterCriteria);
        }
        return containerCriteria;
    }

    public JahiaUser getUser(String str) throws UserNotFoundException {
        LDAPUserCacheEntry userCacheEntry = getUserCacheEntry(str, true);
        if (userCacheEntry.getExist().booleanValue()) {
            return userCacheEntry.getUser();
        }
        throw new UserNotFoundException("unable to find user " + str + " on provider " + getKey());
    }

    public JahiaGroup getGroup(String str) throws GroupNotFoundException {
        LDAPGroupCacheEntry groupCacheEntry = getGroupCacheEntry(str, true);
        if (groupCacheEntry.getExist().booleanValue()) {
            return groupCacheEntry.getGroup();
        }
        throw new GroupNotFoundException("unable to find group " + str + " on provider " + getKey());
    }

    public List<Member> getGroupMembers(String str) {
        LDAPGroupCacheEntry groupCacheEntry = getGroupCacheEntry(str, false);
        if (!groupCacheEntry.getExist().booleanValue()) {
            return Collections.emptyList();
        }
        if (groupCacheEntry.getMembers() != null) {
            return new ArrayList(groupCacheEntry.getMembers());
        }
        List<Member> loadMembersFromUrl = (groupCacheEntry.isDynamic() && StringUtils.isNotEmpty(groupCacheEntry.getDynamicMembersURL())) ? loadMembersFromUrl(groupCacheEntry.getDynamicMembersURL()) : loadMembersFromDN(groupCacheEntry.getDn());
        if (!CollectionUtils.isNotEmpty(loadMembersFromUrl)) {
            return Collections.emptyList();
        }
        groupCacheEntry.setMembers(loadMembersFromUrl);
        this.ldapCacheManager.cacheGroup(getKey(), groupCacheEntry);
        return new ArrayList(groupCacheEntry.getMembers());
    }

    public List<String> getMembership(Member member) {
        boolean equals = member.getType().equals(Member.MemberType.GROUP);
        if (equals && !this.userConfig.isCanGroupContainSubGroups()) {
            return Collections.emptyList();
        }
        LDAPAbstractCacheEntry groupCacheEntry = equals ? getGroupCacheEntry(member.getName(), false) : getUserCacheEntry(member.getName(), false);
        if (groupCacheEntry.getMemberships() != null) {
            return new ArrayList(groupCacheEntry.getMemberships());
        }
        if (!groupCacheEntry.getExist().booleanValue()) {
            return null;
        }
        final String dn = groupCacheEntry.getDn();
        long currentTimeMillis = System.currentTimeMillis();
        List<String> list = (List) this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<List<String>>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.1
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public List<String> doInLdap(LdapTemplate ldapTemplate) {
                return ldapTemplate.search(LDAPUserGroupProvider.this.applyPredefinedGroupFilter(LdapQueryBuilder.query().base(LDAPUserGroupProvider.this.groupConfig.getSearchName()).attributes(LDAPUserGroupProvider.this.groupConfig.getSearchAttribute()).where(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).is(LDAPUserGroupProvider.this.groupConfig.getSearchObjectclass()).and(LDAPUserGroupProvider.this.groupConfig.getMembersAttribute()).like(dn)), new AttributesMapper<String>() { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.1.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // org.springframework.ldap.core.AttributesMapper
                    public String mapFromAttributes(Attributes attributes) throws NamingException {
                        return LDAPUserGroupProvider.this.encode(attributes.get(LDAPUserGroupProvider.this.groupConfig.getSearchAttribute()).get().toString());
                    }
                });
            }
        });
        if (logger.isDebugEnabled()) {
            logger.debug("Query getMembership for {} / {} dn={} in {} ms", new Object[]{member.getName(), this.groupConfig.getSearchAttribute(), dn, Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
        }
        if (list == null) {
            list = new ArrayList();
        }
        if (this.groupConfig.isDynamicEnabled()) {
            Properties properties = new Properties();
            properties.put("*", "*");
            for (String str : searchGroups(properties, true)) {
                if (getGroupMembers(str).contains(member)) {
                    list.add(str);
                }
            }
        }
        groupCacheEntry.setMemberships(list);
        if (equals) {
            this.ldapCacheManager.cacheGroup(getKey(), (LDAPGroupCacheEntry) groupCacheEntry);
        } else {
            this.ldapCacheManager.cacheUser(getKey(), (LDAPUserCacheEntry) groupCacheEntry);
        }
        return new ArrayList(groupCacheEntry.getMemberships());
    }

    public List<String> searchUsers(Properties properties, long j, long j2) {
        if (properties.containsKey("username") && properties.size() == 1 && !properties.getProperty("username").contains("*")) {
            try {
                return Collections.singletonList(getUser((String) properties.get("username")).getUsername());
            } catch (UserNotFoundException e) {
                return Collections.emptyList();
            }
        }
        final ContainerCriteria buildUserQuery = buildUserQuery(properties);
        if (buildUserQuery == null) {
            return Collections.emptyList();
        }
        final UsersNameClassPairCallbackHandler usersNameClassPairCallbackHandler = new UsersNameClassPairCallbackHandler();
        long currentTimeMillis = System.currentTimeMillis();
        this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Object>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.2
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Object doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(buildUserQuery, usersNameClassPairCallbackHandler);
                return null;
            }
        });
        List<String> names = usersNameClassPairCallbackHandler.getNames();
        if (logger.isDebugEnabled()) {
            logger.debug("Search users for criteria {} using filter {} done in {} ms. Found {} entries.", new Object[]{properties, buildUserQuery.filter(), Long.valueOf(System.currentTimeMillis() - currentTimeMillis), Integer.valueOf(names.size())});
        }
        return names.subList(Math.min((int) j, names.size()), j2 < 0 ? names.size() : Math.min((int) (j + j2), names.size()));
    }

    public List<String> searchGroups(Properties properties, long j, long j2) {
        if (properties.containsKey("groupname") && properties.size() == 1 && !properties.getProperty("groupname").contains("*")) {
            try {
                return Arrays.asList(getGroup((String) properties.get("groupname")).getGroupname());
            } catch (GroupNotFoundException e) {
                return Collections.emptyList();
            }
        }
        List<String> searchGroups = searchGroups(properties, false);
        if (this.groupConfig.isDynamicEnabled()) {
            searchGroups.addAll(searchGroups(properties, true));
        }
        return searchGroups.subList(Math.min((int) j, searchGroups.size()), j2 < 0 ? searchGroups.size() : Math.min((int) (j + j2), searchGroups.size()));
    }

    public boolean verifyPassword(String str, String str2) {
        logger.debug("Verify password for {}", str);
        DirContext dirContext = null;
        try {
            try {
                LDAPUserCacheEntry userCacheEntry = getUserCacheEntry(str, true);
                if (!userCacheEntry.getExist().booleanValue()) {
                    LdapUtils.closeContext(null);
                    return false;
                }
                long currentTimeMillis = System.currentTimeMillis();
                dirContext = this.contextSource.getContext(userCacheEntry.getDn(), str2);
                dirContext.lookup(LdapUtils.newLdapName(userCacheEntry.getDn()));
                logger.debug("Password verified for {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                LdapUtils.closeContext(dirContext);
                return true;
            } catch (NamingException | org.springframework.ldap.NamingException e) {
                logger.warn("Login failed for user " + str + ": " + e.getMessage() + " (enable debug for full stacktrace)");
                logger.debug(e.getMessage(), e);
                LdapUtils.closeContext(dirContext);
                return false;
            }
        } catch (Throwable th) {
            LdapUtils.closeContext(dirContext);
            throw th;
        }
    }

    public boolean isAvailable() throws RepositoryException {
        long currentTimeMillis = System.currentTimeMillis();
        final Exception[] excArr = new Exception[1];
        boolean booleanValue = ((Boolean) this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Boolean>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.3
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(LDAPUserGroupProvider.this.buildUserQuery(new Properties()), new NameClassPairCallbackHandler() { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.3.1
                    @Override // org.springframework.ldap.core.NameClassPairCallbackHandler
                    public void handleNameClassPair(NameClassPair nameClassPair) throws NamingException {
                    }
                });
                return true;
            }

            @Override // org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.BaseLdapActionCallback, org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean onError(Exception exc) {
                super.onError(exc);
                excArr[0] = exc;
                return Boolean.valueOf(LDAPUserGroupProvider.this.timeoutCount.get() < LDAPUserGroupProvider.this.maxLdapTimeoutCountBeforeDisconnect);
            }
        })).booleanValue();
        logger.debug("Is available in {} ms", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        if (booleanValue) {
            return true;
        }
        throw new RepositoryException("LDAP Server '" + this.userConfig.getUrl() + "' is not reachable", excArr[0]);
    }

    private List<String> searchGroups(Properties properties, boolean z) {
        final ContainerCriteria groupQuery = getGroupQuery(properties, z);
        final GroupsNameClassPairCallbackHandler groupsNameClassPairCallbackHandler = new GroupsNameClassPairCallbackHandler(z);
        long currentTimeMillis = System.currentTimeMillis();
        this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Object>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.4
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Object doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(groupQuery, groupsNameClassPairCallbackHandler);
                return null;
            }
        });
        List<String> names = groupsNameClassPairCallbackHandler.getNames();
        if (logger.isDebugEnabled()) {
            logger.debug("Search groups for criteria {} using filter {} done in {} ms. Found {} entries.", new Object[]{properties, groupQuery.filter(), Long.valueOf(System.currentTimeMillis() - currentTimeMillis), Integer.valueOf(names.size())});
        }
        return names;
    }

    private List<Member> loadMembersFromUrl(String str) {
        try {
            final LdapURL ldapURL = new LdapURL(str);
            final DynMembersNameClassPairCallbackHandler dynMembersNameClassPairCallbackHandler = new DynMembersNameClassPairCallbackHandler();
            final HashSet hashSet = new HashSet(getUserAttributes());
            hashSet.addAll(getGroupAttributes(true));
            if (this.groupConfig.isDynamicEnabled()) {
                hashSet.add(this.groupConfig.getDynamicSearchObjectclass());
            }
            hashSet.add(OBJECTCLASS_ATTRIBUTE);
            SearchScope searchScope = "one".equalsIgnoreCase(ldapURL.getScope()) ? SearchScope.ONELEVEL : "base".equalsIgnoreCase(ldapURL.getScope()) ? SearchScope.OBJECT : SearchScope.SUBTREE;
            long currentTimeMillis = System.currentTimeMillis();
            final SearchScope searchScope2 = searchScope;
            this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Object>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.5
                @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
                public Object doInLdap(LdapTemplate ldapTemplate) {
                    ldapTemplate.search(LdapQueryBuilder.query().base(ldapURL.getDN()).attributes((String[]) hashSet.toArray(new String[hashSet.size()])).searchScope(searchScope2).filter(ldapURL.getFilter()), dynMembersNameClassPairCallbackHandler);
                    return null;
                }
            });
            logger.debug("Load members from url {} in ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            return dynMembersNameClassPairCallbackHandler.getMembers();
        } catch (NamingException e) {
            logger.error("Error trying to get dynamic members from url: " + str);
            return null;
        }
    }

    private List<Member> loadMembersFromDN(final String str) {
        long currentTimeMillis = System.currentTimeMillis();
        final LdapName newLdapName = LdapUtils.newLdapName(str);
        NamingEnumeration<?> namingEnumeration = (NamingEnumeration) this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<NamingEnumeration<?>>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.6
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public NamingEnumeration<?> doInLdap(LdapTemplate ldapTemplate) {
                if (LDAPUserGroupProvider.this.groupConfig.getAdRangeStep() <= 0) {
                    return (NamingEnumeration) ldapTemplate.lookup((Name) newLdapName, new String[]{LDAPUserGroupProvider.this.groupConfig.getMembersAttribute()}, (AttributesMapper) new AttributesMapper<NamingEnumeration<?>>() { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.6.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.springframework.ldap.core.AttributesMapper
                        public NamingEnumeration<?> mapFromAttributes(Attributes attributes) throws NamingException {
                            if (attributes.get(LDAPUserGroupProvider.this.groupConfig.getMembersAttribute()) != null) {
                                return attributes.get(LDAPUserGroupProvider.this.groupConfig.getMembersAttribute()).getAll();
                            }
                            return null;
                        }
                    });
                }
                DefaultIncrementalAttributesMapper defaultIncrementalAttributesMapper = new DefaultIncrementalAttributesMapper(LDAPUserGroupProvider.this.groupConfig.getAdRangeStep(), LDAPUserGroupProvider.this.groupConfig.getMembersAttribute());
                while (defaultIncrementalAttributesMapper.hasMore()) {
                    ldapTemplate.lookup((Name) newLdapName, defaultIncrementalAttributesMapper.getAttributesForLookup(), (AttributesMapper) defaultIncrementalAttributesMapper);
                }
                try {
                    return defaultIncrementalAttributesMapper.getCollectedAttributes().get(LDAPUserGroupProvider.this.groupConfig.getMembersAttribute()).getAll();
                } catch (NamingException e) {
                    LDAPUserGroupProvider.logger.error("Error retrieving the LDAP members using range on group: " + str, e);
                    return null;
                }
            }
        });
        logger.debug("Load group members {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return loadMembers(namingEnumeration);
    }

    private List<Member> loadMembers(NamingEnumeration<?> namingEnumeration) {
        LDAPAbstractCacheEntry userCacheEntryByDn;
        LDAPGroupCacheEntry groupCacheEntryByDN;
        ArrayList arrayList = new ArrayList();
        while (namingEnumeration != null) {
            try {
                if (!namingEnumeration.hasMore()) {
                    break;
                }
                String str = (String) namingEnumeration.next();
                Boolean guessUserOrGroupFromDN = this.userConfig.isCanGroupContainSubGroups() ? guessUserOrGroupFromDN(str) : true;
                if (guessUserOrGroupFromDN != null) {
                    userCacheEntryByDn = guessUserOrGroupFromDN.booleanValue() ? this.ldapCacheManager.getUserCacheEntryByDn(getKey(), str) : this.ldapCacheManager.getGroupCacheEntryByDn(getKey(), str);
                } else {
                    userCacheEntryByDn = this.ldapCacheManager.getUserCacheEntryByDn(getKey(), str);
                    if (userCacheEntryByDn == null) {
                        userCacheEntryByDn = this.ldapCacheManager.getGroupCacheEntryByDn(getKey(), str);
                        guessUserOrGroupFromDN = userCacheEntryByDn != null ? false : null;
                    } else {
                        guessUserOrGroupFromDN = true;
                    }
                }
                if (userCacheEntryByDn == null) {
                    if (guessUserOrGroupFromDN != null && this.userConfig.isSearchAttributeInDn()) {
                        String nameFromDn = getNameFromDn(str, guessUserOrGroupFromDN.booleanValue());
                        if (StringUtils.isNotEmpty(nameFromDn)) {
                            arrayList.add(guessUserOrGroupFromDN.booleanValue() ? new Member(nameFromDn, Member.MemberType.USER) : new Member(nameFromDn, Member.MemberType.GROUP));
                        }
                    }
                    Member member = null;
                    LDAPUserCacheEntry userCacheEntryByDN = getUserCacheEntryByDN(str, true);
                    if (userCacheEntryByDN == null) {
                        LDAPGroupCacheEntry groupCacheEntryByDN2 = getGroupCacheEntryByDN(str, true, false);
                        if (groupCacheEntryByDN2 != null) {
                            member = new Member(groupCacheEntryByDN2.getName(), Member.MemberType.GROUP);
                        } else if (this.groupConfig.isDynamicEnabled() && (groupCacheEntryByDN = getGroupCacheEntryByDN(str, true, true)) != null) {
                            member = new Member(groupCacheEntryByDN.getName(), Member.MemberType.GROUP);
                        }
                    } else {
                        member = new Member(userCacheEntryByDN.getName(), Member.MemberType.USER);
                    }
                    if (member != null) {
                        arrayList.add(member);
                    }
                } else if (guessUserOrGroupFromDN.booleanValue()) {
                    arrayList.add(new Member(userCacheEntryByDn.getName(), Member.MemberType.USER));
                } else {
                    arrayList.add(new Member(userCacheEntryByDn.getName(), Member.MemberType.GROUP));
                }
            } catch (NamingException e) {
                logger.error("Error retrieving LDAP group members for group", e);
            }
        }
        return arrayList;
    }

    private LDAPUserCacheEntry getUserCacheEntry(final String str, boolean z) {
        LDAPUserCacheEntry lDAPUserCacheEntry;
        LDAPUserCacheEntry userCacheEntryByName = this.ldapCacheManager.getUserCacheEntryByName(getKey(), str);
        if (userCacheEntryByName != null) {
            if (userCacheEntryByName.getExist() != null && userCacheEntryByName.getExist().booleanValue() && userCacheEntryByName.getUser() != null) {
                return userCacheEntryByName;
            }
            if (userCacheEntryByName.getExist() != null && !userCacheEntryByName.getExist().booleanValue()) {
                return userCacheEntryByName;
            }
        }
        final List<String> userAttributes = getUserAttributes();
        final UserNameClassPairCallbackHandler userNameClassPairCallbackHandler = new UserNameClassPairCallbackHandler(userCacheEntryByName);
        long currentTimeMillis = System.currentTimeMillis();
        boolean booleanValue = ((Boolean) this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Boolean>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.7
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(LDAPUserGroupProvider.this.applyPredefinedUserFilter(LdapQueryBuilder.query().base(LDAPUserGroupProvider.this.userConfig.getUidSearchName()).attributes((String[]) userAttributes.toArray(new String[userAttributes.size()])).where(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).is(LDAPUserGroupProvider.this.userConfig.getSearchObjectclass()).and(LDAPUserGroupProvider.this.userConfig.getUidSearchAttribute()).is(LDAPUserGroupProvider.this.decode(str)), true), userNameClassPairCallbackHandler);
                return true;
            }

            @Override // org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.BaseLdapActionCallback, org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean onError(Exception exc) {
                super.onError(exc);
                return false;
            }
        })).booleanValue();
        if (logger.isDebugEnabled()) {
            logger.debug("Get user {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        }
        if (userNameClassPairCallbackHandler.getCacheEntry() != null) {
            lDAPUserCacheEntry = userNameClassPairCallbackHandler.getCacheEntry();
            lDAPUserCacheEntry.setExist(true);
        } else {
            lDAPUserCacheEntry = new LDAPUserCacheEntry(str);
            lDAPUserCacheEntry.setExist(false);
        }
        if (z && booleanValue) {
            this.ldapCacheManager.cacheUser(getKey(), lDAPUserCacheEntry);
        }
        return lDAPUserCacheEntry;
    }

    private LDAPGroupCacheEntry getGroupCacheEntry(String str, boolean z) {
        LDAPGroupCacheEntry groupCacheEntryName = this.ldapCacheManager.getGroupCacheEntryName(getKey(), str);
        if (groupCacheEntryName != null) {
            if (groupCacheEntryName.getExist() != null && groupCacheEntryName.getExist().booleanValue() && groupCacheEntryName.getGroup() != null) {
                return groupCacheEntryName;
            }
            if (groupCacheEntryName.getExist() != null && !groupCacheEntryName.getExist().booleanValue()) {
                return groupCacheEntryName;
            }
        }
        try {
            LDAPGroupCacheEntry groupCacheEntryByName = getGroupCacheEntryByName(str, false, false);
            if (groupCacheEntryByName == null) {
                if (this.groupConfig.isDynamicEnabled()) {
                    groupCacheEntryByName = getGroupCacheEntryByName(str, false, true);
                } else {
                    groupCacheEntryByName = new LDAPGroupCacheEntry(str);
                    groupCacheEntryByName.setExist(false);
                }
            }
            if (z) {
                this.ldapCacheManager.cacheGroup(getKey(), groupCacheEntryByName);
            }
            return groupCacheEntryByName;
        } catch (Exception e) {
            return null;
        }
    }

    private LDAPGroupCacheEntry getGroupCacheEntryByName(final String str, boolean z, final boolean z2) throws Exception {
        final List<String> groupAttributes = getGroupAttributes(z2);
        final GroupNameClassPairCallbackHandler groupNameClassPairCallbackHandler = new GroupNameClassPairCallbackHandler(null, z2);
        long currentTimeMillis = System.currentTimeMillis();
        final Exception[] excArr = new Exception[1];
        if (!((Boolean) this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Boolean>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.8
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(LDAPUserGroupProvider.this.applyPredefinedGroupFilter(LdapQueryBuilder.query().base(LDAPUserGroupProvider.this.groupConfig.getSearchName()).attributes((String[]) groupAttributes.toArray(new String[groupAttributes.size()])).where(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).is(z2 ? LDAPUserGroupProvider.this.groupConfig.getDynamicSearchObjectclass() : LDAPUserGroupProvider.this.groupConfig.getSearchObjectclass()).and(LDAPUserGroupProvider.this.groupConfig.getSearchAttribute()).is(LDAPUserGroupProvider.this.decode(str))), groupNameClassPairCallbackHandler);
                return true;
            }

            @Override // org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.BaseLdapActionCallback, org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Boolean onError(Exception exc) {
                excArr[0] = exc;
                super.onError(exc);
                return false;
            }
        })).booleanValue()) {
            throw excArr[0];
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Get group {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        }
        return getAndCacheGroupEntry(groupNameClassPairCallbackHandler, z);
    }

    private LDAPGroupCacheEntry getGroupCacheEntryByDN(final String str, boolean z, final boolean z2) {
        final List<String> groupAttributes = getGroupAttributes(z2);
        final GroupNameClassPairCallbackHandler groupNameClassPairCallbackHandler = new GroupNameClassPairCallbackHandler(null, z2);
        long currentTimeMillis = System.currentTimeMillis();
        this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Object>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.9
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Object doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(LDAPUserGroupProvider.this.applyPredefinedGroupFilter(LdapQueryBuilder.query().base(str).attributes((String[]) groupAttributes.toArray(new String[groupAttributes.size()])).searchScope(SearchScope.OBJECT).where(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).is(z2 ? LDAPUserGroupProvider.this.groupConfig.getDynamicSearchObjectclass() : LDAPUserGroupProvider.this.groupConfig.getSearchObjectclass())), groupNameClassPairCallbackHandler);
                return null;
            }
        });
        if (logger.isDebugEnabled()) {
            logger.debug("Get group from dn {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        }
        return getAndCacheGroupEntry(groupNameClassPairCallbackHandler, z);
    }

    private LDAPGroupCacheEntry getAndCacheGroupEntry(GroupNameClassPairCallbackHandler groupNameClassPairCallbackHandler, boolean z) {
        LDAPGroupCacheEntry cacheEntry = groupNameClassPairCallbackHandler.getCacheEntry();
        if (cacheEntry == null) {
            return null;
        }
        if (z) {
            this.ldapCacheManager.cacheGroup(getKey(), cacheEntry);
        }
        return cacheEntry;
    }

    private LDAPUserCacheEntry getUserCacheEntryByDN(final String str, boolean z) {
        final List<String> userAttributes = getUserAttributes();
        final UserNameClassPairCallbackHandler userNameClassPairCallbackHandler = new UserNameClassPairCallbackHandler(null);
        long currentTimeMillis = System.currentTimeMillis();
        this.ldapTemplateWrapper.execute(new BaseLdapActionCallback<Object>(getExternalUserGroupService(), getKey()) { // from class: org.jahia.services.usermanager.ldap.LDAPUserGroupProvider.10
            @Override // org.jahia.services.usermanager.ldap.communication.LdapTemplateCallback
            public Object doInLdap(LdapTemplate ldapTemplate) {
                ldapTemplate.search(LDAPUserGroupProvider.this.applyPredefinedUserFilter(LdapQueryBuilder.query().base(str).attributes((String[]) userAttributes.toArray(new String[userAttributes.size()])).searchScope(SearchScope.OBJECT).where(LDAPUserGroupProvider.OBJECTCLASS_ATTRIBUTE).is(LDAPUserGroupProvider.this.userConfig.getSearchObjectclass()), true), userNameClassPairCallbackHandler);
                return null;
            }
        });
        if (logger.isDebugEnabled()) {
            logger.debug("Get user from dn {} in {} ms", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        }
        if (userNameClassPairCallbackHandler.getCacheEntry() == null) {
            return null;
        }
        LDAPUserCacheEntry cacheEntry = userNameClassPairCallbackHandler.getCacheEntry();
        if (z) {
            this.ldapCacheManager.cacheUser(getKey(), cacheEntry);
        }
        return cacheEntry;
    }

    private String getNameFromDn(String str, boolean z) {
        for (Rdn rdn : LdapUtils.newLdapName(str).getRdns()) {
            if (rdn.getType().equalsIgnoreCase(z ? this.userConfig.getUidSearchAttribute() : this.groupConfig.getSearchAttribute())) {
                return rdn.getValue().toString();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LDAPUserCacheEntry attributesToUserCacheEntry(Attributes attributes, LDAPUserCacheEntry lDAPUserCacheEntry) throws NamingException {
        Attribute attribute = attributes.get(this.userConfig.getUidSearchAttribute());
        if (attribute == null) {
            logger.warn("LDAP user entry is missing the required {} attribute. Skipping user. Available attributes: {}", this.userConfig.getUidSearchAttribute(), attributes);
            return null;
        }
        String str = (String) attribute.get();
        JahiaUserImpl jahiaUserImpl = new JahiaUserImpl(encode(str), (String) null, attributesToJahiaProperties(attributes, true), getKey(), (String) null);
        if (lDAPUserCacheEntry == null) {
            lDAPUserCacheEntry = new LDAPUserCacheEntry(str);
        }
        lDAPUserCacheEntry.setExist(true);
        lDAPUserCacheEntry.setUser(jahiaUserImpl);
        return lDAPUserCacheEntry;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LDAPGroupCacheEntry attributesToGroupCacheEntry(Attributes attributes, LDAPGroupCacheEntry lDAPGroupCacheEntry) throws NamingException {
        JahiaGroupImpl jahiaGroupImpl = new JahiaGroupImpl(encode((String) attributes.get(this.groupConfig.getSearchAttribute()).get()), (String) null, (String) null, attributesToJahiaProperties(attributes, false));
        if (lDAPGroupCacheEntry == null) {
            lDAPGroupCacheEntry = new LDAPGroupCacheEntry(jahiaGroupImpl.getName());
        }
        lDAPGroupCacheEntry.setExist(true);
        lDAPGroupCacheEntry.setGroup(jahiaGroupImpl);
        return lDAPGroupCacheEntry;
    }

    private Properties attributesToJahiaProperties(Attributes attributes, boolean z) {
        Properties properties = new Properties();
        Map<String, String> attributesMapper = z ? this.userConfig.getAttributesMapper() : this.groupConfig.getAttributesMapper();
        for (String str : attributesMapper.keySet()) {
            Attribute attribute = attributes.get(attributesMapper.get(str));
            if (attribute != null) {
                try {
                    if (attribute.get() instanceof String) {
                        properties.put(str, attribute.get());
                    }
                } catch (NamingException e) {
                    logger.error("Error reading LDAP attribute:" + attribute.toString());
                }
            }
        }
        return properties;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ContainerCriteria buildUserQuery(Properties properties) {
        List<String> userAttributes = getUserAttributes();
        ContainerCriteria is = LdapQueryBuilder.query().base(this.userConfig.getUidSearchName()).attributes((String[]) userAttributes.toArray(new String[userAttributes.size()])).countLimit((int) this.userConfig.getSearchCountlimit()).where(OBJECTCLASS_ATTRIBUTE).is(StringUtils.defaultString(this.userConfig.getSearchObjectclass(), "*"));
        Properties mapJahiaPropertiesToLDAP = mapJahiaPropertiesToLDAP(properties, this.userConfig.getAttributesMapper());
        if (mapJahiaPropertiesToLDAP == null) {
            return null;
        }
        applyPredefinedUserFilter(is, false);
        ContainerCriteria queryFilters = getQueryFilters(mapJahiaPropertiesToLDAP, this.userConfig, isOrOperator(mapJahiaPropertiesToLDAP, properties));
        if (queryFilters != null) {
            is.and(queryFilters);
        }
        return is;
    }

    private ContainerCriteria createContainerCriteria(String str) {
        try {
            return (ContainerCriteria) FieldUtils.readField(LdapQueryBuilder.query().filter(str), "rootContainer", true);
        } catch (IllegalAccessException e) {
            throw new RuntimeException(e);
        }
    }

    private ContainerCriteria getGroupSearchFilterCriteria() {
        String searchFilter;
        if (this.groupSearchFilterCriteria == null && (searchFilter = this.groupConfig.getSearchFilter()) != null) {
            this.groupSearchFilterCriteria = createContainerCriteria(searchFilter);
            logger.info("Using pre-defined filter for group search: {}", searchFilter);
        }
        return this.groupSearchFilterCriteria;
    }

    private ContainerCriteria getUserSearchFilterCriteria() {
        String searchFilter;
        if (this.userSearchFilterCriteria == null && (searchFilter = this.userConfig.getSearchFilter()) != null) {
            this.userSearchFilterCriteria = createContainerCriteria(searchFilter);
            logger.info("Using pre-defined filter for user search: {}", searchFilter);
        }
        return this.userSearchFilterCriteria;
    }

    private ContainerCriteria getGroupQuery(Properties properties, boolean z) {
        ContainerCriteria buildGroupQuery;
        if (!properties.isEmpty()) {
            buildGroupQuery = buildGroupQuery(properties, z);
        } else if (z) {
            if (this.searchGroupDynamicCriteria == null) {
                synchronized (this) {
                    if (this.searchGroupDynamicCriteria == null) {
                        this.searchGroupDynamicCriteria = buildGroupQuery(properties, z);
                    }
                }
            }
            buildGroupQuery = this.searchGroupDynamicCriteria;
        } else {
            if (this.searchGroupCriteria == null) {
                synchronized (this) {
                    if (this.searchGroupCriteria == null) {
                        this.searchGroupCriteria = buildGroupQuery(properties, z);
                    }
                }
            }
            buildGroupQuery = this.searchGroupCriteria;
        }
        return buildGroupQuery;
    }

    private void flushGroupQuery() {
        this.searchGroupCriteria = null;
        this.searchGroupDynamicCriteria = null;
        this.groupSearchFilterCriteria = null;
    }

    private ContainerCriteria buildGroupQuery(Properties properties, boolean z) {
        List<String> groupAttributes = getGroupAttributes(z);
        if (z) {
            groupAttributes.add(this.groupConfig.getDynamicMembersAttribute());
        }
        ContainerCriteria is = LdapQueryBuilder.query().base(this.groupConfig.getSearchName()).attributes((String[]) groupAttributes.toArray(new String[groupAttributes.size()])).countLimit((int) this.groupConfig.getSearchCountlimit()).where(OBJECTCLASS_ATTRIBUTE).is(z ? this.groupConfig.getDynamicSearchObjectclass() : this.groupConfig.getSearchObjectclass());
        applyPredefinedGroupFilter(is);
        Properties mapJahiaPropertiesToLDAP = mapJahiaPropertiesToLDAP(properties, this.groupConfig.getAttributesMapper());
        ContainerCriteria queryFilters = getQueryFilters(mapJahiaPropertiesToLDAP, this.groupConfig, isOrOperator(mapJahiaPropertiesToLDAP, properties));
        if (queryFilters != null) {
            is.and(queryFilters);
        }
        return is;
    }

    private static boolean isOrOperator(Properties properties, Properties properties2) {
        return (properties.size() > 1 && properties2.containsKey("multi_criteria_search_op") && ((String) properties2.get("multi_criteria_search_op")).trim().toLowerCase().equals("and")) ? false : true;
    }

    private ContainerCriteria getQueryFilters(Properties properties, AbstractConfig abstractConfig, boolean z) {
        ContainerCriteria containerCriteria = null;
        if (properties.containsKey("*")) {
            String property = properties.getProperty("*");
            if (CollectionUtils.isNotEmpty(abstractConfig.getSearchWildcardsAttributes())) {
                for (String str : abstractConfig.getSearchWildcardsAttributes()) {
                    if (containerCriteria == null) {
                        containerCriteria = LdapQueryBuilder.query().where(str).like(property);
                    } else {
                        addCriteriaToQuery(containerCriteria, true, str).like(property);
                    }
                }
            }
        } else {
            for (String str2 : properties.keySet()) {
                String property2 = properties.getProperty(str2);
                if (containerCriteria == null) {
                    containerCriteria = LdapQueryBuilder.query().where(str2).like(property2);
                } else {
                    addCriteriaToQuery(containerCriteria, z, str2).like(property2);
                }
            }
        }
        return containerCriteria;
    }

    private ConditionCriteria addCriteriaToQuery(ContainerCriteria containerCriteria, boolean z, String str) {
        return z ? containerCriteria.or(str) : containerCriteria.and(str);
    }

    private Properties mapJahiaPropertiesToLDAP(Properties properties, Map<String, String> map) {
        if (properties.isEmpty()) {
            return properties;
        }
        Properties properties2 = new Properties();
        if (properties.containsKey("*")) {
            properties2.setProperty("*", properties.getProperty("*"));
            if (properties.size() == 1) {
                return properties2;
            }
        }
        for (Map.Entry entry : properties.entrySet()) {
            if (map.containsKey(entry.getKey())) {
                properties2.setProperty(map.get(entry.getKey()), (String) entry.getValue());
            } else if (!entry.getKey().equals("*") && !entry.getKey().equals("multi_criteria_search_op")) {
                return null;
            }
        }
        return properties2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Boolean guessUserOrGroupFromDN(String str) throws InvalidNameException {
        Boolean bool = null;
        LdapName newLdapName = LdapUtils.newLdapName(str);
        if (newLdapName.startsWith(new LdapName(this.userConfig.getUidSearchName()))) {
            bool = this.distinctBase ? true : null;
        } else if (newLdapName.startsWith(new LdapName(this.groupConfig.getSearchName()))) {
            bool = this.distinctBase ? false : null;
        }
        return bool;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> getUserAttributes() {
        ArrayList arrayList = new ArrayList(this.userConfig.getAttributesMapper().values());
        arrayList.add(this.userConfig.getUidSearchAttribute());
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> getGroupAttributes(boolean z) {
        ArrayList arrayList = new ArrayList(this.groupConfig.getAttributesMapper().values());
        arrayList.add(this.groupConfig.getSearchAttribute());
        if (z) {
            arrayList.add(this.groupConfig.getDynamicMembersAttribute());
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> getCommonAttributes(List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList(list);
        arrayList.retainAll(list2);
        return arrayList;
    }

    public void setLdapTemplateWrapper(LdapTemplateWrapper ldapTemplateWrapper) {
        this.ldapTemplateWrapper = ldapTemplateWrapper;
    }

    public void setContextSource(LdapContextSource ldapContextSource) {
        this.contextSource = ldapContextSource;
    }

    protected String getSiteKey() {
        return this.userConfig.getTargetSite();
    }

    public void setLdapCacheManager(LDAPCacheManager lDAPCacheManager) {
        this.ldapCacheManager = lDAPCacheManager;
    }

    public void setUserConfig(UserConfig userConfig) {
        this.userConfig = userConfig;
        this.userSearchFilterCriteria = null;
    }

    public void setGroupConfig(GroupConfig groupConfig) {
        this.groupConfig = groupConfig;
        flushGroupQuery();
    }

    public void setDistinctBase(boolean z) {
        this.distinctBase = z;
    }

    public void setMaxLdapTimeoutCountBeforeDisconnect(int i) {
        this.maxLdapTimeoutCountBeforeDisconnect = i;
    }

    public boolean supportsGroups() {
        return this.groupConfig.isMinimalSettingsOk();
    }

    public String toString() {
        return "LDAPUserGroupProvider{getKey()='" + getKey() + "'}";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String decode(String str) {
        return Text.unescapeIllegalJcrChars(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String encode(String str) throws NamingException {
        return Text.escapeIllegalJcrChars(str);
    }
}
