package org.identityconnectors.ldap;

import com.sun.jndi.ldap.ctl.PasswordExpiredResponseControl;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.Pair;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
import org.identityconnectors.framework.common.exceptions.PasswordExpiredException;
import org.identityconnectors.ldap.schema.LdapSchemaMapping;

/* loaded from: input_file:lib/ldap-connector-1.1.0.em2.jar:org/identityconnectors/ldap/LdapConnection.class */
public class LdapConnection {
    private static final Set<String> LDAP_BINARY_SYNTAX_ATTRS;
    private static final Set<String> LDAP_BINARY_OPTION_ATTRS;
    private static final String LDAP_CTX_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final Log log;
    private final LdapConfiguration config;
    private final LdapSchemaMapping schemaMapping = new LdapSchemaMapping(this);
    private LdapContext initCtx;
    private Set<String> supportedControls;
    private ServerType serverType;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:lib/ldap-connector-1.1.0.em2.jar:org/identityconnectors/ldap/LdapConnection$AuthenticationResult.class */
    public static class AuthenticationResult {
        private final AuthenticationResultType type;
        private final Exception cause;
        static final /* synthetic */ boolean $assertionsDisabled;

        public AuthenticationResult(AuthenticationResultType authenticationResultType) {
            this(authenticationResultType, null);
        }

        public AuthenticationResult(AuthenticationResultType authenticationResultType, Exception exc) {
            if (!$assertionsDisabled && authenticationResultType == null) {
                throw new AssertionError();
            }
            this.type = authenticationResultType;
            this.cause = exc;
        }

        public void propagate() {
            this.type.propagate(this.cause);
        }

        public AuthenticationResultType getType() {
            return this.type;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("AuthenticationResult[type: " + this.type);
            if (this.cause != null) {
                sb.append("; cause: " + this.cause.getMessage());
            }
            sb.append(']');
            return sb.toString();
        }

        static {
            $assertionsDisabled = !LdapConnection.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:lib/ldap-connector-1.1.0.em2.jar:org/identityconnectors/ldap/LdapConnection$AuthenticationResultType.class */
    public enum AuthenticationResultType {
        SUCCESS { // from class: org.identityconnectors.ldap.LdapConnection.AuthenticationResultType.1
            @Override // org.identityconnectors.ldap.LdapConnection.AuthenticationResultType
            public void propagate(Exception exc) {
            }
        },
        PASSWORD_EXPIRED { // from class: org.identityconnectors.ldap.LdapConnection.AuthenticationResultType.2
            @Override // org.identityconnectors.ldap.LdapConnection.AuthenticationResultType
            public void propagate(Exception exc) {
                throw new PasswordExpiredException(exc);
            }
        },
        FAILED { // from class: org.identityconnectors.ldap.LdapConnection.AuthenticationResultType.3
            @Override // org.identityconnectors.ldap.LdapConnection.AuthenticationResultType
            public void propagate(Exception exc) {
                throw new ConnectorSecurityException(exc);
            }
        };

        public abstract void propagate(Exception exc);
    }

    /* loaded from: input_file:lib/ldap-connector-1.1.0.em2.jar:org/identityconnectors/ldap/LdapConnection$ServerType.class */
    public enum ServerType {
        SUN_DSEE,
        OPENDS,
        OPENDJ,
        IBM,
        MSAD,
        MSAD_GC,
        UNKNOWN
    }

    public LdapConnection(LdapConfiguration ldapConfiguration) {
        this.config = ldapConfiguration;
    }

    public String format(String str, String str2, Object... objArr) {
        return this.config.getConnectorMessages().format(str, str2, objArr);
    }

    public LdapConfiguration getConfiguration() {
        return this.config;
    }

    public LdapContext getInitialContext() {
        if (this.initCtx != null) {
            return this.initCtx;
        }
        this.initCtx = connect(this.config.getPrincipal(), this.config.getCredentials());
        return this.initCtx;
    }

    private LdapContext connect(String str, GuardedString guardedString) {
        Pair<AuthenticationResult, LdapContext> createContext = createContext(str, guardedString);
        if (((AuthenticationResult) createContext.first).getType().equals(AuthenticationResultType.SUCCESS)) {
            return (LdapContext) createContext.second;
        }
        ((AuthenticationResult) createContext.first).propagate();
        throw new IllegalStateException("Should never get here");
    }

    private Pair<AuthenticationResult, LdapContext> createContext(String str, GuardedString guardedString) {
        final ArrayList arrayList = new ArrayList(1);
        final Hashtable<?, ?> hashtable = new Hashtable<>();
        hashtable.put("java.naming.ldap.attributes.binary", LdapConstants.MS_GUID_ATTR);
        hashtable.put("java.naming.factory.initial", LDAP_CTX_FACTORY);
        hashtable.put("java.naming.provider.url", getLdapUrls());
        hashtable.put("java.naming.referral", this.config.getReferralsHandling());
        if (this.config.isSsl()) {
            hashtable.put("java.naming.security.protocol", "ssl");
        }
        hashtable.put("java.naming.security.authentication", StringUtil.isNotBlank(str) ? "simple" : "none");
        if (StringUtil.isNotBlank(str)) {
            hashtable.put("java.naming.security.principal", str);
            if (guardedString != null) {
                guardedString.access(new GuardedString.Accessor() { // from class: org.identityconnectors.ldap.LdapConnection.1
                    public void access(char[] cArr) {
                        hashtable.put("java.naming.security.credentials", cArr);
                        arrayList.add(LdapConnection.this.createContext(hashtable));
                    }
                });
                if (!$assertionsDisabled && arrayList.size() <= 0) {
                    throw new AssertionError();
                }
            } else {
                arrayList.add(createContext(hashtable));
            }
        } else {
            arrayList.add(createContext(hashtable));
        }
        return (Pair) arrayList.get(0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<AuthenticationResult, LdapContext> createContext(Hashtable<?, ?> hashtable) {
        AuthenticationResult authenticationResult = null;
        InitialLdapContext initialLdapContext = null;
        try {
            initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            if (this.config.isRespectResourcePasswordPolicyChangeAfterReset() && hasPasswordExpiredControl(initialLdapContext.getResponseControls())) {
                authenticationResult = new AuthenticationResult(AuthenticationResultType.PASSWORD_EXPIRED);
            }
        } catch (AuthenticationException e) {
            String lowerCase = e.getMessage().toLowerCase();
            authenticationResult = lowerCase.contains("password expired") ? new AuthenticationResult(AuthenticationResultType.PASSWORD_EXPIRED, e) : lowerCase.contains("password has expired") ? new AuthenticationResult(AuthenticationResultType.PASSWORD_EXPIRED, e) : (lowerCase.contains("ldap: error code 49 ") && lowerCase.contains("data 773,")) ? new AuthenticationResult(AuthenticationResultType.PASSWORD_EXPIRED, e) : new AuthenticationResult(AuthenticationResultType.FAILED, e);
        } catch (NamingException e2) {
            authenticationResult = new AuthenticationResult(AuthenticationResultType.FAILED, e2);
        }
        if (authenticationResult == null) {
            if (!$assertionsDisabled && initialLdapContext == null) {
                throw new AssertionError();
            }
            authenticationResult = new AuthenticationResult(AuthenticationResultType.SUCCESS);
        }
        return new Pair<>(authenticationResult, initialLdapContext);
    }

    private static boolean hasPasswordExpiredControl(Control[] controlArr) {
        if (controlArr == null) {
            return false;
        }
        for (Control control : controlArr) {
            if (control instanceof PasswordExpiredResponseControl) {
                return true;
            }
        }
        return false;
    }

    private String getLdapUrls() {
        StringBuilder sb = new StringBuilder();
        sb.append("ldap://");
        sb.append(this.config.getHost());
        sb.append(':');
        sb.append(this.config.getPort());
        for (String str : LdapUtil.nullAsEmpty(this.config.getFailover())) {
            sb.append(' ');
            sb.append(str);
        }
        return sb.toString();
    }

    public void close() {
        try {
            quietClose(this.initCtx);
            this.initCtx = null;
        } catch (Throwable th) {
            this.initCtx = null;
            throw th;
        }
    }

    private static void quietClose(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                log.warn(e, (String) null, new Object[0]);
            }
        }
    }

    public LdapSchemaMapping getSchemaMapping() {
        return this.schemaMapping;
    }

    public LdapNativeSchema createNativeSchema() {
        try {
            return this.config.isReadSchema() ? new ServerNativeSchema(this) : new StaticNativeSchema();
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    public AuthenticationResult authenticate(String str, GuardedString guardedString) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        log.ok("Attempting to authenticate {0}", new Object[]{str});
        Pair<AuthenticationResult, LdapContext> createContext = createContext(str, guardedString);
        if (createContext.second != null) {
            quietClose((LdapContext) createContext.second);
        }
        log.ok("Authentication result: {0}", new Object[]{createContext.first});
        return (AuthenticationResult) createContext.first;
    }

    public void test() {
        checkAlive();
    }

    public void checkAlive() {
        try {
            getInitialContext().getAttributes("", new String[]{"subschemaSubentry"}).get("subschemaSubentry");
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    public boolean supportsControl(String str) {
        return getSupportedControls().contains(str);
    }

    private Set<String> getSupportedControls() {
        if (this.supportedControls == null) {
            try {
                this.supportedControls = Collections.unmodifiableSet(LdapUtil.getStringAttrValues(getInitialContext().getAttributes("", new String[]{"supportedControl"}), "supportedControl"));
            } catch (NamingException e) {
                log.warn(e, "Exception while retrieving the supported controls", new Object[0]);
                this.supportedControls = Collections.emptySet();
            }
        }
        return this.supportedControls;
    }

    public ServerType getServerType() {
        if (this.serverType == null) {
            this.serverType = detectServerType();
        }
        return this.serverType;
    }

    private ServerType detectServerType() {
        Attributes attributes;
        String stringAttrValue;
        try {
            attributes = getInitialContext().getAttributes("", new String[]{"vendorVersion", "vendorName", "isGlobalCatalogReady"});
            stringAttrValue = LdapUtil.getStringAttrValue(attributes, "vendorName");
        } catch (NamingException e) {
            log.warn(e, "Exception while detecting the server type", new Object[0]);
        }
        if (null != stringAttrValue && stringAttrValue.toLowerCase().contains("ibm")) {
            log.info("IBM Directory server has been detected", new Object[0]);
            return ServerType.IBM;
        }
        String stringAttrValue2 = LdapUtil.getStringAttrValue(attributes, "vendorVersion");
        if (stringAttrValue2 != null) {
            String lowerCase = stringAttrValue2.toLowerCase();
            if (lowerCase.contains("opends")) {
                log.info("OpenDS Directory server has been detected", new Object[0]);
                return ServerType.OPENDS;
            }
            if (lowerCase.contains("opendj")) {
                log.info("ForgeRock OpenDJ Directory server has been detected", new Object[0]);
                return ServerType.OPENDJ;
            }
            if (lowerCase.contains("sun") && lowerCase.contains("directory")) {
                log.info("Sun DSEE Directory server has been detected", new Object[0]);
                return ServerType.SUN_DSEE;
            }
        } else {
            String stringAttrValue3 = LdapUtil.getStringAttrValue(attributes, "isGlobalCatalogReady");
            if (stringAttrValue3 != null) {
                if (!stringAttrValue3.equalsIgnoreCase("TRUE") || this.config.getPort() == 389 || this.config.getPort() == 636) {
                    log.info("MS Active Directory server has been detected", new Object[0]);
                    return ServerType.MSAD;
                }
                log.info("MS Active Directory Global Catalog server has been detected", new Object[0]);
                return ServerType.MSAD_GC;
            }
        }
        log.info("Directory server type is unknown", new Object[0]);
        return ServerType.UNKNOWN;
    }

    public boolean needsBinaryOption(String str) {
        return LDAP_BINARY_OPTION_ATTRS.contains(str);
    }

    public boolean isBinarySyntax(String str) {
        return LDAP_BINARY_SYNTAX_ATTRS.contains(str);
    }

    static {
        $assertionsDisabled = !LdapConnection.class.desiredAssertionStatus();
        LDAP_BINARY_SYNTAX_ATTRS = CollectionUtil.newCaseInsensitiveSet();
        LDAP_BINARY_SYNTAX_ATTRS.add("audio");
        LDAP_BINARY_SYNTAX_ATTRS.add("jpegPhoto");
        LDAP_BINARY_SYNTAX_ATTRS.add("photo");
        LDAP_BINARY_SYNTAX_ATTRS.add("personalSignature");
        LDAP_BINARY_SYNTAX_ATTRS.add("userPassword");
        LDAP_BINARY_SYNTAX_ATTRS.add("userCertificate");
        LDAP_BINARY_SYNTAX_ATTRS.add("caCertificate");
        LDAP_BINARY_SYNTAX_ATTRS.add("authorityRevocationList");
        LDAP_BINARY_SYNTAX_ATTRS.add("deltaRevocationList");
        LDAP_BINARY_SYNTAX_ATTRS.add("certificateRevocationList");
        LDAP_BINARY_SYNTAX_ATTRS.add("crossCertificatePair");
        LDAP_BINARY_SYNTAX_ATTRS.add("x500UniqueIdentifier");
        LDAP_BINARY_SYNTAX_ATTRS.add("supportedAlgorithms");
        LDAP_BINARY_SYNTAX_ATTRS.add("javaSerializedData");
        LDAP_BINARY_SYNTAX_ATTRS.add("thumbnailPhoto");
        LDAP_BINARY_SYNTAX_ATTRS.add("thumbnailLogo");
        LDAP_BINARY_OPTION_ATTRS = CollectionUtil.newCaseInsensitiveSet();
        LDAP_BINARY_OPTION_ATTRS.add("userCertificate");
        LDAP_BINARY_OPTION_ATTRS.add("caCertificate");
        LDAP_BINARY_OPTION_ATTRS.add("authorityRevocationList");
        LDAP_BINARY_OPTION_ATTRS.add("deltaRevocationList");
        LDAP_BINARY_OPTION_ATTRS.add("certificateRevocationList");
        LDAP_BINARY_OPTION_ATTRS.add("crossCertificatePair");
        LDAP_BINARY_OPTION_ATTRS.add("supportedAlgorithms");
        LDAP_BINARY_SYNTAX_ATTRS.add(LdapConstants.MS_GUID_ATTR);
        log = Log.getLog(LdapConnection.class);
    }
}
