package org.alfresco.repo.security.sync.ldap;

import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.AbstractCollection;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactory;
import org.alfresco.repo.security.sync.NodeDescription;
import org.alfresco.repo.security.sync.UserRegistry;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.alfresco.util.PropertyMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:org/alfresco/repo/security/sync/ldap/LDAPUserRegistry.class */
public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, InitializingBean, ActivateableBean {
    private static Log logger = LogFactory.getLog(LDAPUserRegistry.class);
    private static final Pattern PATTERN_RANGE_END = Pattern.compile(";range=[0-9]+-\\*");
    private String groupSearchBase;
    private String userSearchBase;
    private LDAPInitialDirContextFactory ldapInitialContextFactory;
    private NamespaceService namespaceService;
    private Map<String, String> personAttributeMapping;
    private Map<String, String> groupAttributeMapping;
    private int queryBatchSize;
    private int attributeBatchSize;
    private boolean errorOnMissingMembers;
    private boolean errorOnDuplicateGID;
    private Pair<String[], Set<QName>> userKeys;
    private Pair<String[], Set<QName>> groupKeys;
    private DateFormat timestampFormat;
    private boolean active = true;
    private boolean enableProgressEstimation = true;
    private String groupQuery = "(objectclass=groupOfNames)";
    private String groupDifferentialQuery = "(&(objectclass=groupOfNames)(!(modifyTimestamp<={0})))";
    private String personQuery = "(objectclass=inetOrgPerson)";
    private String personDifferentialQuery = "(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))";
    private String groupIdAttributeName = "cn";
    private String userIdAttributeName = "uid";
    private String memberAttributeName = "member";
    private String modifyTimestampAttributeName = "modifyTimestamp";
    private String groupType = "groupOfNames";
    private String personType = "inetOrgPerson";
    private Map<String, String> personAttributeDefaults = Collections.emptyMap();
    private Map<String, String> groupAttributeDefaults = Collections.emptyMap();
    private boolean errorOnMissingGID = false;
    private boolean errorOnMissingUID = false;

    /* loaded from: input_file:org/alfresco/repo/security/sync/ldap/LDAPUserRegistry$PersonCollection.class */
    public class PersonCollection extends AbstractCollection<NodeDescription> {
        private String query;
        private int totalEstimatedSize;

        /* renamed from: org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection$1CountingCallback, reason: invalid class name */
        /* loaded from: input_file:org/alfresco/repo/security/sync/ldap/LDAPUserRegistry$PersonCollection$1CountingCallback.class */
        class C1CountingCallback implements SearchCallback {
            int count;

            C1CountingCallback() {
            }

            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void process(SearchResult searchResult) throws NamingException, ParseException {
                this.count++;
                if (LDAPUserRegistry.logger.isDebugEnabled()) {
                    LDAPUserRegistry.logger.debug("Processing person: " + searchResult.getNameInNamespace());
                }
            }

            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void close() throws NamingException {
            }
        }

        /* loaded from: input_file:org/alfresco/repo/security/sync/ldap/LDAPUserRegistry$PersonCollection$PersonIterator.class */
        private class PersonIterator implements Iterator<NodeDescription> {
            private InitialDirContext ctx;
            private SearchControls userSearchCtls;
            private NamingEnumeration<SearchResult> searchResults;
            private HashSet<String> uids = new HashSet<>();
            private NodeDescription next;

            public PersonIterator() {
                try {
                    try {
                        this.ctx = LDAPUserRegistry.this.ldapInitialContextFactory.getDefaultIntialDirContext(LDAPUserRegistry.this.queryBatchSize);
                        this.userSearchCtls = new SearchControls();
                        this.userSearchCtls.setSearchScope(2);
                        this.userSearchCtls.setReturningAttributes((String[]) LDAPUserRegistry.this.userKeys.getFirst());
                        this.next = fetchNext();
                        if (this.searchResults == null) {
                            try {
                                this.ctx.close();
                            } catch (Exception e) {
                            }
                            this.ctx = null;
                        }
                    } catch (Throwable th) {
                        if (this.searchResults == null) {
                            try {
                                this.ctx.close();
                            } catch (Exception e2) {
                            }
                            this.ctx = null;
                        }
                        throw th;
                    }
                } catch (NamingException e3) {
                    throw new AlfrescoRuntimeException("Failed to import people.", e3);
                }
            }

            @Override // java.util.Iterator
            public boolean hasNext() {
                return this.next != null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public NodeDescription next() {
                if (this.next == null) {
                    throw new IllegalStateException();
                }
                NodeDescription nodeDescription = this.next;
                try {
                    this.next = fetchNext();
                    return nodeDescription;
                } catch (NamingException e) {
                    throw new AlfrescoRuntimeException("Failed to import people.", e);
                }
            }

            private NodeDescription fetchNext() throws NamingException {
                boolean z;
                do {
                    z = this.searchResults == null;
                    while (!z && this.searchResults.hasMore()) {
                        SearchResult searchResult = (SearchResult) this.searchResults.next();
                        Attributes attributes = searchResult.getAttributes();
                        Attribute attribute = attributes.get(LDAPUserRegistry.this.userIdAttributeName);
                        if (attribute != null) {
                            String str = (String) attribute.get(0);
                            if (this.uids.contains(str)) {
                                LDAPUserRegistry.logger.warn("Duplicate uid found - there will be more than one person object for this user - " + str);
                            }
                            this.uids.add(str);
                            if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                LDAPUserRegistry.logger.debug("Adding user for " + str);
                            }
                            return LDAPUserRegistry.this.mapToNode(LDAPUserRegistry.this.personAttributeMapping, LDAPUserRegistry.this.personAttributeDefaults, searchResult);
                        }
                        if (LDAPUserRegistry.this.errorOnMissingUID) {
                            throw new AlfrescoRuntimeException("User returned by user search does not have mandatory user id attribute " + attributes);
                        }
                        LDAPUserRegistry.logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
                    }
                    if (!z) {
                        z = LDAPUserRegistry.this.ldapInitialContextFactory.hasNextPage(this.ctx, LDAPUserRegistry.this.queryBatchSize);
                    }
                    if (z) {
                        this.searchResults = this.ctx.search(LDAPUserRegistry.this.userSearchBase, PersonCollection.this.query, this.userSearchCtls);
                    }
                } while (z);
                this.searchResults.close();
                this.searchResults = null;
                this.ctx.close();
                this.ctx = null;
                return null;
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }
        }

        public PersonCollection(Date date) {
            if (date == null) {
                this.query = LDAPUserRegistry.this.personQuery;
            } else {
                this.query = MessageFormat.format(LDAPUserRegistry.this.personDifferentialQuery, LDAPUserRegistry.this.timestampFormat.format(date));
            }
            if (!LDAPUserRegistry.this.enableProgressEstimation) {
                this.totalEstimatedSize = -1;
                return;
            }
            C1CountingCallback c1CountingCallback = new C1CountingCallback();
            LDAPUserRegistry.this.processQuery(c1CountingCallback, LDAPUserRegistry.this.userSearchBase, this.query, new String[0]);
            this.totalEstimatedSize = c1CountingCallback.count;
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.lang.Iterable
        public Iterator<NodeDescription> iterator() {
            return new PersonIterator();
        }

        @Override // java.util.AbstractCollection, java.util.Collection
        public int size() {
            return this.totalEstimatedSize;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/alfresco/repo/security/sync/ldap/LDAPUserRegistry$SearchCallback.class */
    public interface SearchCallback {
        void process(SearchResult searchResult) throws NamingException, ParseException;

        void close() throws NamingException;
    }

    public LDAPUserRegistry() {
        setTimestampFormat("yyyyMMddHHmmss'Z'");
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    public void setEnableProgressEstimation(boolean z) {
        this.enableProgressEstimation = z;
    }

    public void setGroupIdAttributeName(String str) {
        this.groupIdAttributeName = str;
    }

    public void setGroupQuery(String str) {
        this.groupQuery = str;
    }

    public void setGroupDifferentialQuery(String str) {
        this.groupDifferentialQuery = str;
    }

    public void setPersonQuery(String str) {
        this.personQuery = str;
    }

    public void setPersonDifferentialQuery(String str) {
        this.personDifferentialQuery = str;
    }

    public void setGroupType(String str) {
        this.groupType = str;
    }

    public void setMemberAttribute(String str) {
        this.memberAttributeName = str;
    }

    public void setPersonType(String str) {
        this.personType = str;
    }

    public void setGroupSearchBase(String str) {
        this.groupSearchBase = str;
    }

    public void setUserSearchBase(String str) {
        this.userSearchBase = str;
    }

    public void setUserIdAttributeName(String str) {
        this.userIdAttributeName = str;
    }

    public void setModifyTimestampAttributeName(String str) {
        this.modifyTimestampAttributeName = str;
    }

    public void setTimestampFormat(String str) {
        this.timestampFormat = new SimpleDateFormat(str, Locale.UK);
        this.timestampFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
    }

    public void setErrorOnMissingMembers(boolean z) {
        this.errorOnMissingMembers = z;
    }

    public void setErrorOnMissingGID(boolean z) {
        this.errorOnMissingGID = z;
    }

    public void setErrorOnMissingUID(boolean z) {
        this.errorOnMissingUID = z;
    }

    public void setErrorOnDuplicateGID(boolean z) {
        this.errorOnDuplicateGID = z;
    }

    public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory lDAPInitialDirContextFactory) {
        this.ldapInitialContextFactory = lDAPInitialDirContextFactory;
    }

    public void setNamespaceService(NamespaceService namespaceService) {
        this.namespaceService = namespaceService;
    }

    public void setPersonAttributeDefaults(Map<String, String> map) {
        this.personAttributeDefaults = map;
    }

    public void setPersonAttributeMapping(Map<String, String> map) {
        this.personAttributeMapping = map;
    }

    public void setGroupAttributeDefaults(Map<String, String> map) {
        this.groupAttributeDefaults = map;
    }

    public void setGroupAttributeMapping(Map<String, String> map) {
        this.groupAttributeMapping = map;
    }

    public void setQueryBatchSize(int i) {
        this.queryBatchSize = i;
    }

    public void setAttributeBatchSize(int i) {
        this.attributeBatchSize = i;
    }

    @Override // org.alfresco.repo.management.subsystems.ActivateableBean
    public boolean isActive() {
        return this.active;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.personAttributeMapping == null) {
            this.personAttributeMapping = new HashMap(5);
        }
        this.personAttributeMapping.put(ContentModel.PROP_USERNAME.toPrefixString(this.namespaceService), this.userIdAttributeName);
        this.userKeys = initKeys(this.personAttributeMapping, new String[0]);
        if (this.groupAttributeMapping == null) {
            this.groupAttributeMapping = new HashMap(5);
        }
        this.groupAttributeMapping.put(ContentModel.PROP_AUTHORITY_NAME.toPrefixString(this.namespaceService), this.groupIdAttributeName);
        Map<String, String> map = this.groupAttributeMapping;
        String[] strArr = new String[1];
        strArr[0] = this.attributeBatchSize > 0 ? this.memberAttributeName + ";range=0-" + (this.attributeBatchSize - 1) : this.memberAttributeName;
        this.groupKeys = initKeys(map, strArr);
    }

    @Override // org.alfresco.repo.security.sync.UserRegistry
    public Set<QName> getPersonMappedProperties() {
        return (Set) this.userKeys.getSecond();
    }

    @Override // org.alfresco.repo.security.sync.UserRegistry
    public Collection<NodeDescription> getPersons(Date date) {
        return new PersonCollection(date);
    }

    @Override // org.alfresco.repo.security.sync.UserRegistry
    public Collection<String> getPersonNames() {
        final LinkedList linkedList = new LinkedList();
        processQuery(new SearchCallback() { // from class: org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.1
            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void process(SearchResult searchResult) throws NamingException, ParseException {
                Attribute attribute = searchResult.getAttributes().get(LDAPUserRegistry.this.userIdAttributeName);
                if (attribute == null) {
                    if (LDAPUserRegistry.this.errorOnMissingUID) {
                        throw new AlfrescoRuntimeException("User missing user id attribute DN =" + searchResult.getNameInNamespace() + "  att = " + LDAPUserRegistry.this.userIdAttributeName);
                    }
                    LDAPUserRegistry.logger.warn("User missing user id attribute DN =" + searchResult.getNameInNamespace() + "  att = " + LDAPUserRegistry.this.userIdAttributeName);
                } else {
                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                        LDAPUserRegistry.logger.debug("Person DN recognized: " + attribute.get());
                    }
                    linkedList.add((String) attribute.get());
                }
            }

            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void close() throws NamingException {
            }
        }, this.userSearchBase, this.personQuery, new String[]{this.userIdAttributeName});
        return linkedList;
    }

    @Override // org.alfresco.repo.security.sync.UserRegistry
    public Collection<String> getGroupNames() {
        final LinkedList linkedList = new LinkedList();
        processQuery(new SearchCallback() { // from class: org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.2
            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void process(SearchResult searchResult) throws NamingException, ParseException {
                Attribute attribute = searchResult.getAttributes().get(LDAPUserRegistry.this.groupIdAttributeName);
                if (attribute == null) {
                    if (LDAPUserRegistry.this.errorOnMissingGID) {
                        throw new AlfrescoRuntimeException("NodeDescription returned by group search does not have mandatory group id attribute " + searchResult.getNameInNamespace());
                    }
                    LDAPUserRegistry.logger.warn("Missing GID on " + searchResult.getNameInNamespace());
                } else {
                    String str = "GROUP_" + ((String) attribute.get());
                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                        LDAPUserRegistry.logger.debug("Group DN recognized: " + str);
                    }
                    linkedList.add(str);
                }
            }

            @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
            public void close() throws NamingException {
            }
        }, this.groupSearchBase, this.groupQuery, new String[]{this.groupIdAttributeName});
        return linkedList;
    }

    @Override // org.alfresco.repo.security.sync.UserRegistry
    public Collection<NodeDescription> getGroups(Date date) {
        try {
            final LdapName fixedLdapName = fixedLdapName(this.groupSearchBase.toLowerCase());
            final LdapName fixedLdapName2 = fixedLdapName(this.userSearchBase.toLowerCase());
            final boolean z = (fixedLdapName.startsWith(fixedLdapName2) || fixedLdapName2.startsWith(fixedLdapName)) ? false : true;
            String format = date == null ? this.groupQuery : MessageFormat.format(this.groupDifferentialQuery, this.timestampFormat.format(date));
            final TreeMap treeMap = new TreeMap();
            processQuery(new SearchCallback() { // from class: org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.3
                private DirContext ctx;

                {
                    this.ctx = LDAPUserRegistry.this.ldapInitialContextFactory.getDefaultIntialDirContext();
                }

                @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
                public void process(SearchResult searchResult) throws NamingException, ParseException {
                    Attribute attribute;
                    Attribute attribute2;
                    Attributes attributes = searchResult.getAttributes();
                    Attribute attribute3 = attributes.get(LDAPUserRegistry.this.groupIdAttributeName);
                    if (attribute3 == null) {
                        if (LDAPUserRegistry.this.errorOnMissingGID) {
                            throw new AlfrescoRuntimeException("NodeDescription returned by group search does not have mandatory group id attribute " + attributes);
                        }
                        LDAPUserRegistry.logger.warn("Missing GID on " + attributes);
                        return;
                    }
                    String obj = attribute3.get(0).toString();
                    String str = "GROUP_" + obj;
                    NodeDescription nodeDescription = (NodeDescription) treeMap.get(str);
                    if (nodeDescription == null) {
                        nodeDescription = LDAPUserRegistry.this.mapToNode(LDAPUserRegistry.this.groupAttributeMapping, LDAPUserRegistry.this.groupAttributeDefaults, searchResult);
                        nodeDescription.getProperties().put(ContentModel.PROP_AUTHORITY_NAME, str);
                        treeMap.put(str, nodeDescription);
                    } else {
                        if (LDAPUserRegistry.this.errorOnDuplicateGID) {
                            throw new AlfrescoRuntimeException("Duplicate group id found for " + str);
                        }
                        LDAPUserRegistry.logger.warn("Duplicate gid found for " + str + " -> merging definitions");
                    }
                    Set<String> childAssociations = nodeDescription.getChildAssociations();
                    Attribute rangeRestrictedAttribute = LDAPUserRegistry.this.getRangeRestrictedAttribute(attributes, LDAPUserRegistry.this.memberAttributeName);
                    int i = LDAPUserRegistry.this.attributeBatchSize;
                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                        LDAPUserRegistry.logger.debug("Processing group: " + str + ", from source: " + nodeDescription.getSourceId());
                    }
                    while (rangeRestrictedAttribute != null) {
                        for (int i2 = 0; i2 < rangeRestrictedAttribute.size(); i2++) {
                            String str2 = (String) rangeRestrictedAttribute.get(i2);
                            if (str2 != null && str2.length() > 0) {
                                try {
                                    LdapName fixedLdapName3 = LDAPUserRegistry.fixedLdapName(str2.toLowerCase());
                                    if (z) {
                                        LdapName fixedLdapName4 = LDAPUserRegistry.fixedLdapName(str2);
                                        Attributes attributes2 = fixedLdapName4.getRdn(fixedLdapName4.size() - 1).toAttributes();
                                        if (fixedLdapName3.startsWith(fixedLdapName2) && (attribute2 = attributes2.get(LDAPUserRegistry.this.userIdAttributeName)) != null) {
                                            if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                                LDAPUserRegistry.logger.debug("User DN recognized: " + attribute2.get());
                                            }
                                            childAssociations.add((String) attribute2.get());
                                        } else if (fixedLdapName3.startsWith(fixedLdapName) && (attribute = attributes2.get(LDAPUserRegistry.this.groupIdAttributeName)) != null) {
                                            if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                                LDAPUserRegistry.logger.debug("Group DN recognized: GROUP_" + attribute.get());
                                            }
                                            childAssociations.add("GROUP_" + attribute.get());
                                        }
                                    }
                                    if (fixedLdapName3.startsWith(fixedLdapName2) || fixedLdapName3.startsWith(fixedLdapName)) {
                                        try {
                                            Attributes attributes3 = this.ctx.getAttributes(LDAPUserRegistry.jndiName(str2), new String[]{"objectclass", LDAPUserRegistry.this.groupIdAttributeName, LDAPUserRegistry.this.userIdAttributeName});
                                            Attribute attribute4 = attributes3.get("objectclass");
                                            if (LDAPUserRegistry.this.hasAttributeValue(attribute4, LDAPUserRegistry.this.personType)) {
                                                Attribute attribute5 = attributes3.get(LDAPUserRegistry.this.userIdAttributeName);
                                                if (attribute5 != null) {
                                                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                                        LDAPUserRegistry.logger.debug("User DN recognized by directory lookup: " + attribute5.get());
                                                    }
                                                    childAssociations.add((String) attribute5.get());
                                                } else {
                                                    if (LDAPUserRegistry.this.errorOnMissingUID) {
                                                        throw new AlfrescoRuntimeException("User missing user id attribute DN =" + str2 + "  att = " + LDAPUserRegistry.this.userIdAttributeName);
                                                    }
                                                    LDAPUserRegistry.logger.warn("User missing user id attribute DN =" + str2 + "  att = " + LDAPUserRegistry.this.userIdAttributeName);
                                                }
                                            } else if (LDAPUserRegistry.this.hasAttributeValue(attribute4, LDAPUserRegistry.this.groupType)) {
                                                Attribute attribute6 = attributes3.get(LDAPUserRegistry.this.groupIdAttributeName);
                                                if (attribute6 != null) {
                                                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                                        LDAPUserRegistry.logger.debug("Group DN recognized by directory lookup: GROUP_" + attribute6.get());
                                                    }
                                                    childAssociations.add("GROUP_" + attribute6.get());
                                                } else {
                                                    if (LDAPUserRegistry.this.errorOnMissingGID) {
                                                        throw new AlfrescoRuntimeException("Group returned by group search does not have mandatory group id attribute " + attributes);
                                                    }
                                                    LDAPUserRegistry.logger.warn("Missing GID on " + attributes3);
                                                }
                                            }
                                        } catch (NamingException e) {
                                            if (LDAPUserRegistry.this.errorOnMissingMembers) {
                                                throw new AlfrescoRuntimeException("Failed to resolve member of group '" + obj + "' with distinguished name: " + str2, e);
                                            }
                                            LDAPUserRegistry.logger.warn("Failed to resolve member of group '" + obj + "' with distinguished name: " + str2, e);
                                        }
                                    }
                                    if (LDAPUserRegistry.this.errorOnMissingMembers) {
                                        throw new AlfrescoRuntimeException("Failed to resolve member of group '" + obj + "' with distinguished name: " + str2);
                                    }
                                    LDAPUserRegistry.logger.warn("Failed to resolve member of group '" + obj + "' with distinguished name: " + str2);
                                } catch (InvalidNameException e2) {
                                    if (LDAPUserRegistry.logger.isDebugEnabled()) {
                                        LDAPUserRegistry.logger.debug("Member DN recognized as posixGroup: " + str2);
                                    }
                                    childAssociations.add(str2);
                                }
                            }
                        }
                        if (i <= 0 || LDAPUserRegistry.PATTERN_RANGE_END.matcher(rangeRestrictedAttribute.getID().toLowerCase()).find()) {
                            rangeRestrictedAttribute = null;
                        } else {
                            rangeRestrictedAttribute = LDAPUserRegistry.this.getRangeRestrictedAttribute(this.ctx.getAttributes(LDAPUserRegistry.jndiName(searchResult.getNameInNamespace()), new String[]{LDAPUserRegistry.this.memberAttributeName + ";range=" + i + '-' + ((i + LDAPUserRegistry.this.attributeBatchSize) - 1)}), LDAPUserRegistry.this.memberAttributeName);
                            i += LDAPUserRegistry.this.attributeBatchSize;
                        }
                    }
                }

                @Override // org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.SearchCallback
                public void close() throws NamingException {
                    this.ctx.close();
                }
            }, this.groupSearchBase, format, (String[]) this.groupKeys.getFirst());
            if (logger.isDebugEnabled()) {
                logger.debug("Found " + treeMap.size());
            }
            return treeMap.values();
        } catch (InvalidNameException e) {
            throw new AlfrescoRuntimeException("User and group import failed", e);
        }
    }

    @Override // org.alfresco.repo.security.sync.ldap.LDAPNameResolver
    public String resolveDistinguishedName(String str) throws AuthenticationException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{this.userIdAttributeName});
        InitialDirContext initialDirContext = null;
        try {
            try {
                InitialDirContext defaultIntialDirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext();
                NamingEnumeration search = defaultIntialDirContext.search(this.userSearchBase, "(&" + this.personQuery + "(" + this.userIdAttributeName + "={0}))", new Object[]{str}, searchControls);
                if (!search.hasMore()) {
                    throw new AuthenticationException("Failed to resolve user: " + str);
                }
                String nameInNamespace = ((SearchResult) search.next()).getNameInNamespace();
                if (defaultIntialDirContext != null) {
                    try {
                        defaultIntialDirContext.close();
                    } catch (NamingException e) {
                    }
                }
                return nameInNamespace;
            } catch (NamingException e2) {
                throw new AlfrescoRuntimeException("Failed to resolve user ID: " + str, e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    initialDirContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    private Pair<String[], Set<QName>> initKeys(Map<String, String> map, String... strArr) {
        TreeSet treeSet = new TreeSet();
        treeSet.addAll(Arrays.asList(strArr));
        treeSet.add(this.modifyTimestampAttributeName);
        for (String str : map.values()) {
            if (str != null) {
                treeSet.add(str);
            }
        }
        String[] strArr2 = new String[treeSet.size()];
        treeSet.toArray(strArr2);
        HashSet hashSet = new HashSet(map.size() * 2);
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            hashSet.add(QName.createQName(it.next(), this.namespaceService));
        }
        return new Pair<>(strArr2, hashSet);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public NodeDescription mapToNode(Map<String, String> map, Map<String, String> map2, SearchResult searchResult) throws NamingException {
        NodeDescription nodeDescription = new NodeDescription(searchResult.getNameInNamespace());
        Attributes attributes = searchResult.getAttributes();
        Attribute attribute = attributes.get(this.modifyTimestampAttributeName);
        if (attribute != null) {
            try {
                nodeDescription.setLastModified(this.timestampFormat.parse(attribute.get().toString()));
            } catch (ParseException e) {
                throw new AlfrescoRuntimeException("Failed to parse timestamp.", e);
            }
        }
        PropertyMap properties = nodeDescription.getProperties();
        for (String str : map.keySet()) {
            QName createQName = QName.createQName(str, this.namespaceService);
            String str2 = map.get(str);
            if (str2 != null) {
                Attribute attribute2 = attributes.get(str2);
                if (attribute2 != null) {
                    String str3 = (String) attribute2.get(0);
                    if (str3 != null) {
                        properties.put(createQName, str3);
                    }
                } else {
                    String str4 = map2.get(str);
                    if (str4 != null) {
                        properties.put(createQName, str4);
                    }
                }
            } else {
                String str5 = map2.get(str);
                if (str5 != null) {
                    properties.put(createQName, str5);
                }
            }
        }
        return nodeDescription;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Name jndiName(String str) throws InvalidNameException {
        CompositeName compositeName = new CompositeName();
        compositeName.add(str);
        return compositeName;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static LdapName fixedLdapName(String str) throws InvalidNameException {
        if (str.indexOf(92) == -1) {
            return new LdapName(str);
        }
        StringBuilder sb = new StringBuilder(str.length());
        int length = str.length();
        int i = 0;
        while (i < length) {
            char charAt = str.charAt(i);
            if (charAt == '\\') {
                if (i + 2 < length) {
                    char charAt2 = str.charAt(i + 1);
                    if (Character.isLetterOrDigit(charAt2)) {
                        char charAt3 = str.charAt(i + 2);
                        if (Character.isLetterOrDigit(charAt3)) {
                            if (charAt2 == '2' && charAt3 == '0') {
                                sb.append("\\ ");
                            } else if (charAt2 == '0' && charAt3 == 'D') {
                                sb.append("\\\r");
                            } else {
                                sb.append((CharSequence) str, i, i + 3);
                            }
                            i += 2;
                        }
                    }
                }
                if (i + 1 < length) {
                    sb.append((CharSequence) str, i, i + 2);
                    i++;
                } else {
                    sb.append(charAt);
                }
            } else {
                sb.append(charAt);
            }
            i++;
        }
        return new LdapName(sb.toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processQuery(SearchCallback searchCallback, String str, String str2, String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(strArr);
        if (logger.isDebugEnabled()) {
            logger.debug("Processing query");
            logger.debug("Search base: " + str);
            logger.debug("    Return result limit: " + searchControls.getCountLimit());
            logger.debug("    DerefLink: " + searchControls.getDerefLinkFlag());
            logger.debug("    Return named object: " + searchControls.getReturningObjFlag());
            logger.debug("    Time limit for search: " + searchControls.getTimeLimit());
            logger.debug("    Attributes to return: " + strArr.length + " items.");
            for (String str3 : strArr) {
                logger.debug("        Attribute: " + str3);
            }
        }
        DirContext dirContext = null;
        try {
            try {
                try {
                    dirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext(this.queryBatchSize);
                    do {
                        NamingEnumeration search = dirContext.search(str, str2, searchControls);
                        while (search.hasMore()) {
                            searchCallback.process((SearchResult) search.next());
                        }
                    } while (this.ldapInitialContextFactory.hasNextPage(dirContext, this.queryBatchSize));
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (NamingException e) {
                        }
                    }
                    try {
                        searchCallback.close();
                    } catch (NamingException e2) {
                    }
                } catch (Throwable th) {
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (NamingException e3) {
                        }
                    }
                    try {
                        searchCallback.close();
                    } catch (NamingException e4) {
                    }
                    throw th;
                }
            } catch (ParseException e5) {
                throw new AlfrescoRuntimeException("User and group import failed", e5);
            }
        } catch (NamingException e6) {
            throw new AlfrescoRuntimeException("User and group import failed", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasAttributeValue(Attribute attribute, String str) throws NamingException {
        if (attribute == null) {
            return false;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            if (str.equalsIgnoreCase((String) all.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Attribute getRangeRestrictedAttribute(Attributes attributes, String str) throws NamingException {
        Attribute attribute = attributes.get(str);
        if (attribute != null) {
            return attribute;
        }
        NamingEnumeration all = attributes.getAll();
        String str2 = str.toLowerCase() + ';';
        while (all.hasMore()) {
            Attribute attribute2 = (Attribute) all.next();
            if (attribute2.getID().toLowerCase().startsWith(str2)) {
                return attribute2;
            }
        }
        return null;
    }
}
