package org.imixs.workflow.ldap;

import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.imixs.workflow.ItemCollection;

@LocalBean
@Stateless
/* loaded from: input_file:org/imixs/workflow/ldap/LDAPLookupService.class */
public class LDAPLookupService {
    public static final int MAX_RESULT = 20;
    public static final int TIME_LIMIT = 20000;
    public static final String LDAP_SEARCH_CONTEXT = "ldap.search-context";
    public static final String LDAP_SEARCH_FILTER_DN = "ldap.dn-search-filter";
    public static final String LDAP_SEARCH_FILTER_GROUP = "ldap.group-search-filter";
    public static final String LDAP_SEARCH_FILTER_PHRASE = "ldap.search-filter-phrase";
    public static final String LDAP_USER_ATTRIBUTES = "ldap.user-attributes";
    private boolean enabled = false;
    private Properties configurationProperties = null;
    private String dnSearchFilter = null;
    private String searchFilterPhrase = null;
    private String groupSearchFilter = null;
    private String searchContext = null;
    private String[] userAttributesLDAP = null;
    private String[] userAttributesImixs = null;

    @Inject
    protected Event<LDAPProfileEvent> ldapProfileEvents;

    @EJB
    LDAPCache ldapCache;
    private static Logger logger = Logger.getLogger(LDAPLookupService.class.getName());

    @PostConstruct
    void init() {
        LdapContext ldapContext;
        try {
            logger.finest("......init lookup service");
            this.configurationProperties = new Properties();
            try {
                this.configurationProperties.load(Thread.currentThread().getContextClassLoader().getResource("imixs.properties").openStream());
            } catch (Exception e) {
                logger.warning("LDAPLookupService unable to find imixs.properties in current classpath");
                e.printStackTrace();
            }
            if (this.configurationProperties == null) {
                logger.severe("Missing imixs.properties!");
                return;
            }
            logger.finest("......read LDAP configuration...");
            this.searchContext = this.configurationProperties.getProperty(LDAP_SEARCH_CONTEXT, "");
            if (this.searchContext.isEmpty()) {
                this.searchContext = this.configurationProperties.getProperty("ldap.search.context", "");
                if (!this.searchContext.isEmpty()) {
                    logger.warning("imixs property 'ldap.search.context' is deprecated and should be replaced with 'ldap.search-context'");
                }
            }
            logger.finest("......ldap.search-context=" + this.searchContext);
            this.dnSearchFilter = this.configurationProperties.getProperty(LDAP_SEARCH_FILTER_DN, "(uid=%u)");
            logger.finest("......ldap.dn-search-filter=" + this.dnSearchFilter);
            this.searchFilterPhrase = this.configurationProperties.getProperty(LDAP_SEARCH_FILTER_PHRASE);
            logger.finest("......ldap.search-filter-phrase=" + this.searchFilterPhrase);
            this.groupSearchFilter = this.configurationProperties.getProperty(LDAP_SEARCH_FILTER_GROUP, "(member=%d)");
            logger.finest("......ldap.group-search-filter=" + this.groupSearchFilter);
            String property = this.configurationProperties.getProperty(LDAP_USER_ATTRIBUTES, "uid,SN,CN,mail");
            logger.finest("......ldap.user-attributes=" + property);
            String[] split = property.split(",");
            this.userAttributesLDAP = new String[split.length];
            this.userAttributesImixs = new String[split.length];
            for (int i = 0; i < split.length; i++) {
                String trim = split[i].trim();
                int indexOf = trim.indexOf(124);
                if (indexOf > 0) {
                    this.userAttributesLDAP[i] = trim.substring(0, indexOf).trim();
                    this.userAttributesImixs[i] = trim.substring(indexOf + 1).trim();
                } else {
                    this.userAttributesLDAP[i] = trim;
                    this.userAttributesImixs[i] = trim;
                }
                logger.finest("......attributesLDAP-" + i + "=" + this.userAttributesLDAP[i]);
                logger.finest("......attributesImixs-" + i + "=" + this.userAttributesImixs[i]);
            }
            logger.finest("......verifing LDAP connection...");
            this.enabled = false;
            LdapContext ldapContext2 = null;
            try {
                ldapContext2 = getDirContext();
                this.enabled = ldapContext2 != null;
                if (ldapContext2 != null) {
                    try {
                        ldapContext2.close();
                    } catch (NamingException e2) {
                        e2.printStackTrace();
                    }
                }
                if (this.enabled) {
                    logger.info("LDAP connection: OK");
                } else {
                    logger.warning("LDAP connection: FAILED");
                }
            } finally {
                if (ldapContext != null) {
                    try {
                    } catch (NamingException e3) {
                    }
                }
            }
        } catch (Exception e4) {
            logger.severe("Unable to initalize LDAPGroupLookupService");
            e4.printStackTrace();
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public ItemCollection findUser(String str) {
        return findUser(str, false);
    }

    public ItemCollection findUser(String str, boolean z) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        if (!z && this.ldapCache.contains(str)) {
            logger.finest("......fetching user: '" + str + "' from cache...");
            ItemCollection user = this.ldapCache.getUser(str);
            if (user != null && user.getAllItems().size() > 0) {
                return user;
            }
            logger.warning("cached LDAP object expired: '" + str + "'");
        }
        long currentTimeMillis = System.currentTimeMillis();
        LdapContext ldapContext = null;
        try {
            logger.finest("......find user: '" + str + "'");
            LdapContext dirContext = getDirContext();
            if (dirContext == null) {
                logger.warning("LDAP DirContext could not be opened!");
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
                return null;
            }
            ItemCollection fetchUser = fetchUser(str, dirContext);
            if (fetchUser != null) {
                logger.finest("......put user: '" + str + "' into cache.");
                this.ldapCache.putUser(str, fetchUser);
                logger.fine("... lookup user '" + str + "' successfull in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
            } else {
                logger.warning("no LDAP object found: '" + str + "'");
            }
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e2) {
                    e2.printStackTrace();
                }
            }
            return fetchUser;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e3) {
                    e3.printStackTrace();
                }
            }
            throw th;
        }
    }

    public void cacheUser(String str, ItemCollection itemCollection) {
        this.ldapCache.putUser(str, itemCollection);
    }

    public List<ItemCollection> searchUserList(String str) {
        LdapContext ldapContext = null;
        try {
            logger.finest("......serachUserList: " + str);
            ldapContext = getDirContext();
            List<ItemCollection> fetchUserList = fetchUserList(str, ldapContext);
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e) {
                    e.printStackTrace();
                }
            }
            return fetchUserList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e2) {
                    e2.printStackTrace();
                }
            }
            throw th;
        }
    }

    public String[] findGroups(String str) {
        String[] groups = this.ldapCache.getGroups(str);
        if (groups != null) {
            return groups;
        }
        LdapContext ldapContext = null;
        try {
            logger.fine("find user groups for: " + str);
            ldapContext = getDirContext();
            String[] fetchGroups = fetchGroups(str, ldapContext);
            if (fetchGroups == null) {
                fetchGroups = new String[0];
            }
            if (logger.isLoggable(Level.FINE)) {
                String str2 = "";
                for (String str3 : fetchGroups) {
                    str2 = str2 + "'" + str3 + "' ";
                }
                logger.fine("groups found for " + str + "=" + str2);
            }
            this.ldapCache.putGroups(str, fetchGroups);
            String[] strArr = fetchGroups;
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e) {
                    e.printStackTrace();
                }
            }
            return strArr;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e2) {
                    e2.printStackTrace();
                }
            }
            throw th;
        }
    }

    private ItemCollection fetchUser(String str, LdapContext ldapContext) {
        ItemCollection itemCollection = null;
        if (!this.enabled || str == null || str.isEmpty()) {
            return null;
        }
        if (ldapContext != null) {
            NamingEnumeration namingEnumeration = null;
            try {
                try {
                    itemCollection = new ItemCollection();
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(2);
                    searchControls.setReturningAttributes(this.userAttributesLDAP);
                    String replace = this.dnSearchFilter.replace("%u", str);
                    logger.finest("......fetchUser: searchContext=" + this.searchContext);
                    logger.finest("......fetchUser: searchFilter=" + replace);
                    namingEnumeration = ldapContext.search(this.searchContext, replace, searchControls);
                    if (namingEnumeration == null || !namingEnumeration.hasMore()) {
                        if (namingEnumeration != null) {
                            try {
                                namingEnumeration.close();
                            } catch (NamingException e) {
                                e.printStackTrace();
                            }
                        }
                        return null;
                    }
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    String name = searchResult.getName();
                    logger.finest("......DN= " + name);
                    Attributes attributes = searchResult.getAttributes();
                    for (int i = 0; i < this.userAttributesLDAP.length; i++) {
                        Attribute attribute = attributes.get(this.userAttributesLDAP[i]);
                        logger.finest("......fetch attribute: '" + this.userAttributesLDAP[i] + "' = " + attribute);
                        if (attribute != null) {
                            NamingEnumeration all = attribute.getAll();
                            Vector vector = new Vector();
                            while (all.hasMore()) {
                                vector.add(all.next());
                            }
                            if (vector.size() > 0) {
                                itemCollection.replaceItemValue(this.userAttributesImixs[i], vector);
                            }
                        }
                    }
                    if (name == null) {
                        itemCollection.replaceItemValue("dn", str);
                    }
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e2) {
                            e2.printStackTrace();
                        }
                    }
                } catch (NamingException e3) {
                    itemCollection = null;
                    logger.warning("Unable to fetch DN for: " + str);
                    logger.warning(e3.getMessage());
                    if (logger.isLoggable(Level.FINEST)) {
                        e3.printStackTrace();
                    }
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e4) {
                            e4.printStackTrace();
                        }
                    }
                }
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e5) {
                        e5.printStackTrace();
                    }
                }
                throw th;
            }
        } else {
            logger.warning("missing ldap context obejct (context==null)!");
        }
        if (this.ldapProfileEvents == null) {
            logger.warning("CDI Support is missing - LDAPProfileEvent wil not be fired");
        } else if (itemCollection != null) {
            LDAPProfileEvent lDAPProfileEvent = new LDAPProfileEvent(itemCollection);
            this.ldapProfileEvents.fire(lDAPProfileEvent);
            ItemCollection profile = lDAPProfileEvent.getProfile();
            if (profile != null) {
                itemCollection = profile;
            } else {
                logger.warning("LDAPProfileEvent returned a null object for '" + str + "'");
            }
        }
        return itemCollection;
    }

    public ItemCollection lookupLdapAttributes(String str) {
        ItemCollection itemCollection = null;
        LdapContext ldapContext = null;
        NamingEnumeration namingEnumeration = null;
        if (!this.enabled || str == null) {
            return null;
        }
        try {
            if (str.isEmpty()) {
                return null;
            }
            try {
                logger.finest("......find user: '" + str + "'");
                LdapContext dirContext = getDirContext();
                if (dirContext != null) {
                    itemCollection = new ItemCollection();
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(2);
                    String replace = this.dnSearchFilter.replace("%u", str);
                    logger.finest("......lookup: searchContext=" + this.searchContext);
                    logger.finest("......lookup: searchFilter=" + replace);
                    namingEnumeration = dirContext.search(this.searchContext, replace, searchControls);
                    if (namingEnumeration == null || !namingEnumeration.hasMore()) {
                        if (namingEnumeration != null) {
                            try {
                                namingEnumeration.close();
                            } catch (NamingException e) {
                                e.printStackTrace();
                            }
                        }
                        if (dirContext != null) {
                            try {
                                dirContext.close();
                            } catch (NamingException e2) {
                                e2.printStackTrace();
                            }
                        }
                        return null;
                    }
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    String name = searchResult.getName();
                    logger.finest("......DN= " + name);
                    NamingEnumeration all = searchResult.getAttributes().getAll();
                    while (all.hasMore()) {
                        Attribute attribute = (Attribute) all.next();
                        String id = attribute.getID();
                        if (attribute != null) {
                            NamingEnumeration all2 = attribute.getAll();
                            Vector vector = new Vector();
                            while (all2.hasMore()) {
                                vector.add(all2.next());
                            }
                            if (vector.size() > 0) {
                                itemCollection.replaceItemValue(id, vector);
                            }
                        }
                    }
                    if (name == null) {
                        itemCollection.replaceItemValue("dn", str);
                    }
                } else {
                    logger.warning("missing ldap context obejct (context==null)!");
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e3) {
                        e3.printStackTrace();
                    }
                }
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e4) {
                        e4.printStackTrace();
                    }
                }
            } catch (NamingException e5) {
                itemCollection = null;
                logger.warning("Unable to fetch DN for: " + str);
                logger.warning(e5.getMessage());
                if (logger.isLoggable(Level.FINEST)) {
                    e5.printStackTrace();
                }
                if (0 != 0) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e6) {
                        e6.printStackTrace();
                    }
                }
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e7) {
                        e7.printStackTrace();
                    }
                }
            }
            return itemCollection;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e8) {
                    e8.printStackTrace();
                }
            }
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (NamingException e9) {
                    e9.printStackTrace();
                }
            }
            throw th;
        }
    }

    private List<ItemCollection> fetchUserList(String str, LdapContext ldapContext) {
        NamingEnumeration search;
        NamingEnumeration namingEnumeration = null;
        ArrayList arrayList = new ArrayList();
        if (str == null || str.isEmpty()) {
            return arrayList;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(this.userAttributesLDAP);
                searchControls.setCountLimit(20L);
                searchControls.setTimeLimit(TIME_LIMIT);
                String replace = this.searchFilterPhrase.replace("?", str);
                logger.finest("......fetchUser: searchFilter = " + replace);
                search = ldapContext.search(this.searchContext, replace, searchControls);
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (NamingException e2) {
            logger.warning("ldap search error: " + e2.getMessage());
            if (logger.isLoggable(Level.FINEST)) {
                e2.printStackTrace();
            }
            if (0 != 0) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e3) {
                    e3.printStackTrace();
                }
            }
        }
        if (search == null) {
            logger.finest("......search returend null");
            if (search != null) {
                try {
                    search.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            return arrayList;
        }
        logger.finest("......computing result list...");
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            ItemCollection itemCollection = new ItemCollection();
            logger.finest("......DN = " + searchResult.getName());
            Attributes attributes = searchResult.getAttributes();
            for (int i = 0; i < this.userAttributesLDAP.length; i++) {
                Attribute attribute = attributes.get(this.userAttributesLDAP[i]);
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    Vector vector = new Vector();
                    while (all.hasMore()) {
                        vector.add(all.next());
                    }
                    if (vector.size() > 0) {
                        itemCollection.replaceItemValue(this.userAttributesImixs[i], vector);
                    }
                }
            }
            if (this.ldapProfileEvents != null) {
                LDAPProfileEvent lDAPProfileEvent = new LDAPProfileEvent(itemCollection);
                this.ldapProfileEvents.fire(lDAPProfileEvent);
                itemCollection = lDAPProfileEvent.getProfile();
            } else {
                logger.warning("CDI Support is missing - LDAPProfileEvent wil not be fired");
            }
            arrayList.add(itemCollection);
            if (arrayList.size() >= 20) {
                break;
            }
        }
        if (search != null) {
            try {
                search.close();
            } catch (NamingException e5) {
                e5.printStackTrace();
            }
        }
        logger.fine("......search returend " + arrayList.size() + " entries in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
        return arrayList;
    }

    private String[] fetchGroups(String str, LdapContext ldapContext) {
        String[] strArr;
        Vector vector;
        String property;
        ItemCollection fetchUser;
        if (!this.enabled || str == null || str.isEmpty()) {
            return null;
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                vector = new Vector();
                property = this.configurationProperties.getProperty("group-name-praefix");
                fetchUser = fetchUser(str, ldapContext);
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e) {
                        e.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (NamingException e2) {
            strArr = null;
            logger.warning("Unable to fetch groups for: " + str);
            if (logger.isLoggable(Level.FINEST)) {
                e2.printStackTrace();
            }
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e3) {
                    e3.printStackTrace();
                }
            }
        }
        if (fetchUser == null) {
            if (0 != 0) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e4) {
                    e4.printStackTrace();
                }
            }
            return null;
        }
        String itemValueString = fetchUser.getItemValueString("dn");
        logger.finest("......fetchGroups for: " + itemValueString);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"cn"});
        String replace = this.groupSearchFilter.replace("%d", itemValueString);
        logger.finest("......groupSearchFilter:" + replace);
        namingEnumeration = ldapContext.search(this.searchContext, replace, searchControls);
        if (namingEnumeration == null) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e5) {
                    e5.printStackTrace();
                }
            }
            return null;
        }
        while (namingEnumeration.hasMore()) {
            String substring = ((SearchResult) namingEnumeration.next()).getName().substring(3);
            if (substring.indexOf(44) > -1) {
                substring = substring.substring(0, substring.indexOf(44));
            }
            if (property == null || "".equals(property) || substring.startsWith(property)) {
                logger.finest("......found Group= " + substring);
                vector.add(substring);
            }
        }
        logger.finest("......found " + vector.size() + " groups");
        strArr = new String[vector.size()];
        vector.toArray(strArr);
        logger.finest("......put groups into cache for '" + str + "'");
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e6) {
                e6.printStackTrace();
            }
        }
        return strArr;
    }

    private LdapContext getDirContext() {
        InitialLdapContext initialLdapContext = null;
        long currentTimeMillis = System.currentTimeMillis();
        if (this.configurationProperties == null) {
            return null;
        }
        try {
            InitialContext initialContext = new InitialContext();
            String property = this.configurationProperties.getProperty("ldap.disable-jndi");
            logger.finest("......ldap.disable-jndi=" + property);
            if (property == null || !"true".equals(property.toLowerCase())) {
                String property2 = this.configurationProperties.getProperty("ldap.jndi-name");
                if ("".equals(property2)) {
                    property2 = "org.imixs.office.ldap";
                }
                logger.finest("......lookup LDAP Ctx from pool '" + property2 + "' .....");
                initialLdapContext = (LdapContext) initialContext.lookup(property2);
            } else {
                logger.finest("......jndi lookup LdapContext.....");
                Hashtable hashtable = new Hashtable();
                Enumeration keys = this.configurationProperties.keys();
                while (keys.hasMoreElements()) {
                    String obj = keys.nextElement().toString();
                    if (obj.startsWith("java.naming")) {
                        hashtable.put(obj, this.configurationProperties.getProperty(obj));
                        logger.finest("......Set env key: " + obj + "=" + this.configurationProperties.getProperty(obj));
                    }
                }
                hashtable.put("java.naming.factory.initial", this.configurationProperties.getProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory"));
                hashtable.put("java.naming.security.authentication", this.configurationProperties.getProperty("java.naming.security.authentication", "simple"));
                initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
                logger.finest("......jndi lookup LdapContext successful! ");
            }
            logger.fine("......LdapContext initialized in " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
        } catch (NamingException e) {
            logger.severe("Failed to open ldap conntext: " + e.getMessage());
            if (logger.isLoggable(Level.FINE)) {
                e.printStackTrace();
            }
        }
        return initialLdapContext;
    }
}
