package io.softwarity.lib.ldap;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Objects;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/softwarity/lib/ldap/LdapSearch.class */
public class LdapSearch {
    private static final Logger log = LoggerFactory.getLogger(LdapSearch.class);
    String GROUPS_FILTER = "(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group))";

    public InitialLdapContext initContext(String str) throws NamingException {
        log.debug("Connection to LDAP server - URL: {}", str);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.referral", "follow");
        return new InitialLdapContext(hashtable, (Control[]) null);
    }

    public StartTlsResponse addZZOption(InitialLdapContext initialLdapContext, String str, boolean z) throws IOException, NamingException {
        StartTlsResponse extendedOperation = initialLdapContext.extendedOperation(new StartTlsRequest());
        try {
            SSLContext sSLContext = getSSLContext(str);
            if (z) {
                extendedOperation.setHostnameVerifier(new IgnoreHostNameVerifier());
            }
            extendedOperation.negotiate(sSLContext.getSocketFactory());
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return extendedOperation;
    }

    public void connect(InitialLdapContext initialLdapContext, String str, String str2) throws NamingException {
        initialLdapContext.addToEnvironment("java.naming.security.authentication", "simple");
        initialLdapContext.addToEnvironment("java.naming.security.principal", str);
        initialLdapContext.addToEnvironment("java.naming.security.credentials", str2);
    }

    public LdapResult search(DirContext dirContext, String str, String str2, String str3, String str4) throws NamingException {
        LdapResult ldapResult = new LdapResult();
        NamingEnumeration search = dirContext.search(str2, str3, new String[]{str4}, getSearchControls(new String[]{"*", "memberOf"}));
        boolean z = true;
        while (z && search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            if (searchResult.getNameInNamespace().matches(String.format("^\\w{2,3}=%s,.*", str4))) {
                z = false;
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (!ldapResult.containsKey(attribute.getID())) {
                        ldapResult.put(attribute.getID(), new ArrayList());
                    }
                    if (attribute.getID().equalsIgnoreCase("memberOf")) {
                        HashSet hashSet = new HashSet();
                        NamingEnumeration all2 = attribute.getAll();
                        while (all2.hasMore()) {
                            String str5 = (String) all2.next();
                            hashSet.add(str5);
                            findNestedGroupsBasedOn(dirContext, str5, hashSet);
                        }
                        ldapResult.get("memberOf").addAll(hashSet);
                    } else {
                        ldapResult.get(attribute.getID()).add(attribute.get().toString());
                    }
                }
            }
        }
        return ldapResult;
    }

    private void findNestedGroupsBasedOn(DirContext dirContext, String str, Set<String> set) {
        Attribute attribute;
        try {
            NamingEnumeration search = dirContext.search(str, this.GROUPS_FILTER, getSearchControls(new String[]{"*", "memberOf"}));
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                if (searchResult.getNameInNamespace().equals(str) && (attribute = searchResult.getAttributes().get("memberOf")) != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMore()) {
                        String str2 = (String) all.next();
                        if (set.add(str2)) {
                            findNestedGroupsBasedOn(dirContext, str2, set);
                        }
                    }
                }
            }
        } catch (NamingException e) {
            log.error("Error while finding nested groups: " + e.getMessage());
        }
    }

    public String createBindPrincipal(String str, String str2) {
        return (!Objects.nonNull(str2) || str2.isEmpty()) ? str : str2.replace("{0}", str);
    }

    private SSLContext getSSLContext(String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        if (Objects.nonNull(str)) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            try {
                keyStore.setCertificateEntry("ldap", CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
                byteArrayInputStream.close();
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    private SearchControls getSearchControls(String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        return searchControls;
    }
}
