package net.sf.michaelo.tomcat.realm;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.ReferralException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import net.sf.michaelo.dirctxsrc.DirContextSource;
import net.sf.michaelo.tomcat.internal.org.apache.commons.lang3.StringUtils;
import net.sf.michaelo.tomcat.realm.asn1.OtherNameAsn1Parser;
import net.sf.michaelo.tomcat.realm.asn1.OtherNameParseResult;
import net.sf.michaelo.tomcat.realm.mapper.SamAccountNameRfc2247Mapper;
import net.sf.michaelo.tomcat.realm.mapper.UserPrincipalNameSearchMapper;
import net.sf.michaelo.tomcat.realm.mapper.UsernameSearchMapper;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.TomcatPrincipal;
import org.apache.naming.ContextBindings;
import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.collections.SynchronizedStack;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm.class */
public class ActiveDirectoryRealm extends ActiveDirectoryRealmBase {
    private static final Oid MS_UPN;
    private static final Oid KRB5_NT_PRINCIPAL;
    private static final String DEFAULT_ROLE_FORMAT = "sid";
    protected boolean localDirContextSource;
    protected String dirContextSourceName;
    protected String[] attributes;
    protected String[] additionalAttributes;
    protected String[] roleFormats;
    protected String[] roleAttributes;
    protected boolean prependRoleFormat;
    protected int connectionPoolSize = 0;
    protected long maxIdleTime = 900000;
    protected SynchronizedStack<DirContextConnection> connectionPool;
    private static final AtomicLong COUNT = new AtomicLong(0);
    private static final byte[] MS_UPN_OID_BYTES = {43, 6, 1, 4, 1, -126, 55, 20, 2, 3};
    private static final Map<String, String> X500_PRINCIPAL_OID_MAP = new HashMap();
    private static final UsernameSearchMapper[] USERNAME_SEARCH_MAPPERS = {new SamAccountNameRfc2247Mapper(), new UserPrincipalNameSearchMapper()};
    private static final String[] DEFAULT_USER_ATTRIBUTES = {"userAccountControl", "memberOf", "objectSid;binary", "sAMAccountName"};
    private static final String[] DEFAULT_ROLE_ATTRIBUTES = {"groupType"};
    private static final Map<String, String[]> ROLE_FORMAT_ATTRIBUTES = new HashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm$DirContextConnection.class */
    public static class DirContextConnection {
        protected String id;
        protected long lastBorrowTime;
        protected DirContext context;

        protected DirContextConnection() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:net/sf/michaelo/tomcat/realm/ActiveDirectoryRealm$User.class */
    public static class User {
        private final GSSName gssName;
        private final Sid sid;
        private final List<String> roles;
        private final Map<String, Object> additionalAttributes;

        public User(GSSName gSSName, Sid sid, List<String> list, Map<String, Object> map) {
            this.gssName = gSSName;
            this.sid = sid;
            this.roles = list;
            this.additionalAttributes = map;
        }

        public GSSName getGssName() {
            return this.gssName;
        }

        public Sid getSid() {
            return this.sid;
        }

        public List<String> getRoles() {
            return this.roles;
        }

        public Map<String, Object> getAdditionalAttributes() {
            return this.additionalAttributes;
        }
    }

    protected static String getNextConnectionId() {
        return String.format("conn-%06d", Long.valueOf(COUNT.incrementAndGet()));
    }

    public void setLocalDirContextSource(boolean z) {
        this.localDirContextSource = z;
    }

    public void setDirContextSourceName(String str) {
        this.dirContextSourceName = str;
    }

    public void setAdditionalAttributes(String str) {
        this.additionalAttributes = str.split(",");
        this.attributes = new String[DEFAULT_USER_ATTRIBUTES.length + this.additionalAttributes.length];
        System.arraycopy(DEFAULT_USER_ATTRIBUTES, 0, this.attributes, 0, DEFAULT_USER_ATTRIBUTES.length);
        System.arraycopy(this.additionalAttributes, 0, this.attributes, DEFAULT_USER_ATTRIBUTES.length, this.additionalAttributes.length);
    }

    public void setRoleFormats(String str) {
        this.roleFormats = str.split(",");
        ArrayList arrayList = new ArrayList(Arrays.asList(DEFAULT_ROLE_ATTRIBUTES));
        for (String str2 : this.roleFormats) {
            if (ROLE_FORMAT_ATTRIBUTES.get(str2) != null) {
                arrayList.addAll(Arrays.asList(ROLE_FORMAT_ATTRIBUTES.get(str2)));
            }
        }
        this.roleAttributes = (String[]) arrayList.toArray(new String[0]);
    }

    public void setPrependRoleFormat(boolean z) {
        this.prependRoleFormat = z;
    }

    public void setConnectionPoolSize(int i) {
        this.connectionPoolSize = i;
    }

    public void setMaxIdleTime(long j) {
        this.maxIdleTime = j;
    }

    protected Principal getPrincipal(X509Certificate x509Certificate) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return null;
            }
            String name = x509Certificate.getSubjectX500Principal().getName("RFC2253", X500_PRINCIPAL_OID_MAP);
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 0) {
                    byte[] bArr = (byte[]) list.get(1);
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug(this.sm.getString("activeDirectoryRealm.processingSanOtherName", new Object[]{Base64.encodeBase64String(bArr), name}));
                    }
                    try {
                        OtherNameParseResult parse = OtherNameAsn1Parser.parse(bArr);
                        if (Arrays.equals(parse.getTypeId(), MS_UPN_OID_BYTES)) {
                            String parseUtf8String = OtherNameAsn1Parser.parseUtf8String(parse.getValue());
                            if (this.logger.isDebugEnabled()) {
                                this.logger.debug(this.sm.getString("activeDirectoryRealm.msUpnExtracted", new Object[]{parseUtf8String, name}));
                            }
                            return getPrincipal(new StubGSSName(parseUtf8String, MS_UPN), null, true);
                        }
                    } catch (CertificateParsingException e) {
                        this.logger.warn(this.sm.getString("sanOtherNameParsingFailed"), e);
                    }
                }
            }
            return null;
        } catch (CertificateParsingException e2) {
            this.logger.warn(this.sm.getString("activeDirectoryRealm.sanParsingFailed"), e2);
            return null;
        }
    }

    protected Principal getPrincipal(GSSName gSSName, GSSCredential gSSCredential) {
        return gSSName.isAnonymous() ? new ActiveDirectoryPrincipal(gSSName, Sid.ANONYMOUS_SID, gSSCredential) : getPrincipal(gSSName, gSSCredential, true);
    }

    protected Principal getPrincipal(GSSName gSSName, GSSCredential gSSCredential, boolean z) {
        User user;
        try {
            try {
                DirContextConnection acquire = acquire();
                try {
                    user = getUser(acquire.context, gSSName);
                } catch (NamingException e) {
                    boolean z2 = false;
                    if ((e instanceof CommunicationException) || (e instanceof ServiceUnavailableException)) {
                        z2 = true;
                    } else {
                        String explanation = e.getExplanation();
                        if (explanation.equals("LDAP connection has been closed") || explanation.startsWith("LDAP response read timed out, timeout used:")) {
                            z2 = true;
                        }
                    }
                    if (z && z2) {
                        this.logger.error(this.sm.getString("activeDirectoryRealm.principalSearchFailed.retry", new Object[]{gSSName}), e);
                        close(acquire);
                        Principal principal = getPrincipal(gSSName, gSSCredential, false);
                        release(acquire);
                        return principal;
                    }
                    this.logger.error(this.sm.getString("activeDirectoryRealm.principalSearchFailed", new Object[]{gSSName}), e);
                    close(acquire);
                }
                if (user == null) {
                    release(acquire);
                    return null;
                }
                TomcatPrincipal activeDirectoryPrincipal = new ActiveDirectoryPrincipal(user.getGssName(), user.getSid(), getRoles(acquire.context, user), gSSCredential, user.getAdditionalAttributes());
                release(acquire);
                return activeDirectoryPrincipal;
            } catch (NamingException e2) {
                this.logger.error(this.sm.getString("activeDirectoryRealm.acquire.namingException"), e2);
                release(null);
                return null;
            }
        } catch (Throwable th) {
            release(null);
            throw th;
        }
    }

    protected DirContextConnection acquire() throws NamingException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.acquire"));
        }
        DirContextConnection dirContextConnection = null;
        while (dirContextConnection == null) {
            dirContextConnection = (DirContextConnection) this.connectionPool.pop();
            if (dirContextConnection == null) {
                dirContextConnection = new DirContextConnection();
                open(dirContextConnection);
            } else if (System.currentTimeMillis() - dirContextConnection.lastBorrowTime > this.maxIdleTime) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(this.sm.getString("activeDirectoryRealm.exceedMaxIdleTime", new Object[]{dirContextConnection.id}));
                }
                close(dirContextConnection);
                dirContextConnection = null;
            } else if (!validate(dirContextConnection)) {
                close(dirContextConnection);
                dirContextConnection = null;
            } else if (this.logger.isDebugEnabled()) {
                this.logger.debug(this.sm.getString("activeDirectoryRealm.reuse", new Object[]{dirContextConnection.id}));
            }
        }
        dirContextConnection.lastBorrowTime = System.currentTimeMillis();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.acquired", new Object[]{dirContextConnection.id}));
        }
        return dirContextConnection;
    }

    protected boolean validate(DirContextConnection dirContextConnection) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.validate", new Object[]{dirContextConnection.id}));
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        searchControls.setCountLimit(1L);
        searchControls.setReturningAttributes(new String[]{"objectClass"});
        searchControls.setTimeLimit(500);
        NamingEnumeration<?> namingEnumeration = null;
        try {
            try {
                namingEnumeration = dirContextConnection.context.search(StringUtils.EMPTY, "objectclass=*", searchControls);
                if (namingEnumeration.hasMore()) {
                    close(namingEnumeration);
                    return true;
                }
                close(namingEnumeration);
                return false;
            } catch (NamingException e) {
                this.logger.error(this.sm.getString("activeDirectoryRealm.validate.namingException", new Object[]{dirContextConnection.id}), e);
                close(namingEnumeration);
                return false;
            }
        } catch (Throwable th) {
            close(namingEnumeration);
            throw th;
        }
    }

    protected void release(DirContextConnection dirContextConnection) {
        if (dirContextConnection.context == null) {
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.release", new Object[]{dirContextConnection.id}));
        }
        if (this.connectionPool.push(dirContextConnection)) {
            return;
        }
        close(dirContextConnection);
    }

    protected void open(DirContextConnection dirContextConnection) throws NamingException {
        Context globalNamingContext = this.localDirContextSource ? (Context) ContextBindings.getClassLoader().lookup("comp/env") : getServer().getGlobalNamingContext();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.open"));
        }
        dirContextConnection.context = ((DirContextSource) globalNamingContext.lookup(this.dirContextSourceName)).getDirContext();
        dirContextConnection.id = getNextConnectionId();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.opened", new Object[]{dirContextConnection.id}));
        }
    }

    protected void close(DirContextConnection dirContextConnection) {
        if (dirContextConnection.context == null) {
            return;
        }
        try {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(this.sm.getString("activeDirectoryRealm.close", new Object[]{dirContextConnection.id}));
            }
            dirContextConnection.context.close();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(this.sm.getString("activeDirectoryRealm.closed", new Object[]{dirContextConnection.id}));
            }
        } catch (NamingException e) {
            this.logger.error(this.sm.getString("activeDirectoryRealm.close.namingException", new Object[]{dirContextConnection.id}), e);
        }
        dirContextConnection.context = null;
    }

    protected void close(NamingEnumeration<?> namingEnumeration) {
        if (namingEnumeration == null) {
            return;
        }
        try {
            namingEnumeration.close();
        } catch (NamingException e) {
        }
    }

    protected void initInternal() throws LifecycleException {
        super.initInternal();
        if (this.attributes == null) {
            this.attributes = DEFAULT_USER_ATTRIBUTES;
        }
        if (this.roleFormats == null) {
            setRoleFormats(DEFAULT_ROLE_FORMAT);
        }
    }

    protected void startInternal() throws LifecycleException {
        this.connectionPool = new SynchronizedStack<>(this.connectionPoolSize, this.connectionPoolSize);
        DirContextConnection dirContextConnection = null;
        try {
            try {
                dirContextConnection = acquire();
                try {
                    if ("follow".equals((String) dirContextConnection.context.getEnvironment().get("java.naming.referral"))) {
                        this.logger.warn(this.sm.getString("activeDirectoryRealm.referralFollow"));
                    }
                } catch (NamingException e) {
                    this.logger.error(this.sm.getString("activeDirectoryRealm.environmentFailed"), e);
                    close(dirContextConnection);
                }
                release(dirContextConnection);
            } catch (Throwable th) {
                release(dirContextConnection);
                throw th;
            }
        } catch (NamingException e2) {
            this.logger.error(this.sm.getString("activeDirectoryRealm.acquire.namingException"), e2);
            release(dirContextConnection);
        }
        super.startInternal();
    }

    protected void stopInternal() throws LifecycleException {
        super.stopInternal();
        while (true) {
            DirContextConnection dirContextConnection = (DirContextConnection) this.connectionPool.pop();
            if (dirContextConnection == null) {
                this.connectionPool = null;
                return;
            }
            close(dirContextConnection);
        }
    }

    private Oid getStringNameType(GSSName gSSName) {
        try {
            return gSSName.getStringNameType();
        } catch (GSSException e) {
            return null;
        }
    }

    private String toRealm(Name name) {
        StringBuilder sb = new StringBuilder();
        for (Rdn rdn : ((LdapName) name).getRdns()) {
            if (rdn.getType().equalsIgnoreCase("DC")) {
                sb.insert(0, ((String) rdn.getValue()).toUpperCase(Locale.ROOT) + ".");
            }
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    protected User getUser(DirContext dirContext, GSSName gSSName) throws NamingException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(this.attributes);
        Name name = null;
        NamingEnumeration<?> namingEnumeration = null;
        for (UsernameSearchMapper usernameSearchMapper : USERNAME_SEARCH_MAPPERS) {
            String simpleName = usernameSearchMapper.getClass().getSimpleName();
            if (usernameSearchMapper.supportsGssName(gSSName)) {
                UsernameSearchMapper.MappedValues map = usernameSearchMapper.map(dirContext, gSSName);
                name = getRelativeName(dirContext, map.getSearchBase());
                String searchAttributeName = map.getSearchAttributeName();
                String searchUsername = map.getSearchUsername();
                String format = String.format("(&(|(sAMAccountType=805306368)(sAMAccountType=805306369))(%s={0}))", searchAttributeName);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(this.sm.getString("activeDirectoryRealm.usernameSearch", new Object[]{searchUsername, name, searchAttributeName, simpleName}));
                }
                try {
                    namingEnumeration = dirContext.search(name, format, new Object[]{searchUsername}, searchControls);
                    try {
                        if (namingEnumeration.hasMore()) {
                            break;
                        }
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug(this.sm.getString("activeDirectoryRealm.userNotFoundWithMapper", new Object[]{gSSName, simpleName}));
                        }
                        close(namingEnumeration);
                    } catch (PartialResultException e) {
                        this.logger.debug(this.sm.getString("activeDirectoryRealm.user.partialResultException", new Object[]{simpleName, e.getRemainingName()}));
                        close(namingEnumeration);
                    }
                } catch (ReferralException e2) {
                    this.logger.warn(this.sm.getString("activeDirectoryRealm.user.referralException", new Object[]{simpleName, e2.getRemainingName(), e2.getReferralInfo()}));
                }
            } else if (this.logger.isDebugEnabled()) {
                this.logger.debug(this.sm.getString("activeDirectoryRealm.nameTypeNotSupported", new Object[]{simpleName, getStringNameType(gSSName), gSSName}));
            }
        }
        if (namingEnumeration == null || !namingEnumeration.hasMore()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.userNotFound", new Object[]{gSSName}));
            close(namingEnumeration);
            return null;
        }
        SearchResult searchResult = (SearchResult) namingEnumeration.next();
        try {
            if (namingEnumeration.hasMore()) {
                this.logger.error(this.sm.getString("activeDirectoryRealm.duplicateUser", new Object[]{gSSName}));
                close(namingEnumeration);
                return null;
            }
        } catch (ReferralException e3) {
            this.logger.warn(this.sm.getString("activeDirectoryRealm.duplicateUser.referralException", new Object[]{gSSName, e3.getRemainingName(), e3.getReferralInfo()}));
        } catch (PartialResultException e4) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.duplicateUser.partialResultException", new Object[]{gSSName, e4.getRemainingName()}));
        }
        close(namingEnumeration);
        Attributes attributes = searchResult.getAttributes();
        if ((Integer.parseInt((String) attributes.get("userAccountControl").get()) & 2) != 0) {
            this.logger.warn(this.sm.getString("activeDirectoryRealm.userFoundButDisabled", new Object[]{gSSName}));
            return null;
        }
        Name distinguishedName = getDistinguishedName(dirContext, name, searchResult);
        Sid sid = new Sid((byte[]) attributes.get("objectSid;binary").get());
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.userFound", new Object[]{gSSName, distinguishedName, sid}));
        }
        if (!KRB5_NT_PRINCIPAL.equals(getStringNameType(gSSName))) {
            String str = ((String) attributes.get("sAMAccountName").get()) + "@" + toRealm(distinguishedName);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(this.sm.getString("activeDirectoryRealm.canonicalizingUser", new Object[]{getStringNameType(gSSName), KRB5_NT_PRINCIPAL}));
            }
            try {
                GSSName createName = GSSManager.getInstance().createName(str, KRB5_NT_PRINCIPAL);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(this.sm.getString("activeDirectoryRealm.userCanonicalized", new Object[]{createName}));
                }
                gSSName = createName;
            } catch (GSSException e5) {
                this.logger.warn(this.sm.getString("activeDirectoryRealm.canonicalizeUserFailed", new Object[]{gSSName}));
                return null;
            }
        }
        Attribute attribute = attributes.get("memberOf");
        LinkedList linkedList = new LinkedList();
        if (attribute != null && attribute.size() > 0) {
            NamingEnumeration<?> all = attribute.getAll();
            while (all.hasMore()) {
                linkedList.add((String) all.next());
            }
            close(all);
        }
        Map emptyMap = Collections.emptyMap();
        if (this.additionalAttributes != null && this.additionalAttributes.length > 0) {
            emptyMap = new HashMap();
            for (String str2 : this.additionalAttributes) {
                Attribute attribute2 = attributes.get(str2);
                if (attribute2 != null && attribute2.size() > 0) {
                    if (attribute2.size() > 1) {
                        ArrayList arrayList = new ArrayList(attribute2.size());
                        NamingEnumeration<?> all2 = attribute2.getAll();
                        while (all2.hasMore()) {
                            arrayList.add(all2.next());
                        }
                        close(all2);
                        emptyMap.put(str2, Collections.unmodifiableList(arrayList));
                    } else {
                        emptyMap.put(str2, attribute2.get());
                    }
                }
            }
        }
        return new User(gSSName, sid, linkedList, emptyMap);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x015b. Please report as an issue. */
    protected List<String> getRoles(DirContext dirContext, User user) throws NamingException {
        LinkedList linkedList = new LinkedList();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.retrievingRoles", new Object[]{Integer.valueOf(user.getRoles().size()), user.getGssName()}));
        }
        for (String str : user.getRoles()) {
            try {
                Attributes attributes = dirContext.getAttributes(getRelativeName(dirContext, str), this.roleAttributes);
                if ((Integer.parseInt((String) attributes.get("groupType").get()) & Integer.MIN_VALUE) != 0) {
                    for (String str2 : this.roleFormats) {
                        String str3 = this.prependRoleFormat ? str2 + ":" : StringUtils.EMPTY;
                        boolean z = -1;
                        switch (str2.hashCode()) {
                            case -1052832610:
                                if (str2.equals("nameEx")) {
                                    z = 2;
                                    break;
                                }
                                break;
                            case 113870:
                                if (str2.equals(DEFAULT_ROLE_FORMAT)) {
                                    z = false;
                                    break;
                                }
                                break;
                            case 3373707:
                                if (str2.equals("name")) {
                                    z = true;
                                    break;
                                }
                                break;
                        }
                        switch (z) {
                            case false:
                                String sid = new Sid((byte[]) attributes.get("objectSid;binary").get()).toString();
                                linkedList.add(str3 + sid);
                                Attribute attribute = attributes.get("sIDHistory;binary");
                                LinkedList linkedList2 = new LinkedList();
                                if (attribute != null) {
                                    NamingEnumeration<?> all = attribute.getAll();
                                    while (all.hasMore()) {
                                        String sid2 = new Sid((byte[]) all.next()).toString();
                                        linkedList2.add(sid2);
                                        linkedList.add(str3 + sid2);
                                    }
                                    close(all);
                                }
                                if (this.logger.isTraceEnabled()) {
                                    if (linkedList2.isEmpty()) {
                                        this.logger.trace(this.sm.getString("activeDirectoryRealm.foundRoleSidConverted", new Object[]{str, sid}));
                                        break;
                                    } else {
                                        this.logger.trace(this.sm.getString("activeDirectoryRealm.foundRoleSidConverted.withSidHistory", new Object[]{str, sid, linkedList2}));
                                        break;
                                    }
                                } else {
                                    break;
                                }
                            case true:
                                String str4 = (String) attributes.get("msDS-PrincipalName").get();
                                linkedList.add(str3 + str4);
                                if (this.logger.isTraceEnabled()) {
                                    this.logger.trace(this.sm.getString("activeDirectoryRealm.foundRoleNameConverted", new Object[]{str, str4}));
                                    break;
                                } else {
                                    break;
                                }
                            case true:
                                String str5 = toRealm(dirContext.getNameParser(StringUtils.EMPTY).parse((String) attributes.get("distinguishedName").get())) + "\\" + ((String) attributes.get("sAMAccountName").get());
                                linkedList.add(str3 + str5);
                                if (this.logger.isTraceEnabled()) {
                                    this.logger.trace(this.sm.getString("activeDirectoryRealm.foundRoleNameExConverted", new Object[]{str, str5}));
                                    break;
                                } else {
                                    break;
                                }
                            default:
                                throw new IllegalArgumentException("The role format '" + str2 + "' is invalid");
                        }
                    }
                } else if (this.logger.isTraceEnabled()) {
                    this.logger.trace(this.sm.getString("activeDirectoryRealm.skippingDistributionRole", new Object[]{str}));
                }
            } catch (ReferralException e) {
                this.logger.warn(this.sm.getString("activeDirectoryRealm.role.referralException", new Object[]{str, e.getRemainingName(), e.getReferralInfo()}));
            } catch (PartialResultException e2) {
                this.logger.debug(this.sm.getString("activeDirectoryRealm.role.partialResultException", new Object[]{str, e2.getRemainingName()}));
            }
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(this.sm.getString("activeDirectoryRealm.foundRoles", new Object[]{Integer.valueOf(linkedList.size()), user.getGssName(), linkedList}));
        } else if (this.logger.isDebugEnabled()) {
            this.logger.debug(this.sm.getString("activeDirectoryRealm.foundRolesCount", new Object[]{Integer.valueOf(linkedList.size()), user.getGssName()}));
        }
        return linkedList;
    }

    protected Name getDistinguishedName(DirContext dirContext, Name name, SearchResult searchResult) throws NamingException {
        String name2 = searchResult.getName();
        if (searchResult.isRelative()) {
            NameParser nameParser = dirContext.getNameParser(StringUtils.EMPTY);
            return nameParser.parse(dirContext.getNameInNamespace()).addAll(name).addAll(nameParser.parse(new CompositeName(name2).get(0)));
        }
        String name3 = searchResult.getName();
        try {
            NameParser nameParser2 = dirContext.getNameParser(StringUtils.EMPTY);
            String path = new URI(name2).getPath();
            if (path.length() < 1) {
                throw new InvalidNameException(this.sm.getString("activeDirectoryRealm.unparseableName", new Object[]{name3}));
            }
            return nameParser2.parse(path.substring(1));
        } catch (URISyntaxException e) {
            throw new InvalidNameException(this.sm.getString("activeDirectoryRealm.unparseableName", new Object[]{name3}));
        }
    }

    protected Name getRelativeName(DirContext dirContext, String str) throws NamingException {
        NameParser nameParser = dirContext.getNameParser(StringUtils.EMPTY);
        LdapName parse = nameParser.parse(dirContext.getNameInNamespace());
        LdapName parse2 = nameParser.parse(str);
        while (Math.min(parse2.size(), parse.size()) != 0 && parse2.getRdn(0).equals(parse.getRdn(0))) {
            parse2.remove(0);
            parse.remove(0);
        }
        while (Math.min(parse2.size(), parse.size()) != 0) {
            int size = parse.size() - 1;
            if (!parse2.getRdn(0).equals(parse.getRdn(size))) {
                break;
            }
            parse2.remove(0);
            parse.remove(size);
        }
        return parse2;
    }

    static {
        try {
            MS_UPN = new Oid("1.3.6.1.4.1.311.20.2.3");
            try {
                KRB5_NT_PRINCIPAL = new Oid("1.2.840.113554.1.2.2.1");
                X500_PRINCIPAL_OID_MAP.put("1.2.840.113549.1.9.1", "emailAddress");
                X500_PRINCIPAL_OID_MAP.put("2.5.4.5", "serialNumber");
                X500_PRINCIPAL_OID_MAP.put("2.5.4.4", "SN");
                X500_PRINCIPAL_OID_MAP.put("2.5.4.42", "GN");
                ROLE_FORMAT_ATTRIBUTES.put(DEFAULT_ROLE_FORMAT, new String[]{"objectSid;binary", "sIDHistory;binary"});
                ROLE_FORMAT_ATTRIBUTES.put("name", new String[]{"msDS-PrincipalName"});
                ROLE_FORMAT_ATTRIBUTES.put("nameEx", new String[]{"distinguishedName", "sAMAccountName"});
            } catch (GSSException e) {
                throw new IllegalStateException("Failed to create OID for KRB5_NT_PRINCIPAL");
            }
        } catch (GSSException e2) {
            throw new IllegalStateException("Failed to create OID for MS_UPN");
        }
    }
}
