package org.flowable.ldap;

import java.util.ArrayList;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.flowable.common.engine.api.FlowableException;
import org.flowable.idm.api.Group;
import org.flowable.idm.api.GroupQuery;
import org.flowable.idm.api.NativeGroupQuery;
import org.flowable.idm.api.NativeUserQuery;
import org.flowable.idm.api.PrivilegeMapping;
import org.flowable.idm.api.User;
import org.flowable.idm.api.UserQuery;
import org.flowable.idm.engine.IdmEngineConfiguration;
import org.flowable.idm.engine.impl.IdmIdentityServiceImpl;
import org.flowable.idm.engine.impl.persistence.entity.GroupEntityImpl;
import org.flowable.idm.engine.impl.persistence.entity.UserEntityImpl;
import org.flowable.ldap.impl.LDAPGroupQueryImpl;
import org.flowable.ldap.impl.LDAPUserQueryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/flowable-ldap-7.1.0.jar:org/flowable/ldap/LDAPIdentityServiceImpl.class */
public class LDAPIdentityServiceImpl extends IdmIdentityServiceImpl {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LDAPIdentityServiceImpl.class);
    protected LDAPConfiguration ldapConfigurator;
    protected LDAPGroupCache ldapGroupCache;

    public LDAPIdentityServiceImpl(LDAPConfiguration lDAPConfiguration, LDAPGroupCache lDAPGroupCache, IdmEngineConfiguration idmEngineConfiguration) {
        super(idmEngineConfiguration);
        this.ldapConfigurator = lDAPConfiguration;
        this.ldapGroupCache = lDAPGroupCache;
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public UserQuery createUserQuery() {
        return new LDAPUserQueryImpl(this.ldapConfigurator);
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public GroupQuery createGroupQuery() {
        return new LDAPGroupQueryImpl(this.ldapConfigurator, this.ldapGroupCache);
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public boolean checkPassword(String str, String str2) {
        return executeCheckPassword(str, str2);
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public List<Group> getGroupsWithPrivilege(String str) {
        ArrayList arrayList = new ArrayList();
        for (PrivilegeMapping privilegeMapping : getPrivilegeMappingsByPrivilegeId(str)) {
            if (privilegeMapping.getGroupId() != null) {
                GroupEntityImpl groupEntityImpl = new GroupEntityImpl();
                groupEntityImpl.setId(privilegeMapping.getGroupId());
                groupEntityImpl.setName(privilegeMapping.getGroupId());
                arrayList.add(groupEntityImpl);
            }
        }
        return arrayList;
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public List<User> getUsersWithPrivilege(String str) {
        ArrayList arrayList = new ArrayList();
        for (PrivilegeMapping privilegeMapping : getPrivilegeMappingsByPrivilegeId(str)) {
            if (privilegeMapping.getUserId() != null) {
                UserEntityImpl userEntityImpl = new UserEntityImpl();
                userEntityImpl.setId(privilegeMapping.getUserId());
                userEntityImpl.setLastName(privilegeMapping.getUserId());
                arrayList.add(userEntityImpl);
            }
        }
        return arrayList;
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public User newUser(String str) {
        throw new FlowableException("LDAP identity service doesn't support creating a new user");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public void saveUser(User user) {
        throw new FlowableException("LDAP identity service doesn't support saving an user");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public NativeUserQuery createNativeUserQuery() {
        throw new FlowableException("LDAP identity service doesn't support native querying");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public void deleteUser(String str) {
        throw new FlowableException("LDAP identity service doesn't support deleting an user");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public Group newGroup(String str) {
        throw new FlowableException("LDAP identity service doesn't support creating a new group");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public NativeGroupQuery createNativeGroupQuery() {
        throw new FlowableException("LDAP identity service doesn't support native querying");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public void saveGroup(Group group) {
        throw new FlowableException("LDAP identity service doesn't support saving a group");
    }

    @Override // org.flowable.idm.engine.impl.IdmIdentityServiceImpl, org.flowable.idm.api.IdmIdentityService
    public void deleteGroup(String str) {
        throw new FlowableException("LDAP identity service doesn't support deleting a group");
    }

    protected boolean executeCheckPassword(final String str, final String str2) {
        if (str2 == null || str2.length() == 0) {
            throw new FlowableException("Null or empty passwords are not allowed!");
        }
        try {
            return ((Boolean) new LDAPTemplate(this.ldapConfigurator).execute(new LDAPCallBack<Boolean>() { // from class: org.flowable.ldap.LDAPIdentityServiceImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.flowable.ldap.LDAPCallBack
                public Boolean executeInContext(InitialDirContext initialDirContext) {
                    if (initialDirContext == null) {
                        return false;
                    }
                    String str3 = null;
                    try {
                        NamingEnumeration search = initialDirContext.search(LDAPIdentityServiceImpl.this.ldapConfigurator.getUserBaseDn() != null ? LDAPIdentityServiceImpl.this.ldapConfigurator.getUserBaseDn() : LDAPIdentityServiceImpl.this.ldapConfigurator.getBaseDn(), LDAPIdentityServiceImpl.this.ldapConfigurator.getLdapQueryBuilder().buildQueryByUserId(LDAPIdentityServiceImpl.this.ldapConfigurator, str), LDAPIdentityServiceImpl.this.createSearchControls());
                        while (search.hasMore()) {
                            str3 = ((SearchResult) search.next()).getNameInNamespace();
                        }
                        search.close();
                        if (str3 != null) {
                            InitialDirContext initialDirContext2 = null;
                            try {
                                initialDirContext2 = LDAPConnectionUtil.createDirectoryContext(LDAPIdentityServiceImpl.this.ldapConfigurator, str3, str2);
                            } catch (FlowableException e) {
                            }
                            if (initialDirContext2 != null) {
                                LDAPConnectionUtil.closeDirectoryContext(initialDirContext2);
                                return true;
                            }
                        }
                        return false;
                    } catch (NamingException e2) {
                        LDAPIdentityServiceImpl.LOGGER.info("Could not authenticate user {} : {}", str, e2.getMessage(), e2);
                        return false;
                    }
                }
            })).booleanValue();
        } catch (FlowableException e) {
            LOGGER.info("Could not authenticate user : {}", str, e);
            return false;
        }
    }

    protected SearchControls createSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setTimeLimit(this.ldapConfigurator.getSearchTimeLimit());
        return searchControls;
    }

    public LDAPGroupCache getLdapGroupCache() {
        return this.ldapGroupCache;
    }

    public void setLdapGroupCache(LDAPGroupCache lDAPGroupCache) {
        this.ldapGroupCache = lDAPGroupCache;
    }
}
