package org.jivesoftware.openfire.ldap;

import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.StringTokenizer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import javax.naming.ldap.SortControl;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLSession;
import org.jivesoftware.admin.LdapUserTester;
import org.jivesoftware.openfire.group.GroupNotFoundException;
import org.jivesoftware.openfire.http.HttpBindManager;
import org.jivesoftware.openfire.nio.NettyConnection;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.Base64;
import org.jivesoftware.util.CacheableOptional;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.JiveInitialLdapContext;
import org.jivesoftware.util.SimpleSSLSocketFactory;
import org.jivesoftware.util.StringUtils;
import org.jivesoftware.util.SystemProperty;
import org.jivesoftware.util.cache.Cache;
import org.jivesoftware.util.cache.CacheFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmpp.packet.JID;

/* loaded from: input_file:org/jivesoftware/openfire/ldap/LdapManager.class */
public class LdapManager {
    private final Logger Log;
    private static final String DEFAULT_LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public static final SystemProperty<Integer> LDAP_PAGE_SIZE = SystemProperty.Builder.ofType(Integer.class).setKey("ldap.pagedResultsSize").setDefaultValue(-1).setDynamic(true).build();
    public static final SystemProperty<Duration> UNENCRYPTED_WARNING_SUPPRESSION = SystemProperty.Builder.ofType(Duration.class).setKey("ldap.unencrypted-warning-suppression").setChronoUnit(ChronoUnit.SECONDS).setDefaultValue(Duration.ofHours(1)).setDynamic(true).build();
    public static Instant lastUnencryptedWarning = Instant.EPOCH;
    private static final Map<String, LdapManager> instances = new HashMap();
    private final String propertyPrefix;
    private Collection<String> hosts;
    private int port;
    private int connTimeout;
    private int readTimeout;
    private String usernameField;
    private String usernameSuffix;
    private LdapUserTester.PropertyMapping nameField;
    private String emailField;
    private LdapName baseDN;
    private LdapName alternateBaseDN;
    private String adminDN;
    private String adminPassword;
    private boolean ldapDebugEnabled;
    private boolean sslEnabled;
    private String initialContextFactory;
    private boolean followReferrals;
    private boolean followAliasReferrals;
    private boolean connectionPoolEnabled;
    private String searchFilter;
    private boolean subTreeSearch;
    private boolean startTlsEnabled;
    private final boolean findUsersFromGroupsEnabled;
    private String groupNameField;
    private String groupMemberField;
    private String groupDescriptionField;
    private boolean posixMode;
    private String groupSearchFilter;
    private boolean flattenNestedGroups;
    private final Map<String, String> properties;
    private Cache<String, CacheableOptional<DNCacheEntry>> userDNCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jivesoftware/openfire/ldap/LdapManager$DNCacheEntry.class */
    public static class DNCacheEntry implements Serializable {
        private final Rdn[] userRDN;
        private final LdapName baseDN;

        public DNCacheEntry(@Nonnull Rdn[] rdnArr, @Nonnull LdapName ldapName) {
            this.userRDN = rdnArr;
            this.baseDN = ldapName;
        }

        @Nonnull
        public Rdn[] getUserRDN() {
            return this.userRDN;
        }

        @Nonnull
        public LdapName getBaseDN() {
            return this.baseDN;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            DNCacheEntry dNCacheEntry = (DNCacheEntry) obj;
            return Arrays.equals(this.userRDN, dNCacheEntry.userRDN) && this.baseDN.equals(dNCacheEntry.baseDN);
        }

        public int hashCode() {
            return (31 * Objects.hash(this.baseDN)) + Arrays.hashCode(this.userRDN);
        }

        public String toString() {
            return "DNCacheEntry{userRDN=" + Arrays.toString(this.userRDN) + ", baseDN=" + String.valueOf(this.baseDN) + "}";
        }
    }

    public static LdapManager getInstance() {
        return getInstance(null);
    }

    public static synchronized LdapManager getInstance(final String str) {
        if (instances.containsKey(str)) {
            return instances.get(str);
        }
        LdapManager ldapManager = new LdapManager(new Map<String, String>() { // from class: org.jivesoftware.openfire.ldap.LdapManager.1
            String getKey(Object obj) {
                return LdapManager.getPrefixedPropertyName(str, (String) obj);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Map
            public String get(Object obj) {
                return JiveGlobals.getProperty(getKey(obj));
            }

            @Override // java.util.Map
            public String put(String str2, String str3) {
                JiveGlobals.setProperty(getKey(str2), str3);
                return null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Map
            public String remove(Object obj) {
                JiveGlobals.deleteProperty(getKey(obj));
                return null;
            }

            @Override // java.util.Map
            public int size() {
                return 0;
            }

            @Override // java.util.Map
            public boolean isEmpty() {
                return false;
            }

            @Override // java.util.Map
            public boolean containsKey(Object obj) {
                return false;
            }

            @Override // java.util.Map
            public boolean containsValue(Object obj) {
                return false;
            }

            @Override // java.util.Map
            public void putAll(Map<? extends String, ? extends String> map) {
            }

            @Override // java.util.Map
            public void clear() {
            }

            @Override // java.util.Map
            public Set<String> keySet() {
                return null;
            }

            @Override // java.util.Map
            public Collection<String> values() {
                return null;
            }

            @Override // java.util.Map
            public Set<Map.Entry<String, String>> entrySet() {
                return null;
            }
        }, str);
        instances.put(str, ldapManager);
        return ldapManager;
    }

    static String getPrefixedPropertyName(@Nullable String str, @Nonnull String str2) {
        return str == null ? str2 : str + "." + str2.substring("ldap.".length());
    }

    String getPrefixedPropertyName(@Nonnull String str) {
        return this.propertyPrefix == null ? str : this.propertyPrefix + "." + str.substring("ldap.".length());
    }

    public LdapManager(Map<String, String> map) {
        this(map, null);
    }

    public LdapManager(Map<String, String> map, String str) {
        this.hosts = new ArrayList();
        this.connTimeout = -1;
        this.readTimeout = -1;
        this.userDNCache = null;
        this.propertyPrefix = str;
        this.Log = LoggerFactory.getLogger(LdapManager.class.getName() + (str == null ? "" : "[" + str + "]"));
        this.properties = map;
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.host"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.port"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.readTimeout"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.usernameField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.usernameSuffix"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.baseDN"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.alternateBaseDN"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.nameField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.emailField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.connectionPoolEnabled"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.searchFilter"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.subTreeSearch"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.groupNameField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.groupMemberField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.groupDescriptionField"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.posixMode"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.groupSearchFilter"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.flattenNestedGroups"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.adminDN"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.adminPassword"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.debugEnabled"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.sslEnabled"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.startTlsEnabled"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.autoFollowReferrals"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.autoFollowAliasReferrals"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.encloseUserDN"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.encloseGroupDN"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.encloseDNs"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.initialContextFactory"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.clientSideSorting"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.ldapDebugEnabled"));
        JiveGlobals.migrateProperty(getPrefixedPropertyName("ldap.encodeMultibyteCharacters"));
        if (JiveGlobals.getBooleanProperty(getPrefixedPropertyName("ldap.userDNCache.enabled"), true)) {
            this.userDNCache = CacheFactory.createCache("LDAP UserDN" + (str == null ? "" : " (" + str + ")"));
        }
        String str2 = map.get("ldap.host");
        if (str2 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str2, " ,\t\n\r\f");
            while (stringTokenizer.hasMoreTokens()) {
                this.hosts.add(stringTokenizer.nextToken());
            }
        }
        if (str2 == null || str2.isEmpty()) {
            this.Log.warn("No host value found in property '{}'", getPrefixedPropertyName("ldap.host"));
        }
        String str3 = map.get("ldap.port");
        this.port = 389;
        if (str3 != null) {
            try {
                this.port = Integer.parseInt(str3);
            } catch (NumberFormatException e) {
                this.Log.error("Unable to parse 'ldap.port' value as a number.", e);
            }
        }
        String str4 = map.get("ldap.connectionTimeout");
        if (str4 != null) {
            try {
                this.connTimeout = Integer.parseInt(str4);
            } catch (NumberFormatException e2) {
                this.Log.error("Unable to parse 'ldap.connectionTimeout' value as a number.", e2);
            }
        }
        String str5 = map.get("ldap.readTimeout");
        if (str5 != null) {
            try {
                this.readTimeout = Integer.parseInt(str5);
            } catch (NumberFormatException e3) {
                this.Log.error("Unable to parse 'ldap.readTimeout' value as a number.", e3);
            }
        }
        this.usernameField = map.get("ldap.usernameField");
        if (this.usernameField == null) {
            this.usernameField = "uid";
        }
        this.usernameSuffix = map.get("ldap.usernameSuffix");
        if (this.usernameSuffix == null) {
            this.usernameSuffix = "";
        }
        this.baseDN = parseAsLdapNameOrLog(map.get("ldap.baseDN"));
        this.alternateBaseDN = parseAsLdapNameOrLog(map.get("ldap.alternateBaseDN"));
        String str6 = map.get("ldap.nameField");
        this.nameField = new LdapUserTester.PropertyMapping(str6 == null ? "cn" : str6);
        this.emailField = map.get("ldap.emailField");
        if (this.emailField == null) {
            this.emailField = "mail";
        }
        this.connectionPoolEnabled = StringUtils.parseBoolean(map.get("ldap.connectionPoolEnabled")).orElse(Boolean.TRUE).booleanValue();
        this.searchFilter = map.get("ldap.searchFilter");
        this.subTreeSearch = StringUtils.parseBoolean(map.get("ldap.subTreeSearch")).orElse(Boolean.TRUE).booleanValue();
        this.groupNameField = map.get("ldap.groupNameField");
        if (this.groupNameField == null) {
            this.groupNameField = "cn";
        }
        this.groupMemberField = map.get("ldap.groupMemberField");
        if (this.groupMemberField == null) {
            this.groupMemberField = "member";
        }
        this.groupDescriptionField = map.get("ldap.groupDescriptionField");
        if (this.groupDescriptionField == null) {
            this.groupDescriptionField = "description";
        }
        this.posixMode = StringUtils.parseBoolean(map.get("ldap.posixMode")).orElse(Boolean.FALSE).booleanValue();
        this.groupSearchFilter = map.get("ldap.groupSearchFilter");
        this.flattenNestedGroups = false;
        String str7 = map.get("ldap.flattenNestedGroups");
        if (str7 != null) {
            this.flattenNestedGroups = Boolean.parseBoolean(str7);
        }
        this.adminDN = map.get("ldap.adminDN");
        if (this.adminDN != null && this.adminDN.trim().isEmpty()) {
            this.adminDN = null;
        }
        this.adminPassword = map.get("ldap.adminPassword");
        this.ldapDebugEnabled = StringUtils.parseBoolean(map.get("ldap.debugEnabled")).orElse(Boolean.FALSE).booleanValue();
        this.sslEnabled = StringUtils.parseBoolean(map.get("ldap.sslEnabled")).orElse(Boolean.TRUE).booleanValue();
        this.startTlsEnabled = StringUtils.parseBoolean(map.get("ldap.startTlsEnabled")).orElse(Boolean.FALSE).booleanValue();
        this.followReferrals = StringUtils.parseBoolean(map.get("ldap.autoFollowReferrals")).orElse(Boolean.FALSE).booleanValue();
        this.followAliasReferrals = StringUtils.parseBoolean(map.get("ldap.autoFollowAliasReferrals")).orElse(Boolean.TRUE).booleanValue();
        this.initialContextFactory = map.get("ldap.initialContextFactory");
        if (this.initialContextFactory != null) {
            try {
                Class.forName(this.initialContextFactory);
            } catch (ClassNotFoundException e4) {
                this.Log.error("Initial context factory class failed to load: " + this.initialContextFactory + ".  Using default initial context factory class instead.");
                this.initialContextFactory = DEFAULT_LDAP_CONTEXT_FACTORY;
            }
        } else {
            this.initialContextFactory = DEFAULT_LDAP_CONTEXT_FACTORY;
        }
        this.findUsersFromGroupsEnabled = Boolean.parseBoolean(map.get("ldap.findUsersFromGroupsEnabled"));
        StringBuilder sb = new StringBuilder();
        sb.append("Created new LdapManager() instance, fields:\n");
        sb.append("\t host: ").append(this.hosts).append("\n");
        sb.append("\t port: ").append(this.port).append("\n");
        sb.append("\t usernamefield: ").append(this.usernameField).append("\n");
        sb.append("\t usernameSuffix: ").append(this.usernameSuffix).append("\n");
        sb.append("\t baseDN: ").append(this.baseDN).append("\n");
        sb.append("\t alternateBaseDN: ").append(this.alternateBaseDN).append("\n");
        sb.append("\t nameField: ").append(this.nameField).append("\n");
        sb.append("\t emailField: ").append(this.emailField).append("\n");
        sb.append("\t adminDN: ").append(this.adminDN).append("\n");
        sb.append("\t adminPassword: ").append("************").append("\n");
        sb.append("\t searchFilter: ").append(this.searchFilter).append("\n");
        sb.append("\t subTreeSearch:").append(this.subTreeSearch).append("\n");
        sb.append("\t ldapDebugEnabled: ").append(this.ldapDebugEnabled).append("\n");
        sb.append("\t sslEnabled: ").append(this.sslEnabled).append("\n");
        sb.append("\t startTlsEnabled: ").append(this.startTlsEnabled).append("\n");
        sb.append("\t initialContextFactory: ").append(this.initialContextFactory).append("\n");
        sb.append("\t connectionPoolEnabled: ").append(this.connectionPoolEnabled).append("\n");
        sb.append("\t autoFollowReferrals: ").append(this.followReferrals).append("\n");
        sb.append("\t autoFollowAliasReferrals: ").append(this.followAliasReferrals).append("\n");
        sb.append("\t groupNameField: ").append(this.groupNameField).append("\n");
        sb.append("\t groupMemberField: ").append(this.groupMemberField).append("\n");
        sb.append("\t groupDescriptionField: ").append(this.groupDescriptionField).append("\n");
        sb.append("\t posixMode: ").append(this.posixMode).append("\n");
        sb.append("\t groupSearchFilter: ").append(this.groupSearchFilter).append("\n");
        sb.append("\t flattenNestedGroups: ").append(this.flattenNestedGroups).append("\n");
        sb.append("\t findUsersFromGroupsEnabled: ").append(this.findUsersFromGroupsEnabled).append("\n");
        if (this.Log.isDebugEnabled()) {
            this.Log.debug(sb.toString());
        }
        if (this.ldapDebugEnabled) {
            System.err.println(sb.toString());
        }
    }

    public static List<String> splitFilter(String str) {
        ArrayList arrayList = new ArrayList();
        if (str.length() >= 5 && str.startsWith("(") && str.endsWith("))") && ((str.charAt(1) == '&' || str.charAt(1) == '|') && str.charAt(2) == '(')) {
            String substring = str.substring(2, str.length() - 1);
            arrayList.addAll(Arrays.asList(substring.substring(1, substring.length() - 1).split("\\)\\(")));
        } else {
            arrayList.add(str);
        }
        return arrayList;
    }

    public static String joinFilter(char c, List<String> list) {
        StringBuilder sb = new StringBuilder();
        sb.append('(').append(c);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append('(').append(it.next()).append(')');
        }
        sb.append(')');
        return sb.toString();
    }

    public LdapName parseAsLdapNameOrLog(String str) {
        if (str != null && !str.isEmpty()) {
            try {
                return new LdapName(str);
            } catch (InvalidNameException e) {
                this.Log.error("Unable to parse LDAPvalue '{}'.", str, e);
            }
        }
        return null;
    }

    public Rdn[] getRelativeDNFromResult(SearchResult searchResult) throws NamingException {
        if (!searchResult.isRelative()) {
            List rdns = new LdapName(searchResult.getName()).getRdns();
            return new Rdn[]{(Rdn) rdns.get(rdns.size() - 1)};
        }
        this.Log.debug("Processing relative LDAP SearchResult: '{}'", searchResult);
        String name = searchResult.getName();
        boolean z = false;
        if (name.startsWith("\"") && name.endsWith("\"")) {
            this.Log.debug("SearchResult was quote-wrapped: '{}'", name);
            name = name.substring(1, name.length() - 1);
            z = true;
        }
        if (!z) {
            name = new CompositeName(name).get(0);
        }
        String[] split = name.split("(?<![\\\\]),(?=[a-zA-z]+=.+)");
        ArrayList arrayList = new ArrayList();
        for (String str : split) {
            if (z) {
                String[] split2 = str.split("=", 2);
                if (split2.length != 2) {
                    this.Log.warn("Unexpected value while parsing a RDN: '{}'.", name);
                } else {
                    name = split2[0] + "=" + Rdn.escapeValue(split2[1]);
                    arrayList.add(new Rdn(name));
                }
            } else {
                arrayList.add(new Rdn(str));
            }
        }
        return (Rdn[]) arrayList.toArray(new Rdn[0]);
    }

    public LdapContext getContext() throws NamingException {
        try {
            return getContext(this.baseDN);
        } catch (NamingException e) {
            if (this.alternateBaseDN != null) {
                return getContext(this.alternateBaseDN);
            }
            throw e;
        }
    }

    public LdapContext getContext(LdapName ldapName) throws NamingException {
        this.Log.debug("Creating a DirContext in LdapManager.getContext() for baseDN '{}'...", ldapName);
        if (!this.sslEnabled && !this.startTlsEnabled && lastUnencryptedWarning.isBefore(Instant.now().minus((TemporalAmount) UNENCRYPTED_WARNING_SUPPRESSION.getValue()))) {
            this.Log.warn("Using unencrypted connection to LDAP service! Consider reconfiguring the connection between Openfire and your AD/LDAP server. This warning will be suppressed for {}", UNENCRYPTED_WARNING_SUPPRESSION.getValue());
            lastUnencryptedWarning = Instant.now();
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.initialContextFactory);
        hashtable.put("java.naming.provider.url", getProviderURL(ldapName));
        if (this.sslEnabled) {
            hashtable.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
            hashtable.put("java.naming.security.protocol", NettyConnection.SSL_HANDLER_NAME);
        }
        if (this.adminDN == null) {
            hashtable.put("java.naming.security.authentication", "none");
        } else if (!this.startTlsEnabled || this.sslEnabled) {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", this.adminDN);
            if (this.adminPassword != null) {
                hashtable.put("java.naming.security.credentials", this.adminPassword);
            }
        }
        if (this.ldapDebugEnabled) {
            hashtable.put("com.sun.jndi.ldap.trace.ber", System.err);
        }
        if (!this.connectionPoolEnabled) {
            hashtable.put("com.sun.jndi.ldap.connect.pool", "false");
        } else if (this.startTlsEnabled) {
            this.Log.debug("connection pooling was requested but has been disabled because of StartTLS.");
            hashtable.put("com.sun.jndi.ldap.connect.pool", "false");
        } else {
            hashtable.put("com.sun.jndi.ldap.connect.pool", "true");
            System.setProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl");
        }
        if (this.connTimeout > 0) {
            hashtable.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(this.connTimeout));
        } else {
            hashtable.put("com.sun.jndi.ldap.connect.timeout", "4000");
        }
        if (this.readTimeout > 0) {
            hashtable.put("com.sun.jndi.ldap.read.timeout", String.valueOf(this.readTimeout));
        }
        if (this.followReferrals) {
            hashtable.put("java.naming.referral", "follow");
        }
        if (!this.followAliasReferrals) {
            hashtable.put("java.naming.ldap.derefAliases", "never");
        }
        this.Log.debug("Created hashtable with context values, attempting to create context...");
        JiveInitialLdapContext jiveInitialLdapContext = new JiveInitialLdapContext(hashtable, null);
        if (this.startTlsEnabled && !this.sslEnabled) {
            this.Log.debug("... StartTlsRequest");
            if (this.followReferrals) {
                this.Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
            }
            StartTlsResponse startTlsResponse = (StartTlsResponse) jiveInitialLdapContext.extendedOperation(new StartTlsRequest());
            try {
                SSLSession negotiate = startTlsResponse.negotiate(new SimpleSSLSocketFactory());
                jiveInitialLdapContext.setTlsResponse(startTlsResponse);
                jiveInitialLdapContext.setSslSession(negotiate);
                this.Log.debug("... peer host: {}, CipherSuite: {}", negotiate.getPeerHost(), negotiate.getCipherSuite());
                if (this.adminDN != null) {
                    jiveInitialLdapContext.addToEnvironment("java.naming.security.authentication", "simple");
                    jiveInitialLdapContext.addToEnvironment("java.naming.security.principal", this.adminDN);
                    if (this.adminPassword != null) {
                        jiveInitialLdapContext.addToEnvironment("java.naming.security.credentials", this.adminPassword);
                    }
                }
            } catch (IOException e) {
                this.Log.error("An exception occurred while trying to create a context for baseDN {}", ldapName, e);
            }
        }
        this.Log.debug("... context created successfully, returning.");
        return jiveInitialLdapContext;
    }

    /* JADX WARN: Removed duplicated region for block: B:100:0x033a A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:103:0x034d A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:106:0x0360 A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:133:0x04b6 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:139:0x0327 A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:90:0x02bd A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:97:0x0314 A[Catch: NamingException -> 0x0456, all -> 0x04ce, TryCatch #2 {NamingException -> 0x0456, blocks: (B:88:0x028f, B:90:0x02bd, B:91:0x02d5, B:93:0x02dc, B:95:0x030d, B:97:0x0314, B:98:0x0333, B:100:0x033a, B:101:0x0346, B:103:0x034d, B:104:0x0359, B:106:0x0360, B:107:0x036c, B:109:0x038a, B:111:0x0391, B:113:0x03ad, B:114:0x043a, B:117:0x040d, B:139:0x0327, B:140:0x02e3), top: B:87:0x028f, outer: #10 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean checkAuthentication(javax.naming.ldap.Rdn[] r9, java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 1262
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jivesoftware.openfire.ldap.LdapManager.checkAuthentication(javax.naming.ldap.Rdn[], java.lang.String):boolean");
    }

    public boolean isFindUsersFromGroupsEnabled() {
        return this.findUsersFromGroupsEnabled;
    }

    public static LdapName createNewAbsolute(LdapName ldapName, Rdn[] rdnArr) {
        LdapName ldapName2 = (LdapName) ldapName.clone();
        for (int length = rdnArr.length - 1; length >= 0; length--) {
            ldapName2.add(rdnArr[length]);
        }
        return ldapName2;
    }

    private Boolean lookupExistence(InitialDirContext initialDirContext, LdapName ldapName, String[] strArr) throws NamingException {
        this.Log.debug("In lookupExistence(ctx, dn, returnattrs), searchdn is: {}", ldapName);
        initialDirContext.addToEnvironment("java.naming.provider.url", getProviderURL(ldapName));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        searchControls.setReturningAttributes(strArr);
        NamingEnumeration namingEnumeration = null;
        try {
            namingEnumeration = initialDirContext.search("", "(&(objectClass=*))", searchControls);
        } catch (NameNotFoundException e) {
            this.Log.debug("Unable to find ldap object {}.", ldapName);
        }
        if (namingEnumeration == null || !namingEnumeration.hasMoreElements()) {
            this.Log.debug(".... lookupExistence: DN not found.");
            return false;
        }
        this.Log.debug(".... lookupExistence: DN found.");
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Rdn[] findUserRDN(String str) throws Exception {
        CacheableOptional cacheableOptional;
        if (this.userDNCache != null && (cacheableOptional = (CacheableOptional) this.userDNCache.get(str)) != null) {
            if (cacheableOptional.isAbsent()) {
                throw new UserNotFoundException("User '" + str + "' not found (negative lookup cache result)");
            }
            return ((DNCacheEntry) cacheableOptional.get()).getUserRDN();
        }
        try {
            Rdn[] findUserRDN = findUserRDN(str, this.baseDN);
            if (this.userDNCache != null) {
                this.userDNCache.put(str, CacheableOptional.of(new DNCacheEntry(findUserRDN, this.baseDN)));
            }
            return findUserRDN;
        } catch (Exception e) {
            try {
                if (this.alternateBaseDN == null) {
                    throw e;
                }
                Rdn[] findUserRDN2 = findUserRDN(str, this.alternateBaseDN);
                if (this.userDNCache != null) {
                    this.userDNCache.put(str, CacheableOptional.of(new DNCacheEntry(findUserRDN2, this.alternateBaseDN)));
                }
                return findUserRDN2;
            } catch (UserNotFoundException e2) {
                if (this.userDNCache != null) {
                    this.userDNCache.put(str, CacheableOptional.of(null));
                }
                throw e2;
            }
        }
    }

    public Rdn[] findUserRDN(String str, LdapName ldapName) throws Exception {
        String str2 = str + this.usernameSuffix;
        this.Log.debug("Trying to find a user's RDN based on their username: '{}'. Field: '{}', Base DN: '{}' ...", new Object[]{str2, this.usernameField, ldapName});
        DirContext dirContext = null;
        try {
            try {
                LdapContext context = getContext(ldapName);
                this.Log.debug("Starting LDAP search for username '{}'...", str2);
                SearchControls searchControls = new SearchControls();
                if (this.subTreeSearch) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(new String[]{this.usernameField});
                NamingEnumeration search = context.search("", getSearchFilter(), new String[]{sanitizeSearchFilter(str2)}, searchControls);
                this.Log.debug("... search finished for username '{}'.", str2);
                if (search == null || !search.hasMoreElements()) {
                    this.Log.debug("User DN based on username '{}' not found.", str2);
                    throw new UserNotFoundException("Username " + str2 + " not found");
                }
                Rdn[] relativeDNFromResult = getRelativeDNFromResult((SearchResult) search.next());
                if (search.hasMoreElements()) {
                    this.Log.debug("Search for userDN based on username '{}' found multiple responses, throwing exception.", str2);
                    throw new UserNotFoundException("LDAP username lookup for " + str2 + " matched multiple entries.");
                }
                search.close();
                if (context != null) {
                    try {
                        context.close();
                    } catch (Exception e) {
                        this.Log.debug("An unexpected exception occurred while closing the LDAP context after searching for user '{}'.", str2, e);
                    }
                }
                return relativeDNFromResult;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        dirContext.close();
                    } catch (Exception e2) {
                        this.Log.debug("An unexpected exception occurred while closing the LDAP context after searching for user '{}'.", str2, e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (UserNotFoundException e3) {
            this.Log.trace("UserNotFoundException thrown when searching for username '{}'", str2, e3);
            throw e3;
        } catch (Exception e4) {
            this.Log.debug("Exception thrown when searching for userDN based on username '{}'", str2, e4);
            throw e4;
        }
    }

    public Rdn[] findGroupRDN(String str) throws Exception {
        try {
            return findGroupRDN(str, this.baseDN);
        } catch (Exception e) {
            if (this.alternateBaseDN == null) {
                throw e;
            }
            return findGroupRDN(str, this.alternateBaseDN);
        }
    }

    public LdapName findGroupAbsoluteDN(String str) throws Exception {
        try {
            LdapName escapeForJNDI = escapeForJNDI(findGroupRDN(str, this.baseDN));
            escapeForJNDI.addAll(0, this.baseDN);
            return escapeForJNDI;
        } catch (Exception e) {
            if (this.alternateBaseDN == null) {
                throw e;
            }
            LdapName escapeForJNDI2 = escapeForJNDI(findGroupRDN(str, this.alternateBaseDN));
            escapeForJNDI2.addAll(0, this.alternateBaseDN);
            return escapeForJNDI2;
        }
    }

    public Rdn[] findGroupRDN(String str, LdapName ldapName) throws Exception {
        this.Log.debug("Trying to find a groups's RDN based on their group name: '{}'. Field: '{}', Base DN: '{}' ...", new Object[]{this.usernameField, str, ldapName});
        DirContext dirContext = null;
        try {
            try {
                LdapContext context = getContext(ldapName);
                this.Log.debug("Starting LDAP search for group '{}'...", str);
                SearchControls searchControls = new SearchControls();
                if (this.subTreeSearch) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(new String[]{this.groupNameField});
                NamingEnumeration search = context.search("", MessageFormat.format(getGroupSearchFilter(), sanitizeSearchFilter(str)), searchControls);
                this.Log.debug("... search finished for group '{}'.", str);
                if (search == null || !search.hasMoreElements()) {
                    this.Log.debug("Group DN based on groupname '{}' not found.", str);
                    throw new GroupNotFoundException("Groupname " + str + " not found");
                }
                Rdn[] relativeDNFromResult = getRelativeDNFromResult((SearchResult) search.next());
                if (search.hasMoreElements()) {
                    this.Log.debug("Search for groupDN based on groupname '{}' found multiple responses, throwing exception.", str);
                    throw new GroupNotFoundException("LDAP groupname lookup for " + str + " matched multiple entries.");
                }
                search.close();
                if (context != null) {
                    try {
                        context.close();
                    } catch (Exception e) {
                        this.Log.debug("An unexpected exception occurred while closing the LDAP context after searching for group '{}'.", str, e);
                    }
                }
                return relativeDNFromResult;
            } catch (GroupNotFoundException e2) {
                this.Log.trace("Group not found: '{}'", str, e2);
                throw e2;
            } catch (Exception e3) {
                this.Log.debug("Exception thrown when searching for groupDN based on groupname '{}'", str, e3);
                throw e3;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    this.Log.debug("An unexpected exception occurred while closing the LDAP context after searching for group '{}'.", str, e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    public boolean isGroupDN(LdapName ldapName) {
        this.Log.debug("LdapManager: Trying to check if DN is a group. DN: {}, Base DN: {} ...", ldapName, this.baseDN);
        if (!ldapName.startsWith(this.baseDN) && (this.alternateBaseDN == null || !ldapName.startsWith(this.alternateBaseDN))) {
            if (!this.Log.isDebugEnabled()) {
                return false;
            }
            this.Log.debug("LdapManager: DN ({}) does not fit to baseDN ({},{})", new Object[]{ldapName, this.baseDN, this.alternateBaseDN});
            return false;
        }
        DirContext dirContext = null;
        try {
            try {
                this.Log.debug("LdapManager: Starting LDAP search to check group DN: {}", ldapName);
                dirContext = getContext(ldapName);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(0);
                searchControls.setReturningAttributes(new String[0]);
                NamingEnumeration search = dirContext.search("", MessageFormat.format(getGroupSearchFilter(), HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL), searchControls);
                this.Log.debug("LdapManager: ... group check search finished for DN: {}", ldapName);
                boolean z = search != null && search.hasMoreElements();
                if (search != null) {
                    search.close();
                }
                this.Log.debug("LdapManager: DN is group: {}? {}!", ldapName, Boolean.valueOf(z));
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e) {
                        this.Log.debug("An exception occurred while trying to close a LDAP context after trying to verify that DN '{}' is a group.", ldapName, e);
                    }
                }
                return z;
            } catch (Throwable th) {
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e2) {
                        this.Log.debug("An exception occurred while trying to close a LDAP context after trying to verify that DN '{}' is a group.", ldapName, e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            this.Log.error("LdapManager: Exception thrown while checking if DN is a group {}", ldapName, e3);
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e4) {
                    this.Log.debug("An exception occurred while trying to close a LDAP context after trying to verify that DN '{}' is a group.", ldapName, e4);
                    return false;
                }
            }
            return false;
        } catch (NameNotFoundException e5) {
            this.Log.info("LdapManager: Given DN not found (while checking if DN is a group)! {}", ldapName);
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (Exception e6) {
                    this.Log.debug("An exception occurred while trying to close a LDAP context after trying to verify that DN '{}' is a group.", ldapName, e6);
                    return false;
                }
            }
            return false;
        }
    }

    String getProviderURL(LdapName ldapName) throws NamingException {
        StringBuilder sb = new StringBuilder();
        try {
            for (String str : this.hosts) {
                String[] split = str.split(":");
                String str2 = str;
                int i = this.port;
                if (split.length == 2) {
                    try {
                        int parseInt = Integer.parseInt(split[1]);
                        if (parseInt > 0 && parseInt < 65535) {
                            str2 = split[0];
                            i = parseInt;
                        }
                    } catch (NumberFormatException e) {
                        this.Log.trace("Unable to determine port number from value '{}'. Expected format: 'hostname' or 'hostname:port'", str);
                    }
                }
                sb.append(new URI(this.sslEnabled ? "ldaps" : "ldap", null, str2, i, "/" + ldapName.toString(), null, null).toASCIIString());
                sb.append(" ");
            }
            return sb.toString().trim();
        } catch (Exception e2) {
            this.Log.error("Unable to generate provider URL for baseDN: '{}'.", ldapName, e2);
            throw new NamingException("Unable to generate provider URL for baseDN: '" + String.valueOf(ldapName) + "': " + e2.getMessage());
        }
    }

    public Collection<String> getHosts() {
        return this.hosts;
    }

    public void setHosts(Collection<String> collection) {
        this.hosts = collection;
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(',');
        }
        if (!collection.isEmpty()) {
            sb.setLength(sb.length() - 1);
        }
        this.properties.put("ldap.host", sb.toString());
    }

    public int getPort() {
        return this.port;
    }

    public void setPort(int i) {
        this.port = i;
        this.properties.put("ldap.port", Integer.toString(i));
    }

    public boolean isDebugEnabled() {
        return this.ldapDebugEnabled;
    }

    public void setDebugEnabled(boolean z) {
        this.ldapDebugEnabled = z;
        this.properties.put("ldap.ldapDebugEnabled", Boolean.toString(z));
    }

    public boolean isSslEnabled() {
        return this.sslEnabled;
    }

    public void setSslEnabled(boolean z) {
        this.sslEnabled = z;
        this.properties.put("ldap.sslEnabled", Boolean.toString(z));
    }

    public boolean isStartTlsEnabled() {
        return this.startTlsEnabled;
    }

    public void setStartTlsEnabled(boolean z) {
        this.startTlsEnabled = z;
        this.properties.put("ldap.startTlsEnabled", Boolean.toString(z));
    }

    public String getUsernameField() {
        return this.usernameField;
    }

    public String getUsernameSuffix() {
        return this.usernameSuffix;
    }

    public void setUsernameField(String str) {
        this.usernameField = str;
        if (str != null) {
            this.properties.put("ldap.usernameField", str);
        } else {
            this.properties.remove("ldap.usernameField");
            this.usernameField = "uid";
        }
    }

    public void setUsernameSuffix(String str) {
        this.usernameSuffix = str;
        if (str != null) {
            this.properties.put("ldap.usernameSuffix", str);
        } else {
            this.properties.remove("ldap.usernameSuffix");
            this.usernameSuffix = "";
        }
    }

    public LdapUserTester.PropertyMapping getNameField() {
        return this.nameField;
    }

    public void setNameField(LdapUserTester.PropertyMapping propertyMapping) {
        this.nameField = propertyMapping;
        if (propertyMapping == null || propertyMapping.getDisplayFormat() == null || propertyMapping.getDisplayFormat().isEmpty()) {
            this.properties.remove("ldap.nameField");
        } else {
            this.properties.put("ldap.nameField", propertyMapping.getDisplayFormat());
        }
    }

    public String getEmailField() {
        return this.emailField;
    }

    public void setEmailField(String str) {
        this.emailField = str;
        if (str == null) {
            this.properties.remove("ldap.emailField");
        } else {
            this.properties.put("ldap.emailField", str);
        }
    }

    public LdapName getBaseDN() {
        return this.baseDN;
    }

    public void setBaseDN(LdapName ldapName) {
        this.baseDN = ldapName;
        this.properties.put("ldap.baseDN", ldapName.toString());
    }

    public LdapName getAlternateBaseDN() {
        return this.alternateBaseDN;
    }

    public void setAlternateBaseDN(LdapName ldapName) {
        this.alternateBaseDN = ldapName;
        if (ldapName == null) {
            this.properties.remove("ldap.alternateBaseDN");
        } else {
            this.properties.put("ldap.alternateBaseDN", ldapName.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public LdapName getUsersBaseDN(String str) {
        CacheableOptional cacheableOptional;
        if (this.userDNCache != null && (cacheableOptional = (CacheableOptional) this.userDNCache.get(str)) != null) {
            if (!cacheableOptional.isAbsent()) {
                return ((DNCacheEntry) cacheableOptional.get()).getBaseDN();
            }
            this.Log.debug("An earlier UserNotFoundException occurred while tyring to get the user baseDn for {} (negative lookup cache result)", str);
            return null;
        }
        try {
            Rdn[] findUserRDN = findUserRDN(str, this.baseDN);
            if (this.userDNCache != null) {
                this.userDNCache.put(str, CacheableOptional.of(new DNCacheEntry(findUserRDN, this.baseDN)));
            }
            return this.baseDN;
        } catch (Exception e) {
            try {
                if (this.alternateBaseDN == null) {
                    return null;
                }
                Rdn[] findUserRDN2 = findUserRDN(str, this.alternateBaseDN);
                if (this.userDNCache != null) {
                    this.userDNCache.put(str, CacheableOptional.of(new DNCacheEntry(findUserRDN2, this.alternateBaseDN)));
                }
                return this.alternateBaseDN;
            } catch (UserNotFoundException e2) {
                this.Log.debug("An exception occurred while tyring to get the user baseDn for {}", str, e2);
                if (this.userDNCache == null) {
                    return null;
                }
                this.userDNCache.put(str, CacheableOptional.of(null));
                return null;
            } catch (Exception e3) {
                this.Log.debug("An exception occurred while tyring to get the user baseDn for {}", str, e3);
                return null;
            }
        }
    }

    public LdapName getGroupsBaseDN(String str) {
        try {
            findGroupRDN(str, this.baseDN);
            return this.baseDN;
        } catch (Exception e) {
            try {
                if (this.alternateBaseDN == null) {
                    return null;
                }
                findGroupRDN(str, this.alternateBaseDN);
                return this.alternateBaseDN;
            } catch (Exception e2) {
                this.Log.debug("An exception occurred while trying to find the base dn for group: {}", str, e2);
                return null;
            }
        }
    }

    public String getAdminDN() {
        return this.adminDN;
    }

    public void setAdminDN(String str) {
        this.adminDN = str;
        this.properties.put("ldap.adminDN", str);
    }

    public String getAdminPassword() {
        return this.adminPassword;
    }

    public void setAdminPassword(String str) {
        this.adminPassword = str;
        this.properties.put("ldap.adminPassword", str);
    }

    public void setConnectionPoolEnabled(boolean z) {
        this.connectionPoolEnabled = z;
        this.properties.put("ldap.connectionPoolEnabled", Boolean.toString(z));
    }

    public boolean isConnectionPoolEnabled() {
        return this.connectionPoolEnabled;
    }

    public String getSearchFilter() {
        StringBuilder sb = new StringBuilder();
        if (this.searchFilter == null) {
            sb.append('(').append(this.usernameField).append("={0})");
        } else {
            sb.append("(&(").append(this.usernameField).append("={0})");
            sb.append(this.searchFilter).append(')');
        }
        return sb.toString();
    }

    public void setSearchFilter(String str) {
        this.searchFilter = str;
        this.properties.put("ldap.searchFilter", str);
    }

    public boolean isSubTreeSearch() {
        return this.subTreeSearch;
    }

    public void setSubTreeSearch(boolean z) {
        this.subTreeSearch = z;
        this.properties.put("ldap.subTreeSearch", String.valueOf(z));
    }

    public boolean isFollowReferralsEnabled() {
        return this.followReferrals;
    }

    public void setFollowReferralsEnabled(boolean z) {
        this.followReferrals = z;
        this.properties.put("ldap.autoFollowReferrals", String.valueOf(z));
    }

    public boolean isFollowAliasReferralsEnabled() {
        return this.followAliasReferrals;
    }

    public void setFollowAliasReferralsEnabled(boolean z) {
        this.followAliasReferrals = z;
        this.properties.put("ldap.autoFollowAliasReferrals", String.valueOf(z));
    }

    public String getGroupNameField() {
        return this.groupNameField;
    }

    public void setGroupNameField(String str) {
        this.groupNameField = str;
        this.properties.put("ldap.groupNameField", str);
    }

    public String getGroupMemberField() {
        return this.groupMemberField;
    }

    public void setGroupMemberField(String str) {
        this.groupMemberField = str;
        this.properties.put("ldap.groupMemberField", str);
    }

    public String getGroupDescriptionField() {
        return this.groupDescriptionField;
    }

    public void setGroupDescriptionField(String str) {
        this.groupDescriptionField = str;
        this.properties.put("ldap.groupDescriptionField", str);
    }

    public boolean isPosixMode() {
        return this.posixMode;
    }

    public void setPosixMode(boolean z) {
        this.posixMode = z;
        this.properties.put("ldap.posixMode", String.valueOf(z));
    }

    public String getGroupSearchFilter() {
        StringBuilder sb = new StringBuilder();
        if (this.groupSearchFilter == null) {
            sb.append('(').append(this.groupNameField).append("={0})");
        } else {
            sb.append("(&(").append(this.groupNameField).append("={0})");
            sb.append(this.groupSearchFilter).append(')');
        }
        return sb.toString();
    }

    public boolean isFlattenNestedGroups() {
        return this.flattenNestedGroups;
    }

    public void setFlattenNestedGroups(boolean z) {
        this.flattenNestedGroups = z;
        this.properties.put("ldap.flattenNestedGroups", String.valueOf(this.posixMode));
    }

    public void setGroupSearchFilter(String str) {
        this.groupSearchFilter = str;
        this.properties.put("ldap.groupSearchFilter", str);
    }

    public List<String> retrieveList(String str, String str2, int i, int i2, String str3) {
        return retrieveList(str, str2, i, i2, str3, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public List<String> retrieveList(String str, String str2, int i, int i2, String str3, boolean z) {
        List arrayList = new ArrayList();
        int intValue = LDAP_PAGE_SIZE.getValue().intValue();
        boolean parseBoolean = Boolean.parseBoolean(this.properties.get("ldap.clientSideSorting"));
        LdapContext ldapContext = null;
        LdapContext ldapContext2 = null;
        try {
            try {
                ldapContext = getContext(this.baseDN);
                ArrayList arrayList2 = new ArrayList();
                if (!parseBoolean) {
                    arrayList2.add(new SortControl(new String[]{str}, false));
                }
                if (intValue > 0) {
                    arrayList2.add(new PagedResultsControl(intValue, false));
                }
                Control[] controlArr = (Control[]) arrayList2.toArray(new Control[0]);
                ldapContext.setRequestControls(controlArr);
                SearchControls searchControls = new SearchControls();
                if (isSubTreeSearch()) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(new String[]{str});
                int i3 = -1;
                if (!parseBoolean) {
                    r23 = i != -1 ? i : -1;
                    if (i2 != -1) {
                        i3 = i + i2;
                    }
                }
                int i4 = 0;
                while (true) {
                    byte[] bArr = null;
                    NamingEnumeration search = ldapContext.search("", str2, searchControls);
                    while (true) {
                        if (!search.hasMoreElements()) {
                            break;
                        }
                        i4++;
                        if (r23 > 0 && i4 <= r23) {
                            search.next();
                        } else {
                            if (i3 != -1 && i4 > i3) {
                                search.next();
                                break;
                            }
                            String str4 = (String) ((SearchResult) search.next()).getAttributes().get(str).get();
                            if (str3 != null && str3.length() > 0 && str4.endsWith(str3)) {
                                str4 = str4.substring(0, str4.length() - str3.length());
                            }
                            arrayList.add(z ? JID.escapeNode(str4) : str4);
                        }
                    }
                    PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
                    if (responseControls != null) {
                        for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                            if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                bArr = pagedResultsResponseControl.getCookie();
                            }
                        }
                    }
                    search.close();
                    ArrayList arrayList3 = new ArrayList();
                    if (!parseBoolean) {
                        arrayList3.add(new SortControl(new String[]{str}, false));
                    }
                    if (intValue > 0) {
                        arrayList3.add(new PagedResultsControl(intValue, bArr, true));
                    }
                    ldapContext.setRequestControls((Control[]) arrayList3.toArray(new Control[0]));
                    if (bArr == null || (i3 != -1 && i4 > i3)) {
                        break;
                    }
                }
                if (this.alternateBaseDN != null && (i3 == -1 || i4 <= i3)) {
                    ldapContext2 = getContext(this.alternateBaseDN);
                    ldapContext2.setRequestControls(controlArr);
                    while (true) {
                        byte[] bArr2 = null;
                        NamingEnumeration search2 = ldapContext2.search("", str2, searchControls);
                        while (true) {
                            if (!search2.hasMoreElements()) {
                                break;
                            }
                            i4++;
                            if (r23 > 0 && i4 <= r23) {
                                search2.next();
                            } else {
                                if (i3 != -1 && i4 > i3) {
                                    search2.next();
                                    break;
                                }
                                String str5 = (String) ((SearchResult) search2.next()).getAttributes().get(str).get();
                                if (str3 != null && str3.length() > 0 && str5.endsWith(str3)) {
                                    str5 = str5.substring(0, str5.length() - str3.length());
                                }
                                arrayList.add(z ? JID.escapeNode(str5) : str5);
                            }
                        }
                        PagedResultsResponseControl[] responseControls2 = ldapContext2.getResponseControls();
                        if (responseControls2 != null) {
                            for (PagedResultsResponseControl pagedResultsResponseControl2 : responseControls2) {
                                if (pagedResultsResponseControl2 instanceof PagedResultsResponseControl) {
                                    bArr2 = pagedResultsResponseControl2.getCookie();
                                }
                            }
                        }
                        search2.close();
                        ArrayList arrayList4 = new ArrayList();
                        if (!parseBoolean) {
                            arrayList4.add(new SortControl(new String[]{str}, false));
                        }
                        if (intValue > 0) {
                            arrayList4.add(new PagedResultsControl(intValue, bArr2, true));
                        }
                        ldapContext2.setRequestControls((Control[]) arrayList4.toArray(new Control[0]));
                        if (bArr2 == null || (i3 != -1 && i4 > i3)) {
                            break;
                        }
                    }
                }
                if (parseBoolean) {
                    arrayList = sortAndPaginate(arrayList, i, i2);
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e) {
                        this.Log.debug("An exception occurred while trying to close contexts after retrieving a list of results from the LDAP server.", e);
                    }
                }
                if (ldapContext2 != null) {
                    ldapContext2.setRequestControls((Control[]) null);
                    ldapContext2.close();
                }
            } catch (Exception e2) {
                this.Log.error("An exception occurred while trying to retrieve a list of results from the LDAP server", e2);
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e3) {
                        this.Log.debug("An exception occurred while trying to close contexts after retrieving a list of results from the LDAP server.", e3);
                    }
                }
                if (ldapContext2 != null) {
                    ldapContext2.setRequestControls((Control[]) null);
                    ldapContext2.close();
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.setRequestControls((Control[]) null);
                    ldapContext.close();
                } catch (Exception e4) {
                    this.Log.debug("An exception occurred while trying to close contexts after retrieving a list of results from the LDAP server.", e4);
                    throw th;
                }
            }
            if (ldapContext2 != null) {
                ldapContext2.setRequestControls((Control[]) null);
                ldapContext2.close();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> sortAndPaginate(Collection<String> collection, int i, int i2) {
        ArrayList arrayList = new ArrayList(collection);
        Collections.sort(arrayList);
        return arrayList.subList(Math.max(i, 0), Math.min(arrayList.size(), Math.max(i2, arrayList.size())));
    }

    public String retrieveSingle(String str, String str2, boolean z) {
        try {
            return retrieveSingle(str, str2, z, this.baseDN);
        } catch (Exception e) {
            if (this.alternateBaseDN != null) {
                return retrieveSingle(str, str2, z, this.alternateBaseDN);
            }
            throw e;
        }
    }

    public String retrieveSingle(String str, String str2, boolean z, LdapName ldapName) {
        LdapContext ldapContext = null;
        try {
            try {
                LdapContext context = getContext(ldapName);
                SearchControls searchControls = new SearchControls();
                if (isSubTreeSearch()) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(str == null ? new String[0] : new String[]{str});
                NamingEnumeration search = context.search("", str2, searchControls);
                if (search == null || !search.hasMoreElements()) {
                    if (context != null) {
                        try {
                            context.close();
                        } catch (Exception e) {
                            this.Log.debug("An exception occurred while trying to close a LDAP context after trying to retrieve a single attribute element for {}.", str, e);
                        }
                    }
                    return null;
                }
                SearchResult searchResult = (SearchResult) search.next();
                String obj = str == null ? new LdapName(searchResult.getName()).addAll(0, ldapName).toString() : (String) searchResult.getAttributes().get(str).get();
                if (search.hasMoreElements()) {
                    this.Log.debug("Search result for '{}' is not unique.", str2);
                    if (z) {
                        throw new IllegalStateException("Search result for " + str2 + " is not unique.");
                    }
                }
                search.close();
                if (context != null) {
                    try {
                        context.close();
                    } catch (Exception e2) {
                        this.Log.debug("An exception occurred while trying to close a LDAP context after trying to retrieve a single attribute element for {}.", str, e2);
                    }
                }
                return obj;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        ldapContext.close();
                    } catch (Exception e3) {
                        this.Log.debug("An exception occurred while trying to close a LDAP context after trying to retrieve a single attribute element for {}.", str, e3);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            this.Log.error("Error while searching for single result of: {}", str2, e4);
            if (0 != 0) {
                try {
                    ldapContext.close();
                } catch (Exception e5) {
                    this.Log.debug("An exception occurred while trying to close a LDAP context after trying to retrieve a single attribute element for {}.", str, e5);
                    return null;
                }
            }
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:62:0x0145 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.List<java.lang.String> retrieveAttributeOf(java.lang.String r8, javax.naming.ldap.LdapName r9) throws javax.naming.NamingException {
        /*
            Method dump skipped, instructions count: 354
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jivesoftware.openfire.ldap.LdapManager.retrieveAttributeOf(java.lang.String, javax.naming.ldap.LdapName):java.util.List");
    }

    public Integer retrieveListCount(String str, String str2) {
        byte[] bArr;
        byte[] bArr2;
        int intValue = LDAP_PAGE_SIZE.getValue().intValue();
        LdapContext ldapContext = null;
        LdapContext ldapContext2 = null;
        Integer num = 0;
        try {
            try {
                ldapContext = getContext(this.baseDN);
                ArrayList arrayList = new ArrayList();
                if (intValue > 0) {
                    arrayList.add(new PagedResultsControl(intValue, false));
                }
                Control[] controlArr = (Control[]) arrayList.toArray(new Control[0]);
                ldapContext.setRequestControls(controlArr);
                SearchControls searchControls = new SearchControls();
                if (isSubTreeSearch()) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                searchControls.setReturningAttributes(new String[]{str});
                do {
                    bArr = null;
                    NamingEnumeration search = ldapContext.search("", str2, searchControls);
                    while (search.hasMoreElements()) {
                        search.next();
                        num = Integer.valueOf(num.intValue() + 1);
                    }
                    PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
                    if (responseControls != null) {
                        for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                            if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                bArr = pagedResultsResponseControl.getCookie();
                            }
                        }
                    }
                    search.close();
                    ArrayList arrayList2 = new ArrayList();
                    if (intValue > 0) {
                        arrayList2.add(new PagedResultsControl(intValue, bArr, true));
                    }
                    ldapContext.setRequestControls((Control[]) arrayList2.toArray(new Control[0]));
                } while (bArr != null);
                if (this.alternateBaseDN != null) {
                    ldapContext2 = getContext(this.alternateBaseDN);
                    ldapContext2.setRequestControls(controlArr);
                    do {
                        bArr2 = null;
                        NamingEnumeration search2 = ldapContext2.search("", str2, searchControls);
                        while (search2.hasMoreElements()) {
                            search2.next();
                            num = Integer.valueOf(num.intValue() + 1);
                        }
                        PagedResultsResponseControl[] responseControls2 = ldapContext2.getResponseControls();
                        if (responseControls2 != null) {
                            for (PagedResultsResponseControl pagedResultsResponseControl2 : responseControls2) {
                                if (pagedResultsResponseControl2 instanceof PagedResultsResponseControl) {
                                    bArr2 = pagedResultsResponseControl2.getCookie();
                                }
                            }
                        }
                        search2.close();
                        ArrayList arrayList3 = new ArrayList();
                        if (intValue > 0) {
                            arrayList3.add(new PagedResultsControl(intValue, bArr2, true));
                        }
                        ldapContext2.setRequestControls((Control[]) arrayList3.toArray(new Control[0]));
                    } while (bArr2 != null);
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e) {
                        this.Log.debug("An exception occurred while trying to close contexts after retrieving a list count for attribute: {}", str, e);
                    }
                }
                if (ldapContext2 != null) {
                    ldapContext2.setRequestControls((Control[]) null);
                    ldapContext2.close();
                }
            } catch (Exception e2) {
                this.Log.error("An exception occurred while trying to retrieve a list count for attribute: {}", str, e2);
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e3) {
                        this.Log.debug("An exception occurred while trying to close contexts after retrieving a list count for attribute: {}", str, e3);
                    }
                }
                if (ldapContext2 != null) {
                    ldapContext2.setRequestControls((Control[]) null);
                    ldapContext2.close();
                }
            }
            return num;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.setRequestControls((Control[]) null);
                    ldapContext.close();
                } catch (Exception e4) {
                    this.Log.debug("An exception occurred while trying to close contexts after retrieving a list count for attribute: {}", str, e4);
                    throw th;
                }
            }
            if (ldapContext2 != null) {
                ldapContext2.setRequestControls((Control[]) null);
                ldapContext2.close();
            }
            throw th;
        }
    }

    public static String sanitizeSearchFilter(String str) {
        return sanitizeSearchFilter(str, false);
    }

    public static LdapName escapeForJNDI(Rdn... rdnArr) {
        List asList = Arrays.asList((Rdn[]) Arrays.copyOf(rdnArr, rdnArr.length));
        Collections.reverse(asList);
        return new LdapName(asList);
    }

    public static String sanitizeSearchFilter(String str, boolean z) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case Base64.ORDERED /* 32 */:
                    sb.append((i == 0 || i == str.length() - 1) ? "\\20" : Character.valueOf(charAt));
                    break;
                case '!':
                    sb.append("\\21");
                    break;
                case '\"':
                    sb.append("\\22");
                    break;
                case '#':
                    sb.append(i == 0 ? "\\23" : Character.valueOf(charAt));
                    break;
                case '&':
                    sb.append("\\26");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append(z ? HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL : "\\2a");
                    break;
                case '+':
                    sb.append("\\2b");
                    break;
                case ',':
                    sb.append("\\2c");
                    break;
                case '/':
                    sb.append("\\2f");
                    break;
                case ':':
                    sb.append("\\3a");
                    break;
                case ';':
                    sb.append("\\3b");
                    break;
                case '<':
                    sb.append("\\3c");
                    break;
                case '>':
                    sb.append("\\3e");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                case '|':
                    sb.append("\\7c");
                    break;
                case '~':
                    sb.append("\\7e");
                    break;
                default:
                    if (charAt <= 127) {
                        sb.append(charAt);
                        break;
                    } else if (JiveGlobals.getBooleanProperty("ldap.encodeMultibyteCharacters", false)) {
                        for (byte b : String.valueOf(charAt).getBytes(StandardCharsets.UTF_8)) {
                            sb.append(String.format("\\%02x", Byte.valueOf(b)));
                        }
                        break;
                    } else {
                        sb.append(charAt);
                        break;
                    }
            }
            i++;
        }
        return sb.toString();
    }
}
