package org.jivesoftware.openfire.ldap;

import java.text.MessageFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.group.AbstractGroupProvider;
import org.jivesoftware.openfire.group.Group;
import org.jivesoftware.openfire.group.GroupNotFoundException;
import org.jivesoftware.openfire.http.HttpBindManager;
import org.jivesoftware.openfire.user.UserManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.SystemProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmpp.packet.JID;

/* loaded from: input_file:org/jivesoftware/openfire/ldap/LdapGroupProvider.class */
public class LdapGroupProvider extends AbstractGroupProvider {
    private final Logger Log;
    private LdapManager manager;
    private UserManager userManager;
    private String[] standardAttributes;
    private int groupCount;
    private Instant expiresStamp;
    public static SystemProperty<Boolean> PROCESSBIGGROUPS = SystemProperty.Builder.ofType(Boolean.class).setKey("ldap.useRangeRetrieval").setDefaultValue(false).setDynamic(true).build();

    public LdapGroupProvider() {
        this(null);
    }

    public LdapGroupProvider(String str) {
        this.groupCount = -1;
        this.expiresStamp = Instant.now();
        this.Log = LoggerFactory.getLogger(LdapGroupProvider.class.getName() + (str == null ? "" : "[" + str + "]"));
        this.manager = LdapManager.getInstance(str);
        this.userManager = UserManager.getInstance();
        this.standardAttributes = new String[3];
        this.standardAttributes[0] = this.manager.getGroupNameField();
        this.standardAttributes[1] = this.manager.getGroupDescriptionField();
        this.standardAttributes[2] = this.manager.getGroupMemberField();
    }

    @Override // org.jivesoftware.openfire.group.GroupProvider
    public Group getGroup(String str) throws GroupNotFoundException {
        try {
            LdapName findGroupAbsoluteDN = this.manager.findGroupAbsoluteDN(str);
            return getGroupByDN(findGroupAbsoluteDN, new HashSet(Collections.singleton(findGroupAbsoluteDN.toString())));
        } catch (Exception e) {
            this.Log.debug("Unable to load group: {}", str, e);
            throw new GroupNotFoundException("Group with name " + str + " not found.", e);
        }
    }

    public String genNextRangePart(int i) {
        String groupMemberField = this.manager.getGroupMemberField();
        int intValue = LdapManager.LDAP_PAGE_SIZE.getValue().intValue();
        if (intValue == -1) {
            intValue = 1500;
        }
        return groupMemberField + ";range=" + String.valueOf(i + 1) + "-" + String.valueOf(i + intValue + 1);
    }

    private Group getGroupByDN(LdapName ldapName, Set<String> set) throws NamingException {
        LdapName baseDN;
        LdapContext ldapContext = null;
        try {
            if (this.manager.getAlternateBaseDN() != null && ldapName.startsWith(this.manager.getAlternateBaseDN())) {
                baseDN = this.manager.getAlternateBaseDN();
            } else {
                if (!ldapName.startsWith(this.manager.getBaseDN())) {
                    throw new IllegalArgumentException("GroupDN does not match any baseDN");
                }
                baseDN = this.manager.getBaseDN();
            }
            Name suffix = ldapName.getSuffix(baseDN.size());
            set.add(ldapName.toString());
            ldapContext = this.manager.getContext(baseDN);
            Attributes attributes = ldapContext.getAttributes(suffix, this.standardAttributes);
            if (!PROCESSBIGGROUPS.getValue().booleanValue()) {
                Group processGroup = processGroup(ldapContext, attributes, set);
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e) {
                        this.Log.debug("An exception was ignored while trying to close the Ldap context after trying to get a group.", e);
                    }
                }
                return processGroup;
            }
            boolean z = false;
            NamingEnumeration all = attributes.getAll();
            int i = -1;
            int i2 = -1;
            while (true) {
                if (!all.hasMore()) {
                    break;
                }
                String lowerCase = ((Attribute) all.next()).getID().toLowerCase();
                if (lowerCase.startsWith(this.manager.getGroupMemberField()) && lowerCase.contains(";range=")) {
                    i = Integer.parseInt(lowerCase.substring(lowerCase.indexOf(";range=") + ";range=".length()).split("\\-")[1]);
                    z = true;
                    this.Log.debug("using range retrival for group: {}", suffix);
                    break;
                }
            }
            if (!z) {
                Group processGroup2 = processGroup(ldapContext, attributes, set);
                if (ldapContext != null) {
                    try {
                        ldapContext.setRequestControls((Control[]) null);
                        ldapContext.close();
                    } catch (Exception e2) {
                        this.Log.debug("An exception was ignored while trying to close the Ldap context after trying to get a group.", e2);
                    }
                }
                return processGroup2;
            }
            ArrayList arrayList = new ArrayList();
            for (int i3 = 0; i3 < this.standardAttributes.length; i3++) {
                if (!this.standardAttributes[i3].contains(this.manager.getGroupMemberField())) {
                    arrayList.add(this.standardAttributes[i3]);
                }
            }
            arrayList.add(this.manager.getGroupMemberField() + ";range=0-" + String.valueOf(i));
            this.Log.debug("first range will be 0-{}", Integer.valueOf(i));
            Group processGroup3 = processGroup(ldapContext, ldapContext.getAttributes(suffix, (String[]) arrayList.toArray(new String[arrayList.size()])), set);
            Collection<JID> admins = processGroup3.getAdmins();
            String description = processGroup3.getDescription();
            String name = processGroup3.getName();
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(processGroup3.getMembers());
            do {
                try {
                    arrayList.clear();
                    for (int i4 = 0; i4 < this.standardAttributes.length; i4++) {
                        if (!this.standardAttributes[i4].contains(this.manager.getGroupMemberField())) {
                            arrayList.add(this.standardAttributes[i4]);
                        }
                    }
                    arrayList.add(genNextRangePart(i));
                    Attributes attributes2 = ldapContext.getAttributes(suffix, (String[]) arrayList.toArray(new String[arrayList.size()]));
                    NamingEnumeration all2 = attributes2.getAll();
                    while (true) {
                        if (!all2.hasMore()) {
                            break;
                        }
                        String lowerCase2 = ((Attribute) all2.next()).getID().toLowerCase();
                        if (lowerCase2.startsWith(this.manager.getGroupMemberField()) && lowerCase2.contains(";range=")) {
                            i2 = i;
                            i = !lowerCase2.substring(lowerCase2.indexOf(";range=") + ";range=".length()).split("\\-")[1].equals(HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL) ? Integer.parseInt(lowerCase2.substring(lowerCase2.indexOf(";range=") + ";range=".length()).split("\\-")[1]) : -1;
                        }
                    }
                    this.Log.debug("next range will be {}-{}", Integer.valueOf(i2), i != -1 ? Integer.valueOf(i) : HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL);
                    Group processGroup4 = processGroup(ldapContext, attributes2, set);
                    if (processGroup4 == null || processGroup4.getMembers().size() <= 0) {
                        break;
                    }
                    arrayList2.addAll(processGroup4.getMembers());
                } catch (Exception e3) {
                    this.Log.debug("error while reading the ldap group with range retrieval", e3);
                }
            } while (i != -1);
            Group group = new Group(name, description, arrayList2, admins);
            if (ldapContext != null) {
                try {
                    ldapContext.setRequestControls((Control[]) null);
                    ldapContext.close();
                } catch (Exception e4) {
                    this.Log.debug("An exception was ignored while trying to close the Ldap context after trying to get a group.", e4);
                }
            }
            return group;
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.setRequestControls((Control[]) null);
                    ldapContext.close();
                } catch (Exception e5) {
                    this.Log.debug("An exception was ignored while trying to close the Ldap context after trying to get a group.", e5);
                    throw th;
                }
            }
            throw th;
        }
    }

    @Override // org.jivesoftware.openfire.group.GroupProvider
    public int getGroupCount() {
        if (this.manager.isDebugEnabled()) {
            this.Log.debug("LdapGroupProvider: Trying to get the number of groups in the system.");
        }
        if (this.groupCount != -1 && Instant.now().isBefore(this.expiresStamp)) {
            return this.groupCount;
        }
        this.groupCount = this.manager.retrieveListCount(this.manager.getGroupNameField(), MessageFormat.format(this.manager.getGroupSearchFilter(), HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL)).intValue();
        this.expiresStamp = Instant.now().plus((TemporalAmount) Duration.ofMinutes(5L));
        return this.groupCount;
    }

    @Override // org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> getGroupNames() {
        return getGroupNames(-1, -1);
    }

    @Override // org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> getGroupNames(int i, int i2) {
        return this.manager.retrieveList(this.manager.getGroupNameField(), MessageFormat.format(this.manager.getGroupSearchFilter(), HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL), i, i2, null);
    }

    @Override // org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> getGroupNames(JID jid) {
        String unescapeNode;
        String ldapName;
        XMPPServer xMPPServer = XMPPServer.getInstance();
        if (this.manager.isPosixMode()) {
            unescapeNode = xMPPServer.isLocal(jid) ? JID.unescapeNode(jid.getNode()) : jid.toBareJID();
        } else {
            if (!xMPPServer.isLocal(jid)) {
                return Collections.emptyList();
            }
            unescapeNode = JID.unescapeNode(jid.getNode());
            try {
                unescapeNode = ((String) Arrays.stream(this.manager.findUserRDN(unescapeNode)).map((v0) -> {
                    return v0.toString();
                }).collect(Collectors.joining(","))) + "," + String.valueOf(this.manager.getUsersBaseDN(unescapeNode));
            } catch (Exception e) {
                this.Log.debug("Unable to find groups for a user that was not recognized in LDAP: {}", unescapeNode);
                return Collections.emptyList();
            }
        }
        if (unescapeNode == null || unescapeNode.isEmpty()) {
            return Collections.emptyList();
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(search(this.manager.getGroupMemberField(), unescapeNode));
        if (this.manager.isFlattenNestedGroups()) {
            HashSet hashSet = new HashSet();
            ArrayDeque arrayDeque = new ArrayDeque(linkedHashSet);
            while (true) {
                String str = (String) arrayDeque.pollFirst();
                if (null == str) {
                    break;
                }
                if (!hashSet.contains(str)) {
                    hashSet.add(str);
                    try {
                        LdapName findGroupAbsoluteDN = this.manager.findGroupAbsoluteDN(str);
                        if (this.manager.isPosixMode()) {
                            List<String> retrieveAttributeOf = this.manager.retrieveAttributeOf(this.manager.getUsernameField(), findGroupAbsoluteDN);
                            if (!retrieveAttributeOf.isEmpty()) {
                                ldapName = retrieveAttributeOf.get(0);
                            }
                        } else {
                            ldapName = findGroupAbsoluteDN.toString();
                        }
                        Collection<String> search = search(this.manager.getGroupMemberField(), ldapName);
                        arrayDeque.addAll(search);
                        linkedHashSet.addAll(search);
                    } catch (Exception e2) {
                        this.Log.warn("Error looking up group: {}", str);
                    }
                }
            }
        }
        return linkedHashSet;
    }

    @Override // org.jivesoftware.openfire.group.AbstractGroupProvider, org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> search(String str, String str2) {
        if (str.equals(Group.SHARED_ROSTER_DISPLAY_NAME_PROPERTY_KEY)) {
            return super.search(str, str2);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("(&");
        sb.append(MessageFormat.format(this.manager.getGroupSearchFilter(), HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL));
        sb.append('(').append(str).append('=').append(LdapManager.sanitizeSearchFilter(str2, false));
        sb.append("))");
        if (!PROCESSBIGGROUPS.getValue().booleanValue()) {
            if (this.Log.isDebugEnabled()) {
                this.Log.debug("Trying to find group names using query: " + sb.toString());
            }
            return this.manager.retrieveList(this.manager.getGroupNameField(), sb.toString(), -1, -1, null);
        }
        String sb2 = sb.toString();
        if (sb2.contains(";range=")) {
            sb2 = sb2.substring(0, sb2.indexOf(";range=")) + sb2.substring(sb2.indexOf("=", sb2.indexOf(";range=") + ";range=".length()));
        }
        this.Log.debug("Trying to find group names using query: {}", sb2);
        return this.manager.retrieveList(this.manager.getGroupNameField(), sb2, -1, -1, null);
    }

    @Override // org.jivesoftware.openfire.group.AbstractGroupProvider, org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> search(String str) {
        return search(str, -1, -1);
    }

    @Override // org.jivesoftware.openfire.group.AbstractGroupProvider, org.jivesoftware.openfire.group.GroupProvider
    public Collection<String> search(String str, int i, int i2) {
        if (str == null || str.isEmpty()) {
            return Collections.emptyList();
        }
        StringBuilder sb = new StringBuilder();
        sb.append('(').append(this.manager.getGroupNameField()).append('=').append(LdapManager.sanitizeSearchFilter(str, false)).append("*)");
        return this.manager.retrieveList(this.manager.getGroupNameField(), sb.toString(), i, i2, null);
    }

    @Override // org.jivesoftware.openfire.group.AbstractGroupProvider, org.jivesoftware.openfire.group.GroupProvider
    public boolean isSearchSupported() {
        return true;
    }

    private Group processGroup(LdapContext ldapContext, Attributes attributes, Set<String> set) throws NamingException {
        String str;
        String str2;
        JID asBareJID;
        XMPPServer xMPPServer = XMPPServer.getInstance();
        String xMPPDomain = xMPPServer.getServerInfo().getXMPPDomain();
        Pattern compile = Pattern.compile("(?i)(^" + this.manager.getUsernameField() + "=)([^,]+)(.+)");
        boolean equals = this.manager.getUsernameField().equals("sAMAccountName");
        String[] strArr = equals ? new String[]{"distinguishedName", this.manager.getUsernameField()} : new String[]{this.manager.getUsernameField()};
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        if (this.manager.isSubTreeSearch()) {
            searchControls.setSearchScope(2);
        } else {
            searchControls.setSearchScope(1);
        }
        try {
            str = (String) attributes.get(this.manager.getGroupNameField()).get();
        } catch (Exception e) {
            str = "";
        }
        try {
            str2 = (String) attributes.get(this.manager.getGroupDescriptionField()).get();
        } catch (Exception e2) {
            str2 = "";
        }
        TreeSet treeSet = new TreeSet();
        Attribute attribute = attributes.get(this.manager.getGroupMemberField());
        this.Log.debug("Loading members of group: {}", str);
        if (attribute == null && PROCESSBIGGROUPS.getValue().booleanValue()) {
            NamingEnumeration all = attributes.getAll();
            while (true) {
                if (!all.hasMore()) {
                    break;
                }
                Attribute attribute2 = (Attribute) all.next();
                if (attribute2.getID().toLowerCase().startsWith(this.manager.getGroupMemberField())) {
                    attribute = attribute2;
                    break;
                }
            }
        }
        if (attribute != null) {
            NamingEnumeration all2 = attribute.getAll();
            while (all2.hasMore()) {
                String str3 = (String) all2.next();
                LdapName ldapName = null;
                if (!this.manager.isPosixMode()) {
                    try {
                        Matcher matcher = compile.matcher(str3);
                        if (matcher.matches() && matcher.groupCount() == 3) {
                            str3 = matcher.group(2);
                        } else {
                            ldapName = new LdapName(str3);
                            NamingEnumeration search = ldapContext.search("", "(&(" + ldapName.get(ldapName.size() - 1) + ')' + MessageFormat.format(this.manager.getSearchFilter(), HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_ALL) + ')', searchControls);
                            if (search.hasMoreElements()) {
                                while (true) {
                                    if (!search.hasMoreElements()) {
                                        break;
                                    }
                                    Attributes attributes2 = ((SearchResult) search.nextElement()).getAttributes();
                                    if (!equals) {
                                        str3 = (String) attributes2.get(this.manager.getUsernameField()).get();
                                        break;
                                    }
                                    if (str3.equals((String) attributes2.get("distinguishedName").get())) {
                                        str3 = (String) attributes2.get(this.manager.getUsernameField()).get();
                                        break;
                                    }
                                }
                            }
                            search.close();
                        }
                    } catch (Exception e3) {
                        this.Log.error("An unexpected exception occurred while processing an LDAP group {}, while iterating over user {}", new Object[]{str, str3, e3});
                    }
                }
                try {
                    if (!set.contains(str3)) {
                        int indexOf = str3.indexOf("@" + xMPPDomain);
                        if (indexOf == -1) {
                            String escapeNode = JID.escapeNode(str3);
                            this.userManager.getUser(escapeNode);
                            asBareJID = xMPPServer.createJID(escapeNode, null);
                        } else {
                            asBareJID = new JID(JID.escapeNode(str3.substring(0, indexOf)) + "@" + xMPPDomain).asBareJID();
                        }
                        treeSet.add(asBareJID);
                    }
                } catch (UserNotFoundException e4) {
                    boolean z = false;
                    if (this.manager.isFlattenNestedGroups()) {
                        if (this.manager.isPosixMode()) {
                            String retrieveSingle = this.manager.retrieveSingle(null, "(" + this.manager.getUsernameField() + "=" + LdapManager.sanitizeSearchFilter(str3) + ")", true);
                            if (retrieveSingle != null) {
                                ldapName = new LdapName(retrieveSingle);
                            }
                        } else if (ldapName == null) {
                            ldapName = new LdapName(str3);
                        }
                        if (ldapName != null && this.manager.isGroupDN(ldapName)) {
                            z = true;
                            if (!set.contains(ldapName.toString()) && !set.contains(str3)) {
                                set.add(str3);
                                set.add(ldapName.toString());
                                this.Log.debug("Adding members of sub-group: {}", ldapName);
                                treeSet.addAll(getGroupByDN(ldapName, set).getMembers());
                            }
                        }
                    }
                    if (!z && this.manager.isDebugEnabled()) {
                        this.Log.debug("LdapGroupProvider: User not found: " + str3);
                    }
                }
            }
            all2.close();
        }
        if (this.manager.isDebugEnabled()) {
            this.Log.debug("LdapGroupProvider: Adding group \"" + str + "\" with " + treeSet.size() + " members.");
        }
        return new Group(str, str2, treeSet, Collections.emptyList());
    }
}
