package org.yawlfoundation.yawl.resourcing.datastore.orgdata;

import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import javax.naming.AuthenticationException;
import javax.naming.InitialContext;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import org.apache.log4j.Logger;
import org.yawlfoundation.yawl.exceptions.YAuthenticationException;
import org.yawlfoundation.yawl.resourcing.resource.Participant;
import org.yawlfoundation.yawl.resourcing.resource.Role;
import org.yawlfoundation.yawl.util.PasswordEncryptor;

/* loaded from: input_file:org/yawlfoundation/yawl/resourcing/datastore/orgdata/LDAPSource.class */
public class LDAPSource extends DataSource {
    private Properties _props = null;
    private Hashtable<String, String> _attributeMap = null;
    private Hashtable<String, Object> _environment = null;
    private Hashtable<String, String> _user2nameMap = null;
    private HashMap<String, Role> _roles = null;
    private Logger _log = Logger.getLogger(getClass());

    public LDAPSource() {
        loadProperties();
        initMaps();
    }

    private void loadProperties() {
        try {
            this._props = new Properties();
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("LDAPSource.properties");
            if (resourceAsStream == null) {
                throw new Exception("LDAPSource.properties not found.");
            }
            this._props.load(resourceAsStream);
        } catch (Exception e) {
            this._log.error("Exception thrown when loading LDAP properties.", e);
            this._props = null;
        }
    }

    private void initMaps() {
        this._roles = new HashMap<>();
        if (getProperty("delegateauthentication").equalsIgnoreCase("true")) {
            this._user2nameMap = new Hashtable<>();
        }
    }

    private String getProperty(String str) {
        return this._props.getProperty(str);
    }

    private Hashtable<String, String> getAttributeMap() {
        if (this._attributeMap == null) {
            this._attributeMap = new Hashtable<>();
            if (this._props != null) {
                this._attributeMap.put("userid", getProperty("userid"));
                this._attributeMap.put("firstname", getProperty("firstname"));
                this._attributeMap.put("lastname", getProperty("lastname"));
                String property = getProperty("password");
                if (isNotNullOrEmpty(property)) {
                    this._attributeMap.put("password", property);
                }
                String property2 = getProperty("administrator");
                if (isNotNullOrEmpty(property2)) {
                    this._attributeMap.put("isAdmin", property2);
                }
                String property3 = getProperty("roles");
                if (isNotNullOrEmpty(property3)) {
                    this._attributeMap.put("roles", property3);
                }
            }
        }
        return this._attributeMap;
    }

    private Map<String, String> getNameBindingMap() throws NamingException {
        Hashtable hashtable = new Hashtable();
        InitialContext initialContext = new InitialContext(getEnvironment());
        for (String str : getProperty("binding").split(";")) {
            NamingEnumeration list = initialContext.list(str);
            while (list.hasMore()) {
                hashtable.put(((NameClassPair) list.next()).getName(), str);
            }
        }
        initialContext.close();
        return hashtable;
    }

    private Map<String, String> getControlledNameBindingMap(int i) throws NamingException, IOException {
        Hashtable hashtable = new Hashtable();
        byte[] bArr = null;
        InitialLdapContext initialLdapContext = new InitialLdapContext(getEnvironment(), (Control[]) null);
        initialLdapContext.setRequestControls(new Control[]{new PagedResultsControl(i, true)});
        for (String str : getProperty("binding").split(";")) {
            do {
                NamingEnumeration list = initialLdapContext.list(str);
                while (list != null && list.hasMore()) {
                    hashtable.put(((NameClassPair) list.next()).getName(), str);
                }
                PagedResultsResponseControl[] responseControls = initialLdapContext.getResponseControls();
                if (responseControls != null) {
                    for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                        if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                            bArr = pagedResultsResponseControl.getCookie();
                        }
                    }
                }
                initialLdapContext.setRequestControls(new Control[]{new PagedResultsControl(i, bArr, true)});
            } while (bArr != null);
        }
        initialLdapContext.close();
        return hashtable;
    }

    private String[] getAttributeIDNames() {
        return (String[]) getAttributeMap().values().toArray(new String[0]);
    }

    private Hashtable<String, Object> getEnvironment() {
        if (this._environment == null) {
            this._environment = new Hashtable<>();
            if (this._props != null) {
                this._environment.put("java.naming.provider.url", String.format("ldap://%s:%s", getProperty("host"), getProperty("port")));
                this._environment.put("java.naming.factory.initial", getProperty("contextfactory"));
                this._environment.put("java.naming.security.authentication", getProperty("authentication"));
                this._environment.put("java.naming.security.principal", getProperty("adminusername"));
                this._environment.put("java.naming.security.credentials", getProperty("adminpassword"));
            }
        }
        return this._environment;
    }

    private boolean matchesObjectClassFilter(DirContext dirContext, String str) throws NamingException {
        String property = getProperty("objectClassFilter");
        if (property == null || property.length() == 0 || property.equals("*")) {
            return true;
        }
        NamingEnumeration search = dirContext.getSchemaClassDefinition(str).search("", (Attributes) null);
        while (search.hasMore()) {
            if (((SearchResult) search.next()).getName().equals(property)) {
                return true;
            }
        }
        return false;
    }

    private HashMap<String, Participant> loadParticipants() throws NamingException, IOException {
        HashMap<String, Participant> hashMap = new HashMap<>();
        String[] attributeIDNames = getAttributeIDNames();
        InitialDirContext initialDirContext = new InitialDirContext(getEnvironment());
        int maxSizeLimit = getMaxSizeLimit();
        Map<String, String> controlledNameBindingMap = maxSizeLimit > 0 ? getControlledNameBindingMap(maxSizeLimit) : getNameBindingMap();
        for (String str : controlledNameBindingMap.keySet()) {
            String str2 = str + "," + controlledNameBindingMap.get(str);
            if (matchesObjectClassFilter(initialDirContext, str2)) {
                Participant createParticipant = createParticipant(str, initialDirContext.getAttributes(str2, attributeIDNames));
                if (createParticipant != null) {
                    hashMap.put(createParticipant.getID(), createParticipant);
                } else {
                    this._log.error("unable to create participant from LDAP entry: " + str);
                }
            }
        }
        initialDirContext.close();
        return hashMap;
    }

    private Participant createParticipant(String str, Attributes attributes) throws NamingException {
        Participant participant = null;
        String stringValue = getStringValue(attributes, "lastname");
        String stringValue2 = getStringValue(attributes, "firstname");
        String stringValue3 = getStringValue(attributes, "userid");
        if (allNotNullOrEmpty(stringValue, stringValue2, stringValue3)) {
            participant = new Participant(stringValue, stringValue2, stringValue3);
            participant.setID("U_" + stringValue3);
            if (this._user2nameMap != null) {
                this._user2nameMap.put(stringValue3, str);
            } else {
                participant.setPassword(loadUserPassword(attributes));
            }
            if (hasEnumeratedRoles()) {
                setRoles(participant, attributes);
            } else {
                setRoles(participant, getStringValue(attributes, "roles"));
            }
        }
        return participant;
    }

    private void setRoles(Participant participant, Attributes attributes) throws NamingException {
        Attribute attribute;
        if (attributes == null || (attribute = attributes.get(getProperty("roles"))) == null) {
            return;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMoreElements()) {
            addToRole(participant, String.valueOf(all.next()));
        }
    }

    private void setRoles(Participant participant, String str) {
        if (isNotNullOrEmpty(str)) {
            for (String str2 : str.split("\\s*,\\s*")) {
                addToRole(participant, str2);
            }
        }
    }

    private void addToRole(Participant participant, String str) {
        Role role = this._roles.get(str);
        if (role == null) {
            role = new Role(str);
            role.setID(str);
            this._roles.put(str, role);
        }
        role.addResource(participant);
        participant.addRole(role);
    }

    private String loadUserPassword(Attributes attributes) {
        String str = null;
        if (getAttributeMap().get("password") != null) {
            try {
                str = PasswordEncryptor.encrypt(new String(getByteValue(attributes, "password")));
            } catch (Exception e) {
            }
        }
        return str;
    }

    private String getStringValue(Attributes attributes, String str) throws NamingException {
        Attribute attribute = getAttribute(attributes, str);
        if (attribute != null) {
            return (String) attribute.get();
        }
        return null;
    }

    private byte[] getByteValue(Attributes attributes, String str) throws NamingException {
        Attribute attribute = getAttribute(attributes, str);
        if (attribute != null) {
            return (byte[]) attribute.get();
        }
        return null;
    }

    private Attribute getAttribute(Attributes attributes, String str) throws NamingException {
        return attributes.get(getAttributeMap().get(str));
    }

    private boolean isNotNullOrEmpty(String str) {
        return str != null && str.length() > 0;
    }

    private boolean allNotNullOrEmpty(String... strArr) {
        for (String str : strArr) {
            if (!isNotNullOrEmpty(str)) {
                return false;
            }
        }
        return true;
    }

    private boolean hasEnumeratedRoles() {
        String property = getProperty("roleformat");
        return property != null && property.equalsIgnoreCase("enumeration");
    }

    private int getMaxSizeLimit() {
        String property = getProperty("maxSizeLimit");
        if (property == null) {
            return 0;
        }
        try {
            return new Integer(property.trim()).intValue();
        } catch (NumberFormatException e) {
            this._log.warn("Ignoring invalid max size limit in LDAP properties: " + property);
            return 0;
        }
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public ResourceDataSet loadResources() {
        initMaps();
        ResourceDataSet resourceDataSet = new ResourceDataSet(this);
        if (this._props != null) {
            try {
                resourceDataSet.setParticipants(loadParticipants(), this);
                if (!this._roles.isEmpty()) {
                    resourceDataSet.setRoles(this._roles, this);
                }
            } catch (NamingException e) {
                this._log.error("Naming Exception thrown when attempting to retrieve org data from LDAP.", e);
            } catch (IOException e2) {
                this._log.error("IO Exception thrown when attempting to retrieve org data from LDAP.", e2);
            }
        }
        return resourceDataSet;
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public void update(Object obj) {
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public boolean delete(Object obj) {
        return false;
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public String insert(Object obj) {
        return null;
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public void importObj(Object obj) {
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public int execUpdate(String str) {
        return -1;
    }

    @Override // org.yawlfoundation.yawl.resourcing.datastore.orgdata.DataSource
    public boolean authenticate(String str, String str2) throws YAuthenticationException {
        if (this._user2nameMap == null) {
            throw new YAuthenticationException("Cannot authenticate user: LDAP Authentication disabled");
        }
        if (!this._user2nameMap.containsKey(str)) {
            throw new YAuthenticationException("Unknown userid");
        }
        Hashtable<String, Object> environment = getEnvironment();
        Object put = environment.put("java.naming.security.principal", this._user2nameMap.get(str) + "," + getProperty("binding"));
        Object put2 = environment.put("java.naming.security.credentials", str2);
        try {
            try {
                new InitialDirContext(environment);
                environment.put("java.naming.security.principal", put);
                environment.put("java.naming.security.credentials", put2);
                return true;
            } catch (NamingException e) {
                throw new YAuthenticationException("Cannot authenticate user: LDAP Authentication exception.", e);
            } catch (AuthenticationException e2) {
                environment.put("java.naming.security.principal", put);
                environment.put("java.naming.security.credentials", put2);
                return false;
            }
        } catch (Throwable th) {
            environment.put("java.naming.security.principal", put);
            environment.put("java.naming.security.credentials", put2);
            throw th;
        }
    }
}
