package org.linagora.linshare.ldap;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.Maps;
import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.HasControls;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.linagora.linshare.core.domain.entities.DomainPattern;
import org.linagora.linshare.core.domain.entities.Internal;
import org.linagora.linshare.core.domain.entities.LDAPConnection;
import org.linagora.linshare.core.domain.entities.LdapAttribute;
import org.linagora.linshare.core.domain.entities.User;
import org.linid.dm.authorization.lql.JScriptEvaluator;
import org.linid.dm.authorization.lql.LqlRequestCtx;
import org.linid.dm.authorization.lql.dnlist.IDnList;
import org.quartz.impl.jdbcjobstore.StdJDBCConstants;
import org.semanticdesktop.aperture.outlook.OutlookResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.ldap.authentication.BindAuthenticator;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/ldap/JScriptLdapQuery.class */
public class JScriptLdapQuery {
    private static final Logger logger = LoggerFactory.getLogger(JScriptLdapQuery.class);
    private JScriptEvaluator evaluator;
    private String baseDn;
    private DomainPattern domainPattern;
    private LqlRequestCtx lqlctx;
    private IDnList dnList;
    private BeanInfo beanInfo;
    private Pattern cleaner = Pattern.compile("[;,!|*()&]");

    public JScriptLdapQuery(LqlRequestCtx lqlRequestCtx, String str, DomainPattern domainPattern, IDnList iDnList) throws NamingException, IOException {
        this.lqlctx = lqlRequestCtx;
        this.evaluator = JScriptEvaluator.getInstance(lqlRequestCtx.getLdapCtx(), iDnList);
        this.baseDn = str;
        this.domainPattern = domainPattern;
        try {
            this.beanInfo = Introspector.getBeanInfo(Internal.class);
        } catch (IntrospectionException e) {
            logger.error("Introspection of Internal user class impossible.");
            logger.debug("message : " + e.getMessage());
        }
    }

    public String cleanLdapInputPattern(String str) {
        return this.cleaner.matcher(str).replaceAll("");
    }

    public List<String> evaluate(String str) throws NamingException {
        try {
            Date date = new Date();
            this.evaluator = JScriptEvaluator.getInstance(this.lqlctx.getLdapCtx(), this.dnList);
            List<String> evalToStringList = this.evaluator.evalToStringList(str, this.lqlctx.getVariables());
            if (logger.isDebugEnabled()) {
                logger.debug("diff : " + String.valueOf(new Date().getTime() - date.getTime()));
            }
            return evalToStringList;
        } catch (IOException e) {
            try {
                this.lqlctx.renewLdapCtx();
                return evaluate(str);
            } catch (NamingException e2) {
                return null;
            }
        }
    }

    private void logLqlQuery(String str, String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("lql command " + str);
            logger.debug("pattern: " + str2);
            logger.debug("ldap filter : " + str.replaceAll("\"[ ]*[+][ ]*pattern[ ]*[+][ ]*\"", str2).replaceAll("\"[ ]*[+][ ]*mail[ ]*[+][ ]*\"", str2));
        }
    }

    private void logLqlQuery(String str, String str2, String str3, String str4) {
        if (logger.isDebugEnabled()) {
            logger.debug("lql command " + str);
            logger.debug("first_name: " + str3);
            logger.debug("last_name: " + str4);
            String replaceAll = str.replaceAll("\"[ ]*[+][ ]*last_name[ ]*[+][ ]*\"", str4).replaceAll("\"[ ]*[+][ ]*first_name[ ]*[+][ ]*\"", str3);
            if (str2 != null) {
                replaceAll = replaceAll.replaceAll("\"[ ]*[+][ ]*mail[ ]*[+][ ]*\"", str2);
            }
            logger.debug("ldap filter : " + replaceAll);
        }
    }

    private void logLqlQuery(String str, String str2, String str3) {
        logLqlQuery(str, null, str2, str3);
    }

    public List<User> complete(String str) throws NamingException {
        String autoCompleteCommandOnAllAttributes = this.domainPattern.getAutoCompleteCommandOnAllAttributes();
        String addExpansionCharacters = addExpansionCharacters(str);
        this.lqlctx.getVariables().put("pattern", addExpansionCharacters);
        if (logger.isDebugEnabled()) {
            logLqlQuery(autoCompleteCommandOnAllAttributes, addExpansionCharacters);
        }
        return dnListToUsersList(evaluate(autoCompleteCommandOnAllAttributes), true);
    }

    public List<User> complete(String str, String str2) throws NamingException {
        String autoCompleteCommandOnFirstAndLastName = this.domainPattern.getAutoCompleteCommandOnFirstAndLastName();
        String addExpansionCharacters = addExpansionCharacters(str);
        String addExpansionCharacters2 = addExpansionCharacters(str2);
        Map<String, Object> variables = this.lqlctx.getVariables();
        variables.put("first_name", addExpansionCharacters);
        variables.put("last_name", addExpansionCharacters2);
        logLqlQuery(autoCompleteCommandOnFirstAndLastName, addExpansionCharacters, addExpansionCharacters2);
        return dnListToUsersList(evaluate(autoCompleteCommandOnFirstAndLastName), true);
    }

    private List<User> dnListToUsersList(List<String> list, boolean z) {
        ControlContext initControlContext = initControlContext(z);
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            logger.debug("current dn: " + str);
            Date date = new Date();
            User user = null;
            try {
                user = dnToUser(str, initControlContext.getLdapDbAttributes(), initControlContext.getSearchControls());
            } catch (NamingException e) {
                logger.error(e.getMessage());
                logger.debug(e.toString());
            }
            logger.debug("fin dnToUser : " + String.valueOf(new Date().getTime() - date.getTime()) + " milliseconds.");
            if (user != null) {
                arrayList.add(user);
            }
        }
        return arrayList;
    }

    private User dnToUser(String str, boolean z) throws NamingException {
        ControlContext initControlContext = initControlContext(z);
        return dnToUser(str, initControlContext.getLdapDbAttributes(), initControlContext.getSearchControls());
    }

    private ControlContext initControlContext(boolean z) {
        if (this.beanInfo == null) {
            logger.error("Introspection of Internal user class impossible. Bean inspector is not initialised.");
            return null;
        }
        Map<String, LdapAttribute> ldapDbAttributeForCompletion = z ? getLdapDbAttributeForCompletion() : getLdapDbAttribute();
        Collection<String> ldapAttrList = getLdapAttrList(ldapDbAttributeForCompletion);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        logger.debug("ldap attributes to retrieve : " + ldapAttrList.toString());
        searchControls.setReturningAttributes((String[]) ldapAttrList.toArray(new String[ldapAttrList.size()]));
        return new ControlContext(ldapDbAttributeForCompletion, searchControls);
    }

    private User dnToUser(String str, Map<String, LdapAttribute> map, SearchControls searchControls) throws NamingException {
        Internal internal = new Internal();
        NamingEnumeration search = this.lqlctx.getLdapCtx().search(str, "(objectclass=*)", searchControls);
        Integer num = new Integer(0);
        while (search != null && search.hasMore()) {
            num = Integer.valueOf(num.intValue() + 1);
            HasControls hasControls = (SearchResult) search.next();
            logger.debug("processing result : " + num);
            if (hasControls instanceof HasControls) {
                Control[] controls = hasControls.getControls();
                if (logger.isDebugEnabled()) {
                    logger.debug("entry name has controls " + controls.toString());
                }
            }
            for (String str2 : map.keySet()) {
                LdapAttribute ldapAttribute = map.get(str2);
                String attribute = ldapAttribute.getAttribute();
                Attribute attribute2 = hasControls.getAttributes().get(attribute);
                if (logger.isDebugEnabled()) {
                    logger.debug("field = " + str2 + ", ldap attribute = " + attribute);
                }
                boolean z = false;
                String str3 = null;
                try {
                    str3 = (String) attribute2.get();
                    if (logger.isDebugEnabled()) {
                        logger.debug("count of attribute values for : '" + attribute + "' :" + (attribute2 != null ? String.valueOf(attribute2.size()) : null));
                    }
                } catch (NullPointerException e) {
                    z = true;
                }
                if (str3 == null) {
                    z = true;
                }
                if (!z) {
                    logger.debug("value : " + str3);
                    if (!setUserAttribute(internal, str2, str3)) {
                        logger.error("Can not convert dn : '" + str + "' to an user object.");
                        logger.error("Can not set the field '" + str2 + "' (ldap attribute : '" + attribute + "') with value : " + str3);
                        return null;
                    }
                } else {
                    if (ldapAttribute.getSystem().booleanValue()) {
                        logger.error("Can not convert dn : '" + str + "' to an user object.");
                        logger.error("The field '" + str2 + "' (ldap attribute : '" + attribute + "') must exist in your ldap directory, it is required by the system.");
                        return null;
                    }
                    if (logger.isDebugEnabled()) {
                        logger.debug("The field '" + str2 + "' (ldap attribute : '" + attribute + "') is null.");
                    }
                }
            }
        }
        return internal;
    }

    private Collection<String> getLdapAttrList(Map<String, LdapAttribute> map) {
        return Maps.transformValues(map, new Function<LdapAttribute, String>() { // from class: org.linagora.linshare.ldap.JScriptLdapQuery.1
            @Override // com.google.common.base.Function
            public String apply(LdapAttribute ldapAttribute) {
                return ldapAttribute.getAttribute();
            }
        }).values();
    }

    private Map<String, LdapAttribute> getLdapDbAttributeForCompletion() {
        return Maps.filterValues(this.domainPattern.getAttributes(), new Predicate<LdapAttribute>() { // from class: org.linagora.linshare.ldap.JScriptLdapQuery.2
            @Override // com.google.common.base.Predicate
            public boolean apply(LdapAttribute ldapAttribute) {
                if (ldapAttribute.getEnable().booleanValue()) {
                    return ldapAttribute.getCompletion().booleanValue();
                }
                return false;
            }
        });
    }

    private Map<String, LdapAttribute> getLdapDbAttribute() {
        return Maps.filterValues(this.domainPattern.getAttributes(), new Predicate<LdapAttribute>() { // from class: org.linagora.linshare.ldap.JScriptLdapQuery.3
            @Override // com.google.common.base.Predicate
            public boolean apply(LdapAttribute ldapAttribute) {
                return ldapAttribute.getEnable().booleanValue();
            }
        });
    }

    private boolean setUserAttribute(User user, String str, String str2) {
        for (PropertyDescriptor propertyDescriptor : this.beanInfo.getPropertyDescriptors()) {
            Method writeMethod = propertyDescriptor.getWriteMethod();
            String str3 = DomainPattern.USER_METHOD_MAPPING.get(str);
            if (writeMethod != null && str3.equals(writeMethod.getName())) {
                try {
                    writeMethod.invoke(user, str2);
                    return true;
                } catch (Exception e) {
                    logger.error("Introspection : can not call method '" + writeMethod.getName() + "' on User object.");
                    logger.debug("message : " + e.getMessage());
                    return false;
                }
            }
        }
        return false;
    }

    public List<User> searchUser(String str, String str2, String str3) throws NamingException {
        String searchUserCommand = this.domainPattern.getSearchUserCommand();
        String addExpansionCharacters = addExpansionCharacters(str);
        String addExpansionCharacters2 = addExpansionCharacters(str2);
        String addExpansionCharacters3 = addExpansionCharacters(str3);
        Map<String, Object> variables = this.lqlctx.getVariables();
        variables.put(OutlookResource.Mail.ITEMTYPE, addExpansionCharacters);
        variables.put("first_name", addExpansionCharacters2);
        variables.put("last_name", addExpansionCharacters3);
        if (logger.isDebugEnabled()) {
            logLqlQuery(searchUserCommand, addExpansionCharacters, addExpansionCharacters2, addExpansionCharacters3);
        }
        return dnListToUsersList(evaluate(searchUserCommand), false);
    }

    public User findUser(String str) throws NamingException {
        String searchUserCommand = this.domainPattern.getSearchUserCommand();
        if (str == null || str.length() < 1) {
            return null;
        }
        Map<String, Object> variables = this.lqlctx.getVariables();
        variables.put(OutlookResource.Mail.ITEMTYPE, cleanLdapInputPattern(str));
        variables.put("first_name", "*");
        variables.put("last_name", "*");
        if (logger.isDebugEnabled()) {
            logLqlQuery(searchUserCommand, str, "*", "*");
        }
        List<String> evaluate = evaluate(searchUserCommand);
        if (evaluate.size() == 1) {
            return dnToUser(evaluate.get(0), false);
        }
        if (evaluate.size() <= 1) {
            return null;
        }
        logger.error("mail must be unique ! " + str);
        return null;
    }

    public Boolean isUserExist(String str) throws NamingException {
        if (str == null || str.length() < 1) {
            return false;
        }
        String searchUserCommand = this.domainPattern.getSearchUserCommand();
        Map<String, Object> variables = this.lqlctx.getVariables();
        variables.put(OutlookResource.Mail.ITEMTYPE, cleanLdapInputPattern(str));
        variables.put("first_name", "*");
        variables.put("last_name", "*");
        if (logger.isDebugEnabled()) {
            logLqlQuery(searchUserCommand, str, "*", "*");
        }
        List<String> evaluate = evaluate(searchUserCommand);
        if (evaluate != null && !evaluate.isEmpty()) {
            if (evaluate.size() == 1) {
                return true;
            }
            logger.error("Multiple results found for mail : " + str);
        }
        return false;
    }

    public User auth(LDAPConnection lDAPConnection, String str, String str2) throws NamingException {
        String authCommand = this.domainPattern.getAuthCommand();
        this.lqlctx.getVariables().put("login", cleanLdapInputPattern(str));
        if (logger.isDebugEnabled()) {
            logLqlQuery(authCommand, str);
        }
        List<String> evaluate = evaluate(authCommand);
        if (evaluate == null || evaluate.size() < 1) {
            throw new NameNotFoundException("No user found for login: " + str);
        }
        if (evaluate.size() > 1) {
            logger.error("The authentification query had returned more than one user !!!");
            return null;
        }
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl(lDAPConnection.getProviderUrl());
        ldapContextSource.setBase(this.baseDn);
        String str3 = evaluate.get(0);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str3, str2);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserDnPatterns(new String[]{StdJDBCConstants.TABLE_PREFIX_SUBST});
        try {
            ldapContextSource.afterPropertiesSet();
            bindAuthenticator.authenticate(usernamePasswordAuthenticationToken);
            return dnToUser(str3, false);
        } catch (BadCredentialsException e) {
            logger.debug("auth failed : BadCredentialsException(" + str3 + DefaultExpressionEngine.DEFAULT_INDEX_END);
            throw e;
        } catch (Exception e2) {
            logger.error("auth failed for unexpected exception: " + e2.getMessage());
            return null;
        }
    }

    public User searchForAuth(LDAPConnection lDAPConnection, String str) throws NamingException {
        String authCommand = this.domainPattern.getAuthCommand();
        this.lqlctx.getVariables().put("login", cleanLdapInputPattern(str));
        if (logger.isDebugEnabled()) {
            logLqlQuery(authCommand, str);
        }
        List<String> evaluate = evaluate(authCommand);
        if (evaluate == null || evaluate.size() < 1) {
            return null;
        }
        if (evaluate.size() <= 1) {
            return dnToUser(evaluate.get(0), false);
        }
        logger.error("The authentification query had returned more than one user !!!");
        return null;
    }

    private String addExpansionCharacters(String str) {
        String str2;
        if (str == null || str.length() < 1) {
            str2 = "*";
        } else {
            str2 = "*" + cleanLdapInputPattern(str).trim() + "*";
        }
        return str2;
    }
}
