package org.ametys.plugins.core.impl.group.directory.ldap;

import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.core.group.Group;
import org.ametys.core.group.GroupIdentity;
import org.ametys.core.user.UserIdentity;

/* loaded from: input_file:org/ametys/plugins/core/impl/group/directory/ldap/GroupDrivenLdapGroupDirectory.class */
public class GroupDrivenLdapGroupDirectory extends AbstractLdapGroupDirectory {
    protected static final String __PARAM_USERS_RELATIVE_DN = "runtime.users.ldap.peopleDN";
    protected static final String __PARAM_USERS_LOGIN_ATTRIBUTE = "runtime.users.ldap.loginAttr";
    protected static final String __PARAM_GROUPS_MEMBER_ATTRIBUTE = "runtime.groups.ldap.member";
    protected Pattern _loginExtractionPattern;
    protected String _groupsMemberAttribute;
    protected String _usersRelativeDN;
    protected String _usersLoginAttribute;

    @Override // org.ametys.plugins.core.impl.group.directory.ldap.AbstractLdapGroupDirectory, org.ametys.core.group.directory.GroupDirectory
    public void init(String str, Map<String, Object> map) {
        super.init(str, map);
        this._usersRelativeDN = (String) map.get("runtime.users.ldap.peopleDN");
        this._usersLoginAttribute = (String) map.get("runtime.users.ldap.loginAttr");
        this._groupsMemberAttribute = (String) map.get(__PARAM_GROUPS_MEMBER_ATTRIBUTE);
        this._loginExtractionPattern = Pattern.compile("^(?:" + this._usersLoginAttribute + "=)?([^,]+)(,.*)?");
    }

    @Override // org.ametys.core.group.directory.GroupDirectory
    public Group getGroup(String str) {
        Group group = null;
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = new InitialDirContext(_getContextEnv());
                StringBuffer stringBuffer = new StringBuffer("(&");
                stringBuffer.append(this._groupsObjectFilter);
                stringBuffer.append("(");
                stringBuffer.append(this._groupsIdAttribute);
                stringBuffer.append("={0}))");
                namingEnumeration = dirContext.search(this._groupsRelativeDN, stringBuffer.toString(), new Object[]{str}, _getSearchConstraint());
                if (namingEnumeration.hasMoreElements()) {
                    group = _getUserGroup((SearchResult) namingEnumeration.nextElement());
                }
                _cleanup(dirContext, namingEnumeration);
            } catch (IllegalArgumentException e) {
                getLogger().error("Error missing at least one attribute or attribute value", e);
                _cleanup(dirContext, namingEnumeration);
            } catch (NamingException e2) {
                getLogger().error("Error communication with ldap server", e2);
                _cleanup(dirContext, namingEnumeration);
            }
            return group;
        } catch (Throwable th) {
            _cleanup(dirContext, namingEnumeration);
            throw th;
        }
    }

    @Override // org.ametys.core.group.directory.GroupDirectory
    public Set<Group> getGroups() {
        TreeSet treeSet = new TreeSet(new Comparator<Group>() { // from class: org.ametys.plugins.core.impl.group.directory.ldap.GroupDrivenLdapGroupDirectory.1
            @Override // java.util.Comparator
            public int compare(Group group, Group group2) {
                if (group.getIdentity().getId().equals(group2.getIdentity().getId())) {
                    return 0;
                }
                int compareTo = group.getLabel().toLowerCase().compareTo(group2.getLabel().toLowerCase());
                return compareTo == 0 ? group.getIdentity().getId().compareTo(group2.getIdentity().getId()) : compareTo;
            }
        });
        try {
            Iterator<SearchResult> it = _search(this._pageSize, this._groupsRelativeDN, this._groupsObjectFilter, _getSearchConstraint()).iterator();
            while (it.hasNext()) {
                Group _getUserGroup = _getUserGroup(it.next());
                if (_getUserGroup != null) {
                    treeSet.add(_getUserGroup);
                }
            }
        } catch (IllegalArgumentException e) {
            getLogger().error("Error missing at least one attribute or attribute value", e);
        }
        return treeSet;
    }

    @Override // org.ametys.core.group.directory.GroupDirectory
    public Set<String> getUserGroups(String str, String str2) {
        Set<String> set;
        if (!str2.equals(this._associatedPopulationId)) {
            return Collections.emptySet();
        }
        if (isCacheEnabled() && (set = (Set) getObjectFromCache(str)) != null) {
            return set;
        }
        HashSet hashSet = new HashSet();
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = new InitialDirContext(_getContextEnv());
                StringBuffer stringBuffer = new StringBuffer("(&");
                stringBuffer.append(this._groupsObjectFilter);
                stringBuffer.append("(|(");
                stringBuffer.append(this._groupsMemberAttribute);
                stringBuffer.append("=" + this._usersLoginAttribute + "={0},");
                stringBuffer.append(this._usersRelativeDN + ((this._usersRelativeDN.length() <= 0 || this._ldapBaseDN.length() <= 0) ? ConnectionHelper.DATABASE_UNKNOWN : ",") + this._ldapBaseDN);
                stringBuffer.append(")(");
                stringBuffer.append(this._groupsMemberAttribute);
                stringBuffer.append("=" + this._usersLoginAttribute + "={0}");
                stringBuffer.append(")(");
                stringBuffer.append(this._groupsMemberAttribute);
                stringBuffer.append("={0}");
                stringBuffer.append(")))");
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Searching groups of user '" + str + "' with base DN '" + this._groupsRelativeDN + "': '" + stringBuffer.toString() + "'.");
                }
                namingEnumeration = dirContext.search(this._groupsRelativeDN, stringBuffer.toString(), new Object[]{str}, _getSearchConstraint());
                int i = 0;
                while (namingEnumeration.hasMoreElements()) {
                    String _getGroupID = _getGroupID((SearchResult) namingEnumeration.nextElement());
                    if (_getGroupID != null) {
                        hashSet.add(_getGroupID);
                        i++;
                    }
                }
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug(i + " groups found for user '" + str + "'");
                }
                if (isCacheEnabled()) {
                    addObjectInCache(str, hashSet);
                }
                _cleanup(dirContext, namingEnumeration);
            } catch (NamingException e) {
                getLogger().error("Error communication with ldap server", e);
                _cleanup(dirContext, namingEnumeration);
            } catch (IllegalArgumentException e2) {
                getLogger().error("Error missing at least one attribute or attribute value", e2);
                _cleanup(dirContext, namingEnumeration);
            }
            return hashSet;
        } catch (Throwable th) {
            _cleanup(dirContext, namingEnumeration);
            throw th;
        }
    }

    protected String _getGroupID(SearchResult searchResult) {
        try {
            Attribute attribute = searchResult.getAttributes().get(this._groupsIdAttribute);
            if (attribute != null) {
                return (String) attribute.get();
            }
            getLogger().warn("Missing group id attribute : \"" + this._groupsIdAttribute + "\". Group will be ignored.");
            return null;
        } catch (NamingException e) {
            getLogger().warn("Missing at least one value for an attribute in an ldap entry.  Group will be ignored.", e);
            return null;
        }
    }

    protected Group _getUserGroup(SearchResult searchResult) {
        Attributes attributes = searchResult.getAttributes();
        try {
            Attribute attribute = attributes.get(this._groupsIdAttribute);
            if (attribute == null) {
                getLogger().warn("Missing group id attribute : \"" + this._groupsIdAttribute + "\". Group will be ignored.");
                return null;
            }
            String str = (String) attribute.get();
            Attribute attribute2 = attributes.get(this._groupsDescriptionAttribute);
            if (attribute2 == null) {
                getLogger().warn("Missing group description attribute : \"" + this._groupsDescriptionAttribute + "\". Group will be ignored.");
                return null;
            }
            Group group = new Group(new GroupIdentity(str, getId()), (String) attribute2.get(), this);
            Attribute attribute3 = attributes.get(this._groupsMemberAttribute);
            if (attribute3 != null) {
                NamingEnumeration all = attribute3.getAll();
                while (all.hasMore()) {
                    String str2 = (String) all.next();
                    Matcher matcher = this._loginExtractionPattern.matcher(str2);
                    if (matcher.matches()) {
                        group.addUser(new UserIdentity(matcher.group(1), this._associatedPopulationId));
                    } else if (getLogger().isWarnEnabled()) {
                        getLogger().warn("Unable to get the uid from the LDAP RDN entry : " + str2);
                    }
                }
                all.close();
            }
            return group;
        } catch (NamingException e) {
            getLogger().warn("Missing at least one value for an attribute in an ldap entry.  Group will be ignored.", e);
            return null;
        }
    }

    protected SearchControls _getSearchConstraint() {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{this._groupsIdAttribute, this._groupsDescriptionAttribute, this._groupsMemberAttribute});
        searchControls.setSearchScope(this._groupsSearchScope);
        return searchControls;
    }
}
