package org.jboss.security.mapping.providers.attribute;

import com.trendmicro.directpass.firebase.FcmConstant;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.management.ObjectName;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityConstants;
import org.jboss.security.Util;
import org.jboss.security.identity.Attribute;
import org.jboss.security.identity.AttributeFactory;
import org.jboss.security.mapping.MappingProvider;
import org.jboss.security.mapping.MappingResult;

/* loaded from: classes3.dex */
public class LdapAttributeMappingProvider implements MappingProvider<List<Attribute<String>>> {
    private static final String ATTRIBUTE_LIST_OPT = "attributeList";
    private static final String BASE_CTX_DN = "baseCtxDN";
    private static final String BASE_FILTER_OPT = "baseFilter";
    private static final String BIND_CREDENTIAL = "bindCredential";
    private static final String BIND_DN = "bindDN";
    private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
    private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
    private MappingResult<List<Attribute<String>>> mappingResult;
    private Map<String, Object> options;
    protected int searchTimeLimit = 10000;

    private InitialLdapContext constructInitialLdapContext(String str, Object obj) throws NamingException {
        Properties properties = new Properties();
        for (Map.Entry<String, Object> entry : this.options.entrySet()) {
            properties.put(entry.getKey(), entry.getValue());
        }
        if (properties.getProperty("java.naming.factory.initial") == null) {
            properties.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        }
        if (properties.getProperty("java.naming.security.authentication") == null) {
            properties.setProperty("java.naming.security.authentication", FcmConstant.METHOD_Simple);
        }
        String property = properties.getProperty("java.naming.security.protocol");
        String str2 = (String) this.options.get("java.naming.provider.url");
        if (str2 == null) {
            StringBuilder sb = new StringBuilder();
            sb.append("ldap://localhost:");
            sb.append((property == null || !property.equals("ssl")) ? "389" : "636");
            str2 = sb.toString();
        }
        properties.setProperty("java.naming.provider.url", str2);
        if (str != null) {
            properties.setProperty("java.naming.security.principal", str);
        }
        if (obj != null) {
            properties.put("java.naming.security.credentials", obj);
        }
        traceLDAPEnv(properties);
        return new InitialLdapContext(properties, (Control[]) null);
    }

    private String[] getNeededAttributes(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private void traceLDAPEnv(Properties properties) {
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        if (properties2.containsKey("java.naming.security.credentials")) {
            properties2.setProperty("java.naming.security.credentials", "******");
        }
        if (properties2.containsKey(BIND_CREDENTIAL)) {
            properties2.setProperty(BIND_CREDENTIAL, "******");
        }
        PicketBoxLogger.LOGGER.traceLDAPConnectionEnv(properties2);
    }

    @Override // org.jboss.security.mapping.MappingProvider
    public void init(Map<String, Object> map) {
        this.options = map;
    }

    @Override // org.jboss.security.mapping.MappingProvider
    public /* bridge */ /* synthetic */ void performMapping(Map map, List<Attribute<String>> list) {
        performMapping2((Map<String, Object>) map, list);
    }

    /* renamed from: performMapping, reason: avoid collision after fix types in other method */
    public void performMapping2(Map<String, Object> map, List<Attribute<String>> list) {
        ArrayList arrayList = new ArrayList();
        Principal principal = (Principal) map.get(SecurityConstants.PRINCIPAL_IDENTIFIER);
        if (principal != null) {
            String name = principal.getName();
            String str = (String) this.options.get(BIND_DN);
            if (str == null || str.length() == 0) {
                PicketBoxLogger.LOGGER.traceBindDNNotFound();
                return;
            }
            String str2 = (String) this.options.get(BIND_CREDENTIAL);
            if (Util.isPasswordCommand(str2)) {
                try {
                    str2 = new String(Util.loadPassword(str2));
                } catch (Exception e2) {
                    PicketBoxLogger.LOGGER.errorDecryptingBindCredential(e2);
                    return;
                }
            }
            String str3 = (String) this.options.get(SECURITY_DOMAIN_OPT);
            if (str3 != null) {
                try {
                    str2 = new String(MappingProvidersDecodeAction.decode(str2, new ObjectName(str3)));
                } catch (Exception e3) {
                    PicketBoxLogger.LOGGER.errorDecryptingBindCredential(e3);
                    return;
                }
            }
            ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
            if (contextClassLoader != null) {
                try {
                    SecurityActions.setContextClassLoader(null);
                } catch (NamingException e4) {
                    throw new RuntimeException((Throwable) e4);
                }
            }
            InitialLdapContext constructInitialLdapContext = constructInitialLdapContext(str, str2);
            String str4 = (String) this.options.get(SEARCH_TIME_LIMIT_OPT);
            if (str4 != null) {
                try {
                    this.searchTimeLimit = Integer.parseInt(str4);
                } catch (NumberFormatException unused) {
                    PicketBoxLogger.LOGGER.debugFailureToParseNumberProperty(SEARCH_TIME_LIMIT_OPT, this.searchTimeLimit);
                }
            }
            if (this.searchTimeLimit == 0) {
                this.searchTimeLimit = 10000;
            }
            String str5 = (String) this.options.get(BASE_CTX_DN);
            String str6 = (String) this.options.get(BASE_FILTER_OPT);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setTimeLimit(this.searchTimeLimit);
            searchControls.setReturningAttributes(getNeededAttributes((String) this.options.get(ATTRIBUTE_LIST_OPT)));
            Object[] objArr = {name};
            try {
                if (str5 == null) {
                    throw PicketBoxMessages.MESSAGES.invalidNullArgument(BASE_CTX_DN);
                }
                NamingEnumeration search = constructInitialLdapContext.search(str5, str6, objArr, searchControls);
                if (!search.hasMore()) {
                    search.close();
                    throw PicketBoxMessages.MESSAGES.failedToFindBaseContextDN(str5);
                }
                SearchResult searchResult = (SearchResult) search.next();
                String name2 = searchResult.getName();
                if (!searchResult.isRelative()) {
                    throw PicketBoxMessages.MESSAGES.unableToFollowReferralForAuth(name2);
                }
                String str7 = name2 + "," + str5;
                search.close();
                NamingEnumeration search2 = constructInitialLdapContext.search(str7, str6, new Object[]{name, str7}, searchControls);
                while (search2.hasMore()) {
                    try {
                        NamingEnumeration all = ((SearchResult) search2.next()).getAttributes().getAll();
                        while (all != null && all.hasMoreElements()) {
                            javax.naming.directory.Attribute attribute = (javax.naming.directory.Attribute) all.next();
                            if ("mail".equalsIgnoreCase(attribute.getID())) {
                                arrayList.add(AttributeFactory.createEmailAddress((String) attribute.get()));
                            } else {
                                arrayList.add(AttributeFactory.createAttribute(attribute.getID(), (String) attribute.get()));
                            }
                        }
                    } catch (Throwable th) {
                        if (search2 != null) {
                            search2.close();
                        }
                        constructInitialLdapContext.close();
                        if (contextClassLoader != null) {
                            SecurityActions.setContextClassLoader(contextClassLoader);
                        }
                        throw th;
                    }
                }
                search2.close();
                constructInitialLdapContext.close();
                if (contextClassLoader != null) {
                    SecurityActions.setContextClassLoader(contextClassLoader);
                }
            } catch (NamingException e5) {
                PicketBoxLogger.LOGGER.debugIgnoredException(e5);
                return;
            }
        }
        list.addAll(arrayList);
        this.mappingResult.setMappedObject(list);
    }

    @Override // org.jboss.security.mapping.MappingProvider
    public void setMappingResult(MappingResult<List<Attribute<String>>> mappingResult) {
        this.mappingResult = mappingResult;
    }

    @Override // org.jboss.security.mapping.MappingProvider
    public boolean supports(Class<?> cls) {
        return Attribute.class.isAssignableFrom(cls);
    }
}
