package org.apache.gobblin.util;

import com.typesafe.config.Config;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.gobblin.password.PasswordManager;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/gobblin/util/LdapUtils.class */
public class LdapUtils {
    public static final String LDAP_PREFIX = "groupOwnershipService.ldap";
    public static final String LDAP_BASE_DN_KEY = "groupOwnershipService.ldap.baseDn";
    public static final String LDAP_HOST_KEY = "groupOwnershipService.ldap.host";
    public static final String LDAP_PORT_KEY = "groupOwnershipService.ldap.port";
    public static final String LDAP_USER_KEY = "groupOwnershipService.ldap.username";
    public static final String LDAP_PASSWORD_KEY = "groupOwnershipService.ldap.password";
    public static final String LDAP_USE_SECURE_TRUSTMANAGER = "groupOwnershipService.ldap.useSecureTrustManager";
    private static final Logger logger = Logger.getLogger(LdapUtils.class);
    private final String _ldapHost;
    private final String _ldapPort;
    private final String _ldapBaseDN;
    private final String _ldapUser;
    private final String _ldapPassword;
    private final boolean _ldapUseSecureTrustManager;
    private final String _personSearchFilter = "(&(objectcategory=Person)(samaccountname=%s))";
    private final String _groupSearchFilter = "(&(objectcategory=Group)(cn=%s))";
    private final String _memberSearchFilter = "(&(objectcategory=Person)(memberof=%s))";
    private final String _distinguishedName = "distinguishedName";
    private final String _samAccount = "sAMAccountName";
    private final String _memberOf = "memberof";

    public LdapUtils(Config config) {
        String readPassword = PasswordManager.getInstance(ConfigUtils.configToState(config)).readPassword(config.getString(LDAP_PASSWORD_KEY));
        this._ldapHost = config.getString(LDAP_HOST_KEY);
        this._ldapPort = config.getString(LDAP_PORT_KEY);
        this._ldapUser = config.getString(LDAP_USER_KEY);
        this._ldapPassword = readPassword;
        this._ldapBaseDN = config.getString(LDAP_BASE_DN_KEY);
        if (config.hasPath(LDAP_USE_SECURE_TRUSTMANAGER)) {
            this._ldapUseSecureTrustManager = config.getBoolean(LDAP_USE_SECURE_TRUSTMANAGER);
        } else {
            this._ldapUseSecureTrustManager = false;
        }
    }

    private DirContext getDirContext(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", String.format("ldaps://%s:%s", this._ldapHost, this._ldapPort));
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.protocol", "ssl");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        if (this._ldapUseSecureTrustManager) {
            hashtable.put("java.naming.ldap.factory.socket", TrustManagerSecureSocketFactory.class.getCanonicalName());
        } else {
            hashtable.put("java.naming.ldap.factory.socket", TrustManagerSocketFactory.class.getCanonicalName());
        }
        return new InitialDirContext(hashtable);
    }

    private NamingEnumeration<SearchResult> searchLDAP(String str, DirContext dirContext) throws NamingException {
        String str2 = this._ldapBaseDN;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return dirContext.search(str2, str, searchControls);
    }

    private String getAttribute(SearchResult searchResult, String str) throws NamingException {
        return searchResult.getAttributes().get(str).get().toString();
    }

    public Set<String> getGroupMembers(String str) throws NamingException {
        if (this._ldapUser == null || this._ldapPassword == null) {
            throw new IllegalStateException("Username and password must be provided when initiating the class");
        }
        HashSet hashSet = new HashSet();
        DirContext dirContext = getDirContext(this._ldapUser, this._ldapPassword);
        logger.info("Searching for groups");
        String format = String.format("(&(objectcategory=Person)(memberof=%s))", getAttribute((SearchResult) searchLDAP(String.format("(&(objectcategory=Group)(cn=%s))", str), dirContext).next(), "distinguishedName"));
        logger.info("Searching for members");
        NamingEnumeration<SearchResult> searchLDAP = searchLDAP(format, dirContext);
        while (searchLDAP.hasMoreElements()) {
            hashSet.add(getAttribute((SearchResult) searchLDAP.next(), "sAMAccountName"));
        }
        logger.info(String.format("Members part of group %s: %s", str, hashSet.toString()));
        return hashSet;
    }
}
