package org.apache.jackrabbit.oak.security.authentication.ldap.impl;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.security.auth.login.LoginException;
import org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsDecorator;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.SearchCursor;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchResultDone;
import org.apache.directory.api.ldap.model.message.SearchResultEntry;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.message.controls.PagedResults;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.ldap.client.api.AbstractPoolableLdapConnectionFactory;
import org.apache.directory.ldap.client.api.DefaultLdapConnectionValidator;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool;
import org.apache.directory.ldap.client.api.LookupLdapConnectionValidator;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.commons.iterator.AbstractLazyIterator;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(policy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.class */
public class LdapIdentityProvider implements ExternalIdentityProvider {
    private static final Logger log = LoggerFactory.getLogger(LdapIdentityProvider.class);
    private LdapProviderConfig config;
    private LdapConnectionPool adminPool;
    private AbstractPoolableLdapConnectionFactory adminConnectionFactory;
    private UnboundLdapConnectionPool userPool;
    private PoolableUnboundConnectionFactory userConnectionFactory;
    private String[] enabledSSLProtocols;

    public LdapIdentityProvider() {
    }

    public LdapIdentityProvider(@Nonnull LdapProviderConfig ldapProviderConfig) {
        this.config = ldapProviderConfig;
        init();
    }

    @Activate
    private void activate(Map<String, Object> map) {
        this.config = LdapProviderConfig.of(ConfigurationParameters.of(map));
        init();
    }

    @Deactivate
    private void deactivate() {
        close();
    }

    public void close() {
        if (this.adminPool != null) {
            try {
                this.adminPool.close();
            } catch (Exception e) {
                log.warn("Error while closing LDAP connection pool", e);
            }
            this.adminPool = null;
        }
        if (this.userPool != null) {
            try {
                this.userPool.close();
            } catch (Exception e2) {
                log.warn("Error while closing LDAP connection pool", e2);
            }
            this.userPool = null;
        }
    }

    @Nonnull
    public String getName() {
        return this.config.getName();
    }

    public ExternalIdentity getIdentity(@Nonnull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (!isMyRef(externalIdentityRef)) {
            return null;
        }
        LdapConnection connect = connect();
        try {
            try {
                Entry lookup = connect.lookup(externalIdentityRef.getId(), new String[]{"*"});
                if (lookup == null) {
                    return null;
                }
                if (lookup.hasObjectClass(this.config.getUserConfig().getObjectClasses())) {
                    ExternalUser createUser = createUser(lookup, null);
                    disconnect(connect);
                    return createUser;
                }
                if (lookup.hasObjectClass(this.config.getGroupConfig().getObjectClasses())) {
                    ExternalGroup createGroup = createGroup(lookup, null);
                    disconnect(connect);
                    return createGroup;
                }
                log.warn("referenced identity is neither user or group: {}", externalIdentityRef.getString());
                disconnect(connect);
                return null;
            } catch (LdapException e) {
                throw lookupFailedException(e, null);
            }
        } finally {
            disconnect(connect);
        }
    }

    public ExternalUser getUser(@Nonnull String str) throws ExternalIdentityException {
        DebugTimer debugTimer = new DebugTimer();
        LdapConnection connect = connect();
        debugTimer.mark("connect");
        try {
            try {
                try {
                    Entry entry = getEntry(connect, this.config.getUserConfig(), str);
                    debugTimer.mark("lookup");
                    if (log.isDebugEnabled()) {
                        log.debug("getUser({}) {}", str, debugTimer.getString());
                    }
                    if (entry == null) {
                        return null;
                    }
                    ExternalUser createUser = createUser(entry, str);
                    disconnect(connect);
                    return createUser;
                } catch (CursorException e) {
                    throw lookupFailedException(e, debugTimer);
                }
            } catch (LdapException e2) {
                throw lookupFailedException(e2, debugTimer);
            }
        } finally {
            disconnect(connect);
        }
    }

    public ExternalGroup getGroup(@Nonnull String str) throws ExternalIdentityException {
        DebugTimer debugTimer = new DebugTimer();
        LdapConnection connect = connect();
        debugTimer.mark("connect");
        try {
            try {
                try {
                    Entry entry = getEntry(connect, this.config.getGroupConfig(), str);
                    debugTimer.mark("lookup");
                    if (log.isDebugEnabled()) {
                        log.debug("getGroup({}) {}", str, debugTimer.getString());
                    }
                    if (entry == null) {
                        return null;
                    }
                    ExternalGroup createGroup = createGroup(entry, str);
                    disconnect(connect);
                    return createGroup;
                } catch (CursorException e) {
                    throw lookupFailedException(e, debugTimer);
                }
            } catch (LdapException e2) {
                throw lookupFailedException(e2, debugTimer);
            }
        } finally {
            disconnect(connect);
        }
    }

    @Nonnull
    public Iterator<ExternalUser> listUsers() throws ExternalIdentityException {
        DebugTimer debugTimer = new DebugTimer();
        LdapConnection connect = connect();
        debugTimer.mark("connect");
        try {
            try {
                try {
                    final List<Entry> entries = getEntries(connect, this.config.getUserConfig());
                    debugTimer.mark("lookup");
                    if (log.isDebugEnabled()) {
                        log.debug("listUsers() {}", debugTimer.getString());
                    }
                    AbstractLazyIterator<ExternalUser> abstractLazyIterator = new AbstractLazyIterator<ExternalUser>() { // from class: org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.1
                        private final Iterator<Entry> iter;

                        {
                            this.iter = entries.iterator();
                        }

                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: getNext, reason: merged with bridge method [inline-methods] */
                        public ExternalUser m2getNext() {
                            while (this.iter.hasNext()) {
                                try {
                                    return LdapIdentityProvider.this.createUser(this.iter.next(), null);
                                } catch (LdapInvalidAttributeValueException e) {
                                    LdapIdentityProvider.log.warn("Error while creating external user object", e);
                                }
                            }
                            return null;
                        }
                    };
                    disconnect(connect);
                    return abstractLazyIterator;
                } catch (LdapException e) {
                    throw lookupFailedException(e, debugTimer);
                }
            } catch (CursorException e2) {
                throw lookupFailedException(e2, debugTimer);
            }
        } catch (Throwable th) {
            disconnect(connect);
            throw th;
        }
    }

    @Nonnull
    public Iterator<ExternalGroup> listGroups() throws ExternalIdentityException {
        DebugTimer debugTimer = new DebugTimer();
        LdapConnection connect = connect();
        debugTimer.mark("connect");
        try {
            try {
                try {
                    final List<Entry> entries = getEntries(connect, this.config.getGroupConfig());
                    debugTimer.mark("lookup");
                    if (log.isDebugEnabled()) {
                        log.debug("listGroups() {}", debugTimer.getString());
                    }
                    AbstractLazyIterator<ExternalGroup> abstractLazyIterator = new AbstractLazyIterator<ExternalGroup>() { // from class: org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider.2
                        private final Iterator<Entry> iter;

                        {
                            this.iter = entries.iterator();
                        }

                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: getNext, reason: merged with bridge method [inline-methods] */
                        public ExternalGroup m3getNext() {
                            while (this.iter.hasNext()) {
                                try {
                                    return LdapIdentityProvider.this.createGroup(this.iter.next(), null);
                                } catch (LdapInvalidAttributeValueException e) {
                                    LdapIdentityProvider.log.warn("Error while creating external user object", e);
                                }
                            }
                            return null;
                        }
                    };
                    disconnect(connect);
                    return abstractLazyIterator;
                } catch (LdapException e) {
                    throw lookupFailedException(e, debugTimer);
                }
            } catch (CursorException e2) {
                throw lookupFailedException(e2, debugTimer);
            }
        } catch (Throwable th) {
            disconnect(connect);
            throw th;
        }
    }

    public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
        if (!(credentials instanceof SimpleCredentials)) {
            log.debug("LDAP IDP can only authenticate SimpleCredentials.");
            return null;
        }
        SimpleCredentials simpleCredentials = (SimpleCredentials) credentials;
        ExternalUser user = getUser(simpleCredentials.getUserID());
        if (user != null) {
            if (simpleCredentials.getPassword().length == 0) {
                throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
            }
            LdapConnection ldapConnection = null;
            try {
                try {
                    try {
                        DebugTimer debugTimer = new DebugTimer();
                        ldapConnection = this.userPool == null ? this.userConnectionFactory.m6makeObject() : this.userPool.getConnection();
                        debugTimer.mark("connect");
                        ldapConnection.bind(user.getExternalId().getId(), new String(simpleCredentials.getPassword()));
                        debugTimer.mark("bind");
                        if (log.isDebugEnabled()) {
                            log.debug("authenticate({}) {}", user.getId(), debugTimer.getString());
                        }
                    } finally {
                        if (ldapConnection != null) {
                            try {
                                if (this.userPool == null) {
                                    this.userConnectionFactory.destroyObject(ldapConnection);
                                } else {
                                    this.userPool.releaseConnection(ldapConnection);
                                }
                            } catch (Exception e) {
                            }
                        }
                    }
                } catch (LdapAuthenticationException e2) {
                    throw new LoginException("Unable to authenticate against LDAP server: " + e2.getMessage());
                }
            } catch (Exception e3) {
                throw new ExternalIdentityException("Error while binding user credentials", e3);
            }
        }
        return user;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (!isMyRef(externalIdentityRef)) {
            return Collections.emptyMap();
        }
        String memberOfSearchFilter = this.config.getMemberOfSearchFilter(externalIdentityRef.getId());
        LdapConnection ldapConnection = null;
        SearchCursor searchCursor = null;
        try {
            try {
                SearchRequestImpl searchRequestImpl = new SearchRequestImpl();
                searchRequestImpl.setScope(SearchScope.SUBTREE);
                searchRequestImpl.addAttributes(new String[]{"1.1"});
                searchRequestImpl.setTimeLimit((int) this.config.getSearchTimeout());
                searchRequestImpl.setBase(new Dn(new String[]{this.config.getGroupConfig().getBaseDN()}));
                searchRequestImpl.setFilter(memberOfSearchFilter);
                HashMap hashMap = new HashMap();
                DebugTimer debugTimer = new DebugTimer();
                ldapConnection = connect();
                debugTimer.mark("connect");
                searchCursor = ldapConnection.search(searchRequestImpl);
                debugTimer.mark("search");
                while (searchCursor.next()) {
                    SearchResultEntry searchResultEntry = (Response) searchCursor.get();
                    if (searchResultEntry instanceof SearchResultEntry) {
                        ExternalIdentityRef externalIdentityRef2 = new ExternalIdentityRef(searchResultEntry.getEntry().getDn().toString(), getName());
                        hashMap.put(externalIdentityRef2.getId(), externalIdentityRef2);
                    }
                }
                debugTimer.mark("iterate");
                if (log.isDebugEnabled()) {
                    log.debug("search below {} with {} found {} entries. {}", new Object[]{this.config.getGroupConfig().getBaseDN(), memberOfSearchFilter, Integer.valueOf(hashMap.size()), debugTimer.getString()});
                }
                if (searchCursor != null) {
                    searchCursor.close();
                }
                disconnect(ldapConnection);
                return hashMap;
            } catch (Exception e) {
                log.error("Error during ldap membership search.", e);
                throw new ExternalIdentityException("Error during ldap membership search.", e);
            }
        } catch (Throwable th) {
            if (searchCursor != null) {
                searchCursor.close();
            }
            disconnect(ldapConnection);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (!isMyRef(externalIdentityRef)) {
            return Collections.emptyMap();
        }
        LdapConnection ldapConnection = null;
        try {
            try {
                HashMap hashMap = new HashMap();
                DebugTimer debugTimer = new DebugTimer();
                ldapConnection = connect();
                debugTimer.mark("connect");
                Entry lookup = ldapConnection.lookup(externalIdentityRef.getId());
                debugTimer.mark("lookup");
                Attribute attribute = lookup.get(this.config.getGroupMemberAttribute());
                if (attribute == null) {
                    log.warn("LDAP group does not have configured attribute: {}", this.config.getGroupMemberAttribute());
                } else {
                    Iterator it = attribute.iterator();
                    while (it.hasNext()) {
                        ExternalIdentityRef externalIdentityRef2 = new ExternalIdentityRef(((Value) it.next()).getString(), getName());
                        hashMap.put(externalIdentityRef2.getId(), externalIdentityRef2);
                    }
                }
                debugTimer.mark("iterate");
                if (log.isDebugEnabled()) {
                    log.debug("members lookup of {} found {} members. {}", new Object[]{externalIdentityRef.getId(), Integer.valueOf(hashMap.size()), debugTimer.getString()});
                }
                disconnect(ldapConnection);
                return hashMap;
            } catch (Exception e) {
                log.error("Error during ldap group members lookup.", e);
                throw new ExternalIdentityException("Error during ldap group members lookup.", e);
            }
        } catch (Throwable th) {
            disconnect(ldapConnection);
            throw th;
        }
    }

    private void init() {
        if (this.adminConnectionFactory != null) {
            throw new IllegalStateException("Provider already initialized.");
        }
        try {
            this.enabledSSLProtocols = null;
            SSLContext.getInstance("TLSv1.1");
        } catch (NoSuchAlgorithmException e) {
            log.warn("JDK does not support TLSv1.1. Disabling it.");
            this.enabledSSLProtocols = new String[]{"TLSv1"};
        }
        LdapConnectionConfig createConnectionConfig = createConnectionConfig();
        String bindDN = this.config.getBindDN();
        if (bindDN != null && !bindDN.isEmpty()) {
            createConnectionConfig.setName(bindDN);
            createConnectionConfig.setCredentials(this.config.getBindPassword());
        }
        this.adminConnectionFactory = new ValidatingPoolableLdapConnectionFactory(createConnectionConfig);
        if (this.config.getAdminPoolConfig().lookupOnValidate()) {
            this.adminConnectionFactory.setValidator(new LookupLdapConnectionValidator());
        } else {
            this.adminConnectionFactory.setValidator(new DefaultLdapConnectionValidator());
        }
        if (this.config.getAdminPoolConfig().getMaxActive() != 0) {
            this.adminPool = new LdapConnectionPool(this.adminConnectionFactory);
            this.adminPool.setTestOnBorrow(true);
            this.adminPool.setMaxActive(this.config.getAdminPoolConfig().getMaxActive());
            this.adminPool.setWhenExhaustedAction((byte) 1);
        }
        this.userConnectionFactory = new PoolableUnboundConnectionFactory(createConnectionConfig());
        if (this.config.getUserPoolConfig().lookupOnValidate()) {
            this.userConnectionFactory.setValidator(new UnboundLookupConnectionValidator());
        } else {
            this.userConnectionFactory.setValidator(new UnboundConnectionValidator());
        }
        if (this.config.getUserPoolConfig().getMaxActive() != 0) {
            this.userPool = new UnboundLdapConnectionPool(this.userConnectionFactory);
            this.userPool.setTestOnBorrow(true);
            this.userPool.setMaxActive(this.config.getUserPoolConfig().getMaxActive());
            this.userPool.setWhenExhaustedAction((byte) 1);
        }
        log.info("LdapIdentityProvider initialized: {}", this.config);
    }

    @Nonnull
    private LdapConnectionConfig createConnectionConfig() {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(this.config.getHostname());
        ldapConnectionConfig.setLdapPort(this.config.getPort());
        ldapConnectionConfig.setUseSsl(this.config.useSSL());
        ldapConnectionConfig.setUseTls(this.config.useTLS());
        if (this.config.noCertCheck()) {
            ldapConnectionConfig.setTrustManagers(new TrustManager[]{new NoVerificationTrustManager()});
        }
        if (this.enabledSSLProtocols != null) {
            ldapConnectionConfig.setEnabledProtocols(this.enabledSSLProtocols);
        }
        return ldapConnectionConfig;
    }

    /* JADX WARN: Finally extract failed */
    @CheckForNull
    private Entry getEntry(@Nonnull LdapConnection ldapConnection, @Nonnull LdapProviderConfig.Identity identity, @Nonnull String str) throws CursorException, LdapException {
        String searchFilter = identity.getSearchFilter(str);
        SearchRequestImpl searchRequestImpl = new SearchRequestImpl();
        searchRequestImpl.setScope(SearchScope.SUBTREE);
        searchRequestImpl.addAttributes(new String[]{"*"});
        searchRequestImpl.setTimeLimit((int) this.config.getSearchTimeout());
        searchRequestImpl.setBase(new Dn(new String[]{identity.getBaseDN()}));
        searchRequestImpl.setFilter(searchFilter);
        SearchCursor searchCursor = null;
        Entry entry = null;
        try {
            searchCursor = ldapConnection.search(searchRequestImpl);
            while (searchCursor.next()) {
                if (entry != null) {
                    log.warn("search for {} returned more than one entry. discarding additional ones.", searchFilter);
                } else {
                    SearchResultEntry searchResultEntry = (Response) searchCursor.get();
                    if (searchResultEntry instanceof SearchResultEntry) {
                        entry = searchResultEntry.getEntry();
                    }
                }
            }
            if (searchCursor != null) {
                searchCursor.close();
            }
            if (log.isDebugEnabled()) {
                if (entry == null) {
                    log.debug("search below {} with {} found 0 entries.", identity.getBaseDN(), searchFilter);
                } else {
                    log.debug("search below {} with {} found {}", new Object[]{identity.getBaseDN(), searchFilter, entry.getDn()});
                }
            }
            return entry;
        } catch (Throwable th) {
            if (searchCursor != null) {
                searchCursor.close();
            }
            throw th;
        }
    }

    @Nonnull
    private List<Entry> getEntries(@Nonnull LdapConnection ldapConnection, @Nonnull LdapProviderConfig.Identity identity) throws CursorException, LdapException {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        for (String str : identity.getObjectClasses()) {
            i++;
            sb.append("(objectclass=").append(LdapProviderConfig.encodeFilterValue(str)).append(')');
        }
        String extraFilter = identity.getExtraFilter();
        if (extraFilter != null && !extraFilter.isEmpty()) {
            i++;
            sb.append(extraFilter);
        }
        String sb2 = i > 1 ? "(&" + ((Object) sb) + ')' : sb.toString();
        byte[] bArr = null;
        LinkedList linkedList = new LinkedList();
        while (true) {
            SearchRequestImpl searchRequestImpl = new SearchRequestImpl();
            searchRequestImpl.setScope(SearchScope.SUBTREE);
            searchRequestImpl.addAttributes(new String[]{"*"});
            searchRequestImpl.setTimeLimit((int) this.config.getSearchTimeout());
            searchRequestImpl.setBase(new Dn(new String[]{identity.getBaseDN()}));
            searchRequestImpl.setFilter(sb2);
            PagedResultsDecorator pagedResultsDecorator = new PagedResultsDecorator(ldapConnection.getCodecService());
            pagedResultsDecorator.setSize(1000);
            pagedResultsDecorator.setCookie(bArr);
            searchRequestImpl.addControl(pagedResultsDecorator);
            SearchCursor searchCursor = null;
            try {
                searchCursor = ldapConnection.search(searchRequestImpl);
                while (searchCursor.next()) {
                    SearchResultEntry searchResultEntry = (Response) searchCursor.get();
                    if (searchResultEntry instanceof SearchResultEntry) {
                        Entry entry = searchResultEntry.getEntry();
                        linkedList.add(entry);
                        if (log.isDebugEnabled()) {
                            log.debug("search below {} with {} found {}", new Object[]{identity.getBaseDN(), sb2, entry.getDn()});
                        }
                    }
                }
                SearchResultDone searchResultDone = searchCursor.getSearchResultDone();
                if (searchResultDone.getLdapResult().getResultCode() != ResultCodeEnum.UNWILLING_TO_PERFORM) {
                    PagedResults control = searchResultDone.getControl("1.2.840.113556.1.4.319");
                    bArr = control != null ? control.getCookie() : null;
                    if (searchCursor != null) {
                        searchCursor.close();
                    }
                    if (bArr == null) {
                        break;
                    }
                } else if (searchCursor != null) {
                    searchCursor.close();
                }
            } catch (Throwable th) {
                if (searchCursor != null) {
                    searchCursor.close();
                }
                throw th;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("search below {} with {} found {} entries.", new Object[]{identity.getBaseDN(), sb2, Integer.valueOf(linkedList.size())});
        }
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public ExternalUser createUser(@Nonnull Entry entry, @CheckForNull String str) throws LdapInvalidAttributeValueException {
        ExternalIdentityRef externalIdentityRef = new ExternalIdentityRef(entry.getDn().getName(), getName());
        if (str == null) {
            String idAttribute = this.config.getUserConfig().getIdAttribute();
            Attribute attribute = entry.get(idAttribute);
            if (attribute == null) {
                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION, "no value found for attribute '" + idAttribute + "' for entry " + entry);
            }
            str = attribute.getString();
        }
        LdapUser ldapUser = new LdapUser(this, externalIdentityRef, str, this.config.getUserConfig().makeDnPath() ? createDNPath(entry.getDn()) : null);
        applyAttributes(ldapUser.getProperties(), entry);
        return ldapUser;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public ExternalGroup createGroup(@Nonnull Entry entry, @CheckForNull String str) throws LdapInvalidAttributeValueException {
        ExternalIdentityRef externalIdentityRef = new ExternalIdentityRef(entry.getDn().getName(), getName());
        if (str == null) {
            String idAttribute = this.config.getGroupConfig().getIdAttribute();
            Attribute attribute = entry.get(idAttribute);
            if (attribute == null) {
                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION, "no value found for attribute '" + idAttribute + "' for entry " + entry);
            }
            str = attribute.getString();
        }
        LdapGroup ldapGroup = new LdapGroup(this, externalIdentityRef, str, this.config.getGroupConfig().makeDnPath() ? createDNPath(entry.getDn()) : null);
        applyAttributes(ldapGroup.getProperties(), entry);
        return ldapGroup;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.util.List, java.util.ArrayList] */
    private void applyAttributes(Map<String, Object> map, Entry entry) throws LdapInvalidAttributeValueException {
        String string;
        for (Attribute attribute : entry.getAttributes()) {
            if (attribute.isHumanReadable()) {
                if (attribute.size() > 1) {
                    ?? arrayList = new ArrayList();
                    Iterator it = attribute.iterator();
                    while (it.hasNext()) {
                        arrayList.add(((Value) it.next()).getString());
                    }
                    string = arrayList;
                } else {
                    string = attribute.getString();
                }
                map.put(attribute.getId(), string);
            }
        }
    }

    @Nonnull
    private LdapConnection connect() throws ExternalIdentityException {
        try {
            return this.adminPool == null ? this.adminConnectionFactory.makeObject() : this.adminPool.getConnection();
        } catch (Exception e) {
            log.error("Error while connecting to the ldap server.", e);
            throw new ExternalIdentityException("Error while connecting to the ldap server.", e);
        }
    }

    private void disconnect(@Nullable LdapConnection ldapConnection) {
        if (ldapConnection != null) {
            try {
                if (this.adminPool == null) {
                    this.adminConnectionFactory.destroyObject(ldapConnection);
                } else {
                    this.adminPool.releaseConnection(ldapConnection);
                }
            } catch (Exception e) {
                log.warn("Error while disconnecting from the ldap server.", e);
            }
        }
    }

    private boolean isMyRef(@Nonnull ExternalIdentityRef externalIdentityRef) {
        String providerName = externalIdentityRef.getProviderName();
        return providerName == null || providerName.isEmpty() || getName().equals(providerName);
    }

    private static String createDNPath(Dn dn) {
        StringBuilder sb = new StringBuilder();
        for (Rdn rdn : dn.getRdns()) {
            if (sb.length() > 0) {
                sb.append('/');
            }
            sb.append(Text.escapeIllegalJcrChars(rdn.toString()));
        }
        return sb.toString();
    }

    private static ExternalIdentityException lookupFailedException(@Nonnull Exception exc, @CheckForNull DebugTimer debugTimer) {
        log.error("Error during ldap lookup. " + (debugTimer != null ? debugTimer.getString() : ""), exc);
        return new ExternalIdentityException("Error during ldap lookup. ", exc);
    }
}
