package net.bluemind.system.ldap.importation.internal.tools;

import com.netflix.spectator.api.Timer;
import java.text.ParseException;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.TrustManager;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.domain.api.Domain;
import net.bluemind.lib.ldap.LdapConProxy;
import net.bluemind.lib.ldap.LdapProtocol;
import net.bluemind.mailbox.api.MailFilter;
import net.bluemind.system.importation.commons.Parameters;
import net.bluemind.system.importation.commons.exceptions.DirectoryConnectionFailed;
import net.bluemind.system.importation.commons.managers.UserManager;
import net.bluemind.system.importation.commons.scanner.IImportLogger;
import net.bluemind.system.importation.commons.scanner.ImportLogger;
import net.bluemind.system.importation.i18n.Messages;
import net.bluemind.system.importation.metrics.MetricsHolder;
import net.bluemind.system.ldap.importation.metrics.LdapMetricsHolder;
import net.bluemind.system.ldap.importation.search.LdapUserSearchFilter;
import net.bluemind.user.api.User;
import org.apache.directory.api.ldap.codec.api.DefaultConfigurableBinaryAttributeDetector;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.filter.FilterParser;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/ldap/importation/internal/tools/LdapHelper.class */
public class LdapHelper {
    private static final Logger logger = LoggerFactory.getLogger(LdapHelper.class);
    private static final MetricsHolder metrics = LdapMetricsHolder.get();
    private static final long LDAP_TIMEOUT = 10000;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol;

    private LdapHelper() {
    }

    /* JADX WARN: Finally extract failed */
    public static Optional<UserManager> getLdapUser(LdapParameters ldapParameters, ItemValue<Domain> itemValue, String str, ItemValue<User> itemValue2, MailFilter mailFilter) {
        LdapConProxy connectLdap;
        EntryCursor search;
        Timer forOperation = metrics.forOperation("getLdapUser");
        long monotonicTime = metrics.clock.monotonicTime();
        Throwable th = null;
        try {
            try {
                connectLdap = connectLdap(ldapParameters);
                try {
                    search = connectLdap.search(ldapParameters.ldapDirectory.baseDn, new LdapUserSearchFilter().getSearchFilterByName(ldapParameters, str), SearchScope.SUBTREE, new String[]{"*", UserManagerImpl.LDAP_MEMBER_OF, ldapParameters.ldapDirectory.extIdAttribute});
                    forOperation.record(metrics.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                } catch (Throwable th2) {
                    if (connectLdap != null) {
                        connectLdap.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            logger.error("Fail to get LDAP user: " + str + "@" + ((Domain) itemValue.value).name, e);
        }
        if (!search.next()) {
            if (connectLdap != null) {
                connectLdap.close();
            }
            return Optional.empty();
        }
        Optional<UserManager> build = UserManagerImpl.build(ldapParameters, itemValue, (Entry) search.get());
        build.ifPresent(userManager -> {
            userManager.update(itemValue2, mailFilter);
        });
        if (connectLdap != null) {
            connectLdap.close();
        }
        return build;
    }

    public static void checkLDAPUserFilter(String str) throws ServerFault {
        try {
            FilterParser.parse(str);
        } catch (ParseException e) {
            logger.error("Fail to check user LDAP filter", e);
            throw new ServerFault("Filtre des utilisateurs LDAP invalide: " + e.getMessage());
        }
    }

    public static void checkLDAPGroupFilter(String str) throws ServerFault {
        try {
            FilterParser.parse(str);
        } catch (ParseException e) {
            logger.error("Fail to check group LDAP filter", e);
            throw new ServerFault("Filtre des groupes LDAP invalide: " + e.getMessage());
        }
    }

    public static LdapConProxy connectLdap(Parameters parameters) {
        return connectLdap(parameters, Optional.empty());
    }

    public static LdapConProxy connectLdap(Parameters parameters, Optional<ImportLogger> optional) throws ServerFault {
        try {
            LdapConProxy ldapCon = getLdapCon(parameters);
            BindRequestImpl bindRequestImpl = new BindRequestImpl();
            bindRequestImpl.setSimple(true);
            bindRequestImpl.setName(parameters.ldapServer.login);
            bindRequestImpl.setCredentials(parameters.ldapServer.password);
            BindResponse bind = ldapCon.bind(bindRequestImpl);
            if (ResultCodeEnum.SUCCESS == bind.getLdapResult().getResultCode() && ldapCon.isAuthenticated()) {
                return ldapCon;
            }
            optional.ifPresent(importLogger -> {
                importLogger.withoutStatus().error(Messages.serverConnectionFail(((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).hostname, ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).port, String.valueOf(bind.getLdapResult().getResultCode()) + " " + bind.getLdapResult().getDiagnosticMessage()));
            });
            throw new DirectoryConnectionFailed("Fail to connect to server: " + ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).hostname + ":" + ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).port + " - " + String.valueOf(bind.getLdapResult().getResultCode()) + " " + bind.getLdapResult().getDiagnosticMessage());
        } catch (LdapException e) {
            optional.ifPresent(importLogger2 -> {
                importLogger2.withoutStatus().error(Messages.serverConnectionFail(((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).hostname, ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).port, e.getMessage()));
            });
            throw new DirectoryConnectionFailed("Fail to connect to server: " + ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).hostname + ":" + ((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).port + " - " + e.getMessage());
        }
    }

    private static LdapConProxy getLdapCon(Parameters parameters) throws ServerFault {
        return new LdapConProxy(getLdapConnectionConfig(parameters));
    }

    private static LdapConnectionConfig getLdapConnectionConfig(Parameters parameters) {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).hostname);
        ldapConnectionConfig.setLdapPort(((Parameters.Server.Host) parameters.ldapServer.getLdapHost().get(0)).port);
        ldapConnectionConfig.setTimeout(LDAP_TIMEOUT);
        switch ($SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol()[parameters.ldapServer.protocol.ordinal()]) {
            case 1:
                ldapConnectionConfig.setUseTls(true);
                ldapConnectionConfig.setUseSsl(false);
                break;
            case 2:
                ldapConnectionConfig.setUseTls(false);
                ldapConnectionConfig.setUseSsl(true);
                break;
            default:
                ldapConnectionConfig.setUseTls(false);
                ldapConnectionConfig.setUseSsl(false);
                break;
        }
        if (parameters.ldapServer.acceptAllCertificates) {
            ldapConnectionConfig.setTrustManagers(new TrustManager[]{new NoVerificationTrustManager()});
        }
        ldapConnectionConfig.setBinaryAttributeDetector(new DefaultConfigurableBinaryAttributeDetector());
        return ldapConnectionConfig;
    }

    public static String checkMandatoryAttribute(IImportLogger iImportLogger, Entry entry, String str) {
        if (!entry.containsAttribute(new String[]{str})) {
            iImportLogger.error(Messages.missingAttribute(entry.getDn(), str));
            throw new ServerFault("Unable to manage entry: " + String.valueOf(entry.getDn()) + ", missing attribute: " + str, ErrorCode.INVALID_PARAMETER);
        }
        try {
            String string = entry.get(str).getString();
            if (!string.trim().isEmpty()) {
                return string;
            }
            iImportLogger.error(Messages.attributeMustNotBeEmpty(entry.getDn(), str));
            ServerFault serverFault = new ServerFault("Unable to manage entry: " + String.valueOf(entry.getDn()) + ", attribute: " + str + " must not be empty");
            serverFault.setCode(ErrorCode.INVALID_PARAMETER);
            throw serverFault;
        } catch (LdapInvalidAttributeValueException e) {
            iImportLogger.error(Messages.attributeMustBeString(entry.getDn(), str));
            ServerFault serverFault2 = new ServerFault("Unable to manage entry: " + String.valueOf(entry.getDn()) + ", attribute: " + str + " must be a string value", e);
            serverFault2.setCode(ErrorCode.INVALID_PARAMETER);
            throw serverFault2;
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol() {
        int[] iArr = $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[LdapProtocol.values().length];
        try {
            iArr2[LdapProtocol.PLAIN.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[LdapProtocol.SSL.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[LdapProtocol.TLS.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[LdapProtocol.TLSPLAIN.ordinal()] = 4;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$net$bluemind$lib$ldap$LdapProtocol = iArr2;
        return iArr2;
    }
}
