package oracle.security.idm.providers.stdldap.util;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.logging.Level;
import javax.naming.CompositeName;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import oracle.security.idm.IMException;
import oracle.security.idm.ObjectNotFoundException;
import oracle.security.idm.OperationFailureException;
import oracle.security.idm.Property;

/* loaded from: input_file:oracle/security/idm/providers/stdldap/util/EmbeddedIdentityRelationsSearchResponse.class */
public class EmbeddedIdentityRelationsSearchResponse implements IdentitySearchResponse {
    String base;
    String filter;
    String member_filter;
    int member_filter_len;
    byte[] cookie;
    SearchControls searchctrls;
    int pagesize;
    int resultSize;
    Attribute memberProp;
    LDAPRealm realm;
    String curfilter;
    int numsubfilters;
    int curIdx;
    int memberPropIdx;
    int memberPropSize;
    boolean nested;
    HashSet processedDN;
    ArrayList dnlist;
    LDAPIdentity nextIdentity;
    String[] relations;
    String[] nestedRelations;
    boolean hasNextInvoked;
    boolean hasNextStatus;
    NamingEnumeration srchEnumeration;
    int maxSearchFilterLen;
    int connectingAttrsLen;
    String[] connectingAttrs;
    Name baseName;
    ArrayList filterlist;
    private boolean closed;
    private boolean isFirstTime;
    public static int TYPE_ROLE = 1;
    public static int TYPE_USER = 2;
    private static String classname = "oracle.security.idm.providers.stdldap.util.EmbeddedIdentityRelationsSearchResponse";

    public EmbeddedIdentityRelationsSearchResponse(LdapContext ldapContext, LDAPRealm lDAPRealm, String str, String str2, boolean z, String[] strArr) throws IMException {
        this.base = null;
        this.filter = null;
        this.member_filter = null;
        this.member_filter_len = 0;
        this.cookie = null;
        this.searchctrls = null;
        this.pagesize = 0;
        this.resultSize = 0;
        this.memberProp = null;
        this.realm = null;
        this.curfilter = "";
        this.numsubfilters = 0;
        this.curIdx = 0;
        this.memberPropIdx = 0;
        this.memberPropSize = 0;
        this.nested = false;
        this.processedDN = new HashSet();
        this.dnlist = new ArrayList();
        this.nextIdentity = null;
        this.relations = null;
        this.nestedRelations = null;
        this.hasNextInvoked = false;
        this.hasNextStatus = false;
        this.srchEnumeration = null;
        this.maxSearchFilterLen = 0;
        this.connectingAttrsLen = 0;
        this.connectingAttrs = null;
        this.baseName = null;
        this.filterlist = new ArrayList();
        this.closed = false;
        this.isFirstTime = true;
        if (str == null) {
            throw new OperationFailureException("Search Failed: Null Role.");
        }
        if (strArr == null) {
            throw new OperationFailureException("Search Failed: Empty relation set.");
        }
        this.maxSearchFilterLen = lDAPRealm.ldapConfig.getMaxSearchFilterLength();
        this.realm = lDAPRealm;
        this.nested = z;
        this.member_filter = str2;
        this.relations = strArr;
        this.nestedRelations = strArr;
        this.member_filter_len = str2 != null ? str2.length() : 0;
        lDAPRealm.logr.logp(Level.FINEST, classname, "EmbeddedIdentityRelationsSearchResponse()", "First Search for role's direct relatives");
        try {
            getDirectRelatives(ldapContext, ldapContext.getNameParser("").parse(str), strArr);
            if (!hasNext(ldapContext)) {
                throw new ObjectNotFoundException("No Relations Found");
            }
            if (z) {
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (strArr[i].equalsIgnoreCase("wlsMemberof")) {
                        this.connectingAttrs = lDAPRealm.ldapConfig.getRoleMemberAttributes();
                        this.connectingAttrsLen = this.connectingAttrs.length;
                        String[] roleSearchBase = lDAPRealm.ldapConfig.getRoleSearchBase();
                        if (roleSearchBase == null || roleSearchBase.length != 1) {
                            this.base = lDAPRealm.ldapConfig.getGenericRoleSearchBase();
                        } else {
                            this.base = roleSearchBase[0];
                        }
                        if (this.connectingAttrs == null) {
                            throw new OperationFailureException("Search Failed: Empty relations set.");
                        }
                        if (this.base == null) {
                            throw new OperationFailureException("Search Failed: Null SearchBase.");
                        }
                        this.baseName = ldapContext.getNameParser("").parse(this.base);
                        this.searchctrls = new SearchControls();
                        this.searchctrls.setReturningAttributes(lDAPRealm.ldapConfig.getMinimumAttrSet());
                        this.searchctrls.setSearchScope(2);
                    } else {
                        i++;
                    }
                }
            }
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NamingException", "Invalid DN supplied.");
            LDAPRealm.throwException(e, classname, "IdentityRelationsSearchResponse(LdapContext ctx,realm,roleDN,member_filter,nested,relations)", hashMap, lDAPRealm.logr);
        }
    }

    public EmbeddedIdentityRelationsSearchResponse(LdapContext ldapContext, LDAPRealm lDAPRealm, String str, String str2, boolean z, String[] strArr, String[] strArr2) throws IMException {
        this(ldapContext, lDAPRealm, str, str2, z, strArr);
        this.nestedRelations = strArr2;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public int getResultSize(LdapContext ldapContext) throws IMException {
        return -1;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public boolean hasNext(LdapContext ldapContext) throws IMException {
        if (this.hasNextInvoked) {
            return this.hasNextStatus;
        }
        this.hasNextInvoked = true;
        this.hasNextStatus = false;
        if (!this.closed) {
            this.hasNextStatus = hasMoreIdentities(ldapContext);
            if (this.hasNextStatus) {
                LDAPIdentity fetchNextIdentity = fetchNextIdentity(ldapContext);
                this.nextIdentity = fetchNextIdentity;
                if (fetchNextIdentity == null) {
                    this.hasNextStatus = false;
                }
            }
            if (!this.hasNextStatus) {
                close();
            }
        }
        if (this.hasNextStatus) {
            this.realm.logr.logp(Level.FINEST, classname, "hasNext()", "Next result available");
        } else {
            this.realm.logr.logp(Level.FINEST, classname, "hasNext()", "Response completed !!. All members obtained.");
        }
        return this.hasNextStatus;
    }

    private boolean hasMoreIdentities(LdapContext ldapContext) throws IMException {
        boolean z = false;
        if (this.memberPropIdx < this.memberPropSize) {
            z = this.memberPropIdx < this.memberPropSize;
        } else {
            try {
                if (this.srchEnumeration != null) {
                    z = this.srchEnumeration.hasMore();
                }
                if (this.nested && !z) {
                    if (this.srchEnumeration != null) {
                        this.srchEnumeration.close();
                        this.srchEnumeration = null;
                    }
                    int size = this.filterlist.size();
                    while (true) {
                        if (this.curIdx >= size) {
                            break;
                        }
                        String str = (String) this.filterlist.get(this.curIdx);
                        this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "Nested relationship: search with given filter");
                        z = getGroupRelatives(ldapContext, str);
                        this.curIdx++;
                        if (z) {
                            this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "Results obtained");
                            break;
                        }
                        this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "No results obtained");
                    }
                    if (!z && this.curfilter.length() > 0) {
                        if (this.numsubfilters > 1) {
                            this.curfilter = "(|" + this.curfilter + ")";
                        }
                        this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "Nested relationship: search with current filter being constructed");
                        z = getGroupRelatives(ldapContext, this.curfilter);
                        this.curfilter = "";
                        this.numsubfilters = 0;
                        if (z) {
                            this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "Results obtained");
                        } else {
                            this.realm.logr.logp(Level.FINEST, classname, "InverseRelationSearchResponse()", "No results obtained");
                        }
                    }
                }
            } catch (NamingException e) {
                LDAPRealm lDAPRealm = this.realm;
                LDAPRealm.throwException(e, classname, "hasMoreIdentities(LdapContext ctx)", null, this.realm.logr);
            }
        }
        return z;
    }

    private boolean getGroupRelatives(LdapContext ldapContext, String str) throws IMException {
        boolean z = false;
        try {
            this.realm.logr.logp(Level.FINE, classname, "search()", "Search for relationship: " + System.getProperty("line.separator") + "basedn: " + this.base + "\tSearchScope: subtree\tSearchFilter: " + str);
            this.srchEnumeration = ldapContext.search(this.baseName, str, this.searchctrls);
            z = this.srchEnumeration.hasMore();
            if (!z) {
                this.srchEnumeration.close();
                this.srchEnumeration = null;
            }
            return z;
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "search(LdapContext ctx,String filter)", null, this.realm.logr);
            return z;
        }
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public LDAPIdentity next(LdapContext ldapContext) throws IMException {
        if (!this.hasNextInvoked) {
            hasNext(ldapContext);
        }
        if (this.hasNextStatus) {
            this.hasNextInvoked = false;
            return this.nextIdentity;
        }
        this.realm.logr.logp(Level.FINEST, classname, "next()", "No results left !!");
        throw new OperationFailureException("No such element");
    }

    private LDAPIdentity fetchNextIdentity(LdapContext ldapContext) throws IMException {
        String str;
        LDAPPropertySet lDAPPropertySet;
        Property property;
        String str2;
        LDAPIdentity lDAPIdentity = null;
        boolean z = false;
        this.connectingAttrs = this.realm.ldapConfig.getRoleMemberAttributes();
        if (this.connectingAttrs != null) {
            this.connectingAttrsLen = this.connectingAttrs.length;
        }
        if (this.memberPropIdx >= this.memberPropSize) {
            loop2: while (hasMoreIdentities(ldapContext)) {
                try {
                    SearchResult searchResult = (SearchResult) this.srchEnumeration.next();
                    String name = searchResult.getName();
                    if (name.startsWith("ldap://")) {
                        searchResult = IDMUtils.handleReferral(ldapContext, searchResult, this.realm);
                        str = searchResult != null ? searchResult.getNameInNamespace() : null;
                        z = true;
                    } else {
                        str = new CompositeName(name).get(0);
                        if (!this.base.equals("")) {
                            str = str + "," + this.base;
                        }
                    }
                    int length = this.realm.ldapConfig.fetchUserFullAttrSet().length;
                    int length2 = this.realm.ldapConfig.fetchRoleFullAttrSet().length;
                    lDAPPropertySet = new LDAPPropertySet(str, searchResult, this.realm.logr, this.realm.ldapConfig.getMinimumAttrSet(), length >= length2 ? length : length2);
                    if (z) {
                        lDAPPropertySet.setReferral();
                    }
                    property = lDAPPropertySet.getProperty(ldapContext, "objectclass");
                } catch (NamingException e) {
                    LDAPRealm lDAPRealm = this.realm;
                    LDAPRealm.throwException(e, classname, "fetchNextIdentity(LdapContext ctx)", null, this.realm.logr);
                }
                if (property != null) {
                    if (compare(this.realm.ldapConfig.getFilterRoleObjectClasses(), property, false)) {
                        lDAPIdentity = new LDAPRole(str, this.realm, lDAPPropertySet);
                    } else if (compare(this.realm.ldapConfig.getFilterUserObjectClasses(), property, true)) {
                        lDAPIdentity = new LDAPUser(str, this.realm, lDAPPropertySet);
                    }
                }
                this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Fetching the next identity");
                if (!this.nested) {
                    break;
                }
                this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Nested relationship: Checking for duplicates: whether the DN's direct relationship is already searched / scheduled for search: " + str);
                if (this.processedDN.add(str)) {
                    this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Adding to queue in order to search for direct relationship");
                    String encodeLDAP = IDMUtils.encodeLDAP(str);
                    for (int i = 0; i < this.connectingAttrsLen; i++) {
                        String str3 = "(" + this.connectingAttrs[i] + "=" + encodeLDAP + ")";
                        String str4 = this.curfilter + str3;
                        if (str4.length() > this.maxSearchFilterLen) {
                            this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Current filter length exceeds the max. filter length" + System.getProperty("path.separator") + "Spliting the filter and storing the split component for subsequent search");
                            if (this.numsubfilters > 1) {
                                this.curfilter = "(|" + this.curfilter + ")";
                            }
                            if (this.curfilter.trim().length() > 0) {
                                this.filterlist.add(this.curfilter);
                            }
                            this.curfilter = str3;
                            this.numsubfilters = 1;
                        } else {
                            this.curfilter = str4;
                            this.numsubfilters++;
                        }
                    }
                    break loop2;
                }
                this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN");
                lDAPIdentity = null;
            }
        } else {
            loop0: while (hasMoreIdentities(ldapContext)) {
                try {
                    Attribute attribute = this.memberProp;
                    int i2 = this.memberPropIdx;
                    this.memberPropIdx = i2 + 1;
                    String str5 = (String) attribute.get(i2);
                    Name parse = ldapContext.getNameParser("").parse(str5);
                    String[] minimumAttrSet = this.realm.ldapConfig.getMinimumAttrSet();
                    SearchControls searchControls = new SearchControls();
                    searchControls.setReturningAttributes(minimumAttrSet);
                    searchControls.setSearchScope(0);
                    str2 = "(objectclass=*)";
                    str2 = this.member_filter_len > 0 ? "(&" + str2 + this.member_filter + ")" : "(objectclass=*)";
                    this.realm.logr.logp(Level.FINE, classname, "fetchNextIdentity()", "Search to construct user/role instance: " + System.getProperty("line.separator") + "basedn herer : " + parse + "\tSearchScope: base level\tSearchFilter: " + str2);
                    NamingEnumeration search = ldapContext.search(parse, str2, searchControls);
                    if (search.hasMore()) {
                        SearchResult searchResult2 = (SearchResult) search.next();
                        search.close();
                        int length3 = this.realm.ldapConfig.fetchUserFullAttrSet().length;
                        int length4 = this.realm.ldapConfig.fetchRoleFullAttrSet().length;
                        LDAPPropertySet lDAPPropertySet2 = new LDAPPropertySet(str5, searchResult2, this.realm.logr, this.realm.ldapConfig.getMinimumAttrSet(), length3 >= length4 ? length3 : length4);
                        Property property2 = lDAPPropertySet2.getProperty(ldapContext, "objectclass");
                        if (property2 != null) {
                            if (IDMUtils.compare(this.realm.ldapConfig.getFilterRoleObjectClasses(), property2, false)) {
                                lDAPIdentity = new LDAPRole(str5, this.realm, lDAPPropertySet2);
                            } else if (IDMUtils.compare(this.realm.ldapConfig.getFilterUserObjectClasses(), property2, true)) {
                                lDAPIdentity = new LDAPUser(str5, this.realm, lDAPPropertySet2);
                            }
                        }
                        if (!this.nested) {
                            break;
                        }
                        this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Nested relationship: Checking for duplicates: whether the DN's direct relationship is already searched / scheduled for search: " + str5);
                        if (this.processedDN.add(str5)) {
                            this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Adding to queue in order to search for direct relationship");
                            String encodeLDAP2 = IDMUtils.encodeLDAP(str5);
                            for (int i3 = 0; i3 < this.connectingAttrsLen; i3++) {
                                String str6 = "(" + this.connectingAttrs[i3] + "=" + encodeLDAP2 + ")";
                                String str7 = this.curfilter + str6;
                                if (str7.length() > this.maxSearchFilterLen) {
                                    this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Current filter length exceeds the max. filter length" + System.getProperty("path.separator") + "Spliting the filter and storing the split component for subsequent search");
                                    if (this.numsubfilters > 1) {
                                        this.curfilter = "(|" + this.curfilter + ")";
                                    }
                                    if (this.curfilter.trim().length() > 0) {
                                        this.filterlist.add(this.curfilter);
                                    }
                                    this.curfilter = str6;
                                    this.numsubfilters = 1;
                                } else {
                                    this.curfilter = str7;
                                    this.numsubfilters++;
                                }
                            }
                            break loop0;
                        }
                        this.realm.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN");
                        lDAPIdentity = null;
                    }
                } catch (NamingException e2) {
                    LDAPRealm lDAPRealm2 = this.realm;
                    LDAPRealm.throwException(e2, classname, "fetchNextIdentity(LdapContext ctx)", null, this.realm.logr);
                }
            }
        }
        return lDAPIdentity;
    }

    private boolean getDirectRelatives(LdapContext ldapContext, Name name, String[] strArr) throws IMException {
        boolean z = false;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(0);
            this.realm.logr.logp(Level.FINE, classname, "getDirectRelatives()", "Search to get relatives: " + System.getProperty("line.separator") + "basedn: " + name + "\tSearchScope: base level\tSearchFilter: (objectclass=*)");
            NamingEnumeration search = ldapContext.search(name, "(objectclass=*)", searchControls);
            if (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                for (String str : strArr) {
                    this.memberProp = attributes.get(str);
                    if (this.memberProp != null) {
                        break;
                    }
                }
                if (this.memberProp != null) {
                    this.memberPropSize = this.memberProp.size();
                    z = true;
                }
                search.close();
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "getDirectRelatives(LdapContext ctx,String[] memberAttrs)", null, this.realm.logr);
        }
        return z;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public void close() throws IMException {
        this.closed = true;
        try {
            if (this.srchEnumeration != null) {
                this.srchEnumeration.close();
                this.srchEnumeration = null;
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "close()", null, this.realm.logr);
        }
    }

    private boolean compare(String[] strArr, Property property, boolean z) {
        List values = property.getValues();
        int size = values.size();
        for (String str : strArr) {
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                if (str.equalsIgnoreCase((String) values.get(i))) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (!z2 && z) {
                return false;
            }
            if (z2 && !z) {
                return true;
            }
        }
        return z;
    }
}
