package oracle.security.idm.providers.wlsldap;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import oracle.security.idm.IMException;
import oracle.security.idm.ObjectNotFoundException;
import oracle.security.idm.OperationFailureException;
import oracle.security.idm.Property;
import oracle.security.idm.providers.stdldap.util.GrantedRolesSearchResponse;
import oracle.security.idm.providers.stdldap.util.IDMUtils;
import oracle.security.idm.providers.stdldap.util.IdentitySearchResponse;
import oracle.security.idm.providers.stdldap.util.LDAPIdentity;
import oracle.security.idm.providers.stdldap.util.LDAPPropertySet;
import oracle.security.idm.providers.stdldap.util.LDAPRealm;
import oracle.security.idm.providers.stdldap.util.LDAPRole;
import oracle.security.idm.providers.stdldap.util.LDAPUser;

/* loaded from: input_file:oracle/security/idm/providers/wlsldap/UserMembershipSearchResponse.class */
public class UserMembershipSearchResponse implements IdentitySearchResponse {
    LDAPRealm realm;
    boolean nested;
    String wlsMemberAttr;
    private Logger logr;
    private static String classname = "oracle.security.idm.providers.wlsldap.UserMembershipSearchResponse";
    Attribute memberProp = null;
    int curIdx = 0;
    int memberPropIdx = 0;
    int memberPropSize = 0;
    HashSet<Name> processedDN = new HashSet<>();
    ArrayList<Name> dnlist = new ArrayList<>();
    LDAPIdentity nextIdentity = null;
    boolean hasNextInvoked = false;
    boolean hasNextStatus = false;
    private boolean listDirectMembers = false;
    private GrantedRolesSearchResponse masterGrantedRoleSearchResponse = null;
    NamingEnumeration srchEnumeration = null;
    private boolean closed = false;

    public UserMembershipSearchResponse(LdapContext ldapContext, LDAPRealm lDAPRealm, String str, boolean z, Logger logger) throws IMException {
        this.realm = null;
        this.nested = false;
        this.wlsMemberAttr = null;
        this.logr = null;
        if (str == null) {
            throw new OperationFailureException("Search Failed: Null Role.");
        }
        this.realm = lDAPRealm;
        this.nested = z;
        this.wlsMemberAttr = "wlsMemberOf";
        this.logr = logger;
        logger.logp(Level.FINEST, classname, "UserMembershipSearchResponse()", "First Search for role's direct relatives");
        try {
            if (getDirectRelatives(ldapContext, ldapContext.getNameParser("").parse(str), this.wlsMemberAttr)) {
            } else {
                throw new ObjectNotFoundException("No Membership Found");
            }
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NamingException", "Invalid DN supplied.");
            LDAPRealm.throwException(e, classname, "UserMembershipSearchResponse(LdapContext ctx, realm, roleDN, nested, relations)", hashMap, logger);
        }
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public int getResultSize(LdapContext ldapContext) throws IMException {
        return -1;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public boolean hasNext(LdapContext ldapContext) throws IMException {
        if (this.hasNextInvoked) {
            return this.hasNextStatus;
        }
        this.hasNextInvoked = true;
        this.hasNextStatus = false;
        if (!this.closed) {
            this.hasNextStatus = hasMoreIdentities(ldapContext);
            if (this.hasNextStatus) {
                LDAPIdentity fetchNextIdentity = fetchNextIdentity(ldapContext);
                this.nextIdentity = fetchNextIdentity;
                if (fetchNextIdentity == null) {
                    this.hasNextStatus = false;
                }
            }
            if (!this.hasNextStatus) {
                close();
            }
        }
        if (this.hasNextStatus) {
            this.logr.logp(Level.FINEST, classname, "hasNext()", "Next result available");
        } else {
            this.logr.logp(Level.FINEST, classname, "hasNext()", "Response completed !!. All members obtained.");
        }
        return this.hasNextStatus;
    }

    private boolean hasMoreIdentities(LdapContext ldapContext) throws IMException {
        boolean z = this.memberPropIdx < this.memberPropSize;
        if (z) {
            this.listDirectMembers = true;
        } else if (this.nested) {
            this.listDirectMembers = false;
            this.memberProp = null;
            this.memberPropIdx = 0;
            this.memberPropSize = 0;
            if (this.masterGrantedRoleSearchResponse != null) {
                z = this.masterGrantedRoleSearchResponse.hasNext(ldapContext);
                if (z) {
                    return z;
                }
                close();
            }
            int size = this.dnlist.size();
            while (this.curIdx < size && !z) {
                ArrayList<Name> arrayList = this.dnlist;
                int i = this.curIdx;
                this.curIdx = i + 1;
                Name name = arrayList.get(i);
                this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "Nested members: Getting further role membership indirectly for : " + name);
                try {
                    this.masterGrantedRoleSearchResponse = new GrantedRolesSearchResponse(ldapContext, this.realm, "" + name, this.nested);
                    z = this.masterGrantedRoleSearchResponse.hasNext(ldapContext);
                    this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "search status: Given DN " + (z ? " has membership" : " has no membership"));
                } catch (IMException e) {
                    this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "Exception occured in fetching the membership for the role: " + name + "\t" + e.getMessage());
                }
                if (z) {
                    return z;
                }
            }
        }
        return z;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public LDAPIdentity next(LdapContext ldapContext) throws IMException {
        if (!this.hasNextInvoked) {
            hasNext(ldapContext);
        }
        if (this.hasNextStatus) {
            this.hasNextInvoked = false;
            return this.nextIdentity;
        }
        this.logr.logp(Level.FINEST, classname, "next()", "No results left !!");
        throw new OperationFailureException("No such element");
    }

    private LDAPIdentity fetchNextIdentity(LdapContext ldapContext) throws IMException {
        String str;
        Name parse;
        LDAPIdentity lDAPIdentity = null;
        while (hasMoreIdentities(ldapContext)) {
            if (this.listDirectMembers) {
                try {
                    Attribute attribute = this.memberProp;
                    int i = this.memberPropIdx;
                    this.memberPropIdx = i + 1;
                    str = (String) attribute.get(i);
                    parse = ldapContext.getNameParser("").parse(str);
                } catch (NamingException e) {
                    LDAPRealm.throwException(e, classname, "fetchNextIdentity(LdapContext ctx)", null, this.logr);
                }
                if (this.nested) {
                    this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Nested members: Checking for duplicates: whether this DN's direct members have already been searched/scheduled for search: " + str);
                    if (this.processedDN.add(parse)) {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Adding to queue in order to search for direct members : " + parse);
                        this.dnlist.add(parse);
                    } else {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN");
                    }
                }
                String[] minimumAttrSet = this.realm.getConfig().getMinimumAttrSet();
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(minimumAttrSet);
                searchControls.setSearchScope(0);
                this.logr.logp(Level.FINE, classname, "fetchNextIdentity()", "Search to construct user/role instance: " + System.getProperty("line.separator") + "basedn: " + parse + "\tSearchScope: base level\tSearchFilter: (objectclass=*)");
                NamingEnumeration search = ldapContext.search(parse, "(objectclass=*)", searchControls);
                if (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    search.close();
                    lDAPIdentity = determineIdentity(ldapContext, searchResult, searchResult.getNameInNamespace());
                    if (lDAPIdentity != null) {
                        break;
                    }
                }
            } else if (this.masterGrantedRoleSearchResponse != null && this.masterGrantedRoleSearchResponse.hasNext(ldapContext)) {
                try {
                    lDAPIdentity = this.masterGrantedRoleSearchResponse.next(ldapContext);
                    if (this.processedDN.add(ldapContext.getNameParser("").parse(lDAPIdentity.getDN()))) {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Not a Duplicate DN");
                        break;
                    }
                    this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN !!!");
                    lDAPIdentity = null;
                } catch (NamingException e2) {
                    LDAPRealm.throwException(e2, classname, "fetchNextIdentity(LdapContext ctx)", null, this.logr);
                }
            }
        }
        return lDAPIdentity;
    }

    private LDAPIdentity determineIdentity(LdapContext ldapContext, SearchResult searchResult, String str) throws IMException {
        LDAPIdentity lDAPIdentity = null;
        int length = this.realm.getConfig().fetchUserFullAttrSet().length;
        int length2 = this.realm.getConfig().fetchRoleFullAttrSet().length;
        LDAPPropertySet lDAPPropertySet = new LDAPPropertySet(str, searchResult, this.logr, this.realm.getConfig().getMinimumAttrSet(), length >= length2 ? length : length2);
        Property property = lDAPPropertySet.getProperty(ldapContext, "objectclass");
        if (property != null) {
            if (IDMUtils.compare(this.realm.getConfig().getFilterRoleObjectClasses(), property, false)) {
                lDAPIdentity = new LDAPRole(str, this.realm, lDAPPropertySet);
            } else if (IDMUtils.compare(this.realm.getConfig().getFilterUserObjectClasses(), property, true)) {
                lDAPIdentity = new LDAPUser(str, this.realm, lDAPPropertySet);
            }
        }
        return lDAPIdentity;
    }

    private boolean getDirectRelatives(LdapContext ldapContext, Name name, String str) throws IMException {
        boolean z = false;
        String[] strArr = {str};
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(0);
            this.logr.logp(Level.FINE, classname, "getDirectRelatives()", "Search to get relatives: " + System.getProperty("line.separator") + "basedn: " + name + "\tSearchScope: base level\tSearchFilter: (objectclass=*)");
            NamingEnumeration search = ldapContext.search(name, "(objectclass=*)", searchControls);
            if (search.hasMore()) {
                this.memberProp = ((SearchResult) search.next()).getAttributes().get(str);
                if (this.memberProp != null) {
                    this.memberPropSize = this.memberProp.size();
                    z = true;
                }
                search.close();
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "getDirectRelatives(LdapContext ctx,String[] memberAttrs)", null, this.logr);
        }
        return z;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public void close() throws IMException {
        this.closed = true;
        closeSearchEnumeration();
    }

    private void closeSearchEnumeration() throws IMException {
        try {
            if (this.srchEnumeration != null) {
                this.srchEnumeration.close();
                this.srchEnumeration = null;
            }
        } catch (NamingException e) {
            LDAPRealm.throwException(e, classname, "close()", null, this.logr);
        }
    }
}
