package oracle.security.idm.providers.wlsldap;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.CompositeName;
import javax.naming.Name;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import oracle.security.idm.IMException;
import oracle.security.idm.ObjectNotFoundException;
import oracle.security.idm.OperationFailureException;
import oracle.security.idm.Property;
import oracle.security.idm.providers.stdldap.util.IDMUtils;
import oracle.security.idm.providers.stdldap.util.IdentitySearchResponse;
import oracle.security.idm.providers.stdldap.util.LDAPIdentity;
import oracle.security.idm.providers.stdldap.util.LDAPPropertySet;
import oracle.security.idm.providers.stdldap.util.LDAPRealm;
import oracle.security.idm.providers.stdldap.util.LDAPRole;
import oracle.security.idm.providers.stdldap.util.LDAPUser;

/* loaded from: input_file:oracle/security/idm/providers/wlsldap/GranteesSearchResponse.class */
public class GranteesSearchResponse implements IdentitySearchResponse {
    String base;
    String member_filter;
    int member_filter_len;
    LDAPRealm realm;
    boolean nested;
    String[] memberAttrs;
    String[] nestedMemberAttrs;
    String wlsMemberOf;
    private Logger logr;
    private static String classname = "oracle.security.idm.providers.wlsldap.GranteesSearchResponse";
    SearchControls userSearchctrls = null;
    Attribute memberProp = null;
    int curIdx = 0;
    int memberPropIdx = 0;
    int memberPropSize = 0;
    HashSet processedDN = new HashSet();
    ArrayList dnlist = new ArrayList();
    ArrayList filterlist = new ArrayList();
    LDAPIdentity nextIdentity = null;
    boolean hasNextInvoked = false;
    boolean hasNextStatus = false;
    NamingEnumeration srchEnumeration = null;
    private boolean hasGroupMembers = false;
    private boolean hasUserMembers = false;

    public GranteesSearchResponse(LdapContext ldapContext, LDAPRealm lDAPRealm, String str, String str2, boolean z, String[] strArr, Logger logger) throws IMException {
        this.base = null;
        this.member_filter = null;
        this.member_filter_len = 0;
        this.realm = null;
        this.nested = false;
        this.memberAttrs = null;
        this.nestedMemberAttrs = null;
        this.wlsMemberOf = null;
        this.logr = null;
        if (str == null) {
            throw new OperationFailureException("Search Failed: Null Role.");
        }
        if (strArr == null) {
            throw new OperationFailureException("Search Failed: Empty relation set.");
        }
        this.realm = lDAPRealm;
        this.nested = z;
        this.member_filter = str2;
        this.memberAttrs = strArr;
        this.nestedMemberAttrs = strArr;
        this.member_filter_len = str2 != null ? str2.length() : 0;
        this.wlsMemberOf = "wlsMemberOf";
        this.logr = logger;
        this.base = lDAPRealm.getConfig().getRealmDN();
        logger.logp(Level.FINEST, classname, "GranteesSearchResponse()", "First Search for role's direct relatives");
        try {
            Name parse = ldapContext.getNameParser("").parse(str);
            configureUserSearchAttrs();
            if (getDirectRelatives(ldapContext, parse, strArr)) {
            } else {
                throw new ObjectNotFoundException("No Members Found");
            }
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NamingException", "Invalid DN supplied.");
            LDAPRealm.throwException(e, classname, "GranteesSearchResponse(LdapContext ctx,realm,roleDN,member_filter,nested,memberAttrs, logr)", hashMap, logger);
        }
    }

    private void configureUserSearchAttrs() {
        this.userSearchctrls = new SearchControls();
        this.userSearchctrls.setReturningAttributes(this.realm.getConfig().getMinimumAttrSet());
        this.userSearchctrls.setSearchScope(2);
    }

    private boolean getDirectRelatives(LdapContext ldapContext, Name name, String[] strArr) throws IMException {
        boolean directGroupRelatives = getDirectGroupRelatives(ldapContext, name, strArr);
        boolean directUserRelatives = getDirectUserRelatives(ldapContext, "" + name);
        return (directGroupRelatives || directUserRelatives) ? (!directGroupRelatives || directUserRelatives) ? true : hasNext(ldapContext) : false;
    }

    private boolean getDirectGroupRelatives(LdapContext ldapContext, Name name, String[] strArr) throws IMException {
        this.hasGroupMembers = false;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(strArr);
            searchControls.setSearchScope(0);
            this.logr.logp(Level.FINE, classname, "getDirectGroupRelatives()", "Search to get relatives: " + System.getProperty("line.separator") + "basedn: " + name + "\tSearchScope: base level\tSearchFilter: (objectclass=*)");
            NamingEnumeration search = ldapContext.search(name, "(objectclass=*)", searchControls);
            if (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                for (String str : strArr) {
                    this.memberProp = attributes.get(str);
                    if (this.memberProp != null) {
                        break;
                    }
                }
                if (this.memberProp != null) {
                    this.memberPropSize = this.memberProp.size();
                    this.hasGroupMembers = true;
                }
                search.close();
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "getDirectGroupRelatives(LdapContext ctx,String[] memberAttrs)", null, this.logr);
        }
        return this.hasGroupMembers;
    }

    private boolean getDirectUserRelatives(LdapContext ldapContext, String str) throws IMException {
        this.hasUserMembers = false;
        String str2 = "(" + this.wlsMemberOf + "=" + str + ")";
        if (this.member_filter != null) {
            str2 = "(&" + str2 + this.member_filter + ")";
        }
        try {
            Name parse = ldapContext.getNameParser("").parse(this.base);
            this.logr.logp(Level.FINE, classname, "getDirectUserRelatives()", "Search to get DirectUserRelatives: " + System.getProperty("line.separator") + "usersearchbasedn: " + parse + "\tSearchScope: subtree\tSearchFilter: " + str2);
            this.srchEnumeration = ldapContext.search(parse, str2, this.userSearchctrls);
            this.hasUserMembers = this.srchEnumeration.hasMore();
            if (!this.hasUserMembers) {
                resetUserResources();
                this.logr.logp(Level.FINE, classname, "GranteesSearchResponse()", "No direct members. This response is closed for the Search Base : " + this.base);
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "getDirectUserRelatives(LdapContext ctx,String[] memberAttrs)", null, this.logr);
        }
        return this.hasUserMembers;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public int getResultSize(LdapContext ldapContext) throws IMException {
        return -1;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public boolean hasNext(LdapContext ldapContext) throws IMException {
        if (this.hasNextInvoked) {
            return this.hasNextStatus;
        }
        this.hasNextInvoked = true;
        this.hasNextStatus = false;
        this.hasNextStatus = hasMoreIdentities(ldapContext);
        if (this.hasNextStatus) {
            LDAPIdentity fetchNextIdentity = fetchNextIdentity(ldapContext);
            this.nextIdentity = fetchNextIdentity;
            if (fetchNextIdentity == null) {
                this.hasNextStatus = false;
            }
        }
        if (this.hasNextStatus) {
            this.logr.logp(Level.FINEST, classname, "hasNext()", "Next result available");
        } else {
            this.logr.logp(Level.FINEST, classname, "hasNext()", "Response completed !!. All members obtained.");
        }
        return this.hasNextStatus;
    }

    private boolean hasMoreIdentities(LdapContext ldapContext) throws IMException {
        boolean z = false;
        boolean z2 = false;
        try {
            z = this.memberPropIdx < this.memberPropSize;
            if (!z) {
                this.hasGroupMembers = false;
            }
            if (!z && this.srchEnumeration != null) {
                z = this.srchEnumeration.hasMore();
                if (!z) {
                    this.hasUserMembers = false;
                }
            }
            if (this.nested && !z) {
                close();
                int size = this.dnlist.size();
                while (this.curIdx < size && !z) {
                    ArrayList arrayList = this.dnlist;
                    int i = this.curIdx;
                    this.curIdx = i + 1;
                    Name name = (Name) arrayList.get(i);
                    this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "Nested members: Current search over. Getting further role members indirectly.");
                    boolean directGroupRelatives = getDirectGroupRelatives(ldapContext, name, this.nestedMemberAttrs);
                    this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "search status: Given DN :" + name + (directGroupRelatives ? " has Group members" : " has NO Group members"));
                    if (directGroupRelatives) {
                        z2 = true;
                    }
                    this.logr.logp(Level.FINEST, classname, "GranteesSearchResponse()", "Nested members: search with given filter");
                    z = getDirectUserRelatives(ldapContext, "" + name);
                    this.logr.logp(Level.FINEST, classname, "hasMoreIdentities()", "search status: Given DN :" + name + (z ? " has User members" : " has NO User members"));
                    if (z) {
                        this.logr.logp(Level.FINEST, classname, "GranteesSearchResponse()", "Members obtained");
                    } else if (z2) {
                        z = true;
                        this.logr.logp(Level.FINEST, classname, "CombinedGranteesSearchResponse()", "Members obtained");
                    } else {
                        this.logr.logp(Level.FINEST, classname, "GranteesSearchResponse()", "No Members obtained");
                    }
                }
            }
        } catch (NamingException e) {
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "hasMoreIdentities(LdapContext ctx)", null, this.logr);
        }
        return z;
    }

    private void resetUserResources() throws IMException {
        try {
            if (this.srchEnumeration != null) {
                this.srchEnumeration.close();
                this.srchEnumeration = null;
            }
        } catch (NamingException e) {
            LDAPRealm.throwException(e, classname, "close()", null, this.logr);
        }
    }

    private void resetGroupResources() throws IMException {
        this.memberProp = null;
        this.memberPropIdx = 0;
        this.memberPropSize = 0;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public LDAPIdentity next(LdapContext ldapContext) throws IMException {
        if (!this.hasNextInvoked) {
            hasNext(ldapContext);
        }
        if (this.hasNextStatus) {
            this.hasNextInvoked = false;
            return this.nextIdentity;
        }
        this.logr.logp(Level.FINEST, classname, "next()", "No results left !!");
        throw new OperationFailureException("No such element");
    }

    private LDAPIdentity fetchNextIdentity(LdapContext ldapContext) throws IMException {
        String str;
        LDAPIdentity lDAPIdentity = null;
        Name name = null;
        String str2 = null;
        while (hasMoreIdentities(ldapContext)) {
            if (this.hasGroupMembers) {
                try {
                    Attribute attribute = this.memberProp;
                    int i = this.memberPropIdx;
                    this.memberPropIdx = i + 1;
                    str2 = (String) attribute.get(i);
                    name = ldapContext.getNameParser("").parse(str2);
                } catch (NamingException e) {
                    LDAPRealm.throwException(e, classname, "fetchNextIdentity(LdapContext ctx)", null, this.logr);
                } catch (NameNotFoundException e2) {
                    this.dnlist.remove(name);
                    this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", str2 + " is not present");
                }
                if (this.nested) {
                    this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Nested members: Checking for duplicates: whether this DN's direct members have already been searched/scheduled for search: " + str2);
                    if (this.processedDN.add(name)) {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Adding to queue in order to search for direct members");
                        this.dnlist.add(name);
                    } else {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN");
                    }
                }
                String[] minimumAttrSet = this.realm.getConfig().getMinimumAttrSet();
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(minimumAttrSet);
                searchControls.setSearchScope(0);
                str = "(objectclass=*)";
                str = this.member_filter_len > 0 ? "(&" + str + this.member_filter + ")" : "(objectclass=*)";
                this.logr.logp(Level.FINE, classname, "fetchNextIdentity()", "Search to construct user/role instance: " + System.getProperty("line.separator") + "basedn: " + name + "\tSearchScope: base level\tSearchFilter: " + str);
                NamingEnumeration search = ldapContext.search(name, str, searchControls);
                if (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    search.close();
                    lDAPIdentity = determineIdentity(ldapContext, searchResult, searchResult.getNameInNamespace(), true);
                    if (lDAPIdentity != null) {
                        break;
                    }
                }
            } else if (this.hasUserMembers) {
                try {
                    SearchResult searchResult2 = (SearchResult) this.srchEnumeration.next();
                    String str3 = new CompositeName(searchResult2.getName()).get(0);
                    if (!this.base.equals("")) {
                        str3 = str3 + "," + this.base;
                    }
                    name = ldapContext.getNameParser("").parse(str3);
                    this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Nested members: Checking for duplicates: whether the User DN is already searched : " + str3);
                    if (this.processedDN.add(name)) {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Not a Duplicate DN");
                        lDAPIdentity = determineIdentity(ldapContext, searchResult2, str3, false);
                        if (lDAPIdentity != null) {
                            break;
                        }
                    } else {
                        this.logr.logp(Level.FINEST, classname, "fetchNextIdentity()", "Duplicate DN");
                    }
                } catch (NamingException e3) {
                    LDAPRealm lDAPRealm = this.realm;
                    LDAPRealm.throwException(e3, classname, "fetchNextIdentity(LdapContext ctx)", null, this.logr);
                }
            } else {
                continue;
            }
        }
        return lDAPIdentity;
    }

    private LDAPIdentity determineIdentity(LdapContext ldapContext, SearchResult searchResult, String str, boolean z) throws IMException {
        LDAPIdentity lDAPIdentity = null;
        int length = this.realm.getConfig().fetchUserFullAttrSet().length;
        int length2 = this.realm.getConfig().fetchRoleFullAttrSet().length;
        LDAPPropertySet lDAPPropertySet = new LDAPPropertySet(str, searchResult, this.logr, this.realm.getConfig().getMinimumAttrSet(), length >= length2 ? length : length2);
        Property property = lDAPPropertySet.getProperty(ldapContext, "objectclass");
        if (property == null) {
            this.logr.logp(Level.FINE, classname, "fetchNextIdentity()", "Not able to determine identity for the given memberDN : " + str);
        } else if (z) {
            if (IDMUtils.compare(this.realm.getConfig().getFilterRoleObjectClasses(), property, false)) {
                lDAPIdentity = new LDAPRole(str, this.realm, lDAPPropertySet);
                this.logr.logp(Level.FINE, classname, "determineIdentity()", "Fetched Identity is A ROLE : " + lDAPIdentity.getDN());
            } else {
                this.logr.logp(Level.FINE, classname, "determineIdentity()", "Fetched Identity is not what is expected. Expected a Role Identity but found: " + str);
            }
        } else if (IDMUtils.compare(this.realm.getConfig().getFilterUserObjectClasses(), property, true)) {
            lDAPIdentity = new LDAPUser(str, this.realm, lDAPPropertySet);
            this.logr.logp(Level.FINE, classname, "determineIdentity()", "Fetched Identity is A USER : " + lDAPIdentity.getDN());
        } else {
            this.logr.logp(Level.FINE, classname, "determineIdentity()", "Fetched Identity is not what is expected. Expected a User Identity but found: " + str);
        }
        return lDAPIdentity;
    }

    @Override // oracle.security.idm.providers.stdldap.util.IdentitySearchResponse
    public void close() throws IMException {
        resetUserResources();
        resetGroupResources();
    }
}
