package org.apache.ranger.ldapusersync.process;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.unixusersync.model.LdapSyncSourceInfo;
import org.apache.ranger.unixusersync.model.UgsyncAuditInfo;
import org.apache.ranger.usergroupsync.AbstractUserGroupSource;
import org.apache.ranger.usergroupsync.UserGroupSink;

/* loaded from: input_file:org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.class */
public class LdapUserGroupBuilder extends AbstractUserGroupSource {
    private static final Logger LOG = Logger.getLogger(LdapUserGroupBuilder.class);
    private static final int PAGE_SIZE = 500;
    private String ldapUrl;
    private String ldapBindDn;
    private String ldapBindPassword;
    private String ldapAuthenticationMechanism;
    private String ldapReferral;
    private String searchBase;
    private String[] userSearchBase;
    private String userNameAttribute;
    private int userSearchScope;
    private String userObjectClass;
    private String userSearchFilter;
    private String extendedUserSearchFilter;
    private SearchControls userSearchControls;
    private Set<String> userGroupNameAttributeSet;
    private boolean groupSearchFirstEnabled;
    private boolean userSearchEnabled;
    private String[] groupSearchBase;
    private int groupSearchScope;
    private String groupObjectClass;
    private String groupSearchFilter;
    private String extendedGroupSearchFilter;
    private String extendedAllGroupsSearchFilter;
    private SearchControls groupSearchControls;
    private String groupMemberAttributeName;
    private String groupNameAttribute;
    private int groupHierarchyLevels;
    private LdapContext ldapContext;
    private StartTlsResponse tls;
    private boolean userNameCaseConversionFlag;
    private boolean groupNameCaseConversionFlag;
    private boolean userNameLowerCaseFlag;
    private boolean groupNameLowerCaseFlag;
    private Map<String, UserInfo> userGroupMap;
    private Set<String> allUsers;
    UgsyncAuditInfo ugsyncAuditInfo;
    LdapSyncSourceInfo ldapSyncSourceInfo;
    private boolean pagedResultsEnabled = true;
    private int pagedResultsSize = PAGE_SIZE;
    private boolean groupSearchEnabled = true;

    public static void main(String[] strArr) throws Throwable {
        new LdapUserGroupBuilder().init();
    }

    public LdapUserGroupBuilder() {
        LOG.info("LdapUserGroupBuilder created");
        String userNameCaseConversion = this.config.getUserNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion)) {
            this.userNameCaseConversionFlag = false;
        } else {
            this.userNameCaseConversionFlag = true;
            this.userNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(userNameCaseConversion);
        }
        String groupNameCaseConversion = this.config.getGroupNameCaseConversion();
        if (UserGroupSyncConfig.UGSYNC_NONE_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion)) {
            this.groupNameCaseConversionFlag = false;
        } else {
            this.groupNameCaseConversionFlag = true;
            this.groupNameLowerCaseFlag = UserGroupSyncConfig.UGSYNC_LOWER_CASE_CONVERSION_VALUE.equalsIgnoreCase(groupNameCaseConversion);
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void init() throws Throwable {
        setConfig();
        this.ugsyncAuditInfo = new UgsyncAuditInfo();
        this.ldapSyncSourceInfo = new LdapSyncSourceInfo();
        this.ldapSyncSourceInfo.setLdapUrl(this.ldapUrl);
        this.ldapSyncSourceInfo.setIncrementalSycn("False");
        this.ldapSyncSourceInfo.setUserSearchEnabled(Boolean.toString(this.userSearchEnabled));
        this.ldapSyncSourceInfo.setGroupSearchEnabled(Boolean.toString(this.groupSearchEnabled));
        this.ldapSyncSourceInfo.setGroupSearchFirstEnabled(Boolean.toString(this.groupSearchFirstEnabled));
        this.ldapSyncSourceInfo.setGroupHierarchyLevel(Integer.toString(this.groupHierarchyLevels));
        this.ugsyncAuditInfo.setSyncSource("LDAP/AD");
        this.ugsyncAuditInfo.setLdapSyncSourceInfo(this.ldapSyncSourceInfo);
    }

    private void createLdapContext() throws Throwable {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.provider.url", this.ldapUrl);
        if (this.ldapUrl.startsWith("ldaps") && this.config.getSSLTrustStorePath() != null && !this.config.getSSLTrustStorePath().trim().isEmpty()) {
            properties.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory");
        }
        this.ldapContext = new InitialLdapContext(properties, (Control[]) null);
        if (!this.ldapUrl.startsWith("ldaps") && this.config.isStartTlsEnabled()) {
            this.tls = this.ldapContext.extendedOperation(new StartTlsRequest());
            if (this.config.getSSLTrustStorePath() == null || this.config.getSSLTrustStorePath().trim().isEmpty()) {
                this.tls.negotiate();
            } else {
                this.tls.negotiate(CustomSSLSocketFactory.getDefault());
            }
            LOG.info("Starting TLS session...");
        }
        this.ldapContext.addToEnvironment("java.naming.security.principal", this.ldapBindDn);
        this.ldapContext.addToEnvironment("java.naming.security.credentials", this.ldapBindPassword);
        this.ldapContext.addToEnvironment("java.naming.security.authentication", this.ldapAuthenticationMechanism);
        this.ldapContext.addToEnvironment("java.naming.referral", this.ldapReferral);
    }

    private void setConfig() throws Throwable {
        LOG.info("LdapUserGroupBuilder initialization started");
        this.groupSearchFirstEnabled = this.config.isGroupSearchFirstEnabled();
        this.userSearchEnabled = this.config.isUserSearchEnabled();
        this.groupSearchEnabled = this.config.isGroupSearchEnabled();
        this.ldapUrl = this.config.getLdapUrl();
        this.ldapBindDn = this.config.getLdapBindDn();
        this.ldapBindPassword = this.config.getLdapBindPassword();
        this.ldapAuthenticationMechanism = this.config.getLdapAuthenticationMechanism();
        this.ldapReferral = this.config.getContextReferral();
        this.searchBase = this.config.getSearchBase();
        this.userSearchBase = this.config.getUserSearchBase().split(";");
        this.userSearchScope = this.config.getUserSearchScope();
        this.userObjectClass = this.config.getUserObjectClass();
        this.userSearchFilter = this.config.getUserSearchFilter();
        this.extendedUserSearchFilter = "(objectclass=" + this.userObjectClass + ")";
        if (this.userSearchFilter != null && !this.userSearchFilter.trim().isEmpty()) {
            String trim = this.userSearchFilter.trim();
            if (!trim.startsWith("(")) {
                trim = "(" + trim + ")";
            }
            this.extendedUserSearchFilter = "(&" + this.extendedUserSearchFilter + trim + ")";
        }
        this.userNameAttribute = this.config.getUserNameAttribute();
        HashSet hashSet = new HashSet();
        hashSet.add(this.userNameAttribute);
        if (!this.groupSearchFirstEnabled && !this.groupSearchEnabled) {
            this.userGroupNameAttributeSet = this.config.getUserGroupNameAttributeSet();
            Iterator<String> it = this.userGroupNameAttributeSet.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next());
            }
        }
        this.userSearchControls = new SearchControls();
        this.userSearchControls.setSearchScope(this.userSearchScope);
        this.userSearchControls.setReturningAttributes((String[]) hashSet.toArray(new String[hashSet.size()]));
        this.pagedResultsEnabled = this.config.isPagedResultsEnabled();
        this.pagedResultsSize = this.config.getPagedResultsSize();
        this.groupSearchBase = this.config.getGroupSearchBase().split(";");
        this.groupSearchScope = this.config.getGroupSearchScope();
        this.groupObjectClass = this.config.getGroupObjectClass();
        this.groupSearchFilter = this.config.getGroupSearchFilter();
        this.groupMemberAttributeName = this.config.getUserGroupMemberAttributeName();
        this.groupNameAttribute = this.config.getGroupNameAttribute();
        this.groupHierarchyLevels = this.config.getGroupHierarchyLevels();
        this.extendedGroupSearchFilter = "(objectclass=" + this.groupObjectClass + ")";
        if (this.groupSearchFilter != null && !this.groupSearchFilter.trim().isEmpty()) {
            String trim2 = this.groupSearchFilter.trim();
            if (!trim2.startsWith("(")) {
                trim2 = "(" + trim2 + ")";
            }
            this.extendedGroupSearchFilter += trim2;
        }
        this.extendedAllGroupsSearchFilter = "(&" + this.extendedGroupSearchFilter + ")";
        if (!this.groupSearchFirstEnabled) {
            this.extendedGroupSearchFilter = "(&" + this.extendedGroupSearchFilter + "(|(" + this.groupMemberAttributeName + "={0})(" + this.groupMemberAttributeName + "={1})))";
        }
        this.groupSearchControls = new SearchControls();
        this.groupSearchControls.setSearchScope(this.groupSearchScope);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(this.groupNameAttribute);
        hashSet2.add(this.groupMemberAttributeName);
        this.groupSearchControls.setReturningAttributes((String[]) hashSet2.toArray(new String[hashSet2.size()]));
        if (LOG.isInfoEnabled()) {
            LOG.info("LdapUserGroupBuilder initialization completed with --  ldapUrl: " + this.ldapUrl + ",  ldapBindDn: " + this.ldapBindDn + ",  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: " + this.ldapAuthenticationMechanism + ",  searchBase: " + this.searchBase + ",  userSearchBase: " + Arrays.toString(this.userSearchBase) + ",  userSearchScope: " + this.userSearchScope + ",  userObjectClass: " + this.userObjectClass + ",  userSearchFilter: " + this.userSearchFilter + ",  extendedUserSearchFilter: " + this.extendedUserSearchFilter + ",  userNameAttribute: " + this.userNameAttribute + ",  userSearchAttributes: " + hashSet + ",  userGroupNameAttributeSet: " + this.userGroupNameAttributeSet + ",  pagedResultsEnabled: " + this.pagedResultsEnabled + ",  pagedResultsSize: " + this.pagedResultsSize + ",  groupSearchEnabled: " + this.groupSearchEnabled + ",  groupSearchBase: " + Arrays.toString(this.groupSearchBase) + ",  groupSearchScope: " + this.groupSearchScope + ",  groupObjectClass: " + this.groupObjectClass + ",  groupSearchFilter: " + this.groupSearchFilter + ",  extendedGroupSearchFilter: " + this.extendedGroupSearchFilter + ",  extendedAllGroupsSearchFilter: " + this.extendedAllGroupsSearchFilter + ",  groupMemberAttributeName: " + this.groupMemberAttributeName + ",  groupNameAttribute: " + this.groupNameAttribute + ", groupSearchAttributes: " + hashSet2 + ", groupSearchFirstEnabled: " + this.groupSearchFirstEnabled + ", userSearchEnabled: " + this.userSearchEnabled + ",  ldapReferral: " + this.ldapReferral);
        }
    }

    private void closeLdapContext() throws Throwable {
        if (this.tls != null) {
            this.tls.close();
        }
        if (this.ldapContext != null) {
            this.ldapContext.close();
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public boolean isChanged() {
        return true;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void updateSink(UserGroupSink userGroupSink) throws Throwable {
        LOG.info("LDAPUserGroupBuilder updateSink started");
        this.userGroupMap = new HashMap();
        HashSet hashSet = new HashSet();
        this.allUsers = new HashSet();
        if (this.groupSearchFirstEnabled) {
            LOG.info("Performing Group search first");
            getGroups(userGroupSink, null);
            for (UserInfo userInfo : this.userGroupMap.values()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("userName from map = " + userInfo.getUserFullName());
                }
                String shortName = getShortName(userInfo.getUserFullName());
                if (this.groupHierarchyLevels > 0) {
                    goUpGroupHierarchyLdap(userInfo.getGroupDNs(), this.groupHierarchyLevels - 1, userInfo);
                }
                List<String> groups = userInfo.getGroups();
                hashSet.addAll(groups);
                if (this.userSearchEnabled) {
                    LOG.info("User search is enabled and hence computing user membership.");
                    getUsers(userGroupSink);
                } else {
                    LOG.info("User search is disabled and hence using the group member attribute for username" + shortName);
                    hashSet.addAll(groups);
                    this.allUsers.add(shortName);
                    if (this.userNameCaseConversionFlag) {
                        shortName = this.userNameLowerCaseFlag ? shortName.toLowerCase() : shortName.toUpperCase();
                    }
                    if (this.userNameRegExInst != null) {
                        shortName = this.userNameRegExInst.transform(shortName);
                    }
                    try {
                        userGroupSink.addOrUpdateUser(shortName, groups);
                    } catch (Throwable th) {
                        LOG.error("sink.addOrUpdateUser failed with exception: " + th.getMessage() + ", for user: " + shortName + ", groups: " + groups);
                    }
                }
            }
            this.ldapSyncSourceInfo.setUserSearchFilter(this.extendedUserSearchFilter);
            this.ldapSyncSourceInfo.setGroupSearchFilter(this.extendedAllGroupsSearchFilter);
            this.ldapSyncSourceInfo.setTotalUsersSynced(this.allUsers.size());
            this.ldapSyncSourceInfo.setTotalGroupsSynced(hashSet.size());
            try {
                userGroupSink.postUserGroupAuditInfo(this.ugsyncAuditInfo);
                return;
            } catch (Throwable th2) {
                LOG.error("sink.postUserGroupAuditInfo failed with exception: " + th2.getMessage());
                return;
            }
        }
        LOG.info("Performing user search first");
        getUsers(userGroupSink);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Total No. of users saved = " + this.userGroupMap.size());
        }
        if (!this.groupSearchEnabled && this.groupHierarchyLevels > 0) {
            getRootDN();
        }
        for (UserInfo userInfo2 : this.userGroupMap.values()) {
            String userName = userInfo2.getUserName();
            if (this.groupSearchEnabled) {
                LOG.info("groupSearch is enabled, would search for groups and compute memberships");
                getGroups(userGroupSink, userInfo2);
            }
            if (this.groupHierarchyLevels > 0) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Going through group hierarchy for nested group evaluation");
                }
                goUpGroupHierarchyLdap(userInfo2.getGroupDNs(), this.groupHierarchyLevels - 1, userInfo2);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Completed group hierarchy computation");
                }
            }
            List<String> groups2 = userInfo2.getGroups();
            hashSet.addAll(groups2);
            if (LOG.isDebugEnabled()) {
                LOG.debug("updateSink(): group list for " + userName + " = " + groups2);
            }
            if (this.userNameCaseConversionFlag) {
                userName = this.userNameLowerCaseFlag ? userName.toLowerCase() : userName.toUpperCase();
            }
            if (this.userNameRegExInst != null) {
                userName = this.userNameRegExInst.transform(userName);
            }
            try {
                userGroupSink.addOrUpdateUser(userName, groups2);
            } catch (Throwable th3) {
                LOG.error("sink.addOrUpdateUser failed with exception: " + th3.getMessage() + ", for user: " + userName + ", groups: " + groups2);
            }
        }
        this.ldapSyncSourceInfo.setUserSearchFilter(this.extendedUserSearchFilter);
        this.ldapSyncSourceInfo.setGroupSearchFilter(this.extendedAllGroupsSearchFilter);
        this.ldapSyncSourceInfo.setTotalUsersSynced(this.allUsers.size());
        this.ldapSyncSourceInfo.setTotalGroupsSynced(hashSet.size());
        try {
            userGroupSink.postUserGroupAuditInfo(this.ugsyncAuditInfo);
        } catch (Throwable th4) {
            LOG.error("sink.postUserGroupAuditInfo failed with exception: " + th4.getMessage());
        }
    }

    private void getUsers(UserGroupSink userGroupSink) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        NamingEnumeration namingEnumeration2 = null;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            for (String str : this.userSearchBase) {
                byte[] bArr = null;
                int i = 0;
                int i2 = 0;
                do {
                    try {
                        namingEnumeration = this.ldapContext.search(str, this.extendedUserSearchFilter, this.userSearchControls);
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult != null) {
                                Attributes attributes = searchResult.getAttributes();
                                if (attributes != null) {
                                    Attribute attribute = attributes.get(this.userNameAttribute);
                                    if (attribute != null) {
                                        String str2 = (String) attribute.get();
                                        if (str2 == null || str2.trim().isEmpty()) {
                                            if (LOG.isInfoEnabled()) {
                                                LOG.info(this.userNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                            }
                                        } else if (str2.split("[/@]").length != 1) {
                                            if (LOG.isInfoEnabled()) {
                                                LOG.info("user: " + str2 + "is Machine-Machnie user, skipping sync");
                                            }
                                        } else if (this.groupSearchFirstEnabled) {
                                            String lowerCase = searchResult.getNameInNamespace().toLowerCase();
                                            if (LOG.isDebugEnabled()) {
                                                LOG.debug("Checking if the user " + lowerCase + " is part of the retrieved groups");
                                            }
                                            UserInfo userInfo = this.userGroupMap.get(lowerCase);
                                            if (userInfo == null) {
                                                userInfo = this.userGroupMap.get(str2.toLowerCase());
                                            }
                                            if (userInfo != null) {
                                                i++;
                                                LOG.info("Updating username for " + lowerCase + " with " + str2);
                                                userInfo.updateUserName(str2);
                                                this.allUsers.add(str2);
                                                List<String> groups = userInfo.getGroups();
                                                if (this.userNameCaseConversionFlag) {
                                                    str2 = this.userNameLowerCaseFlag ? str2.toLowerCase() : str2.toUpperCase();
                                                }
                                                if (this.userNameRegExInst != null) {
                                                    str2 = this.userNameRegExInst.transform(str2);
                                                }
                                                try {
                                                    userGroupSink.addOrUpdateUser(str2, groups);
                                                } catch (Throwable th) {
                                                    LOG.error("sink.addOrUpdateUser failed with exception: " + th.getMessage() + ", for user: " + str2 + ", groups: " + groups);
                                                }
                                            }
                                        } else {
                                            UserInfo userInfo2 = new UserInfo(str2, searchResult.getNameInNamespace());
                                            HashSet hashSet = new HashSet();
                                            if (!this.groupSearchEnabled) {
                                                Iterator<String> it = this.userGroupNameAttributeSet.iterator();
                                                while (it.hasNext()) {
                                                    Attribute attribute2 = searchResult.getAttributes().get(it.next());
                                                    if (attribute2 != null) {
                                                        NamingEnumeration all = attribute2.getAll();
                                                        while (all.hasMore()) {
                                                            String str3 = (String) all.next();
                                                            if (LOG.isDebugEnabled()) {
                                                                LOG.debug("Adding " + str3 + " to " + str2);
                                                            }
                                                            userInfo2.addGroupDN(str3);
                                                            String shortName = getShortName(str3);
                                                            if (this.groupNameCaseConversionFlag) {
                                                                shortName = this.groupNameLowerCaseFlag ? shortName.toLowerCase() : shortName.toUpperCase();
                                                            }
                                                            if (this.groupNameRegExInst != null) {
                                                                shortName = this.groupNameRegExInst.transform(shortName);
                                                            }
                                                            hashSet.add(shortName);
                                                        }
                                                    }
                                                }
                                            }
                                            userInfo2.addGroups(hashSet);
                                            if (this.userGroupMap.containsKey(str2)) {
                                                LOG.warn("user object with username " + str2 + " already exists and is replaced with the latest user object.");
                                            }
                                            this.userGroupMap.put(str2, userInfo2);
                                            this.allUsers.add(str2);
                                            List<String> groups2 = userInfo2.getGroups();
                                            i++;
                                            if (i <= 2000) {
                                                if (LOG.isInfoEnabled()) {
                                                    LOG.info("Updating user count: " + i + ", userName: " + str2 + ", groupList: " + groups2);
                                                }
                                                if (i == 2000) {
                                                    LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                                                }
                                            } else if (LOG.isTraceEnabled()) {
                                                LOG.trace("Updating user count: " + i + ", userName: " + str2 + ", groupList: " + groups2);
                                            } else if (i % 100 == 0) {
                                                LOG.info("Synced " + i + " users till now");
                                            }
                                        }
                                    } else if (LOG.isInfoEnabled()) {
                                        LOG.info(this.userNameAttribute + " missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                    }
                                } else if (LOG.isInfoEnabled()) {
                                    LOG.info("attributes  missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                }
                            } else if (LOG.isInfoEnabled()) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                                if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl2 = pagedResultsResponseControl;
                                    int resultSize = pagedResultsResponseControl2.getResultSize();
                                    if (resultSize != 0) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : " + resultSize);
                                        }
                                    } else if (LOG.isDebugEnabled()) {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl2.getCookie();
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            if (LOG.isDebugEnabled()) {
                                i2++;
                                LOG.debug(String.format("Fetched paged results round: %s", Integer.valueOf(i2)));
                            }
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                        }
                    } catch (Throwable th2) {
                        LOG.error("LDAPUserGroupBuilder.getUsers() failed with exception: " + th2);
                        LOG.info("LDAPUserGroupBuilder.getUsers() user count: " + i);
                    }
                } while (bArr != null);
                LOG.info("LDAPUserGroupBuilder.getUsers() completed with user count: " + i);
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                namingEnumeration2.close();
            }
            closeLdapContext();
        }
    }

    private void getGroups(UserGroupSink userGroupSink, UserInfo userInfo) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            for (String str : this.groupSearchBase) {
                byte[] bArr = null;
                int i = 0;
                int i2 = 0;
                do {
                    try {
                        if (this.groupSearchFirstEnabled) {
                            namingEnumeration = this.ldapContext.search(str, this.extendedAllGroupsSearchFilter, this.groupSearchControls);
                        } else {
                            if (userInfo == null) {
                                LOG.error("No user information provided for group search!");
                                if (namingEnumeration != null) {
                                    namingEnumeration.close();
                                }
                                closeLdapContext();
                                return;
                            }
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Searching for groups for user " + userInfo.getUserName() + " using filter " + String.format(this.extendedGroupSearchFilter, userInfo.getUserFullName(), userInfo.getUserName()));
                            }
                            namingEnumeration = this.ldapContext.search(str, this.extendedGroupSearchFilter, new Object[]{userInfo.getUserFullName(), userInfo.getUserName()}, this.groupSearchControls);
                        }
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult != null) {
                                i++;
                                Attribute attribute = searchResult.getAttributes().get(this.groupNameAttribute);
                                if (attribute != null) {
                                    String nameInNamespace = searchResult.getNameInNamespace();
                                    String str2 = (String) attribute.get();
                                    if (this.groupNameCaseConversionFlag) {
                                        str2 = this.groupNameLowerCaseFlag ? str2.toLowerCase() : str2.toUpperCase();
                                    }
                                    if (this.groupNameRegExInst != null) {
                                        str2 = this.groupNameRegExInst.transform(str2);
                                    }
                                    if (this.groupSearchFirstEnabled) {
                                        Attribute attribute2 = searchResult.getAttributes().get(this.groupMemberAttributeName);
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("Update Ranger admin with " + str2);
                                        }
                                        int i3 = 0;
                                        if (attribute2 == null || attribute2.size() <= 0) {
                                            LOG.info("No members available for " + str2);
                                            userGroupSink.addOrUpdateGroup(str2, new HashMap(), null);
                                        } else {
                                            userGroupSink.addOrUpdateGroup(str2, new HashMap());
                                            NamingEnumeration all = attribute2.getAll();
                                            while (all.hasMore()) {
                                                String str3 = (String) all.next();
                                                if (str3 != null && !str3.trim().isEmpty()) {
                                                    String lowerCase = str3.toLowerCase();
                                                    i3++;
                                                    if (this.userGroupMap.containsKey(lowerCase)) {
                                                        userInfo = this.userGroupMap.get(lowerCase);
                                                    } else {
                                                        userInfo = new UserInfo(lowerCase, str3);
                                                        this.userGroupMap.put(lowerCase, userInfo);
                                                    }
                                                    LOG.info("Adding " + str2 + " to user " + userInfo.getUserFullName());
                                                    userInfo.addGroup(str2);
                                                    userInfo.addGroupDN(nameInNamespace);
                                                }
                                            }
                                            LOG.info("No. of members in the group " + str2 + " = " + i3);
                                        }
                                    } else {
                                        if (LOG.isInfoEnabled()) {
                                            LOG.info("computed groups for user: " + userInfo.getUserName() + ", groups: " + str2);
                                        }
                                        userInfo.addGroupDN(nameInNamespace);
                                        userInfo.addGroup(str2);
                                    }
                                } else if (LOG.isInfoEnabled()) {
                                    LOG.info(this.groupNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                }
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                                if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl2 = pagedResultsResponseControl;
                                    int resultSize = pagedResultsResponseControl2.getResultSize();
                                    if (resultSize != 0) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : " + resultSize);
                                        }
                                    } else if (LOG.isDebugEnabled()) {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl2.getCookie();
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            if (LOG.isDebugEnabled()) {
                                i2++;
                                LOG.debug(String.format("Fetched paged results round: %s", Integer.valueOf(i2)));
                            }
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                        }
                    } catch (Throwable th) {
                        LOG.error("LDAPUserGroupBuilder.getGroups() failed with exception: " + th);
                        LOG.info("LDAPUserGroupBuilder.getGroups() group count: " + i);
                    }
                } while (bArr != null);
                LOG.info("LDAPUserGroupBuilder.getGroups() completed with group count: " + i);
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }

    private static String getShortName(String str) {
        Object obj;
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String str2 = "";
        try {
            List rdns = new LdapName(str).getRdns();
            for (int size = rdns.size() - 1; size >= 0; size--) {
                if (StringUtils.isNotEmpty(str2)) {
                    break;
                }
                Attributes attributes = ((Rdn) rdns.get(size)).toAttributes();
                try {
                    Attribute attribute = attributes.get("uid");
                    if (attribute != null) {
                        Object obj2 = attribute.get();
                        if (obj2 != null) {
                            str2 = obj2.toString();
                        }
                    } else {
                        Attribute attribute2 = attributes.get("cn");
                        if (attribute2 != null && (obj = attribute2.get()) != null) {
                            str2 = obj.toString();
                        }
                    }
                } catch (NamingException e) {
                    str2 = str;
                } catch (NoSuchElementException e2) {
                    str2 = str;
                }
            }
        } catch (InvalidNameException e3) {
            str2 = str;
        }
        LOG.info("longName: " + str + ", userName: " + str2);
        return str2;
    }

    private void goUpGroupHierarchyLdap(Set<String> set, int i, UserInfo userInfo) throws Throwable {
        if (LOG.isDebugEnabled()) {
            LOG.debug("goUpGroupHierarchyLdap(): Incoming groups " + set);
        }
        if (i <= 0 || set.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet();
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                createLdapContext();
                if (this.pagedResultsEnabled) {
                    this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
                }
                String str = "(&(objectclass=" + this.groupObjectClass + ")";
                if (this.groupSearchFilter != null && !this.groupSearchFilter.trim().isEmpty()) {
                    String trim = this.groupSearchFilter.trim();
                    if (!trim.startsWith("(")) {
                        trim = "(" + trim + ")";
                    }
                    str = str + trim + "(|";
                }
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    sb.append("(").append(this.groupMemberAttributeName).append("=").append(it.next()).append(")");
                }
                sb.append("))");
                String str2 = str + ((Object) sb);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("extendedAllGroupsSearchFilter = " + str2);
                }
                for (String str3 : this.groupSearchBase) {
                    byte[] bArr = null;
                    int i2 = 0;
                    do {
                        try {
                            namingEnumeration = this.ldapContext.search(str3, str2, this.groupSearchControls);
                            while (namingEnumeration.hasMore()) {
                                SearchResult searchResult = (SearchResult) namingEnumeration.next();
                                if (searchResult != null) {
                                    i2++;
                                    Attribute attribute = searchResult.getAttributes().get(this.groupNameAttribute);
                                    if (attribute != null) {
                                        hashSet.add(searchResult.getNameInNamespace());
                                        String str4 = (String) attribute.get();
                                        if (this.groupNameCaseConversionFlag) {
                                            str4 = this.groupNameLowerCaseFlag ? str4.toLowerCase() : str4.toUpperCase();
                                        }
                                        if (this.groupNameRegExInst != null) {
                                            str4 = this.groupNameRegExInst.transform(str4);
                                        }
                                        userInfo.addGroup(str4);
                                    } else if (LOG.isInfoEnabled()) {
                                        LOG.info(this.groupNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                    }
                                } else if (LOG.isInfoEnabled()) {
                                    LOG.info("groupEntry null, skipping sync for the entry");
                                }
                            }
                            PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                            if (responseControls != null) {
                                for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                                    if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                        PagedResultsResponseControl pagedResultsResponseControl2 = pagedResultsResponseControl;
                                        int resultSize = pagedResultsResponseControl2.getResultSize();
                                        if (resultSize != 0) {
                                            if (LOG.isDebugEnabled()) {
                                                LOG.debug("END-OF-PAGE total : " + resultSize);
                                            }
                                        } else if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : unknown");
                                        }
                                        bArr = pagedResultsResponseControl2.getCookie();
                                    }
                                }
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("No controls were sent from the server");
                            }
                            if (this.pagedResultsEnabled) {
                                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(PAGE_SIZE, bArr, true)});
                            }
                        } catch (RuntimeException e) {
                            LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", e);
                            throw e;
                        } catch (Exception e2) {
                            LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", e2);
                            LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + i2);
                        }
                    } while (bArr != null);
                    LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + i2);
                }
                goUpGroupHierarchyLdap(hashSet, i - 1, userInfo);
            } catch (RuntimeException e3) {
                LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", e3);
                throw e3;
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }

    private void getRootDN() throws Throwable {
        NamingEnumeration namingEnumeration = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        searchControls.setReturningAttributes(new String[]{"namingContexts"});
        try {
            try {
                createLdapContext();
                namingEnumeration = this.ldapContext.search("", "objectclass=*", searchControls);
                while (namingEnumeration.hasMore()) {
                    Attribute attribute = ((SearchResult) namingEnumeration.next()).getAttributes().get("namingContexts");
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("namingContexts = " + attribute);
                    }
                    this.groupSearchBase = new String[]{attribute.get(0).toString()};
                    LOG.info("RootDN = " + Arrays.toString(this.groupSearchBase));
                }
                if (namingEnumeration != null) {
                    namingEnumeration.close();
                }
                closeLdapContext();
            } catch (RuntimeException e) {
                throw e;
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
            throw th;
        }
    }
}
