package com.iplanet.im.server;

import com.iplanet.im.net.UserSearchReply;
import com.iplanet.im.net.iIMGroup;
import com.iplanet.im.net.iIMPrincipal;
import com.iplanet.im.net.iIMUser;
import com.iplanet.im.util.SafeResourceBundle;
import com.iplanet.im.util.StringUtility;
import com.sun.im.identity.util.Auth;
import com.sun.im.service.PresenceHelper;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.CommunicationException;
import javax.naming.LimitExceededException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.InvalidSearchFilterException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:115732-09/SUNWiim/reloc/SUNWiim/classes/imserv.jar:com/iplanet/im/server/LDAPRealm.class */
public class LDAPRealm extends Realm {
    private static final String rootConfigName = "iim_ldap.searchbase";
    private static final String serverConfigName = "iim_ldap.host";
    private static final String groupSearchFilterName = "iim_ldap.groupbrowsefilter";
    private static final String userSearchFilterName = "iim_ldap.userbrowsefilter";
    private static final String searchByIDFilterName = "iim_ldap.usergroupbyidsearchfilter";
    private static final String searchByNameFilterName = "iim_ldap.usergroupbynamesearchfilter";
    private static final String allowWildCardInIdName = "iim_ldap.allowwildcardinuid";
    private static final String loginFilterName = "iim_ldap.loginfilter";
    private static final String userClassName = "iim_ldap.userclass";
    private static final String groupClassName = "iim_ldap.groupclass";
    private static final String ldapUserNameName = "iim_ldap.usergroupbinddn";
    private static final String ldapPasswordName = "iim_ldap.usergroupbindcred";
    private static final String useIdentityAdminName = "iim_ldap.useidentityadmin";
    private static final String groupDisplayAttrName = "iim_ldap.groupdisplay";
    private static final String userAttributesName = "iim_ldap.user.attributes";
    private static final String groupAttributesName = "iim_ldap.group.attributes";
    private static final String userDisplayAttrName = "iim_ldap.userdisplay";
    private static final String userUIDAttrName = "iim_ldap.useruidattr";
    private static final String groupMemberAttrName = "iim_ldap.groupmemberattr";
    private static final String userMailAttrName = "iim_ldap.usermailattr";
    private static final String groupMemberURLAttrName = "iim_ldap.groupmemberurlattr";
    private static final String roleFilterAttrName = "iim_ldap.rolefilterattr";
    private static final String roleDNAttrName = "iim_ldap.rolednattr";
    private static final String managedRoleObjectClassName = "iim_ldap.managedroleobjectclass";
    private static final String searchLimitName = "iim_ldap.searchlimit";
    private static final String maxContextsName = "iim_ldap.maxconns";
    private static final String groupSearchFilterDef = "(objectclass=groupofuniquenames)";
    private static final String userSearchFilterDef = "(objectclass=inetorgperson)";
    private static final String searchByIDFilterDef = "(|(&(objectclass=groupofuniquenames)(uid={0}))(&(objectclass=inetorgperson)(uid={0})))";
    private static final String searchByNameFilterDef = "(|(&(objectclass=groupofuniquenames)(cn={0}))(&(objectclass=inetorgperson)(cn={0})))";
    private static final String loginFilterDef = "(&(objectclass=inetorgperson)(uid={0}))";
    private static final String userClassDef = "inetOrgPerson";
    private static final String groupClassDef = "groupOfUniqueNames";
    private static final String orgDepthName = "iim_ldap.orgdepth";
    private static final String groupDisplayAttrDef = "cn";
    private static final String userDisplayAttrDef = "cn";
    private static final String userUIDAttrDef = "uid";
    private static final String userMailAttrDef = "mail";
    private static final String groupMemberAttrDef = "uniquemember";
    private static final String groupMemberURLAttrDef = "memberurl";
    private static final String managedRoleObjectClassDef = "nsManagedRoleDefinition";
    private static final String roleFilterAttrDef = "nsRoleFilter";
    private static final String roleDNAttrDef = "nsRoleDN";
    private static final String userDomainAttrDef = "sunPreferredDomain";
    private static int _orgDepth = 0;
    private String[] userAttributeArray;
    private String[] groupAttributeArray;
    private String[] userGroupAttributeArray;
    String root;
    private String server;
    private int searchLimit;
    private String groupSearchFilter;
    private String userSearchFilter;
    private String loginFilter;
    private String searchByNameFilter;
    private String searchByIDFilter;
    String ldapUserName;
    String ldapPassword;
    private boolean allowWildCardInId;
    String groupDisplayAttr;
    String userDisplayAttr;
    String userUIDAttr;
    String userMailAttr;
    String groupMemberAttr;
    String groupMemberURLAttr;
    String roleFilterAttr;
    String roleDNAttr;
    private String managedRoleObjectClass;
    int authcount;
    private int _maxContexts;
    private ArrayList userClass = new ArrayList();
    private ArrayList groupClass = new ArrayList();
    private Vector _contexts = new Vector();
    SafeResourceBundle res = new SafeResourceBundle(NMS.RESOURCEBUNDLENAME);
    HashSet userAttributeSet = new HashSet(7);
    HashSet groupAttributeSet = new HashSet(7);

    private synchronized DirContext getContext() throws RealmException {
        int size = this._contexts.size();
        if (size > 0) {
            Log.out.debug("[LDAP] At least one LDAP connection available");
            DirContext dirContext = (DirContext) this._contexts.elementAt(size - 1);
            this._contexts.removeElementAt(size - 1);
            return dirContext;
        }
        Log.out.debug("[LDAP] No LDAP connection available. Empty LDAP pool so create a new one");
        try {
            Log.out.debug("[LDAP] Connecting to LDAP server");
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", new StringBuffer().append("ldap://").append(this.server).toString());
            if (this.ldapUserName.length() > 0) {
                Log.out.debug(new StringBuffer().append("[LDAP] ldap binding to ").append(this.ldapUserName).toString());
                hashtable.put("java.naming.security.principal", this.ldapUserName);
                hashtable.put("java.naming.security.credentials", this.ldapPassword);
            }
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            Log.out.debug("[LDAP] Connected to LDAP server");
            return initialDirContext;
        } catch (Exception e) {
            String stringBuffer = new StringBuffer().append("[LDAP] Connection error ").append(e.toString()).toString();
            Log.out.error(stringBuffer);
            throw new RealmException(stringBuffer);
        }
    }

    private synchronized void recycleContext(DirContext dirContext) {
        if (dirContext == null) {
            return;
        }
        if (this._contexts.size() < this._maxContexts) {
            this._contexts.addElement(dirContext);
        } else {
            Log.out.debug("[LDAP] Too many LDAP connections. So let the GC get it");
            try {
                dirContext.close();
            } catch (Exception e) {
            }
        }
    }

    public LDAPRealm() throws RealmException, FileNotFoundException, IOException {
        this.userAttributeArray = null;
        this.groupAttributeArray = null;
        this.userGroupAttributeArray = null;
        this.root = PresenceHelper.PIDF_XMLNS;
        this.server = PresenceHelper.PIDF_XMLNS;
        this.searchLimit = 40;
        this.groupSearchFilter = groupSearchFilterDef;
        this.userSearchFilter = userSearchFilterDef;
        this.loginFilter = loginFilterDef;
        this.searchByNameFilter = searchByNameFilterDef;
        this.searchByIDFilter = searchByIDFilterDef;
        this.ldapUserName = PresenceHelper.PIDF_XMLNS;
        this.ldapPassword = PresenceHelper.PIDF_XMLNS;
        this.allowWildCardInId = false;
        this.groupDisplayAttr = "cn";
        this.userDisplayAttr = "cn";
        this.userUIDAttr = "uid";
        this.userMailAttr = userMailAttrDef;
        this.groupMemberAttr = groupMemberAttrDef;
        this.groupMemberURLAttr = groupMemberURLAttrDef;
        this.roleFilterAttr = roleFilterAttrDef;
        this.roleDNAttr = roleDNAttrDef;
        this.managedRoleObjectClass = managedRoleObjectClassDef;
        this._maxContexts = 10;
        ServerConfig serverConfig = ServerConfig.getServerConfig();
        this.root = removeSpaces(serverConfig.getSetting(rootConfigName, PresenceHelper.PIDF_XMLNS));
        this.server = serverConfig.getSetting(serverConfigName, PresenceHelper.PIDF_XMLNS);
        this.groupSearchFilter = serverConfig.getSetting(groupSearchFilterName, groupSearchFilterDef);
        this.userSearchFilter = serverConfig.getSetting(userSearchFilterName, userSearchFilterDef);
        this.loginFilter = serverConfig.getSetting(loginFilterName, loginFilterDef);
        this.searchByIDFilter = serverConfig.getSetting(searchByIDFilterName, searchByIDFilterDef);
        this.searchByNameFilter = serverConfig.getSetting(searchByNameFilterName, searchByNameFilterDef);
        StringTokenizer stringTokenizer = new StringTokenizer(serverConfig.getSetting(userClassName, userClassDef), ",");
        while (stringTokenizer.hasMoreTokens()) {
            this.userClass.add(stringTokenizer.nextToken().trim().toLowerCase());
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(serverConfig.getSetting(groupClassName, groupClassDef), ",");
        while (stringTokenizer2.hasMoreTokens()) {
            this.groupClass.add(stringTokenizer2.nextToken().trim().toLowerCase());
        }
        this.userDisplayAttr = serverConfig.getSetting(userDisplayAttrName, "cn");
        this.userAttributeSet.add(this.userDisplayAttr);
        this.userUIDAttr = serverConfig.getSetting(userUIDAttrName, "uid");
        this.userAttributeSet.add(this.userUIDAttr);
        this.userMailAttr = serverConfig.getSetting(userMailAttrName, userMailAttrDef);
        this.userAttributeSet.add(this.userMailAttr);
        StringTokenizer stringTokenizer3 = new StringTokenizer(serverConfig.getSetting(userAttributesName, PresenceHelper.PIDF_XMLNS), ",");
        while (stringTokenizer3.hasMoreTokens()) {
            this.userAttributeSet.add(stringTokenizer3.nextToken().trim().toLowerCase());
        }
        this.userAttributeArray = new String[this.userAttributeSet.size()];
        int i = 0;
        Iterator it = this.userAttributeSet.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            this.userAttributeArray[i2] = (String) it.next();
        }
        this.groupMemberAttr = serverConfig.getSetting(groupMemberAttrName, groupMemberAttrDef);
        this.groupAttributeSet.add(this.groupMemberAttr);
        this.groupDisplayAttr = serverConfig.getSetting(groupDisplayAttrName, "cn");
        this.groupAttributeSet.add(this.groupDisplayAttr);
        this.groupMemberURLAttr = serverConfig.getSetting(groupMemberURLAttrName, groupMemberURLAttrDef);
        this.groupAttributeSet.add(this.groupMemberURLAttr);
        this.roleFilterAttr = serverConfig.getSetting(roleFilterAttrName, roleFilterAttrDef);
        this.roleDNAttr = serverConfig.getSetting(roleDNAttrName, roleDNAttrDef);
        this.managedRoleObjectClass = serverConfig.getSetting(managedRoleObjectClassName, managedRoleObjectClassDef);
        StringTokenizer stringTokenizer4 = new StringTokenizer(serverConfig.getSetting(groupAttributesName, PresenceHelper.PIDF_XMLNS), ",");
        while (stringTokenizer4.hasMoreTokens()) {
            this.groupAttributeSet.add(stringTokenizer4.nextToken().trim().toLowerCase());
        }
        this.groupAttributeArray = new String[this.groupAttributeSet.size()];
        int i3 = 0;
        Iterator it2 = this.groupAttributeSet.iterator();
        while (it2.hasNext()) {
            int i4 = i3;
            i3++;
            this.groupAttributeArray[i4] = (String) it2.next();
        }
        this.userAttributeSet.addAll(this.groupAttributeSet);
        this.userAttributeSet.add("objectclass");
        this.userGroupAttributeArray = new String[this.userAttributeSet.size()];
        int i5 = 0;
        Iterator it3 = this.userAttributeSet.iterator();
        while (it3.hasNext()) {
            int i6 = i5;
            i5++;
            this.userGroupAttributeArray[i6] = (String) it3.next();
        }
        String setting = serverConfig.getSetting(searchLimitName);
        if (setting != null && setting.length() != 0) {
            this.searchLimit = Integer.parseInt(setting);
        }
        String setting2 = serverConfig.getSetting(maxContextsName);
        if (setting2 != null && setting2.length() != 0) {
            this._maxContexts = Integer.parseInt(setting2);
        }
        if (serverConfig.getSetting(allowWildCardInIdName, "false").equalsIgnoreCase("true")) {
            this.allowWildCardInId = true;
        }
        this.ldapUserName = serverConfig.getSetting(ldapUserNameName, PresenceHelper.PIDF_XMLNS);
        this.ldapPassword = serverConfig.getSetting(ldapPasswordName, PresenceHelper.PIDF_XMLNS);
        String setting3 = serverConfig.getSetting(orgDepthName);
        if (setting3 != null && setting3.length() > 0) {
            _orgDepth = Integer.parseInt(setting3);
        }
        boolean z = false;
        try {
            z = StringUtility.getBoolean(serverConfig.getSetting(useIdentityAdminName));
        } catch (Exception e) {
        }
        if (z) {
            this.ldapUserName = Auth.getAdminDN();
            this.ldapPassword = Auth.getAdminPassword();
        }
    }

    public String getAdminDN() {
        return this.ldapUserName;
    }

    public String getAdminPassword() {
        return this.ldapPassword;
    }

    @Override // com.iplanet.im.server.Realm
    public void stop() {
        try {
            synchronized (this._contexts) {
                for (int i = 0; i < this._contexts.size(); i++) {
                    ((DirContext) this._contexts.elementAt(i)).close();
                }
                this._contexts.removeAllElements();
            }
        } catch (Exception e) {
            Log.out.warning(new StringBuffer().append("[LDAP] exception closing all ldap contexts ").append(e).toString());
        }
    }

    @Override // com.iplanet.im.server.Realm
    public NMSGroup _getNMSGroup(iIMPrincipal iimprincipal, iIMGroup iimgroup) throws RealmException {
        Attribute attribute;
        int i = 0;
        String removeSpaces = removeSpaces(iimgroup.getName());
        while (i < 2) {
            DirContext context = getContext();
            try {
                NMSGroup nMSGroup = new NMSGroup(iimgroup, this);
                Attributes attributes = context.getAttributes(removeSpaces, this.groupAttributeArray);
                Vector vector = new Vector();
                if (attributes != null && (attribute = attributes.get(this.groupMemberAttr)) != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all != null && all.hasMore()) {
                        vector.add(removeSpaces(all.next().toString()));
                    }
                }
                for (int i2 = 0; i2 < vector.size(); i2++) {
                    iIMUser _getiIMUser = _getiIMUser(iimprincipal, (String) vector.elementAt(i2));
                    if (_getiIMUser != null) {
                        nMSGroup.addMember(_getiIMUser);
                    }
                }
                return nMSGroup;
            } catch (CommunicationException e) {
                try {
                    Log.out.error(new StringBuffer().append(this.res.getString("Getting_group")).append(removeSpaces).append(" : ").append(e).toString());
                    try {
                        context.close();
                    } catch (Exception e2) {
                    }
                    i++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e3) {
                    }
                    recycleContext(null);
                } finally {
                    recycleContext(context);
                }
            } catch (Exception e4) {
                Log.out.printStackTrace(e4);
                String stringBuffer = new StringBuffer().append(this.res.getString("Getting_group")).append(removeSpaces).append(" : ").append(e4).toString();
                Log.out.error(stringBuffer);
                throw new RealmException(stringBuffer);
            }
        }
        String stringBuffer2 = new StringBuffer().append(this.res.getString("Getting_group")).append(removeSpaces).toString();
        Log.out.error(stringBuffer2);
        throw new RealmException(stringBuffer2);
    }

    public iIMGroup[] _getiIMGroups() throws RealmException {
        throw new RealmException("Cannot search all groups");
    }

    private iIMGroup createGroup(Attributes attributes, String str, String str2) throws NamingException, RealmException {
        iIMGroup iimgroup;
        Attribute attribute;
        Attribute attribute2;
        String str3 = str;
        Attribute attribute3 = attributes.get(this.groupDisplayAttr);
        if (attribute3 != null) {
            str3 = attribute3.get().toString();
        } else {
            Log.out.info(new StringBuffer().append("[LDAP] ").append(str).append(" has no value for ").append(this.groupDisplayAttr).toString());
        }
        String str4 = null;
        String searchBase = getSearchBase(str2);
        Attribute attribute4 = attributes.get(this.groupMemberURLAttr);
        if (attribute4 != null) {
            str4 = attribute4.get().toString();
            if (str4.startsWith("ldap:")) {
                try {
                    String[] parseLDAPURL = parseLDAPURL(str4, this.root);
                    searchBase = parseLDAPURL[0];
                    str4 = parseLDAPURL[1];
                } catch (Exception e) {
                    Log.out.printStackTrace(e);
                    str4 = null;
                }
            }
        }
        if (str4 == null && (attribute2 = attributes.get(this.roleFilterAttr)) != null) {
            str4 = new StringBuffer().append("(").append(attribute2.get().toString()).append(")").toString();
        }
        if (str4 == null && (attribute = attributes.get("objectclass")) != null && attribute.contains(this.managedRoleObjectClass)) {
            str4 = new StringBuffer().append("(").append(this.roleDNAttr).append("=").append(str).append(")").toString();
        }
        if (str4 != null) {
            if (str4.length() > 0 && !str4.startsWith("(")) {
                str4 = new StringBuffer().append("(").append(str4).append(")").toString();
            }
            String stringBuffer = new StringBuffer().append("(&").append(str4).append(this.userSearchFilter).append(")").toString();
            Log.out.debug(new StringBuffer().append("[LDAP] Found dynamic group: ").append(str3).append(" <").append(str).append("> ").append(stringBuffer).toString());
            iimgroup = new iIMGroup(str, str2, str3, stringBuffer, searchBase);
        } else {
            Log.out.debug(new StringBuffer().append("[LDAP] Found static group: ").append(str3).append(" <").append(str).append(">").toString());
            iimgroup = new iIMGroup(str, str2, str3);
        }
        setAttributes(iimgroup, attributes);
        return iimgroup;
    }

    private iIMUser createUser(Attributes attributes, String str, String str2) throws NamingException {
        String str3 = str;
        Attribute attribute = attributes.get(this.userUIDAttr);
        if (attribute != null) {
            str3 = attribute.get().toString();
        }
        if (str3 == null) {
            Log.out.error(new StringBuffer().append("[LDAP] Cannot find a UID attribute for user ").append(str3).toString());
            return null;
        }
        Attribute attribute2 = attributes.get(this.userDisplayAttr);
        String trim = attribute2 != null ? attribute2.get().toString().trim() : str3;
        String str4 = null;
        Attribute attribute3 = attributes.get(this.userMailAttr);
        if (attribute3 != null) {
            str4 = attribute3.get().toString();
        } else {
            Log.out.info(new StringBuffer().append("[LDAP] Cannot find mail address for user ").append(str3).toString());
        }
        iIMUser iimuser = new iIMUser(StringUtility.quoteSpecialCharacters(str3), str2, trim, str4);
        iimuser.setDistinguishedName(str);
        iimuser.setAttribute("dn", str);
        setAttributes(iimuser, attributes);
        return iimuser;
    }

    @Override // com.iplanet.im.server.Realm
    public iIMGroup _getiIMGroup(iIMPrincipal iimprincipal, String str) throws RealmException {
        return _getiIMGroup(getSearchBase(iimprincipal), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public iIMGroup _getiIMGroup(String str, String str2) throws RealmException {
        int i = 0;
        while (i < 2) {
            DirContext context = getContext();
            Log.out.debug(new StringBuffer().append("[LDAP] searching group : ").append(str2).toString());
            try {
                Attributes attributes = context.getAttributes(str2, this.groupAttributeArray);
                if (attributes == null) {
                    recycleContext(context);
                    return null;
                }
                iIMGroup createGroup = createGroup(attributes, str2, getDomainName(str));
                recycleContext(context);
                return createGroup;
            } catch (CommunicationException e) {
                try {
                    Log.out.error(new StringBuffer().append("[LDAP] group get attributes failed: ").append(str2).append(" ").append(e).toString());
                    try {
                        context.close();
                    } catch (Exception e2) {
                    }
                    i++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e3) {
                    }
                    recycleContext(null);
                } catch (Throwable th) {
                    recycleContext(context);
                    throw th;
                }
            } catch (Exception e4) {
                Log.out.error(new StringBuffer().append("[LDAP] group get attributes failed: ").append(str2).append(" ").append(e4).toString());
                Log.out.printStackTrace(e4);
                recycleContext(context);
                return null;
            }
        }
        return null;
    }

    @Override // com.iplanet.im.server.Realm
    public iIMUser _getiIMUser(iIMPrincipal iimprincipal, String str) throws RealmException {
        return _getiIMUser(getSearchBase(iimprincipal), str);
    }

    @Override // com.iplanet.im.server.Realm
    public iIMUser _getiIMUser(String str, String str2) throws RealmException {
        SearchResult searchResult;
        Attributes attributes;
        if (str2.indexOf(61) != -1) {
            int i = 0;
            while (i < 2) {
                DirContext context = getContext();
                Log.out.debug(new StringBuffer().append("[LDAP] Getting displayname for user : ").append(str2).toString());
                try {
                    Attributes attributes2 = context.getAttributes(str2, this.userAttributeArray);
                    if (attributes2 == null) {
                        recycleContext(context);
                        return null;
                    }
                    iIMUser createUser = createUser(attributes2, str2, getDomainName(str));
                    recycleContext(context);
                    return createUser;
                } catch (CommunicationException e) {
                    try {
                        Log.out.error(new StringBuffer().append("[LDAP] UID get attributes failed: ").append(str2).append(" ").append(e).toString());
                        try {
                            context.close();
                        } catch (Exception e2) {
                        }
                        i++;
                        try {
                            Thread.sleep(500L);
                        } catch (Exception e3) {
                        }
                        recycleContext(null);
                    } catch (Throwable th) {
                        recycleContext(context);
                        throw th;
                    }
                } catch (Exception e4) {
                    Log.out.error(new StringBuffer().append("[LDAP] UID get attributes failed: ").append(str2).append(" ").append(e4).toString());
                    Log.out.printStackTrace(e4);
                    recycleContext(context);
                    return null;
                }
            }
            return null;
        }
        String localPartFromAddress = StringUtility.getLocalPartFromAddress(str2);
        String replaceString = StringUtility.replaceString("{0}", StringUtility.unquoteSpecialCharacters(localPartFromAddress), this.loginFilter);
        int i2 = 0;
        while (i2 < 2) {
            DirContext context2 = getContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(this.userAttributeArray);
            try {
                Log.out.debug(new StringBuffer().append("[LDAP] Searching for user by uid: filter=").append(replaceString).append(" base=").append(this.root).toString());
                NamingEnumeration search = context2.search(str, replaceString, searchControls);
                if (search == null || !search.hasMore() || (attributes = (searchResult = (SearchResult) search.next()).getAttributes()) == null) {
                    recycleContext(context2);
                    return null;
                }
                Log.out.debug(new StringBuffer().append("[LDAP] User found: ").append(localPartFromAddress).toString());
                iIMUser createUser2 = createUser(attributes, getAbsoluteName(searchResult), getDomainName(str));
                recycleContext(context2);
                return createUser2;
            } catch (Exception e5) {
                Log.out.error(new StringBuffer().append("UID search failed: ").append(localPartFromAddress).append(" ").append(e5).toString());
                Log.out.printStackTrace(e5);
                recycleContext(context2);
                return null;
            } catch (CommunicationException e6) {
                try {
                    Log.out.error(new StringBuffer().append("[LDAP] UID search failed: ").append(localPartFromAddress).append(" ").append(e6).toString());
                    try {
                        context2.close();
                    } catch (Exception e7) {
                    }
                    i2++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e8) {
                    }
                    recycleContext(null);
                } catch (Throwable th2) {
                    recycleContext(context2);
                    throw th2;
                }
            }
        }
        return null;
    }

    @Override // com.iplanet.im.server.Realm
    public UserSearchReply _search(iIMPrincipal iimprincipal, String str, boolean z, String str2) throws RealmException {
        return _search(getSearchBase(iimprincipal), str, z, str2);
    }

    @Override // com.iplanet.im.server.Realm
    public UserSearchReply _search(String str, String str2, boolean z, String str3) {
        String replaceString;
        if (this.searchLimit == -1) {
            return new UserSearchReply(4, null);
        }
        if (z) {
            if (!this.allowWildCardInId) {
                str2 = StringUtility.replaceString("*", PresenceHelper.PIDF_XMLNS, str2);
            }
            replaceString = StringUtility.replaceString("{0}", str2, this.searchByIDFilter);
        } else {
            replaceString = StringUtility.replaceString("{0}", str2, this.searchByNameFilter);
        }
        if (str3 != null && str3.length() > 0) {
            replaceString = new StringBuffer().append("(&").append(str3).append(replaceString).append(")").toString();
        }
        return _search(replaceString, str);
    }

    @Override // com.iplanet.im.server.Realm
    public UserSearchReply _search(String str, String str2) {
        String str3 = str2;
        if (str3 == null) {
            str3 = this.root;
        }
        int i = 0;
        while (i < 2) {
            DirContext dirContext = null;
            Vector vector = new Vector();
            try {
                try {
                    try {
                        dirContext = getContext();
                        SearchControls searchControls = new SearchControls();
                        searchControls.setSearchScope(2);
                        searchControls.setReturningAttributes(this.userGroupAttributeArray);
                        if (this.searchLimit > 0) {
                            searchControls.setCountLimit(this.searchLimit);
                        }
                        Log.out.debug(new StringBuffer().append("[LDAP] Search: filter=").append(str).append(" base=").append(str2).toString());
                        NamingEnumeration search = dirContext.search(str2, str, searchControls);
                        while (search.hasMore()) {
                            boolean z = false;
                            boolean z2 = false;
                            SearchResult searchResult = (SearchResult) search.next();
                            Attributes attributes = searchResult.getAttributes();
                            NamingEnumeration all = attributes.get("objectclass").getAll();
                            while (true) {
                                if (all == null || !all.hasMore()) {
                                    break;
                                }
                                String lowerCase = all.next().toString().toLowerCase();
                                if (this.userClass.contains(lowerCase)) {
                                    z = true;
                                    break;
                                }
                                if (this.groupClass.contains(lowerCase)) {
                                    z2 = true;
                                    break;
                                }
                            }
                            if (z) {
                                vector.add(createUser(attributes, getAbsoluteName(searchResult), getDomainName(str3)));
                            } else if (z2) {
                                vector.add(createGroup(attributes, getAbsoluteName(searchResult), getDomainName(str3)));
                            }
                        }
                        iIMPrincipal[] iimprincipalArr = new iIMPrincipal[vector.size()];
                        vector.copyInto(iimprincipalArr);
                        UserSearchReply userSearchReply = new UserSearchReply(2, iimprincipalArr);
                        recycleContext(dirContext);
                        return userSearchReply;
                    } catch (LimitExceededException e) {
                        iIMPrincipal[] iimprincipalArr2 = new iIMPrincipal[vector.size()];
                        vector.copyInto(iimprincipalArr2);
                        UserSearchReply userSearchReply2 = new UserSearchReply(1, iimprincipalArr2);
                        recycleContext(dirContext);
                        return userSearchReply2;
                    }
                } catch (Exception e2) {
                    Log.out.warning(new StringBuffer().append("[LDAP] search failed: ").append(str).append(" ").append(e2).toString());
                    UserSearchReply userSearchReply3 = new UserSearchReply(5, null);
                    recycleContext(dirContext);
                    return userSearchReply3;
                }
            } catch (CommunicationException e3) {
                try {
                    Log.out.error(new StringBuffer().append("[LDAP] search failed: ").append(str).append(" ").append(e3).toString());
                    try {
                        dirContext.close();
                    } catch (Exception e4) {
                    }
                    i++;
                    recycleContext(null);
                } catch (Throwable th) {
                    recycleContext(dirContext);
                    throw th;
                }
            } catch (InvalidSearchFilterException e5) {
                UserSearchReply userSearchReply4 = new UserSearchReply(3, null);
                recycleContext(dirContext);
                return userSearchReply4;
            }
        }
        return new UserSearchReply(5, null);
    }

    private String getAbsoluteName(SearchResult searchResult) {
        if (!searchResult.isRelative()) {
            return removeSpaces(searchResult.getName());
        }
        String removeSpaces = removeSpaces(searchResult.getName());
        return removeSpaces.endsWith("\"") ? new StringBuffer().append(removeSpaces.substring(0, removeSpaces.length() - 1)).append(",").append(this.root).append("\"").toString() : new StringBuffer().append(removeSpaces).append(",").append(this.root).toString();
    }

    private String getDN(String str) throws RealmException {
        String replaceString = StringUtility.replaceString("{0}", StringUtility.unquoteSpecialCharacters(str), this.loginFilter);
        int i = 0;
        while (i < 2) {
            DirContext context = getContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes((String[]) null);
            try {
                Log.out.debug(new StringBuffer().append("[LDAP] getDN: filter=").append(replaceString).append(" base=").append(this.root).toString());
                NamingEnumeration search = context.search(this.root, replaceString, searchControls);
                if (search == null || !search.hasMore()) {
                    recycleContext(context);
                    return null;
                }
                String absoluteName = getAbsoluteName((SearchResult) search.next());
                recycleContext(context);
                return absoluteName;
            } catch (CommunicationException e) {
                try {
                    Log.out.error(new StringBuffer().append("[LDAP] UID search failed: ").append(str).append(" ").append(e).toString());
                    try {
                        context.close();
                    } catch (Exception e2) {
                    }
                    i++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e3) {
                    }
                    recycleContext(null);
                } catch (Throwable th) {
                    recycleContext(context);
                    throw th;
                }
            } catch (Exception e4) {
                Log.out.error(new StringBuffer().append("[LDAP] UID search failed: ").append(str).append(" ").append(e4).toString());
                Log.out.printStackTrace(e4);
                recycleContext(context);
                return null;
            }
        }
        return null;
    }

    private boolean LDAPSimpleBindAuth(String str, String str2) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", new StringBuffer().append("ldap://").append(this.server).toString());
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        int i = 0;
        boolean z = false;
        while (i < 2) {
            try {
                new InitialDirContext(hashtable);
                Log.out.debug(new StringBuffer().append("[LDAP] Success Authenticating user ").append(str).toString());
                z = true;
                break;
            } catch (Exception e) {
                Log.out.error(new StringBuffer().append("[LDAP] Error Authenticating ").append(str).append(" - ").append(e.getMessage()).toString());
                i++;
                try {
                    Thread.sleep(100L);
                } catch (Exception e2) {
                }
            } catch (CommunicationException e3) {
                Log.out.error(new StringBuffer().append("[LDAP] Error Authenticating ").append(str).append(" - CommunicationException - ").append(e3.getMessage()).toString());
                i++;
                Thread.sleep(100L);
            }
        }
        return z;
    }

    @Override // com.iplanet.im.server.Realm
    public iIMUser _auth(String str, String str2) throws RealmException {
        if (str2 == null || str2.equals(PresenceHelper.PIDF_XMLNS)) {
            return null;
        }
        Log.out.debug(new StringBuffer().append("[LDAP] Authenticating user ").append(str).toString());
        this.authcount++;
        if (this.authcount % 1000 == 0) {
            System.gc();
            System.runFinalization();
        }
        iIMUser iimuser = null;
        try {
            iimuser = trySSO(str, str2);
        } catch (Exception e) {
        }
        if (iimuser != null || SSO.getMode() == -1) {
            return iimuser;
        }
        iIMUser _getiIMUser = _getiIMUser(this.root, str);
        if (_getiIMUser == null) {
            throw new RealmException(new StringBuffer().append("[LDAP] ").append(str).append(" not found.").toString());
        }
        try {
            if (LDAPSimpleBindAuth(_getiIMUser.getDistinguishedName(), str2)) {
                return _getiIMUser;
            }
            return null;
        } catch (Exception e2) {
            return null;
        }
    }

    public iIMUser trySSO(String str, String str2) {
        if (SSO.getMode() == 0) {
            return null;
        }
        try {
            HashMap hashMap = new HashMap();
            if (!SSO.verify(str, str2, hashMap, this.userAttributeSet)) {
                return null;
            }
            String domainName = this instanceof IdentityRealm ? getDomainName(Auth.getOrganizationDN(str2)) : NMS.getName();
            Object obj = hashMap.get(this.userDisplayAttr);
            String firstAttr = obj instanceof Set ? StringUtility.getFirstAttr(obj) : (String) obj;
            Object obj2 = hashMap.get(this.userMailAttr);
            iIMUser iimuser = new iIMUser(StringUtility.quoteSpecialCharacters(str), domainName, firstAttr, obj2 instanceof Set ? StringUtility.getFirstAttr(obj2) : (String) obj2);
            Object obj3 = hashMap.get("dn");
            iimuser.setDistinguishedName(obj3 instanceof Set ? StringUtility.getFirstAttr(obj3) : (String) obj3);
            iimuser.setAllAttributes(hashMap);
            return iimuser;
        } catch (Exception e) {
            Log.out.printStackTrace(e);
            return null;
        }
    }

    public static final String removeSpaces(String str) {
        int i = 0;
        int indexOf = str.indexOf(", ", 0);
        if (indexOf < 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer();
        do {
            stringBuffer.append(str.substring(i, indexOf));
            stringBuffer.append(",");
            i = indexOf + 2;
            indexOf = str.indexOf(", ", i);
        } while (indexOf >= 0);
        stringBuffer.append(str.substring(i));
        return stringBuffer.toString();
    }

    static void setAttributes(iIMPrincipal iimprincipal, Attributes attributes) {
        String obj;
        NamingEnumeration all = attributes.getAll();
        while (all.hasMoreElements()) {
            Attribute attribute = (Attribute) all.nextElement();
            String id = attribute.getID();
            try {
                if (attribute.size() > 0 && (obj = attribute.get().toString()) != null) {
                    iimprincipal.setAttribute(id, obj);
                }
            } catch (NamingException e) {
            }
        }
    }

    static String[] parseLDAPURL(String str, String str2) throws Exception {
        int indexOf;
        String[] strArr = {str2, PresenceHelper.PIDF_XMLNS};
        int indexOf2 = str.indexOf(47, 7);
        if (indexOf2 >= 0) {
            int indexOf3 = str.indexOf(63, indexOf2 + 1);
            if (indexOf3 >= 0) {
                strArr[0] = str.substring(indexOf2 + 1, indexOf3);
                int indexOf4 = str.indexOf(63, indexOf3 + 1);
                if (indexOf4 >= 0 && (indexOf = str.indexOf(63, indexOf4 + 1)) >= 0) {
                    int indexOf5 = str.indexOf(63, indexOf + 1);
                    if (indexOf5 > 0) {
                        strArr[1] = str.substring(indexOf + 1, indexOf5);
                    } else {
                        strArr[1] = str.substring(indexOf + 1);
                    }
                }
            } else {
                strArr[0] = str.substring(indexOf2 + 1);
                if (strArr[0].length() < 3) {
                    strArr[0] = str2;
                }
            }
        }
        return strArr;
    }

    @Override // com.iplanet.im.server.Realm
    public String getSearchBase(iIMPrincipal iimprincipal) throws RealmException {
        if (_orgDepth == 0 || iimprincipal == null) {
            return this.root;
        }
        DirContext context = getContext();
        try {
            try {
                Name parse = context.getNameParser(this.root).parse(iimprincipal.getDistinguishedName());
                int size = parse.size();
                if (size > _orgDepth) {
                    for (int i = 1; i <= _orgDepth; i++) {
                        parse.remove(size - i);
                    }
                }
                return parse.toString();
            } catch (Exception e) {
                Log.out.printStackTrace(e);
                throw new RealmException(e.toString());
            }
        } finally {
            recycleContext(context);
        }
    }

    @Override // com.iplanet.im.server.Realm
    public String getSearchBase(String str) throws RealmException {
        Log.out.debug(new StringBuffer().append("LDAPRealm:getSearchBase(String): ").append(this.root).toString());
        return this.root;
    }

    @Override // com.iplanet.im.server.Realm
    public String getDomainName(String str) throws RealmException {
        Log.out.debug(new StringBuffer().append("LDAPRealm:getDomainName: ").append(NMS.getName()).toString());
        return NMS.getName();
    }
}
