package com.iplanet.im.server;

import com.netscape.jndi.ldap.ContextEnv;
import com.sun.im.identity.util.Auth;
import com.sun.im.provider.ConferenceStorageProvider;
import com.sun.im.provider.NewsStorageProvider;
import com.sun.im.provider.PolicyProvider;
import com.sun.im.provider.Realm;
import com.sun.im.provider.RealmException;
import com.sun.im.provider.RealmSearchResults;
import com.sun.im.provider.UserSettingsStorageProvider;
import com.sun.im.service.CollaborationGroup;
import com.sun.im.service.CollaborationPrincipal;
import com.sun.im.service.util.StringUtility;
import com.sun.jato.tools.sunone.common.CodeGenSupport;
import com.sun.jato.tools.sunone.jsp.JspDescriptorConstants;
import com.sun.jatox.model.jndi.DirectorySearchModel;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.CommunicationException;
import javax.naming.LimitExceededException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.InvalidSearchFilterException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* JADX WARN: Classes with same name are omitted:
  input_file:118641-03/collab-upgrade.nbm:netbeans/modules/collab-upgrade.jar:com/sun/tools/ide/collab/server/upgrade/resources/files/im-patch1-linux.zip:private/share/lib/xmppd.jar:com/iplanet/im/server/LDAPRealm.class
  input_file:118641-03/collab-upgrade.nbm:netbeans/modules/collab-upgrade.jar:com/sun/tools/ide/collab/server/upgrade/resources/files/im-patch1-sol.zip:usr/share/lib/xmpp/xmppd.jar:com/iplanet/im/server/LDAPRealm.class
 */
/* loaded from: input_file:118641-03/collab-upgrade.nbm:netbeans/modules/collab-upgrade.jar:com/sun/tools/ide/collab/server/upgrade/resources/files/im-patch1-win.zip:lib/xmppd.jar:com/iplanet/im/server/LDAPRealm.class */
public class LDAPRealm implements Realm {
    private static final String rootConfigName = "iim_ldap.searchbase";
    private static final String serverConfigName = "iim_ldap.host";
    private static final String usesslConfigName = "iim_ldap.usessl";
    private static final String groupSearchFilterName = "iim_ldap.groupbrowsefilter";
    private static final String userSearchFilterName = "iim_ldap.userbrowsefilter";
    private static final String searchByIDFilterName = "iim_ldap.usergroupbyidsearchfilter";
    private static final String searchByNameFilterName = "iim_ldap.usergroupbynamesearchfilter";
    private static final String searchByMailFilterName = "iim_ldap.usergroupbymailsearchfilter";
    private static final String allowWildCardInIdName = "iim_ldap.allowwildcardinuid";
    private static final String loginFilterName = "iim_ldap.loginfilter";
    private static final String userClassName = "iim_ldap.userclass";
    private static final String groupClassName = "iim_ldap.groupclass";
    private static final String groupDisplayAttrName = "iim_ldap.groupdisplay";
    private static final String userAttributesName = "iim_ldap.user.attributes";
    private static final String groupAttributesName = "iim_ldap.group.attributes";
    private static final String userDisplayAttrName = "iim_ldap.userdisplay";
    private static final String userUIDAttrName = "iim_ldap.useruidattr";
    private static final String groupMemberAttrName = "iim_ldap.groupmemberattr";
    private static final String userMailAttrName = "iim_ldap.usermailattr";
    private static final String userPasswordAttrName = "iim_ldap.userpasswordattr";
    private static final String groupMemberURLAttrName = "iim_ldap.groupmemberurlattr";
    private static final String roleFilterAttrName = "iim_ldap.rolefilterattr";
    private static final String roleDNAttrName = "iim_ldap.rolednattr";
    private static final String managedRoleObjectClassName = "iim_ldap.managedroleobjectclass";
    private static final String searchLimitName = "iim_ldap.searchlimit";
    private static final String groupSearchFilterDef = "(objectclass=groupofuniquenames)";
    private static final String userSearchFilterDef = "(objectclass=inetorgperson)";
    private static final String searchByIDFilterDef = "(|(&(objectclass=groupofuniquenames)(uid={0}))(&(objectclass=inetorgperson)(uid={0})))";
    private static final String searchByMailFilterDef = "(|(&(objectclass=groupofuniquenames)(mail={0}))(&(objectclass=inetorgperson)(mail={0})))";
    private static final String searchByNameFilterDef = "(|(&(objectclass=groupofuniquenames)(cn={0}))(&(objectclass=inetorgperson)(cn={0})))";
    private static final String loginFilterDef = "(&(objectclass=inetorgperson)(uid={0}))";
    private static final String userClassDef = "inetOrgPerson";
    private static final String groupClassDef = "groupOfUniqueNames";
    private static final String orgDepthName = "iim_ldap.orgdepth";
    private static final String groupDisplayAttrDef = "cn";
    private static final String userDisplayAttrDef = "cn";
    private static final String userUIDAttrDef = "uid";
    private static final String userMailAttrDef = "mail";
    private static final String userPasswordAttrDef = "userpassword";
    private static final String groupMemberAttrDef = "uniquemember";
    private static final String groupMemberURLAttrDef = "memberurl";
    private static final String managedRoleObjectClassDef = "nsManagedRoleDefinition";
    private static final String roleFilterAttrDef = "nsRoleFilter";
    private static final String roleDNAttrDef = "nsRoleDN";
    private static final String userDomainAttrDef = "sunPreferredDomain";
    private String[] userAttributeArray;
    private String[] groupAttributeArray;
    private String[] userGroupAttributeArray;
    String root;
    private String server;
    private int searchLimit;
    private String groupSearchFilter;
    private String userSearchFilter;
    private String loginFilter;
    private String searchByNameFilter;
    private String searchByIDFilter;
    private String searchByMailFilter;
    private boolean allowWildCardInId;
    String groupDisplayAttr;
    String userDisplayAttr;
    String userUIDAttr;
    String userMailAttr;
    String userPasswordAttr;
    String groupMemberAttr;
    String groupMemberURLAttr;
    String roleFilterAttr;
    String roleDNAttr;
    private String managedRoleObjectClass;
    int authcount;
    boolean _usessl;
    Attributes _regisAttributes;
    boolean _regisEnabled;
    Name _regisBase;
    String _regisDomain;
    private static int _orgDepth = 0;
    static String REGISTRATION_PROPERTIES = "registration.properties";
    static String regisEnableName = "iim.register.enable";
    static String regisBaseName = "iim_ldap.register.basedn";
    static String regisDomainName = "iim_ldap.register.domain";
    private static PolicyProvider _policyProvider = null;
    private ArrayList userClass = new ArrayList();
    private ArrayList groupClass = new ArrayList();
    LDAPPool ldap = LDAPPool.getDefault();
    HashSet userAttributeSet = new HashSet(7);
    HashSet groupAttributeSet = new HashSet(7);

    public LDAPRealm() throws RealmException, FileNotFoundException, IOException {
        this.userAttributeArray = null;
        this.groupAttributeArray = null;
        this.userGroupAttributeArray = null;
        this.root = "";
        this.server = "";
        this.searchLimit = 40;
        this.groupSearchFilter = groupSearchFilterDef;
        this.userSearchFilter = userSearchFilterDef;
        this.loginFilter = loginFilterDef;
        this.searchByNameFilter = searchByNameFilterDef;
        this.searchByIDFilter = searchByIDFilterDef;
        this.searchByMailFilter = searchByMailFilterDef;
        this.allowWildCardInId = false;
        this.groupDisplayAttr = "cn";
        this.userDisplayAttr = "cn";
        this.userUIDAttr = "uid";
        this.userMailAttr = userMailAttrDef;
        this.userPasswordAttr = userPasswordAttrDef;
        this.groupMemberAttr = groupMemberAttrDef;
        this.groupMemberURLAttr = groupMemberURLAttrDef;
        this.roleFilterAttr = roleFilterAttrDef;
        this.roleDNAttr = roleDNAttrDef;
        this.managedRoleObjectClass = managedRoleObjectClassDef;
        this._usessl = false;
        this._regisEnabled = false;
        ServerConfig serverConfig = ServerConfig.getServerConfig();
        this.root = removeSpaces(serverConfig.getSetting(rootConfigName, ""));
        this.server = serverConfig.getSetting(serverConfigName, "");
        this.groupSearchFilter = serverConfig.getSetting(groupSearchFilterName, groupSearchFilterDef);
        this.userSearchFilter = serverConfig.getSetting(userSearchFilterName, userSearchFilterDef);
        this.loginFilter = serverConfig.getSetting(loginFilterName, loginFilterDef);
        this.searchByIDFilter = serverConfig.getSetting(searchByIDFilterName, searchByIDFilterDef);
        this.searchByMailFilter = serverConfig.getSetting(searchByMailFilterName, searchByMailFilterDef);
        this.searchByNameFilter = serverConfig.getSetting(searchByNameFilterName, searchByNameFilterDef);
        try {
            this._usessl = StringUtility.getBoolean(serverConfig.getSetting(usesslConfigName, "false"));
        } catch (Exception e) {
        }
        StringTokenizer stringTokenizer = new StringTokenizer(serverConfig.getSetting(userClassName, userClassDef), JavaClassWriterHelper.paramList_);
        while (stringTokenizer.hasMoreTokens()) {
            this.userClass.add(stringTokenizer.nextToken().toLowerCase());
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(serverConfig.getSetting(groupClassName, groupClassDef), JavaClassWriterHelper.paramList_);
        while (stringTokenizer2.hasMoreTokens()) {
            this.groupClass.add(stringTokenizer2.nextToken().toLowerCase());
        }
        int i = 0;
        this.userDisplayAttr = serverConfig.getSetting(userDisplayAttrName, "cn");
        this.userAttributeSet.add(this.userDisplayAttr);
        this.userUIDAttr = serverConfig.getSetting(userUIDAttrName, "uid");
        this.userAttributeSet.add(this.userUIDAttr);
        this.userMailAttr = serverConfig.getSetting(userMailAttrName, userMailAttrDef);
        this.userAttributeSet.add(this.userMailAttr);
        this.userPasswordAttr = serverConfig.getSetting(userPasswordAttrName, userPasswordAttrDef);
        StringTokenizer stringTokenizer3 = new StringTokenizer(serverConfig.getSetting(userAttributesName, ""), JavaClassWriterHelper.paramList_);
        while (stringTokenizer3.hasMoreTokens()) {
            this.userAttributeSet.add(stringTokenizer3.nextToken().toLowerCase());
        }
        if (NMS.getPropStore() != 1) {
            this.userAttributeArray = new String[this.userAttributeSet.size()];
            Iterator it = this.userAttributeSet.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                this.userAttributeArray[i2] = (String) it.next();
            }
        }
        this.groupMemberAttr = serverConfig.getSetting(groupMemberAttrName, groupMemberAttrDef);
        this.groupAttributeSet.add(this.groupMemberAttr);
        this.groupDisplayAttr = serverConfig.getSetting(groupDisplayAttrName, "cn");
        this.groupAttributeSet.add(this.groupDisplayAttr);
        this.groupMemberURLAttr = serverConfig.getSetting(groupMemberURLAttrName, groupMemberURLAttrDef);
        this.groupAttributeSet.add(this.groupMemberURLAttr);
        this.roleFilterAttr = serverConfig.getSetting(roleFilterAttrName, roleFilterAttrDef);
        this.roleDNAttr = serverConfig.getSetting(roleDNAttrName, roleDNAttrDef);
        this.managedRoleObjectClass = serverConfig.getSetting(managedRoleObjectClassName, managedRoleObjectClassDef);
        StringTokenizer stringTokenizer4 = new StringTokenizer(serverConfig.getSetting(groupAttributesName, ""), JavaClassWriterHelper.paramList_);
        while (stringTokenizer4.hasMoreTokens()) {
            this.groupAttributeSet.add(stringTokenizer4.nextToken().toLowerCase());
        }
        this.groupAttributeArray = new String[this.groupAttributeSet.size()];
        int i3 = 0;
        Iterator it2 = this.groupAttributeSet.iterator();
        while (it2.hasNext()) {
            int i4 = i3;
            i3++;
            this.groupAttributeArray[i4] = (String) it2.next();
        }
        this.userAttributeSet.addAll(this.groupAttributeSet);
        this.userAttributeSet.add("objectclass");
        this.userGroupAttributeArray = new String[this.userAttributeSet.size()];
        int i5 = 0;
        Iterator it3 = this.userAttributeSet.iterator();
        while (it3.hasNext()) {
            int i6 = i5;
            i5++;
            this.userGroupAttributeArray[i6] = (String) it3.next();
        }
        String setting = serverConfig.getSetting(searchLimitName);
        if (setting != null && setting.length() != 0) {
            this.searchLimit = Integer.parseInt(setting);
        }
        if (serverConfig.getSetting(allowWildCardInIdName, "false").equalsIgnoreCase("true")) {
            this.allowWildCardInId = true;
        }
        String setting2 = serverConfig.getSetting(orgDepthName);
        if (setting2 != null && setting2.length() > 0) {
            _orgDepth = Integer.parseInt(setting2);
        }
        this._regisEnabled = StringUtility.getBoolean(serverConfig.getSetting(regisEnableName, "false"));
        if (this._regisEnabled) {
            try {
                String setting3 = serverConfig.getSetting(regisBaseName, null);
                if (setting3 == null || setting3.length() <= 0) {
                    Log.error("[LDAP] cannot initialize registration - missing registration base (iim_ldap.register.basedn)");
                    this._regisEnabled = false;
                } else {
                    this._regisBase = this.ldap.getContext().getNameParser(this.root).parse(setting3);
                }
                this._regisDomain = serverConfig.getSetting(regisDomainName, NMS.getName());
                this._regisAttributes = new BasicAttributes(true);
                Properties properties = new Properties();
                FileInputStream fileInputStream = new FileInputStream(new StringBuffer().append(NMS.getConfigDir()).append(File.separator).append(REGISTRATION_PROPERTIES).toString());
                properties.load(fileInputStream);
                fileInputStream.close();
                for (Map.Entry entry : properties.entrySet()) {
                    BasicAttribute basicAttribute = new BasicAttribute((String) entry.getKey());
                    StringTokenizer stringTokenizer5 = new StringTokenizer((String) entry.getValue(), JavaClassWriterHelper.paramList_);
                    while (stringTokenizer5.hasMoreTokens()) {
                        basicAttribute.add(stringTokenizer5.nextToken().trim());
                    }
                    this._regisAttributes.put(basicAttribute);
                }
            } catch (Exception e2) {
                Log.debug(new StringBuffer().append("[LDAP] failed to initialize registration: ").append(e2.getMessage()).toString());
                Log.printStackTrace(e2);
                this._regisEnabled = false;
            }
        }
    }

    @Override // com.sun.im.provider.Realm
    public void stop() {
        this.ldap.close();
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationPrincipal[] expandGroup(CollaborationPrincipal collaborationPrincipal, CollaborationGroup collaborationGroup) throws RealmException {
        String stringBuffer;
        Attribute attribute;
        String removeSpaces = removeSpaces(((NMSGroup) collaborationGroup).getDistinguishedName());
        IMPrincipal[] iMPrincipalArr = null;
        DirContext dirContext = null;
        try {
            try {
                dirContext = this.ldap.getContext();
                Attributes attributes = dirContext.getAttributes(removeSpaces, this.groupAttributeArray);
                LinkedList linkedList = new LinkedList();
                if (attributes != null && (attribute = attributes.get(this.groupMemberAttr)) != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all != null && all.hasMore()) {
                        linkedList.add(removeSpaces(all.next().toString()));
                    }
                }
                if (linkedList.size() > 0) {
                    iMPrincipalArr = new IMPrincipal[linkedList.size()];
                }
                int i = 0;
                Iterator it = linkedList.iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    iMPrincipalArr[i2] = getPrincipal(collaborationPrincipal, (String) it.next());
                }
                IMPrincipal[] iMPrincipalArr2 = iMPrincipalArr;
                this.ldap.recycleContext(dirContext);
                return iMPrincipalArr2;
            } catch (Exception e) {
                Log.printStackTrace(e);
                stringBuffer = new StringBuffer().append("[LDAP] expandGroup(").append(removeSpaces).append("):").append(e.toString()).toString();
                this.ldap.recycleContext(dirContext);
                Log.error(stringBuffer);
                throw new RealmException(stringBuffer);
            } catch (CommunicationException e2) {
                Log.printStackTrace(e2);
                stringBuffer = new StringBuffer().append("[LDAP] expandGroup(").append(removeSpaces).append("):").append(e2.toString()).toString();
                try {
                    dirContext.close();
                } catch (Exception e3) {
                }
                this.ldap.recycleContext(null);
                Log.error(stringBuffer);
                throw new RealmException(stringBuffer);
            }
        } catch (Throwable th) {
            this.ldap.recycleContext(dirContext);
            throw th;
        }
    }

    private NMSGroup createGroup(Attributes attributes, String str, String str2) throws NamingException, RealmException {
        NMSGroup nMSGroup;
        Attribute attribute;
        Attribute attribute2;
        String str3 = str;
        Attribute attribute3 = attributes.get(this.groupDisplayAttr);
        if (attribute3 != null) {
            str3 = attribute3.get().toString();
        } else {
            Log.info(new StringBuffer().append("[LDAP] ").append(str).append(" has no value for ").append(this.groupDisplayAttr).toString());
        }
        String str4 = null;
        String searchBase = getSearchBase(str2);
        Attribute attribute4 = attributes.get(this.groupMemberURLAttr);
        if (attribute4 != null) {
            str4 = attribute4.get().toString();
            if (str4.startsWith("ldap:")) {
                try {
                    String[] parseLDAPURL = parseLDAPURL(str4, this.root);
                    searchBase = parseLDAPURL[0];
                    str4 = parseLDAPURL[1];
                } catch (Exception e) {
                    Log.printStackTrace(e);
                    str4 = null;
                }
            }
        }
        if (str4 == null && (attribute2 = attributes.get(this.roleFilterAttr)) != null) {
            str4 = new StringBuffer().append(JavaClassWriterHelper.parenleft_).append(attribute2.get().toString()).append(JavaClassWriterHelper.parenright_).toString();
        }
        if (str4 == null && (attribute = attributes.get("objectclass")) != null && attribute.contains(this.managedRoleObjectClass)) {
            str4 = new StringBuffer().append(JavaClassWriterHelper.parenleft_).append(this.roleDNAttr).append("=").append(str).append(JavaClassWriterHelper.parenright_).toString();
        }
        if (str4 != null) {
            if (str4.length() > 0 && !str4.startsWith(JavaClassWriterHelper.parenleft_)) {
                str4 = new StringBuffer().append(JavaClassWriterHelper.parenleft_).append(str4).append(JavaClassWriterHelper.parenright_).toString();
            }
            String stringBuffer = new StringBuffer().append("(&").append(str4).append(this.userSearchFilter).append(JavaClassWriterHelper.parenright_).toString();
            Log.debug(new StringBuffer().append("[LDAP] Found dynamic group: ").append(str3).append(" <").append(str).append("> ").append(stringBuffer).toString());
            nMSGroup = new NMSGroup(str, str2, str3, stringBuffer, searchBase);
        } else {
            Log.debug(new StringBuffer().append("[LDAP] Found static group: ").append(str3).append(" <").append(str).append(">").toString());
            nMSGroup = new NMSGroup(str, str2, str3);
        }
        setAttributes(nMSGroup, attributes);
        return nMSGroup;
    }

    private LocalUser createUser(Attributes attributes, String str, String str2) throws NamingException {
        String str3 = str;
        Attribute attribute = attributes.get(this.userUIDAttr);
        if (attribute != null) {
            str3 = attribute.get().toString();
        }
        if (str3 == null) {
            Log.error(new StringBuffer().append("[LDAP] Cannot find a UID attribute for user ").append(str3).toString());
            return null;
        }
        String str4 = null;
        Attribute attribute2 = attributes.get(this.userDisplayAttr);
        if (attribute2 != null) {
            str4 = attribute2.get().toString().trim();
        }
        String str5 = null;
        Attribute attribute3 = attributes.get(this.userMailAttr);
        if (attribute3 != null) {
            str5 = attribute3.get().toString().trim();
        }
        LocalUser localUser = new LocalUser(StringUtility.quoteSpecialCharacters(str3), str2, str4, str5);
        localUser.setDistinguishedName(str);
        localUser.setAttribute("dn", str);
        setAttributes(localUser, attributes);
        return localUser;
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationGroup getGroup(CollaborationPrincipal collaborationPrincipal, String str) throws RealmException {
        return getGroup(getSearchBase(collaborationPrincipal), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CollaborationGroup getGroup(String str, String str2) throws RealmException {
        int i = 0;
        while (i < 2) {
            Log.debug(new StringBuffer().append("[LDAP] searching group : ").append(str2).toString());
            DirContext dirContext = null;
            try {
                try {
                    dirContext = this.ldap.getContext();
                    Attributes attributes = dirContext.getAttributes(str2, this.groupAttributeArray);
                    if (attributes == null) {
                        this.ldap.recycleContext(dirContext);
                        return null;
                    }
                    NMSGroup createGroup = createGroup(attributes, str2, getDomainName(str));
                    this.ldap.recycleContext(dirContext);
                    return createGroup;
                } catch (CommunicationException e) {
                    try {
                        Log.error(new StringBuffer().append("[LDAP] group get attributes failed: ").append(str2).append(" ").append(e).toString());
                        try {
                            dirContext.close();
                        } catch (Exception e2) {
                        }
                        i++;
                        try {
                            Thread.sleep(500L);
                        } catch (Exception e3) {
                        }
                        this.ldap.recycleContext(null);
                    } catch (Throwable th) {
                        this.ldap.recycleContext(dirContext);
                        throw th;
                    }
                }
            } catch (Exception e4) {
                Log.error(new StringBuffer().append("[LDAP] group get attributes failed: ").append(str2).append(" ").append(e4).toString());
                Log.printStackTrace(e4);
                this.ldap.recycleContext(dirContext);
                return null;
            }
        }
        return null;
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationPrincipal getPrincipal(CollaborationPrincipal collaborationPrincipal, String str) throws RealmException {
        return getPrincipal(getSearchBase(collaborationPrincipal), str);
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationPrincipal getPrincipal(String str, String str2) throws RealmException {
        SearchResult searchResult;
        Attributes attributes;
        if (str2.indexOf(61) != -1) {
            int i = 0;
            while (i < 2) {
                DirContext dirContext = null;
                Log.debug(new StringBuffer().append("[LDAP] Getting displayname for user : ").append(str2).toString());
                try {
                    try {
                        dirContext = this.ldap.getContext();
                        Attributes attributes2 = dirContext.getAttributes(str2, this.userAttributeArray);
                        if (attributes2 == null) {
                            this.ldap.recycleContext(dirContext);
                            return null;
                        }
                        LocalUser createUser = createUser(attributes2, str2, getDomainName(str));
                        this.ldap.recycleContext(dirContext);
                        return createUser;
                    } catch (CommunicationException e) {
                        try {
                            Log.error(new StringBuffer().append("[LDAP] UID get attributes failed: ").append(str2).append(" ").append(e).toString());
                            try {
                                dirContext.close();
                            } catch (Exception e2) {
                            }
                            i++;
                            try {
                                Thread.sleep(500L);
                            } catch (Exception e3) {
                            }
                            this.ldap.recycleContext(null);
                        } catch (Throwable th) {
                            this.ldap.recycleContext(dirContext);
                            throw th;
                        }
                    }
                } catch (Exception e4) {
                    Log.error(new StringBuffer().append("[LDAP] UID get attributes failed: ").append(str2).append(" ").append(e4).toString());
                    Log.printStackTrace(e4);
                    this.ldap.recycleContext(dirContext);
                    return null;
                }
            }
            return null;
        }
        String domainFromAddress = StringUtility.getDomainFromAddress(str2, null);
        if (domainFromAddress != null && domainFromAddress.equalsIgnoreCase(getDomainName(str))) {
            str2 = StringUtility.getLocalPartFromAddress(str2);
        }
        String replaceString = StringUtility.replaceString(CodeGenSupport.DEDICATED_STATIC_VAR_PATTERN, StringUtility.unquoteSpecialCharacters(str2), this.loginFilter);
        int i2 = 0;
        while (i2 < 2) {
            DirContext dirContext2 = null;
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(this.userAttributeArray);
            try {
                dirContext2 = this.ldap.getContext();
                Log.debug(new StringBuffer().append("[LDAP] Searching for user by uid: filter=").append(replaceString).append(" base=").append(this.root).toString());
                NamingEnumeration search = dirContext2.search(str, replaceString, searchControls);
                if (search == null || !search.hasMore() || (attributes = (searchResult = (SearchResult) search.next()).getAttributes()) == null) {
                    this.ldap.recycleContext(dirContext2);
                    return null;
                }
                Log.debug(new StringBuffer().append("[LDAP] User found, uid=").append(str2).toString());
                LocalUser createUser2 = createUser(attributes, getAbsoluteName(searchResult, str), getDomainName(str));
                this.ldap.recycleContext(dirContext2);
                return createUser2;
            } catch (Exception e5) {
                Log.error(new StringBuffer().append("UID search failed: ").append(str2).append(" ").append(e5).toString());
                Log.printStackTrace(e5);
                this.ldap.recycleContext(dirContext2);
                return null;
            } catch (CommunicationException e6) {
                try {
                    Log.error(new StringBuffer().append("[LDAP] UID search failed: ").append(str2).append(" ").append(e6).toString());
                    try {
                        dirContext2.close();
                    } catch (Exception e7) {
                    }
                    i2++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e8) {
                    }
                    this.ldap.recycleContext(null);
                } catch (Throwable th2) {
                    this.ldap.recycleContext(dirContext2);
                    throw th2;
                }
            }
        }
        return null;
    }

    @Override // com.sun.im.provider.Realm
    public RealmSearchResults search(CollaborationPrincipal collaborationPrincipal, String str, int i, String str2) throws RealmException {
        return search(getSearchBase(collaborationPrincipal), str, i, str2);
    }

    @Override // com.sun.im.provider.Realm
    public RealmSearchResults search(String str, String str2, int i, String str3) {
        String replaceString;
        if (this.searchLimit == -1) {
            return new SearchReply(4, null);
        }
        switch (i) {
            case 2:
                if (!this.allowWildCardInId) {
                    str2 = StringUtility.replaceString("*", "", str2);
                }
                replaceString = StringUtility.replaceString(CodeGenSupport.DEDICATED_STATIC_VAR_PATTERN, str2, this.searchByIDFilter);
                break;
            case 4:
                if (!this.allowWildCardInId) {
                    str2 = StringUtility.replaceString("*", "", str2);
                }
                replaceString = StringUtility.replaceString(CodeGenSupport.DEDICATED_STATIC_VAR_PATTERN, str2, this.searchByMailFilter);
                break;
            default:
                replaceString = StringUtility.replaceString(CodeGenSupport.DEDICATED_STATIC_VAR_PATTERN, str2, this.searchByNameFilter);
                break;
        }
        if (str3 != null && str3.length() > 0) {
            replaceString = new StringBuffer().append("(&").append(str3).append(replaceString).append(JavaClassWriterHelper.parenright_).toString();
        }
        return search(replaceString, str);
    }

    @Override // com.sun.im.provider.Realm
    public RealmSearchResults search(String str, String str2) {
        String str3 = str2;
        if (str3 == null) {
            str3 = this.root;
        }
        int i = 0;
        while (i < 2) {
            DirContext dirContext = null;
            Vector vector = new Vector();
            try {
                try {
                    try {
                        try {
                            dirContext = this.ldap.getContext();
                            SearchControls searchControls = new SearchControls();
                            searchControls.setSearchScope(2);
                            searchControls.setReturningAttributes(this.userGroupAttributeArray);
                            if (this.searchLimit > 0) {
                                searchControls.setCountLimit(this.searchLimit);
                            }
                            Log.debug(new StringBuffer().append("[LDAP] Search: filter=").append(str).append(" base=").append(str2).toString());
                            NamingEnumeration search = dirContext.search(str2, str, searchControls);
                            while (search.hasMore()) {
                                boolean z = false;
                                boolean z2 = false;
                                SearchResult searchResult = (SearchResult) search.next();
                                Attributes attributes = searchResult.getAttributes();
                                NamingEnumeration all = attributes.get("objectclass").getAll();
                                while (true) {
                                    if (all == null || !all.hasMore()) {
                                        break;
                                    }
                                    String lowerCase = all.next().toString().toLowerCase();
                                    if (this.userClass.contains(lowerCase)) {
                                        z = true;
                                        break;
                                    }
                                    if (this.groupClass.contains(lowerCase)) {
                                        z2 = true;
                                        break;
                                    }
                                }
                                if (z) {
                                    vector.add(createUser(attributes, getAbsoluteName(searchResult, str3), getDomainName(str3)));
                                } else if (z2) {
                                    vector.add(createGroup(attributes, getAbsoluteName(searchResult, str3), getDomainName(str3)));
                                }
                            }
                            IMPrincipal[] iMPrincipalArr = new IMPrincipal[vector.size()];
                            vector.copyInto(iMPrincipalArr);
                            SearchReply searchReply = new SearchReply(2, iMPrincipalArr);
                            this.ldap.recycleContext(dirContext);
                            return searchReply;
                        } catch (Exception e) {
                            Log.warning(new StringBuffer().append("[LDAP] search failed: ").append(str).append(" ").append(e).toString());
                            SearchReply searchReply2 = new SearchReply(5, null);
                            this.ldap.recycleContext(dirContext);
                            return searchReply2;
                        }
                    } catch (CommunicationException e2) {
                        try {
                            Log.error(new StringBuffer().append("[LDAP] search failed: ").append(str).append(" ").append(e2).toString());
                            try {
                                dirContext.close();
                            } catch (Exception e3) {
                            }
                            i++;
                            this.ldap.recycleContext(null);
                        } catch (Throwable th) {
                            this.ldap.recycleContext(dirContext);
                            throw th;
                        }
                    }
                } catch (LimitExceededException e4) {
                    IMPrincipal[] iMPrincipalArr2 = new IMPrincipal[vector.size()];
                    vector.copyInto(iMPrincipalArr2);
                    SearchReply searchReply3 = new SearchReply(1, iMPrincipalArr2);
                    this.ldap.recycleContext(dirContext);
                    return searchReply3;
                }
            } catch (InvalidSearchFilterException e5) {
                SearchReply searchReply4 = new SearchReply(3, null);
                this.ldap.recycleContext(dirContext);
                return searchReply4;
            }
        }
        return new SearchReply(5, null);
    }

    private String getAbsoluteName(SearchResult searchResult, String str) {
        if (str == null) {
            str = this.root;
        }
        if (!searchResult.isRelative()) {
            return removeSpaces(searchResult.getName());
        }
        String removeSpaces = removeSpaces(searchResult.getName());
        return removeSpaces.endsWith(JspDescriptorConstants.DOUBLE_QUOTE) ? new StringBuffer().append(removeSpaces.substring(0, removeSpaces.length() - 1)).append(JavaClassWriterHelper.paramList_).append(str).append(JspDescriptorConstants.DOUBLE_QUOTE).toString() : new StringBuffer().append(removeSpaces).append(JavaClassWriterHelper.paramList_).append(str).toString();
    }

    private String getDN(String str) throws RealmException {
        String replaceString = StringUtility.replaceString(CodeGenSupport.DEDICATED_STATIC_VAR_PATTERN, StringUtility.unquoteSpecialCharacters(str), this.loginFilter);
        int i = 0;
        while (i < 2) {
            DirContext dirContext = null;
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes((String[]) null);
            try {
                try {
                    dirContext = this.ldap.getContext();
                    Log.debug(new StringBuffer().append("[LDAP] getDN: filter=").append(replaceString).append(" base=").append(this.root).toString());
                    NamingEnumeration search = dirContext.search(this.root, replaceString, searchControls);
                    if (search == null || !search.hasMore()) {
                        this.ldap.recycleContext(dirContext);
                        return null;
                    }
                    String absoluteName = getAbsoluteName((SearchResult) search.next(), this.root);
                    this.ldap.recycleContext(dirContext);
                    return absoluteName;
                } catch (Exception e) {
                    Log.error(new StringBuffer().append("[LDAP] UID search failed: ").append(str).append(" ").append(e).toString());
                    Log.printStackTrace(e);
                    this.ldap.recycleContext(dirContext);
                    return null;
                }
            } catch (CommunicationException e2) {
                try {
                    Log.error(new StringBuffer().append("[LDAP] UID search failed: ").append(str).append(" ").append(e2).toString());
                    try {
                        dirContext.close();
                    } catch (Exception e3) {
                    }
                    i++;
                    try {
                        Thread.sleep(500L);
                    } catch (Exception e4) {
                    }
                    this.ldap.recycleContext(null);
                } catch (Throwable th) {
                    this.ldap.recycleContext(dirContext);
                    throw th;
                }
            }
        }
        return null;
    }

    private boolean LDAPSimpleBindAuth(String str, String str2) {
        Hashtable hashtable = new Hashtable();
        if (this._usessl) {
            hashtable.put(ContextEnv.P_PROVIDER_URL, new StringBuffer().append("ldaps://").append(this.server).toString());
            hashtable.put(ContextEnv.P_SECURITY_PROTOCOL, "ssl");
        } else {
            hashtable.put(ContextEnv.P_PROVIDER_URL, new StringBuffer().append("ldap://").append(this.server).toString());
        }
        hashtable.put("java.naming.factory.initial", DirectorySearchModel.LDAP_CONTEXT_FACTORY);
        hashtable.put(ContextEnv.P_USER_DN, str);
        hashtable.put(ContextEnv.P_USER_PASSWORD, str2);
        int i = 0;
        boolean z = false;
        while (i < 2) {
            try {
                new InitialDirContext(hashtable);
                Log.debug(new StringBuffer().append("[LDAP] Success Authenticating user ").append(str).toString());
                z = true;
                break;
            } catch (CommunicationException e) {
                Log.error(new StringBuffer().append("[LDAP] Error Authenticating ").append(str).append(" - CommunicationException - ").append(e.getMessage()).toString());
                i++;
                try {
                    Thread.sleep(100L);
                } catch (Exception e2) {
                }
            } catch (Exception e3) {
                Log.error(new StringBuffer().append("[LDAP] Error Authenticating ").append(str).append(" - ").append(e3.getMessage()).toString());
                i++;
                Thread.sleep(100L);
            }
        }
        return z;
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationPrincipal authenticate(String str, String str2) throws RealmException {
        if (str2 == null || str2.equals("")) {
            return null;
        }
        if (str.indexOf(42) >= 0) {
            Log.info(new StringBuffer().append("[LDAP] Invalid user Id: ").append(str).toString());
            return null;
        }
        Log.debug(new StringBuffer().append("[LDAP] Authenticating user ").append(str).toString());
        this.authcount++;
        if (this.authcount % 1000 == 0) {
            System.gc();
            System.runFinalization();
        }
        LocalUser localUser = null;
        try {
            localUser = trySSO(str, str2);
        } catch (Exception e) {
        }
        if (localUser != null || SSO.getMode() == -1) {
            return localUser;
        }
        LocalUser localUser2 = (LocalUser) getPrincipal(this.root, str);
        if (localUser2 == null) {
            throw new RealmException(new StringBuffer().append("[LDAP] ").append(str).append(" not found.").toString());
        }
        try {
            if (LDAPSimpleBindAuth(localUser2.getDistinguishedName(), str2)) {
                return localUser2;
            }
            return null;
        } catch (Exception e2) {
            return null;
        }
    }

    public LocalUser trySSO(String str, String str2) {
        if (SSO.getMode() == 0) {
            return null;
        }
        try {
            HashMap hashMap = new HashMap();
            if (!SSO.verify(str, str2, hashMap, this.userAttributeSet)) {
                return null;
            }
            String domainName = this instanceof IdentityRealm ? getDomainName(Auth.getOrganizationDN(str2)) : NMS.getName();
            Object obj = hashMap.get(this.userDisplayAttr);
            String firstAttr = obj instanceof Set ? StringUtility.getFirstAttr(obj) : (String) obj;
            Object obj2 = hashMap.get(this.userMailAttr);
            LocalUser localUser = new LocalUser(StringUtility.quoteSpecialCharacters(str), domainName, firstAttr, obj2 instanceof Set ? StringUtility.getFirstAttr(obj2) : (String) obj2);
            localUser.setAttributes(hashMap);
            return localUser;
        } catch (Exception e) {
            Log.printStackTrace(e);
            return null;
        }
    }

    public static final String removeSpaces(String str) {
        int i = 0;
        int indexOf = str.indexOf(JavaClassWriterHelper.paramSeparator_, 0);
        if (indexOf < 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer();
        do {
            stringBuffer.append(str.substring(i, indexOf));
            stringBuffer.append(JavaClassWriterHelper.paramList_);
            i = indexOf + 2;
            indexOf = str.indexOf(JavaClassWriterHelper.paramSeparator_, i);
        } while (indexOf >= 0);
        stringBuffer.append(str.substring(i));
        return stringBuffer.toString();
    }

    static void setAttributes(IMPrincipal iMPrincipal, Attributes attributes) {
        NamingEnumeration all = attributes.getAll();
        while (all.hasMoreElements()) {
            Attribute attribute = (Attribute) all.nextElement();
            String id = attribute.getID();
            try {
                if (attribute.size() == 1) {
                    String obj = attribute.get().toString();
                    if (obj != null) {
                        iMPrincipal.setAttribute(id, obj);
                        iMPrincipal.setAttribute(id.toLowerCase(), obj);
                    }
                } else if (attribute.size() > 1) {
                    NamingEnumeration all2 = attribute.getAll();
                    HashSet hashSet = new HashSet();
                    while (all2 != null && all2.hasMore()) {
                        hashSet.add(all2.next());
                    }
                    iMPrincipal.setAttributeValues(id, hashSet);
                    iMPrincipal.setAttributeValues(id.toLowerCase(), hashSet);
                }
            } catch (NamingException e) {
            }
        }
    }

    static String[] parseLDAPURL(String str, String str2) throws Exception {
        int indexOf;
        String[] strArr = {str2, ""};
        int indexOf2 = str.indexOf(47, 7);
        if (indexOf2 >= 0) {
            int indexOf3 = str.indexOf(63, indexOf2 + 1);
            if (indexOf3 >= 0) {
                strArr[0] = str.substring(indexOf2 + 1, indexOf3);
                int indexOf4 = str.indexOf(63, indexOf3 + 1);
                if (indexOf4 >= 0 && (indexOf = str.indexOf(63, indexOf4 + 1)) >= 0) {
                    int indexOf5 = str.indexOf(63, indexOf + 1);
                    if (indexOf5 > 0) {
                        strArr[1] = str.substring(indexOf + 1, indexOf5);
                    } else {
                        strArr[1] = str.substring(indexOf + 1);
                    }
                }
            } else {
                strArr[0] = str.substring(indexOf2 + 1);
                if (strArr[0].length() < 3) {
                    strArr[0] = str2;
                }
            }
        }
        return strArr;
    }

    public String getSearchBase(CollaborationPrincipal collaborationPrincipal) throws RealmException {
        if (_orgDepth == 0 || collaborationPrincipal == null) {
            return this.root;
        }
        DirContext dirContext = null;
        try {
            try {
                dirContext = this.ldap.getContext();
                Name parse = dirContext.getNameParser(this.root).parse(((IMPrincipal) collaborationPrincipal).getDistinguishedName());
                int size = parse.size();
                if (size > _orgDepth) {
                    for (int i = 1; i <= _orgDepth; i++) {
                        parse.remove(size - i);
                    }
                }
                String obj = parse.toString();
                this.ldap.recycleContext(dirContext);
                return obj;
            } catch (Exception e) {
                Log.printStackTrace(e);
                throw new RealmException(e.toString());
            }
        } catch (Throwable th) {
            this.ldap.recycleContext(dirContext);
            throw th;
        }
    }

    @Override // com.sun.im.provider.Realm
    public String getSearchBase(String str) throws RealmException {
        Log.debug(new StringBuffer().append("LDAPRealm:getSearchBase(String): ").append(this.root).toString());
        return this.root;
    }

    @Override // com.sun.im.provider.Realm
    public synchronized boolean isMemberOfGroup(CollaborationPrincipal collaborationPrincipal, CollaborationGroup collaborationGroup) throws RealmException {
        NMSGroup nMSGroup = (NMSGroup) collaborationGroup;
        Log.debug(new StringBuffer().append("searching for ").append(collaborationPrincipal.getUID()).append(" in ").append(nMSGroup.getUID()).toString());
        if (nMSGroup.isDynamic()) {
            return search(nMSGroup.getScope(), StringUtility.getLocalPartFromAddress(collaborationPrincipal.getUID()), 2, nMSGroup.getFilter()).get().length > 0;
        }
        try {
            CollaborationPrincipal[] expandGroup = expandGroup(collaborationPrincipal, collaborationGroup);
            if (expandGroup == null) {
                return false;
            }
            for (CollaborationPrincipal collaborationPrincipal2 : expandGroup) {
                if (collaborationPrincipal.equals(collaborationPrincipal2)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            Log.printStackTrace(e);
            return false;
        }
    }

    @Override // com.sun.im.provider.Realm
    public String getDomainName(String str) throws RealmException {
        Log.debug(new StringBuffer().append("[LDAP] getDomainName = ").append(NMS.getName()).toString());
        return NMS.getName();
    }

    @Override // com.sun.im.provider.Realm
    public CollaborationPrincipal createUser(String str, String str2, Map map) throws RealmException {
        if (!this._regisEnabled) {
            Log.debug("[LDAP] cannot create new user - self-registration is disabled");
            return null;
        }
        try {
            Name add = ((Name) this._regisBase.clone()).add(new StringBuffer().append(this.userUIDAttr).append("=").append(str).toString());
            Attributes attributes = (Attributes) this._regisAttributes.clone();
            for (Map.Entry entry : map.entrySet()) {
                attributes.put((String) entry.getKey(), entry.getValue());
            }
            attributes.put(this.userUIDAttr, str);
            attributes.put(this.userPasswordAttr, str2);
            this.ldap.getContext().bind(add, (Object) null, attributes);
            return createUser(attributes, str, this._regisDomain);
        } catch (Exception e) {
            Log.printStackTrace(e);
            throw new RealmException(e);
        }
    }

    @Override // com.sun.im.provider.Realm
    public void removeUser(String str) throws RealmException {
        if (this._regisEnabled) {
            return;
        }
        Log.debug("[LDAP] cannot remove user - self-registration is disabled");
    }

    @Override // com.sun.im.provider.Realm
    public boolean changeUserPassword(String str, String str2) throws RealmException {
        if (this._regisEnabled) {
            return false;
        }
        Log.debug("[LDAP] cannot modify user - self-registration is disabled");
        return false;
    }

    @Override // com.sun.im.provider.Realm
    public String getUserPassword(CollaborationPrincipal collaborationPrincipal) {
        return collaborationPrincipal.getProperty(this.userPasswordAttr);
    }

    @Override // com.sun.im.provider.Realm
    public UserSettingsStorageProvider getUserSettingsStorageProvider() {
        return UserSettings.get();
    }

    @Override // com.sun.im.provider.Realm
    public ConferenceStorageProvider getConferenceStorageProvider() {
        return new FileGroupChatStorage();
    }

    @Override // com.sun.im.provider.Realm
    public NewsStorageProvider getNewsStorageProvider() {
        return new FileNewsStorage();
    }

    @Override // com.sun.im.provider.Realm
    public PolicyProvider getPolicyProvider() {
        if (_policyProvider == null) {
            _policyProvider = new IMPolicy(false);
        }
        return _policyProvider;
    }
}
