package com.zimbra.cs.account.ldap;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.GalContact;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.gal.GalOp;
import com.zimbra.cs.account.gal.GalParams;
import com.zimbra.cs.account.gal.GalUtil;
import com.zimbra.cs.account.krb5.Krb5Login;
import com.zimbra.cs.gal.GalSearchConfig;
import com.zimbra.cs.gal.GalSearchParams;
import com.zimbra.cs.ldap.IAttributes;
import com.zimbra.cs.ldap.LdapClient;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.ldap.LdapDateUtil;
import com.zimbra.cs.ldap.LdapException;
import com.zimbra.cs.ldap.LdapServerConfig;
import com.zimbra.cs.ldap.LdapUsage;
import com.zimbra.cs.ldap.LdapUtil;
import com.zimbra.cs.ldap.SearchLdapOptions;
import com.zimbra.cs.ldap.ZLdapContext;
import com.zimbra.cs.ldap.ZLdapFilterFactory;
import com.zimbra.cs.ldap.ZSearchScope;
import com.zimbra.cs.service.FileUploadServlet;
import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Date;
import java.util.Set;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/zimbra/cs/account/ldap/LdapGalSearch.class */
public class LdapGalSearch {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapGalSearch$GalSearchAction.class */
    public static class GalSearchAction implements PrivilegedExceptionAction {
        GalSearchParams mParams;

        GalSearchAction(GalSearchParams galSearchParams) {
            this.mParams = galSearchParams;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws ServiceException, IOException {
            LdapGalSearch.doGalSearch(this.mParams);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapGalSearch$SearchGalAction.class */
    public static class SearchGalAction implements PrivilegedExceptionAction {
        GalParams.ExternalGalParams galParams;
        GalOp galOp;
        String query;
        int maxResults;
        LdapGalMapRules rules;
        String token;
        Provisioning.SearchGalResult result;

        SearchGalAction(GalParams.ExternalGalParams externalGalParams, GalOp galOp, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) {
            this.galParams = externalGalParams;
            this.galOp = galOp;
            this.query = str;
            this.maxResults = i;
            this.rules = ldapGalMapRules;
            this.token = str2;
            this.result = searchGalResult;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws ServiceException {
            LdapGalSearch.searchLdapGal(this.galParams, this.galOp, this.query, this.maxResults, this.rules, this.token, this.result);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapGalSearch$SearhcGalVisitor.class */
    public static class SearhcGalVisitor extends SearchLdapOptions.SearchLdapVisitor {
        private ZLdapContext zlc;
        private GalSearchConfig.GalType galType;
        private String base;
        private LdapGalMapRules rules;
        private Provisioning.SearchGalResult result;

        private SearhcGalVisitor(ZLdapContext zLdapContext, GalSearchConfig.GalType galType, String str, LdapGalMapRules ldapGalMapRules, Provisioning.SearchGalResult searchGalResult) {
            super(false);
            this.zlc = zLdapContext;
            this.galType = galType;
            this.base = str;
            this.rules = ldapGalMapRules;
            this.result = searchGalResult;
        }

        @Override // com.zimbra.cs.ldap.SearchLdapOptions.SearchLdapVisitor
        public void visit(String str, IAttributes iAttributes) {
            GalContact galContact = new GalContact(this.galType, str, this.rules.apply(this.zlc, this.base, str, iAttributes));
            String str2 = (String) galContact.getAttrs().get("modifyTimeStamp");
            this.result.setToken(LdapUtil.getLaterTimestamp(this.result.getToken(), str2));
            String str3 = (String) galContact.getAttrs().get("createTimeStamp");
            this.result.setToken(LdapUtil.getLaterTimestamp(this.result.getToken(), str3));
            try {
                this.result.addMatch(galContact);
            } catch (ServiceException e) {
                ZimbraLog.gal.warn("unable to add GAL match", e);
            }
            ZimbraLog.gal.debug("dn=" + str + ", mts=" + str2 + ", cts=" + str3);
        }
    }

    public static Provisioning.SearchGalResult searchLdapGal(GalParams.ExternalGalParams externalGalParams, GalOp galOp, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, GalContact.Visitor visitor) throws ServiceException {
        String filterDef;
        String[] url = externalGalParams.url();
        String searchBase = externalGalParams.searchBase();
        String filter = externalGalParams.filter();
        Provisioning.SearchGalResult newSearchGalResult = Provisioning.SearchGalResult.newSearchGalResult(visitor);
        String str3 = GalUtil.tokenizeKey(externalGalParams, galOp);
        newSearchGalResult.setTokenizeKey(str3);
        if (url == null || url.length == 0 || searchBase == null || filter == null) {
            if (url == null || url.length == 0) {
                ZimbraLog.gal.warn("searchLdapGal url is null");
            }
            if (searchBase == null) {
                ZimbraLog.gal.warn("searchLdapGal base is null");
            }
            if (filter == null) {
                ZimbraLog.gal.warn("searchLdapGal queryExpr is null");
            }
            return newSearchGalResult;
        }
        if (filter.indexOf("(") == -1 && (filterDef = GalSearchConfig.getFilterDef(filter)) != null) {
            filter = filterDef;
        }
        String expandFilter = GalUtil.expandFilter(str3, filter, str, str2);
        if (externalGalParams.credential().getAuthMech().equals(Provisioning.LDAP_AM_KERBEROS5)) {
            searchLdapGalKrb5(externalGalParams, galOp, expandFilter, i, ldapGalMapRules, str2, newSearchGalResult);
        } else {
            searchLdapGal(externalGalParams, galOp, expandFilter, i, ldapGalMapRules, str2, newSearchGalResult);
        }
        return newSearchGalResult;
    }

    private static void searchLdapGalKrb5(GalParams.ExternalGalParams externalGalParams, GalOp galOp, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) throws ServiceException {
        try {
            LdapGalCredential credential = externalGalParams.credential();
            Krb5Login.performAs(credential.getKrb5Principal(), credential.getKrb5Keytab(), new SearchGalAction(externalGalParams, galOp, str, i, ldapGalMapRules, str2, searchGalResult));
        } catch (PrivilegedActionException e) {
            ServiceException exception = e.getException();
            if (!(exception instanceof ServiceException)) {
                throw ServiceException.FAILURE("caught exception, unable to search GAL", exception);
            }
            throw exception;
        } catch (LoginException e2) {
            throw ServiceException.FAILURE("login failed, unable to search GAL", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void searchLdapGal(GalParams.ExternalGalParams externalGalParams, GalOp galOp, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) throws ServiceException {
        ZLdapContext zLdapContext = null;
        try {
            LdapGalCredential credential = externalGalParams.credential();
            zLdapContext = LdapClient.getExternalContext(new LdapServerConfig.ExternalLdapConfig(externalGalParams.url(), externalGalParams.requireStartTLS(), credential.getAuthMech(), credential.getBindDn(), credential.getBindPassword(), ldapGalMapRules.getBinaryLdapAttrs(), "external GAL"), LdapUsage.fromGalOpLegacy(galOp));
            searchGal(zLdapContext, GalSearchConfig.GalType.ldap, externalGalParams.pageSize(), externalGalParams.searchBase(), str, i, ldapGalMapRules, str2, searchGalResult);
            LdapClient.closeContext(zLdapContext);
        } catch (Throwable th) {
            LdapClient.closeContext(zLdapContext);
            throw th;
        }
    }

    public static void galSearch(GalSearchParams galSearchParams) throws ServiceException {
        if (galSearchParams.getConfig().getAuthMech().equals(Provisioning.LDAP_AM_KERBEROS5)) {
            galSearchKrb5(galSearchParams);
        } else {
            doGalSearch(galSearchParams);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void doGalSearch(GalSearchParams galSearchParams) throws ServiceException {
        try {
            GalSearchConfig config = galSearchParams.getConfig();
            GalSearchConfig.GalType galType = galSearchParams.getConfig().getGalType();
            ZLdapContext context = galType == GalSearchConfig.GalType.zimbra ? LdapClient.getContext(LdapUsage.fromGalOp(galSearchParams.getOp())) : LdapClient.getExternalContext(new LdapServerConfig.ExternalLdapConfig(config.getUrl(), config.getStartTlsEnabled(), config.getAuthMech(), config.getBindDn(), config.getBindPassword(), config.getRules().getBinaryLdapAttrs(), "external GAL"), LdapUsage.fromGalOp(galSearchParams.getOp()));
            String searchEntryByDn = galSearchParams.getSearchEntryByDn();
            if (searchEntryByDn == null) {
                Provisioning.SearchGalResult result = galSearchParams.getResult();
                if (result != null && GalOp.sync.equals(galSearchParams.getOp())) {
                    result.setLdapTimeStamp(galSearchParams.getLdapTimeStamp());
                    result.setLdapMatchCount(galSearchParams.getLdapMatchCount());
                    result.setHadMore(galSearchParams.ldapHasMore());
                    result.setMaxLdapTimeStamp(galSearchParams.getMaxLdapTimeStamp());
                }
                searchGal(context, galType, config.getPageSize(), config.getSearchBase(), galSearchParams.generateLdapQuery(), galSearchParams.getLimit(), config.getRules(), galSearchParams.getSyncToken(), galSearchParams.getResult(), galSearchParams.getOp());
            } else {
                getGalEntryByDn(context, galType, searchEntryByDn, config.getRules(), galSearchParams.getResult());
            }
            LdapClient.closeContext(context);
        } catch (Throwable th) {
            LdapClient.closeContext(null);
            throw th;
        }
    }

    private static void galSearchKrb5(GalSearchParams galSearchParams) throws ServiceException {
        try {
            Krb5Login.performAs(galSearchParams.getConfig().getKerberosPrincipal(), galSearchParams.getConfig().getKerberosKeytab(), new GalSearchAction(galSearchParams));
        } catch (PrivilegedActionException e) {
            ServiceException exception = e.getException();
            if (!(exception instanceof ServiceException)) {
                throw ServiceException.FAILURE("caught exception, unable to search GAL", exception);
            }
            throw exception;
        } catch (LoginException e2) {
            throw ServiceException.FAILURE("login failed, unable to search GAL", e2);
        }
    }

    public static void searchGal(ZLdapContext zLdapContext, GalSearchConfig.GalType galType, int i, String str, String str2, int i2, LdapGalMapRules ldapGalMapRules, String str3, Provisioning.SearchGalResult searchGalResult) throws ServiceException {
        searchGal(zLdapContext, galType, i, str, str2, i2, ldapGalMapRules, str3, searchGalResult, null);
    }

    public static void searchGal(ZLdapContext zLdapContext, GalSearchConfig.GalType galType, int i, String str, String str2, int i2, LdapGalMapRules ldapGalMapRules, String str3, Provisioning.SearchGalResult searchGalResult, GalOp galOp) throws ServiceException {
        searchGalResult.setToken((str3 == null || str3.equals("")) ? LdapConstants.EARLIEST_SYNC_TOKEN : str3);
        if (GalOp.sync == galOp) {
            String maxLdapTimeStamp = searchGalResult.getMaxLdapTimeStamp();
            if (!StringUtils.isEmpty(maxLdapTimeStamp)) {
                searchGalResult.setToken(maxLdapTimeStamp);
            }
        }
        String[] ldapAttrs = ldapGalMapRules.getLdapAttrs();
        if (ZimbraLog.gal.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str4 : ldapAttrs) {
                stringBuffer.append(str4 + FileUploadServlet.UPLOAD_DELIMITER);
            }
            zLdapContext.debug();
            ZimbraLog.gal.debug("searchGal: , page size=" + i + ", max results=" + i2 + ", base=" + str + ", query=" + str2 + ", attrs=" + ((Object) stringBuffer));
        }
        if (GalOp.sync == galOp) {
            searchGalResult.setLimit(i2);
            i2 = 0;
        }
        SearchLdapOptions searchLdapOptions = new SearchLdapOptions(str, ZLdapFilterFactory.getInstance().fromFilterString(ZLdapFilterFactory.FilterId.GAL_SEARCH, str2), ldapAttrs, i2, (Set<String>) null, ZSearchScope.SEARCH_SCOPE_SUBTREE, new SearhcGalVisitor(zLdapContext, galType, str, ldapGalMapRules, searchGalResult));
        searchLdapOptions.setResultPageSize(i);
        searchLdapOptions.setGalOp(galOp);
        if (GalOp.sync == galOp) {
            searchLdapOptions.setSearchGalResult(searchGalResult);
        }
        try {
            try {
                try {
                    zLdapContext.searchPaged(searchLdapOptions);
                    if (GalOp.sync != galOp || (GalOp.sync == galOp && !searchGalResult.getHadMore())) {
                        String token = searchGalResult.getToken();
                        if (!(token != null && (str3 == null || !str3.equals(token)) && !token.equals(LdapConstants.EARLIEST_SYNC_TOKEN))) {
                            if (GalOp.sync != galOp || searchGalResult.getHadMore()) {
                                return;
                            }
                            searchGalResult.setToken(token);
                            searchGalResult.setLdapTimeStamp(token);
                            return;
                        }
                        Date parseGeneralizedTime = LdapDateUtil.parseGeneralizedTime(token);
                        if (parseGeneralizedTime != null) {
                            String generalizedTime = LdapDateUtil.toGeneralizedTime(new Date(parseGeneralizedTime.getTime() + 1000));
                            searchGalResult.setToken(generalizedTime);
                            if (GalOp.sync == galOp) {
                                searchGalResult.setLdapTimeStamp(generalizedTime);
                            }
                        }
                    }
                } catch (LdapException.LdapSizeLimitExceededException e) {
                    searchGalResult.setHadMore(true);
                    if (GalOp.sync != galOp || (GalOp.sync == galOp && !searchGalResult.getHadMore())) {
                        String token2 = searchGalResult.getToken();
                        if (!(token2 != null && (str3 == null || !str3.equals(token2)) && !token2.equals(LdapConstants.EARLIEST_SYNC_TOKEN))) {
                            if (GalOp.sync != galOp || searchGalResult.getHadMore()) {
                                return;
                            }
                            searchGalResult.setToken(token2);
                            searchGalResult.setLdapTimeStamp(token2);
                            return;
                        }
                        Date parseGeneralizedTime2 = LdapDateUtil.parseGeneralizedTime(token2);
                        if (parseGeneralizedTime2 != null) {
                            String generalizedTime2 = LdapDateUtil.toGeneralizedTime(new Date(parseGeneralizedTime2.getTime() + 1000));
                            searchGalResult.setToken(generalizedTime2);
                            if (GalOp.sync == galOp) {
                                searchGalResult.setLdapTimeStamp(generalizedTime2);
                            }
                        }
                    }
                }
            } catch (ServiceException e2) {
                throw ServiceException.FAILURE("unable to search gal", e2);
            }
        } catch (Throwable th) {
            if (GalOp.sync != galOp || (GalOp.sync == galOp && !searchGalResult.getHadMore())) {
                String token3 = searchGalResult.getToken();
                if (token3 != null && (str3 == null || !str3.equals(token3)) && !token3.equals(LdapConstants.EARLIEST_SYNC_TOKEN)) {
                    Date parseGeneralizedTime3 = LdapDateUtil.parseGeneralizedTime(token3);
                    if (parseGeneralizedTime3 != null) {
                        String generalizedTime3 = LdapDateUtil.toGeneralizedTime(new Date(parseGeneralizedTime3.getTime() + 1000));
                        searchGalResult.setToken(generalizedTime3);
                        if (GalOp.sync == galOp) {
                            searchGalResult.setLdapTimeStamp(generalizedTime3);
                        }
                    }
                } else if (GalOp.sync == galOp && !searchGalResult.getHadMore()) {
                    searchGalResult.setToken(token3);
                    searchGalResult.setLdapTimeStamp(token3);
                }
            }
            throw th;
        }
    }

    public static void getGalEntryByDn(ZLdapContext zLdapContext, GalSearchConfig.GalType galType, String str, LdapGalMapRules ldapGalMapRules, Provisioning.SearchGalResult searchGalResult) throws ServiceException {
        String[] ldapAttrs = ldapGalMapRules.getLdapAttrs();
        if (ZimbraLog.gal.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str2 : ldapAttrs) {
                stringBuffer.append(str2 + FileUploadServlet.UPLOAD_DELIMITER);
            }
            zLdapContext.debug();
            ZimbraLog.gal.debug("getGalEntryByDn: , dn=" + str + ", attrs=" + ((Object) stringBuffer));
        }
        try {
            new SearhcGalVisitor(zLdapContext, galType, null, ldapGalMapRules, searchGalResult).visit(str, zLdapContext.getAttributes(str, ldapAttrs));
        } catch (LdapException.LdapEntryNotFoundException e) {
            ZimbraLog.gal.debug("getGalEntryByDn: no such dn: " + str, e);
        } catch (ServiceException e2) {
            throw ServiceException.FAILURE("unable to search gal", e2);
        }
    }
}
