package com.zimbra.cs.account.ldap;

import com.zimbra.common.localconfig.LC;
import com.zimbra.common.net.SSLSocketFactoryWrapper;
import com.zimbra.common.net.SocketFactories;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.stats.ZimbraPerf;
import com.zimbra.cs.util.Zimbra;
import com.zimbra.cs.zclient.ZFilterCondition;
import com.zimbra.cs.zclient.ZMailbox;
import java.io.IOException;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NameNotFoundException;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InvalidAttributeIdentifierException;
import javax.naming.directory.InvalidAttributeValueException;
import javax.naming.directory.InvalidAttributesException;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SchemaViolationException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:com/zimbra/cs/account/ldap/ZimbraLdapContext.class */
public class ZimbraLdapContext {
    private static String sLdapURL;
    private static String sLdapMasterURL;
    private static ConnType sConnType;
    private static ConnType sMasterConnType;
    private static String sStartTLSDebugText;
    private static Hashtable<String, String> sEnvMasterAuth;
    private static Hashtable<String, String> sEnvAuth;
    private static SSLSocketFactory sDummySSLSocketFactory;
    private LdapContext mDirContext;
    private StartTlsResponse mTlsResp;
    private static final int CHECK_LDAP_SLEEP_MILLIS = 5000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/ZimbraLdapContext$ConnType.class */
    public enum ConnType {
        PLAIN,
        LDAPS,
        STARTTLS;

        /* JADX INFO: Access modifiers changed from: private */
        public static ConnType getConnType(String str) {
            if (str.toLowerCase().contains("ldaps://")) {
                return LDAPS;
            }
            return ("1".equals(LC.ldap_starttls_supported.value()) && LC.ldap_starttls_required.booleanValue() && "1".equals(LC.zimbra_require_interprocess_security.value())) ? STARTTLS : PLAIN;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean isLDAPS(boolean z) {
            return z ? ZimbraLdapContext.sMasterConnType == LDAPS : ZimbraLdapContext.sConnType == LDAPS;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean isSTARTTLS(boolean z) {
            return z ? ZimbraLdapContext.sMasterConnType == STARTTLS : ZimbraLdapContext.sConnType == STARTTLS;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/ZimbraLdapContext$DummyHostVerifier.class */
    public static class DummyHostVerifier implements HostnameVerifier {
        private DummyHostVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            try {
                for (int i = 0; i < sSLSession.getPeerCertificates().length; i++) {
                }
                return true;
            } catch (SSLPeerUnverifiedException e) {
                return false;
            }
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/ldap/ZimbraLdapContext$DummySSLSocketFactory.class */
    public static class DummySSLSocketFactory extends SSLSocketFactoryWrapper {
        public static SocketFactory getDefault() {
            return new DummySSLSocketFactory();
        }

        public DummySSLSocketFactory() {
            super(SocketFactories.dummySSLSocketFactory());
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/ldap/ZimbraLdapContext$LdapConfig.class */
    public static class LdapConfig {
        public static final Integer NO_TIMEOUT = 0;
        private Boolean mUseConnPool;
        private Integer mConnTimeout;
        private Integer mReadTimeout;

        public LdapConfig(Boolean bool, Integer num, Integer num2) {
            this.mUseConnPool = bool;
            this.mConnTimeout = num;
            this.mReadTimeout = num2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String useConnPool() {
            return this.mUseConnPool == null ? ZFilterCondition.C_TRUE : this.mUseConnPool.toString();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String connTimeout() {
            return this.mConnTimeout == null ? LC.ldap_connect_timeout.value() : String.valueOf(this.mConnTimeout);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String readTimeout() {
            return this.mReadTimeout == null ? LC.ldap_read_timeout.value() : String.valueOf(this.mReadTimeout);
        }
    }

    public static synchronized void forceMasterURL() {
        sLdapURL = sLdapMasterURL;
        sConnType = sMasterConnType;
        sEnvMasterAuth = null;
        sEnvAuth = null;
    }

    public static String getLdapURL() {
        return sLdapURL;
    }

    public static boolean requireStartTLS(String[] strArr, boolean z) {
        if (!z) {
            return false;
        }
        for (String str : strArr) {
            if (str.toLowerCase().contains("ldaps://")) {
                return false;
            }
        }
        return true;
    }

    private static void markBinaryAttrs(Hashtable<String, String> hashtable, Set<String> set) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            sb.append(it.next() + " ");
        }
        if (sb.length() > 0) {
            hashtable.put("java.naming.ldap.attributes.binary", sb.toString());
        }
    }

    private static void markBinaryAttrs(Hashtable<String, String> hashtable) {
        AttributeManager inst = AttributeManager.getInst();
        if (inst != null) {
            markBinaryAttrs(hashtable, inst.getBinaryAttrs());
        }
    }

    private static synchronized Hashtable<String, String> getDefaultEnv(boolean z) {
        Hashtable<String, String> hashtable;
        if (z) {
            if (sEnvMasterAuth != null) {
                return sEnvMasterAuth;
            }
            Hashtable<String, String> hashtable2 = new Hashtable<>();
            sEnvMasterAuth = hashtable2;
            hashtable = hashtable2;
        } else {
            if (sEnvAuth != null) {
                return sEnvAuth;
            }
            Hashtable<String, String> hashtable3 = new Hashtable<>();
            sEnvAuth = hashtable3;
            hashtable = hashtable3;
        }
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", z ? sLdapMasterURL : sLdapURL);
        hashtable.put("java.naming.referral", "follow");
        hashtable.put("com.sun.jndi.ldap.connect.timeout", LC.ldap_connect_timeout.value());
        hashtable.put("com.sun.jndi.ldap.read.timeout", LC.ldap_read_timeout.value());
        markBinaryAttrs(hashtable);
        if (ConnType.isSTARTTLS(z)) {
            hashtable.put("com.sun.jndi.ldap.connect.pool", "false");
        } else {
            if (z) {
                hashtable.put("com.sun.jndi.ldap.connect.pool", LC.ldap_connect_pool_master.value());
            } else {
                hashtable.put("com.sun.jndi.ldap.connect.pool", ZFilterCondition.C_TRUE);
            }
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", LC.zimbra_ldap_userdn.value());
            hashtable.put("java.naming.security.credentials", LC.zimbra_ldap_password.value());
            if (ConnType.isLDAPS(z) && LC.ssl_allow_untrusted_certs.booleanValue()) {
                hashtable.put("java.naming.ldap.factory.socket", DummySSLSocketFactory.class.getName());
            }
        }
        return hashtable;
    }

    public static void main(String[] strArr) throws Exception {
        String name = DummySSLSocketFactory.class.getName();
        System.out.println("name = " + name);
        ((SSLSocketFactory) Class.forName(name).newInstance()).createSocket("foo", 123);
    }

    private static synchronized Hashtable<String, String> getCustomEnv(boolean z, LdapConfig ldapConfig) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", z ? sLdapMasterURL : sLdapURL);
        hashtable.put("java.naming.referral", "follow");
        hashtable.put("com.sun.jndi.ldap.connect.timeout", ldapConfig.connTimeout());
        hashtable.put("com.sun.jndi.ldap.read.timeout", ldapConfig.readTimeout());
        markBinaryAttrs(hashtable);
        if (ConnType.isSTARTTLS(z)) {
            hashtable.put("com.sun.jndi.ldap.connect.pool", "false");
        } else {
            if (z) {
                hashtable.put("com.sun.jndi.ldap.connect.pool", LC.ldap_connect_pool_master.value());
            } else {
                hashtable.put("com.sun.jndi.ldap.connect.pool", ldapConfig.useConnPool());
            }
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", LC.zimbra_ldap_userdn.value());
            hashtable.put("java.naming.security.credentials", LC.zimbra_ldap_password.value());
            if (ConnType.isLDAPS(z) && LC.ssl_allow_untrusted_certs.booleanValue()) {
                hashtable.put("java.naming.ldap.factory.socket", DummySSLSocketFactory.class.getName());
            }
        }
        return hashtable;
    }

    private static String joinURLS(String[] strArr) {
        if (strArr.length == 1) {
            return strArr[0];
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < strArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(' ');
            }
            stringBuffer.append(strArr[i]);
        }
        return stringBuffer.toString();
    }

    private static void tlsNegotiate(StartTlsResponse startTlsResponse) throws IOException {
        ZimbraLog.ldap.debug(sStartTLSDebugText);
        if (LC.ssl_allow_mismatched_certs.booleanValue()) {
            startTlsResponse.setHostnameVerifier(new DummyHostVerifier());
        }
        if (LC.ssl_allow_untrusted_certs.booleanValue()) {
            startTlsResponse.negotiate(sDummySSLSocketFactory);
        } else {
            startTlsResponse.negotiate();
        }
    }

    public ZimbraLdapContext() throws ServiceException {
        this(false, (LdapConfig) null);
    }

    public ZimbraLdapContext(boolean z) throws ServiceException {
        this(z, (LdapConfig) null);
    }

    public ZimbraLdapContext(boolean z, boolean z2) throws ServiceException {
        this(z, z2 ? null : new LdapConfig(Boolean.valueOf(z2), null, null));
    }

    public ZimbraLdapContext(boolean z, LdapConfig ldapConfig) throws ServiceException {
        try {
            Hashtable<String, String> defaultEnv = ldapConfig == null ? getDefaultEnv(z) : getCustomEnv(z, ldapConfig);
            boolean isSTARTTLS = ConnType.isSTARTTLS(z);
            long start = ZimbraPerf.STOPWATCH_LDAP_DC.start();
            if (ZimbraLog.ldap.isDebugEnabled()) {
                ZimbraLog.ldap.debug("GET DIR CTXT: url=" + defaultEnv.get("java.naming.provider.url") + ", binddn=" + defaultEnv.get("java.naming.security.principal") + ", startTLS=" + isSTARTTLS + ", connpool=" + defaultEnv.get("com.sun.jndi.ldap.connect.pool"));
            }
            this.mDirContext = new InitialLdapContext(defaultEnv, (Control[]) null);
            if (isSTARTTLS) {
                this.mTlsResp = this.mDirContext.extendedOperation(new StartTlsRequest());
                tlsNegotiate(this.mTlsResp);
                this.mDirContext.addToEnvironment("java.naming.security.authentication", "simple");
                this.mDirContext.addToEnvironment("java.naming.security.principal", LC.zimbra_ldap_userdn.value());
                this.mDirContext.addToEnvironment("java.naming.security.credentials", LC.zimbra_ldap_password.value());
            }
            ZimbraPerf.STOPWATCH_LDAP_DC.stop(start);
        } catch (Throwable th) {
            ZimbraLog.ldap.debug("ZimbraLdapContext FAILED", th);
            closeContext(this.mDirContext, this.mTlsResp);
            if (th instanceof OutOfMemoryError) {
                Zimbra.halt("out of memory", th);
            }
            throw ServiceException.FAILURE("ZimbraLdapContext", th);
        }
    }

    public ZimbraLdapContext(String[] strArr, boolean z, String str, String str2, String str3) throws ServiceException, NamingException, IOException {
        this(strArr, z, (String) null, str, str2, (Set<String>) null, str3);
    }

    public ZimbraLdapContext(String[] strArr, boolean z, LdapGalCredential ldapGalCredential, Set<String> set, String str) throws ServiceException, NamingException, IOException {
        this(strArr, z, ldapGalCredential.getAuthMech(), ldapGalCredential.getBindDn(), ldapGalCredential.getBindPassword(), set, str);
    }

    public ZimbraLdapContext(String[] strArr, boolean z, String str, String str2, String str3, Set<String> set, String str4) throws ServiceException, NamingException, IOException {
        this(joinURLS(strArr), z, str, str2, str3, set, str4);
    }

    public ZimbraLdapContext(String str, boolean z, String str2, String str3, String str4, Set<String> set, String str5) throws ServiceException, NamingException, IOException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.referral", "follow");
        hashtable.put("com.sun.jndi.ldap.connect.timeout", LC.ldap_connect_timeout.value());
        hashtable.put("com.sun.jndi.ldap.read.timeout", LC.ldap_read_timeout.value());
        if (set != null) {
            markBinaryAttrs(hashtable, set);
        }
        if (!StringUtil.isNullOrEmpty(LC.ldap_deref_aliases.value())) {
            hashtable.put("java.naming.ldap.derefAliases", LC.ldap_deref_aliases.value());
        }
        str2 = str2 == null ? (str3 == null || str4 == null) ? "none" : "simple" : str2;
        boolean z2 = z && str2.equals("simple");
        if (str2.equals("none")) {
            hashtable.put("java.naming.security.authentication", "none");
        } else if (str2.equals("simple")) {
            if (!z2) {
                hashtable.put("java.naming.security.authentication", "simple");
                if (str3 != null) {
                    hashtable.put("java.naming.security.principal", str3);
                }
                if (str4 != null) {
                    hashtable.put("java.naming.security.credentials", str4);
                }
            }
        } else if (str2.equals("kerberos5")) {
            hashtable.put("java.naming.security.authentication", "GSSAPI");
            hashtable.put("javax.security.sasl.qop", "auth-conf");
        }
        if (!z2) {
            hashtable.put("com.sun.jndi.ldap.connect.pool", ZFilterCondition.C_TRUE);
        }
        try {
            if (ZimbraLog.ldap.isDebugEnabled()) {
                ZimbraLog.ldap.debug("GET DIR CTXT(" + str5 + "): url=" + ((String) hashtable.get("java.naming.provider.url")) + ", binddn=" + str3 + ", authMech=" + str2 + ", startTLS=" + z);
            }
            this.mDirContext = new InitialLdapContext(hashtable, (Control[]) null);
            if (z2) {
                this.mTlsResp = this.mDirContext.extendedOperation(new StartTlsRequest());
                tlsNegotiate(this.mTlsResp);
                this.mDirContext.addToEnvironment("java.naming.security.authentication", "simple");
                if (str3 != null) {
                    this.mDirContext.addToEnvironment("java.naming.security.principal", str3);
                }
                if (str4 != null) {
                    this.mDirContext.addToEnvironment("java.naming.security.credentials", str4);
                }
            }
        } catch (Throwable th) {
            ZimbraLog.ldap.debug("ZimbraLdapContext(" + str5 + ") FAILED", th);
            closeContext(this.mDirContext, this.mTlsResp);
            if (th instanceof OutOfMemoryError) {
                Zimbra.halt("out of memory", th);
            }
            if (th instanceof NamingException) {
                throw th;
            }
            if (!(th instanceof IOException)) {
                throw ServiceException.FAILURE("ZimbraLdapContext", th);
            }
            throw ((IOException) th);
        }
    }

    public static void ldapAuthenticate(String str, String str2) throws NamingException, IOException {
        ldapAuthenticate(new String[]{getLdapURL()}, ConnType.isSTARTTLS(false), str, str2, "Zimbra LDAP auth, password not SSHA");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void ldapAuthenticate(String[] strArr, boolean z, String str, String str2, String str3) throws NamingException, IOException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", joinURLS(strArr));
        hashtable.put("com.sun.jndi.ldap.connect.timeout", LC.ldap_connect_timeout.value());
        hashtable.put("com.sun.jndi.ldap.read.timeout", LC.ldap_read_timeout.value());
        if (!StringUtil.isNullOrEmpty(LC.ldap_deref_aliases.value())) {
            hashtable.put("java.naming.ldap.derefAliases", LC.ldap_deref_aliases.value());
        }
        if (!z) {
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", str);
            hashtable.put("java.naming.security.credentials", str2);
        }
        LdapContext ldapContext = null;
        StartTlsResponse startTlsResponse = null;
        try {
            try {
                try {
                    if (ZimbraLog.ldap.isDebugEnabled()) {
                        ZimbraLog.ldap.debug("GET DIR CTXT(" + str3 + "): url=" + ((String) hashtable.get("java.naming.provider.url")) + ", binddn=" + str + ", authMech=simple, startTLS=" + z);
                    }
                    ldapContext = new InitialLdapContext(hashtable, (Control[]) null);
                    if (z) {
                        LdapContext ldapContext2 = ldapContext;
                        startTlsResponse = (StartTlsResponse) ldapContext2.extendedOperation(new StartTlsRequest());
                        tlsNegotiate(startTlsResponse);
                        ldapContext2.addToEnvironment("java.naming.security.authentication", "simple");
                        ldapContext2.addToEnvironment("java.naming.security.principal", str);
                        ldapContext2.addToEnvironment("java.naming.security.credentials", str2);
                        ldapContext2.reconnect((Control[]) null);
                    }
                    closeContext(ldapContext, startTlsResponse);
                } catch (NamingException e) {
                    ZimbraLog.ldap.debug("ldapAuthenticate(" + str3 + ") failed", e);
                    throw e;
                }
            } catch (IOException e2) {
                ZimbraLog.ldap.debug("ldapAuthenticate(" + str3 + ") failed", e2);
                throw e2;
            }
        } catch (Throwable th) {
            closeContext(ldapContext, startTlsResponse);
            throw th;
        }
    }

    public LdapContext getLdapContext() {
        return this.mDirContext;
    }

    private static void closeContext(Context context) {
        closeContext(context, null);
    }

    private static void closeContext(Context context, StartTlsResponse startTlsResponse) {
        if (startTlsResponse != null) {
            try {
                ZimbraLog.ldap.debug("STOP TLS");
                startTlsResponse.close();
            } catch (IOException e) {
                ZimbraLog.ldap.error("failed to close tls", e);
            }
        }
        if (context != null) {
            try {
                ZimbraLog.ldap.debug("CLOSE DIR CTXT");
                context.close();
            } catch (NamingException e2) {
                ZimbraLog.ldap.error("failed to close dir context", e2);
            }
        }
    }

    public static void closeContext(ZimbraLdapContext zimbraLdapContext) {
        if (zimbraLdapContext != null) {
            zimbraLdapContext.closeContext();
        }
    }

    private void closeContext() {
        closeContext(this.mDirContext, this.mTlsResp);
    }

    public DirContext getSchema() throws NamingException {
        return this.mDirContext.getSchema(OperationContextData.GranteeNames.EMPTY_NAME);
    }

    public Attributes getAttributes(String str) throws NamingException {
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("GET ATTRS: dn=" + str);
        }
        return this.mDirContext.getAttributes(add);
    }

    public void modifyAttributes(String str, ModificationItem[] modificationItemArr) throws NamingException {
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("MODIFY ATTRS: dn=" + str + ", mods=" + dumpMods(modificationItemArr));
        }
        this.mDirContext.modifyAttributes(add, modificationItemArr);
    }

    public void replaceAttributes(String str, Attributes attributes) throws NamingException {
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("REPLACE ATTRS: dn=" + str + ", mods=" + attributes.toString());
        }
        this.mDirContext.modifyAttributes(add, 2, attributes);
    }

    public void removeAttributes(String str, Attributes attributes) throws NamingException {
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("REMOVE ATTRS: dn=" + str + ", mods=" + attributes.toString());
        }
        this.mDirContext.modifyAttributes(add, 3, attributes);
    }

    public NamingEnumeration<SearchResult> searchDir(String str, String str2, SearchControls searchControls) throws NamingException {
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("SEARCH: base=" + str + ", filter=" + str2);
        }
        if (str.length() == 0) {
            return this.mDirContext.search(str, str2, searchControls);
        }
        return this.mDirContext.search(new CompositeName().add(str), str2, searchControls);
    }

    public void createEntry(String str, Attributes attributes, String str2) throws NameAlreadyBoundException, ServiceException {
        Context context = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    Name add = new CompositeName().add(str);
                                    if (ZimbraLog.ldap.isDebugEnabled()) {
                                        ZimbraLog.ldap.debug("CREATE ENTRY: method=" + str2 + ", dn=" + str + ", attrs=" + attributes.toString());
                                    }
                                    context = this.mDirContext.createSubcontext(add, attributes);
                                    closeContext(context);
                                } catch (NameNotFoundException e) {
                                    throw ServiceException.INVALID_REQUEST(str2 + " dn not found: " + LdapUtil.dnToRdnAndBaseDn(str)[1] + e.getMessage(), e);
                                }
                            } catch (InvalidAttributeIdentifierException e2) {
                                throw AccountServiceException.INVALID_ATTR_NAME(str2 + " invalid attr name: " + e2.getMessage(), e2);
                            }
                        } catch (NamingException e3) {
                            throw ServiceException.FAILURE(str2, e3);
                        }
                    } catch (SchemaViolationException e4) {
                        throw ServiceException.INVALID_REQUEST(str2 + " invalid schema change: " + e4.getMessage(), e4);
                    }
                } catch (InvalidAttributeValueException e5) {
                    throw AccountServiceException.INVALID_ATTR_VALUE(str2 + " invalid attr value: " + e5.getMessage(), e5);
                } catch (InvalidAttributesException e6) {
                    throw ServiceException.INVALID_REQUEST(str2 + " invalid set of attributes: " + e6.getMessage(), e6);
                }
            } catch (NameAlreadyBoundException e7) {
                throw e7;
            } catch (InvalidNameException e8) {
                throw ServiceException.INVALID_REQUEST(str2 + " invalid name: " + e8.getMessage(), e8);
            }
        } catch (Throwable th) {
            closeContext(context);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void simpleCreate(String str, Object obj, String[] strArr) throws NamingException {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        if (obj instanceof String) {
            basicAttributes.put(ZAttrProvisioning.A_objectClass, obj);
        } else if (obj instanceof String[]) {
            BasicAttribute basicAttribute = new BasicAttribute(ZAttrProvisioning.A_objectClass);
            for (String str2 : (String[]) obj) {
                basicAttribute.add(str2);
            }
            basicAttributes.put(basicAttribute);
        }
        for (int i = 0; i < strArr.length; i += 2) {
            basicAttributes.put(strArr[i], strArr[i + 1]);
        }
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("CREATE ENTRY: dn=" + str + ", attrs=" + basicAttributes.toString());
        }
        this.mDirContext.createSubcontext(add, basicAttributes).close();
    }

    public void unbindEntry(String str) throws NamingException {
        Name add = new CompositeName().add(str);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("DELETE ENTRY: dn=" + str);
        }
        this.mDirContext.unbind(add);
    }

    public void moveChildren(String str, String str2) throws ServiceException {
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = searchDir(str, "(objectclass=*)", new SearchControls(1, 0L, 0, (String[]) null, false, false));
                NameParser nameParser = this.mDirContext.getNameParser(OperationContextData.GranteeNames.EMPTY_NAME);
                while (namingEnumeration.hasMore()) {
                    Name parse = nameParser.parse(((SearchResult) namingEnumeration.next()).getNameInNamespace());
                    Name add = nameParser.parse(str2).add(parse.get(parse.size() - 1));
                    if (ZimbraLog.ldap.isDebugEnabled()) {
                        ZimbraLog.ldap.debug("RENAME ENTRY: old=" + parse + ", new=" + add);
                    }
                    this.mDirContext.rename(parse, add);
                }
                LdapUtil.closeEnumContext(namingEnumeration);
            } catch (NamingException e) {
                ZimbraLog.account.warn("unable to move children", e);
                LdapUtil.closeEnumContext(namingEnumeration);
            }
        } catch (Throwable th) {
            LdapUtil.closeEnumContext(namingEnumeration);
            throw th;
        }
    }

    public void deleteChildren(String str) throws ServiceException {
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = searchDir(str, "(objectclass=*)", new SearchControls(1, 0L, 0, (String[]) null, false, false));
                while (namingEnumeration.hasMore()) {
                    unbindEntry(((SearchResult) namingEnumeration.next()).getNameInNamespace());
                }
                LdapUtil.closeEnumContext(namingEnumeration);
            } catch (NamingException e) {
                ZimbraLog.account.warn("unable to remove children", e);
                LdapUtil.closeEnumContext(namingEnumeration);
            }
        } catch (Throwable th) {
            LdapUtil.closeEnumContext(namingEnumeration);
            throw th;
        }
    }

    public void renameEntry(String str, String str2) throws NamingException {
        Name add = new CompositeName().add(str);
        Name add2 = new CompositeName().add(str2);
        if (ZimbraLog.ldap.isDebugEnabled()) {
            ZimbraLog.ldap.debug("RENAME ENTRY: old=" + add + ", new=" + add2);
        }
        this.mDirContext.rename(add, add2);
    }

    public void setPagedControl(int i, byte[] bArr, boolean z) throws NamingException, IOException {
        LdapContext ldapContext = this.mDirContext;
        Control[] controlArr = new Control[1];
        controlArr[0] = new PagedResultsControl(i, bArr, z);
        ldapContext.setRequestControls(controlArr);
    }

    public byte[] getCookie() throws NamingException {
        PagedResultsResponseControl[] responseControls = this.mDirContext.getResponseControls();
        if (responseControls == null) {
            return null;
        }
        for (int i = 0; i < responseControls.length; i++) {
            if (responseControls[i] instanceof PagedResultsResponseControl) {
                return responseControls[i].getCookie();
            }
        }
        return null;
    }

    private static String dumpMods(ModificationItem[] modificationItemArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (ModificationItem modificationItem : modificationItemArr) {
            stringBuffer.append(modificationItem.toString() + ", ");
        }
        return stringBuffer.toString();
    }

    public static void waitForServer() {
        while (true) {
            ZimbraLdapContext zimbraLdapContext = null;
            try {
                try {
                    zimbraLdapContext = new ZimbraLdapContext();
                    closeContext(zimbraLdapContext);
                    return;
                } catch (ServiceException e) {
                    System.err.println(new Date() + ": error communicating with LDAP (will retry)");
                    e.printStackTrace();
                    try {
                        Thread.sleep(5000L);
                    } catch (InterruptedException e2) {
                    }
                    closeContext(zimbraLdapContext);
                }
            } catch (Throwable th) {
                closeContext(zimbraLdapContext);
                throw th;
            }
        }
    }

    static {
        sLdapURL = LC.ldap_url.value().trim();
        if (sLdapURL.length() == 0) {
            sLdapURL = "ldap://" + LC.ldap_host.value() + ":" + LC.ldap_port.value() + ZMailbox.PATH_SEPARATOR;
        }
        sLdapMasterURL = LC.ldap_master_url.value().trim();
        if (sLdapMasterURL.length() == 0) {
            sLdapMasterURL = sLdapURL;
        }
        System.setProperty("com.sun.jndi.ldap.connect.pool.debug", LC.ldap_connect_pool_debug.value());
        System.setProperty("com.sun.jndi.ldap.connect.pool.initsize", LC.ldap_connect_pool_initsize.value());
        System.setProperty("com.sun.jndi.ldap.connect.pool.maxsize", LC.ldap_connect_pool_maxsize.value());
        System.setProperty("com.sun.jndi.ldap.connect.pool.prefsize", LC.ldap_connect_pool_prefsize.value());
        System.setProperty("com.sun.jndi.ldap.connect.pool.timeout", LC.ldap_connect_pool_timeout.value());
        System.setProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain ssl");
        sConnType = ConnType.getConnType(sLdapURL);
        sMasterConnType = ConnType.getConnType(sLdapMasterURL);
        sDummySSLSocketFactory = SocketFactories.dummySSLSocketFactory();
        StringBuffer stringBuffer = new StringBuffer("START TLS");
        sStartTLSDebugText = "START TLS";
        if (LC.ssl_allow_mismatched_certs.booleanValue()) {
            stringBuffer.append(", allow mismatched certs");
        }
        if (LC.ssl_allow_untrusted_certs.booleanValue()) {
            stringBuffer.append(", allow untrusted certs");
        }
        sStartTLSDebugText = stringBuffer.toString();
    }
}
