package com.zimbra.cs.account.ldap;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ByteUtil;
import com.zimbra.common.util.DateUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.GalContact;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.gal.GalOp;
import com.zimbra.cs.account.gal.GalParams;
import com.zimbra.cs.account.gal.GalUtil;
import com.zimbra.cs.account.krb5.Krb5Login;
import com.zimbra.cs.gal.GalSearchConfig;
import com.zimbra.cs.gal.GalSearchParams;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.rmgmt.RemoteMailQueue;
import com.zimbra.cs.service.FileUploadServlet;
import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Rdn;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/zimbra/cs/account/ldap/LdapUtil.class */
public class LdapUtil {
    public static final String LDAP_TRUE = "TRUE";
    public static final String LDAP_FALSE = "FALSE";
    static final String EARLIEST_SYNC_TOKEN = "19700101000000Z";
    private static String[] sEmptyMulti = new String[0];
    static final SearchControls sSubtreeSC = new SearchControls(2, 0, 0, (String[]) null, false, false);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapUtil$GalSearchAction.class */
    public static class GalSearchAction implements PrivilegedExceptionAction {
        GalSearchParams mParams;

        GalSearchAction(GalSearchParams galSearchParams) {
            this.mParams = galSearchParams;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws ServiceException, NamingException, IOException {
            LdapUtil.doGalSearch(this.mParams);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapUtil$SearchGalAction.class */
    public static class SearchGalAction implements PrivilegedExceptionAction {
        GalParams.ExternalGalParams galParams;
        String query;
        int maxResults;
        LdapGalMapRules rules;
        String token;
        Provisioning.SearchGalResult result;

        SearchGalAction(GalParams.ExternalGalParams externalGalParams, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) {
            this.galParams = externalGalParams;
            this.query = str;
            this.maxResults = i;
            this.rules = ldapGalMapRules;
            this.token = str2;
            this.result = searchGalResult;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws ServiceException, NamingException, IOException {
            LdapUtil.searchLdapGal(this.galParams, this.query, this.maxResults, this.rules, this.token, this.result);
            return null;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/ldap/LdapUtil$SearchLdapVisitor.class */
    public interface SearchLdapVisitor {
        void visit(String str, Map<String, Object> map, Attributes attributes);
    }

    public static void closeEnumContext(NamingEnumeration namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
            }
        }
    }

    public static void ldapAuthenticate(String[] strArr, boolean z, String str, String str2) throws NamingException, IOException {
        if (str2 == null || str2.equals(OperationContextData.GranteeNames.EMPTY_NAME)) {
            throw new AuthenticationException("empty password");
        }
        ZimbraLdapContext.ldapAuthenticate(strArr, z, str, str2, "external LDAP auth");
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0066, code lost:
    
        r17 = r0.getNameInNamespace();
     */
    /* JADX WARN: Finally extract failed */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void ldapAuthenticate(java.lang.String[] r8, boolean r9, java.lang.String r10, java.lang.String r11, java.lang.String r12, java.lang.String r13, java.lang.String r14) throws com.zimbra.common.service.ServiceException, javax.naming.NamingException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 247
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.zimbra.cs.account.ldap.LdapUtil.ldapAuthenticate(java.lang.String[], boolean, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String):void");
    }

    public static String generateUUID() {
        return UUID.randomUUID().toString();
    }

    public static boolean isValidUUID(String str) throws IllegalArgumentException {
        if (str.length() > 127) {
            throw new IllegalArgumentException("uuid must be no longer than 127 characters");
        }
        if (str.contains(":")) {
            throw new IllegalArgumentException("uuid must not contain ':'");
        }
        return true;
    }

    public static String getAttrString(Attributes attributes, String str) throws NamingException {
        AttributeManager inst = AttributeManager.getInst();
        boolean containsBinaryData = inst == null ? false : inst.containsBinaryData(str);
        Attribute attribute = attributes.get(attrNameToBinaryTransferAttrName(inst == null ? false : inst.isBinaryTransfer(str), str));
        if (attribute == null) {
            return null;
        }
        Object obj = attribute.get();
        return obj instanceof String ? (String) obj : containsBinaryData ? ByteUtil.encodeLDAPBase64((byte[]) obj) : new String((byte[]) obj);
    }

    public static String[] getMultiAttrString(Attributes attributes, String str) throws NamingException {
        AttributeManager inst = AttributeManager.getInst();
        return getMultiAttrString(attributes, str, inst == null ? false : inst.containsBinaryData(str), inst == null ? false : inst.isBinaryTransfer(str));
    }

    public static String[] getMultiAttrString(Attributes attributes, String str, boolean z, boolean z2) throws NamingException {
        Attribute attribute = attributes.get(attrNameToBinaryTransferAttrName(z2, str));
        if (attribute == null) {
            return sEmptyMulti;
        }
        String[] strArr = new String[attribute.size()];
        for (int i = 0; i < attribute.size(); i++) {
            Object obj = attribute.get(i);
            if (obj instanceof String) {
                strArr[i] = (String) obj;
            } else if (z) {
                strArr[i] = ByteUtil.encodeLDAPBase64((byte[]) obj);
            } else {
                strArr[i] = new String((byte[]) obj);
            }
        }
        return strArr;
    }

    public static Map<String, Object> getAttrs(Attributes attributes) throws NamingException {
        return getAttrs(attributes, null);
    }

    public static Map<String, Object> getAttrs(Attributes attributes, Set<String> set) throws NamingException {
        HashMap hashMap = new HashMap();
        AttributeManager inst = AttributeManager.getInst();
        NamingEnumeration all = attributes.getAll();
        while (all.hasMore()) {
            Attribute attribute = (Attribute) all.next();
            String binaryTransferAttrNameToAttrName = binaryTransferAttrNameToAttrName(attribute.getID());
            boolean z = (inst != null && inst.containsBinaryData(binaryTransferAttrNameToAttrName)) || (set != null && set.contains(binaryTransferAttrNameToAttrName));
            if (attribute.size() == 1) {
                Object obj = attribute.get();
                if (obj instanceof String) {
                    hashMap.put(binaryTransferAttrNameToAttrName, obj);
                } else if (z) {
                    hashMap.put(binaryTransferAttrNameToAttrName, ByteUtil.encodeLDAPBase64((byte[]) obj));
                } else {
                    hashMap.put(binaryTransferAttrNameToAttrName, new String((byte[]) obj));
                }
            } else {
                String[] strArr = new String[attribute.size()];
                for (int i = 0; i < attribute.size(); i++) {
                    Object obj2 = attribute.get(i);
                    if (obj2 instanceof String) {
                        strArr[i] = (String) obj2;
                    } else if (z) {
                        strArr[i] = ByteUtil.encodeLDAPBase64((byte[]) obj2);
                    } else {
                        strArr[i] = new String((byte[]) obj2);
                    }
                }
                hashMap.put(binaryTransferAttrNameToAttrName, strArr);
            }
        }
        return hashMap;
    }

    public static String escapeSearchFilterArg(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("([\\\\\\*\\(\\)])", "\\\\$0");
    }

    public static Attribute addAttr(Attributes attributes, String str, String str2) {
        BasicAttribute basicAttribute = new BasicAttribute(str);
        basicAttribute.add(str2);
        attributes.put(basicAttribute);
        return basicAttribute;
    }

    public static Attribute addAttr(Attributes attributes, String str, Set<String> set) {
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            attribute = new BasicAttribute(str);
            attributes.put(attribute);
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            attribute.add(it.next());
        }
        return attribute;
    }

    private static void modifyAttr(ArrayList<ModificationItem> arrayList, String str, String str2, Entry entry, boolean z, boolean z2) {
        int i = (str2 == null || str2.equals(OperationContextData.GranteeNames.EMPTY_NAME)) ? 3 : 2;
        if (i == 3 && entry.getAttr(str, false) == null) {
            return;
        }
        BasicAttribute newBasicAttribute = newBasicAttribute(z2, str);
        if (i == 2) {
            newBasicAttribute.add(decodeBase64IfBinary(z, str2));
        }
        arrayList.add(new ModificationItem(i, newBasicAttribute));
    }

    private static void modifyAttr(ArrayList<ModificationItem> arrayList, String str, String[] strArr, boolean z, boolean z2) {
        BasicAttribute newBasicAttribute = newBasicAttribute(z2, str);
        for (String str2 : strArr) {
            newBasicAttribute.add(decodeBase64IfBinary(z, str2));
        }
        arrayList.add(new ModificationItem(2, newBasicAttribute));
    }

    private static void removeAttr(ArrayList<ModificationItem> arrayList, String str, String str2, Entry entry, boolean z, boolean z2) {
        if (contains(entry.getMultiAttr(str, false), str2)) {
            BasicAttribute newBasicAttribute = newBasicAttribute(z2, str);
            newBasicAttribute.add(decodeBase64IfBinary(z, str2));
            arrayList.add(new ModificationItem(3, newBasicAttribute));
        }
    }

    private static boolean contains(String[] strArr, String str) {
        if (strArr == null) {
            return false;
        }
        for (String str2 : strArr) {
            if (str2.compareToIgnoreCase(str) == 0) {
                return true;
            }
        }
        return false;
    }

    private static void removeAttr(ArrayList<ModificationItem> arrayList, String str, String[] strArr, Entry entry, boolean z, boolean z2) {
        String[] multiAttr = entry.getMultiAttr(str, false);
        if (multiAttr == null || multiAttr.length == 0) {
            return;
        }
        BasicAttribute basicAttribute = null;
        for (int i = 0; i < strArr.length; i++) {
            if (contains(multiAttr, strArr[i])) {
                if (basicAttribute == null) {
                    basicAttribute = newBasicAttribute(z2, str);
                }
                basicAttribute.add(decodeBase64IfBinary(z, strArr[i]));
            }
        }
        if (basicAttribute != null) {
            arrayList.add(new ModificationItem(3, basicAttribute));
        }
    }

    private static void addAttr(ArrayList<ModificationItem> arrayList, String str, String str2, Entry entry, boolean z, boolean z2) {
        if (contains(entry.getMultiAttr(str, false), str2)) {
            return;
        }
        BasicAttribute newBasicAttribute = newBasicAttribute(z2, str);
        newBasicAttribute.add(decodeBase64IfBinary(z, str2));
        arrayList.add(new ModificationItem(1, newBasicAttribute));
    }

    private static void addAttr(ArrayList<ModificationItem> arrayList, String str, String[] strArr, Entry entry, boolean z, boolean z2) {
        String[] multiAttr = entry.getMultiAttr(str, false);
        BasicAttribute basicAttribute = null;
        for (int i = 0; i < strArr.length; i++) {
            if (!contains(multiAttr, strArr[i])) {
                if (basicAttribute == null) {
                    basicAttribute = newBasicAttribute(z2, str);
                }
                basicAttribute.add(decodeBase64IfBinary(z, strArr[i]));
            }
        }
        if (basicAttribute != null) {
            arrayList.add(new ModificationItem(1, basicAttribute));
        }
    }

    public static void modifyAttrs(ZimbraLdapContext zimbraLdapContext, String str, Map map, Entry entry) throws NamingException, ServiceException {
        ArrayList arrayList = new ArrayList();
        AttributeManager inst = AttributeManager.getInst();
        for (Map.Entry entry2 : map.entrySet()) {
            Object value = entry2.getValue();
            String str2 = (String) entry2.getKey();
            boolean z = str2.charAt(0) == '+';
            boolean z2 = str2.charAt(0) == '-';
            if (z || z2) {
                str2 = str2.substring(1);
                if (map.containsKey(str2)) {
                    throw ServiceException.INVALID_REQUEST("can't mix +attrName/-attrName with attrName", (Throwable) null);
                }
            }
            boolean containsBinaryData = inst == null ? false : inst.containsBinaryData(str2);
            boolean isBinaryTransfer = inst == null ? false : inst.isBinaryTransfer(str2);
            if (value instanceof Object[]) {
                value = Arrays.asList((Object[]) value);
            }
            if (value instanceof Collection) {
                Collection collection = (Collection) value;
                if (collection.size() != 0) {
                    String[] strArr = new String[collection.size()];
                    int i = 0;
                    Iterator it = collection.iterator();
                    while (it.hasNext()) {
                        Object next = it.next();
                        int i2 = i;
                        i++;
                        strArr[i2] = next == null ? null : next.toString();
                    }
                    if (z) {
                        addAttr((ArrayList<ModificationItem>) arrayList, str2, strArr, entry, containsBinaryData, isBinaryTransfer);
                    } else if (z2) {
                        removeAttr((ArrayList<ModificationItem>) arrayList, str2, strArr, entry, containsBinaryData, isBinaryTransfer);
                    } else {
                        modifyAttr(arrayList, str2, strArr, containsBinaryData, isBinaryTransfer);
                    }
                } else if (entry.getAttr(str2, false) != null) {
                    arrayList.add(new ModificationItem(3, new BasicAttribute(str2)));
                }
            } else {
                if (value instanceof Map) {
                    throw ServiceException.FAILURE("Map is not a supported value type", (Throwable) null);
                }
                String obj = value == null ? null : value.toString();
                if (z) {
                    addAttr((ArrayList<ModificationItem>) arrayList, str2, obj, entry, containsBinaryData, isBinaryTransfer);
                } else if (z2) {
                    removeAttr((ArrayList<ModificationItem>) arrayList, str2, obj, entry, containsBinaryData, isBinaryTransfer);
                } else {
                    modifyAttr(arrayList, str2, obj, entry, containsBinaryData, isBinaryTransfer);
                }
            }
        }
        ModificationItem[] modificationItemArr = new ModificationItem[arrayList.size()];
        arrayList.toArray(modificationItemArr);
        zimbraLdapContext.modifyAttributes(str, modificationItemArr);
    }

    public static void mapToAttrs(Map map, Attributes attributes) {
        AttributeManager inst = AttributeManager.getInst();
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            Object value = entry.getValue();
            boolean containsBinaryData = inst == null ? false : inst.containsBinaryData(str);
            boolean isBinaryTransfer = inst == null ? false : inst.isBinaryTransfer(str);
            if (value instanceof String) {
                BasicAttribute newBasicAttribute = newBasicAttribute(isBinaryTransfer, str);
                newBasicAttribute.add(decodeBase64IfBinary(containsBinaryData, (String) value));
                attributes.put(newBasicAttribute);
            } else if (value instanceof String[]) {
                String[] strArr = (String[]) value;
                BasicAttribute newBasicAttribute2 = newBasicAttribute(isBinaryTransfer, str);
                for (String str2 : strArr) {
                    newBasicAttribute2.add(decodeBase64IfBinary(containsBinaryData, str2));
                }
                attributes.put(newBasicAttribute2);
            } else if (value instanceof Collection) {
                Collection collection = (Collection) value;
                BasicAttribute newBasicAttribute3 = newBasicAttribute(isBinaryTransfer, str);
                Iterator it = collection.iterator();
                while (it.hasNext()) {
                    newBasicAttribute3.add(decodeBase64IfBinary(containsBinaryData, it.next().toString()));
                }
                attributes.put(newBasicAttribute3);
            }
        }
    }

    public static String domainToDN(String[] strArr, int i) {
        StringBuffer stringBuffer = new StringBuffer(128);
        for (int i2 = i; i2 < strArr.length; i2++) {
            if (i2 - i > 0) {
                stringBuffer.append(FileUploadServlet.UPLOAD_DELIMITER);
            }
            stringBuffer.append("dc=").append(escapeRDNValue(strArr[i2]));
        }
        return stringBuffer.toString();
    }

    public static String domainToDN(String str) {
        return domainToDN(str.split("\\."), 0);
    }

    public static String emailToDomainDN(String str) throws ServiceException {
        int indexOf = str.indexOf(64);
        if (indexOf == -1) {
            throw ServiceException.INVALID_REQUEST("must be an email address: " + str, (Throwable) null);
        }
        return domainToDN(str.substring(indexOf + 1).split("\\."), 0);
    }

    public static String dnToDomain(String str) {
        String[] split = str.split(FileUploadServlet.UPLOAD_DELIMITER);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < split.length; i++) {
            if (split[i].startsWith("dc=")) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(".");
                }
                stringBuffer.append(unescapeRDNValue(split[i].substring(3)));
            }
        }
        return stringBuffer.toString();
    }

    public static String[] dnToRdnAndBaseDn(String str) {
        String[] strArr = new String[2];
        int indexOf = str.indexOf(FileUploadServlet.UPLOAD_DELIMITER);
        if (indexOf == -1 || str.length() <= indexOf + 1) {
            strArr[0] = str;
            strArr[1] = str;
        } else {
            strArr[0] = str.substring(0, indexOf);
            strArr[1] = str.substring(indexOf + 1);
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] removeMultiValue(String[] strArr, String str) {
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        return arrayList.remove(str) ? (String[]) arrayList.toArray(new String[arrayList.size()]) : strArr;
    }

    public static String getBooleanString(boolean z) {
        return z ? "TRUE" : "FALSE";
    }

    public static String computeAuthDn(String str, String str2) {
        if (str2 == null || str2.equals(OperationContextData.GranteeNames.EMPTY_NAME) || str2.equals("%n")) {
            return str;
        }
        int indexOf = str.indexOf("@");
        HashMap hashMap = new HashMap();
        hashMap.put("n", str);
        if (indexOf == -1) {
            hashMap.put("u", str);
        } else {
            hashMap.put("u", str.substring(0, indexOf));
            String substring = str.substring(indexOf + 1);
            hashMap.put("d", substring);
            hashMap.put("D", domainToDN(substring));
        }
        return LdapProvisioning.expandStr(str2, hashMap);
    }

    public static void searchLdapOnMaster(String str, String str2, String[] strArr, SearchLdapVisitor searchLdapVisitor) throws ServiceException {
        searchZimbraLdap(str, str2, strArr, true, searchLdapVisitor);
    }

    public static void searchLdapOnReplica(String str, String str2, String[] strArr, SearchLdapVisitor searchLdapVisitor) throws ServiceException {
        searchZimbraLdap(str, str2, strArr, false, searchLdapVisitor);
    }

    private static void searchZimbraLdap(String str, String str2, String[] strArr, boolean z, SearchLdapVisitor searchLdapVisitor) throws ServiceException {
        ZimbraLdapContext zimbraLdapContext = null;
        try {
            zimbraLdapContext = new ZimbraLdapContext(z);
            searchLdap(zimbraLdapContext, str, str2, strArr, null, 2, searchLdapVisitor);
            ZimbraLdapContext.closeContext(zimbraLdapContext);
        } catch (Throwable th) {
            ZimbraLdapContext.closeContext(zimbraLdapContext);
            throw th;
        }
    }

    public static void searchLdap(ZimbraLdapContext zimbraLdapContext, String str, String str2, String[] strArr, Set<String> set, int i, SearchLdapVisitor searchLdapVisitor) throws ServiceException {
        try {
            SearchControls searchControls = new SearchControls(i, 0, 0, strArr, false, false);
            int adjustPageSize = adjustPageSize(0, RemoteMailQueue.MAIL_QUEUE_INDEX_FLUSH_THRESHOLD);
            byte[] bArr = null;
            NamingEnumeration<SearchResult> namingEnumeration = null;
            do {
                try {
                    zimbraLdapContext.setPagedControl(adjustPageSize, bArr, true);
                    namingEnumeration = zimbraLdapContext.searchDir(str, str2, searchControls);
                    while (namingEnumeration != null && namingEnumeration.hasMore()) {
                        SearchResult searchResult = (SearchResult) namingEnumeration.nextElement();
                        String nameInNamespace = searchResult.getNameInNamespace();
                        Attributes attributes = searchResult.getAttributes();
                        searchLdapVisitor.visit(nameInNamespace, getAttrs(attributes, set), attributes);
                    }
                    bArr = zimbraLdapContext.getCookie();
                } catch (Throwable th) {
                    if (namingEnumeration != null) {
                        namingEnumeration.close();
                    }
                    throw th;
                }
            } while (bArr != null);
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
        } catch (NamingException e) {
            throw ServiceException.FAILURE("unable to search ldap", e);
        } catch (IOException e2) {
            throw ServiceException.FAILURE("unable to search ldap", e2);
        }
    }

    /* JADX WARN: Finally extract failed */
    public static void searchGal(ZimbraLdapContext zimbraLdapContext, GalSearchConfig.GalType galType, int i, String str, String str2, int i2, LdapGalMapRules ldapGalMapRules, String str3, Provisioning.SearchGalResult searchGalResult) throws ServiceException {
        Date parseGeneralizedTime;
        Date parseGeneralizedTime2;
        Date parseGeneralizedTime3;
        searchGalResult.setToken((str3 == null || str3.equals(OperationContextData.GranteeNames.EMPTY_NAME)) ? EARLIEST_SYNC_TOKEN : str3);
        if (i > 0) {
            i = adjustPageSize(i2, i);
        }
        if (ZimbraLog.gal.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str4 : ldapGalMapRules.getLdapAttrs()) {
                stringBuffer.append(str4 + FileUploadServlet.UPLOAD_DELIMITER);
            }
            String str5 = null;
            try {
                Hashtable environment = zimbraLdapContext.getLdapContext().getEnvironment();
                zimbraLdapContext.getLdapContext();
                Object obj = environment.get("java.naming.provider.url");
                r22 = obj != null ? obj.toString() : null;
                zimbraLdapContext.getLdapContext();
                Object obj2 = environment.get("java.naming.security.principal");
                if (obj2 != null) {
                    str5 = obj2.toString();
                }
            } catch (NamingException e) {
                ZimbraLog.gal.debug("cannot get DirContext environment for debug");
            }
            ZimbraLog.gal.debug("searchGal: url=" + r22 + ", binddn=" + str5 + ", page size=" + i + ", max results=" + i2 + ", base=" + str + ", query=" + str2 + ", attrs=" + ((Object) stringBuffer));
        }
        SearchControls searchControls = new SearchControls(2, i2, 0, ldapGalMapRules.getLdapAttrs(), false, false);
        NamingEnumeration<SearchResult> namingEnumeration = null;
        int i3 = 0;
        byte[] bArr = null;
        do {
            if (i > 0) {
                try {
                    try {
                        try {
                            try {
                                zimbraLdapContext.setPagedControl(i, bArr, false);
                            } catch (SizeLimitExceededException e2) {
                                searchGalResult.setHadMore(true);
                                String token = searchGalResult.getToken();
                                if (!(token != null && (str3 == null || !str3.equals(token)) && !token.equals(EARLIEST_SYNC_TOKEN)) || (parseGeneralizedTime = DateUtil.parseGeneralizedTime(token, false)) == null) {
                                    return;
                                }
                                searchGalResult.setToken(DateUtil.toGeneralizedTime(new Date(parseGeneralizedTime.getTime() + 1000)));
                                return;
                            }
                        } catch (NamingException e3) {
                            throw ServiceException.FAILURE("unable to search gal", e3);
                        } catch (IOException e4) {
                            throw ServiceException.FAILURE("unable to search gal", e4);
                        }
                    } catch (Throwable th) {
                        String token2 = searchGalResult.getToken();
                        if ((token2 != null && (str3 == null || !str3.equals(token2)) && !token2.equals(EARLIEST_SYNC_TOKEN)) && (parseGeneralizedTime2 = DateUtil.parseGeneralizedTime(token2, false)) != null) {
                            searchGalResult.setToken(DateUtil.toGeneralizedTime(new Date(parseGeneralizedTime2.getTime() + 1000)));
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    if (namingEnumeration != null) {
                        namingEnumeration.close();
                    }
                    throw th2;
                }
            }
            namingEnumeration = zimbraLdapContext.searchDir(str, str2, searchControls);
            while (true) {
                if (namingEnumeration == null || !namingEnumeration.hasMore()) {
                    break;
                }
                if (i2 > 0) {
                    int i4 = i3;
                    i3++;
                    if (i4 > i2) {
                        searchGalResult.setHadMore(true);
                        break;
                    }
                }
                SearchResult searchResult = (SearchResult) namingEnumeration.next();
                String nameInNamespace = searchResult.getNameInNamespace();
                GalContact galContact = new GalContact(galType, nameInNamespace, ldapGalMapRules.apply(zimbraLdapContext, str, searchResult));
                String str6 = (String) galContact.getAttrs().get("modifyTimeStamp");
                searchGalResult.setToken(getLaterTimestamp(searchGalResult.getToken(), str6));
                String str7 = (String) galContact.getAttrs().get("createTimeStamp");
                searchGalResult.setToken(getLaterTimestamp(searchGalResult.getToken(), str7));
                searchGalResult.addMatch(galContact);
                ZimbraLog.gal.debug("dn=" + nameInNamespace + ", mts=" + str6 + ", cts=" + str7);
            }
            if (i > 0) {
                bArr = zimbraLdapContext.getCookie();
            }
        } while (bArr != null);
        if (namingEnumeration != null) {
            namingEnumeration.close();
        }
        String token3 = searchGalResult.getToken();
        if (!(token3 != null && (str3 == null || !str3.equals(token3)) && !token3.equals(EARLIEST_SYNC_TOKEN)) || (parseGeneralizedTime3 = DateUtil.parseGeneralizedTime(token3, false)) == null) {
            return;
        }
        searchGalResult.setToken(DateUtil.toGeneralizedTime(new Date(parseGeneralizedTime3.getTime() + 1000)));
    }

    public static Provisioning.SearchGalResult searchLdapGal(GalParams.ExternalGalParams externalGalParams, GalOp galOp, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, GalContact.Visitor visitor) throws ServiceException, NamingException, IOException {
        String filterDef;
        String[] url = externalGalParams.url();
        String searchBase = externalGalParams.searchBase();
        String filter = externalGalParams.filter();
        Provisioning.SearchGalResult newSearchGalResult = Provisioning.SearchGalResult.newSearchGalResult(visitor);
        String str3 = GalUtil.tokenizeKey(externalGalParams, galOp);
        newSearchGalResult.setTokenizeKey(str3);
        if (url == null || url.length == 0 || searchBase == null || filter == null) {
            if (url == null || url.length == 0) {
                ZimbraLog.gal.warn("searchLdapGal url is null");
            }
            if (searchBase == null) {
                ZimbraLog.gal.warn("searchLdapGal base is null");
            }
            if (filter == null) {
                ZimbraLog.gal.warn("searchLdapGal queryExpr is null");
            }
            return newSearchGalResult;
        }
        if (filter.indexOf("(") == -1 && (filterDef = LdapProvisioning.getFilterDef(filter)) != null) {
            filter = filterDef;
        }
        String expandFilter = GalUtil.expandFilter(str3, filter, str, str2);
        if (externalGalParams.credential().getAuthMech().equals("kerberos5")) {
            searchLdapGalKrb5(externalGalParams, expandFilter, i, ldapGalMapRules, str2, newSearchGalResult);
        } else {
            searchLdapGal(externalGalParams, expandFilter, i, ldapGalMapRules, str2, newSearchGalResult);
        }
        return newSearchGalResult;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void searchLdapGal(GalParams.ExternalGalParams externalGalParams, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) throws ServiceException, NamingException, IOException {
        ZimbraLdapContext zimbraLdapContext = null;
        try {
            zimbraLdapContext = new ZimbraLdapContext(externalGalParams.url(), externalGalParams.requireStartTLS(), externalGalParams.credential(), ldapGalMapRules.getBinaryLdapAttrs(), "external GAL");
            searchGal(zimbraLdapContext, GalSearchConfig.GalType.ldap, externalGalParams.pageSize(), externalGalParams.searchBase(), str, i, ldapGalMapRules, str2, searchGalResult);
            ZimbraLdapContext.closeContext(zimbraLdapContext);
        } catch (Throwable th) {
            ZimbraLdapContext.closeContext(zimbraLdapContext);
            throw th;
        }
    }

    private static void searchLdapGalKrb5(GalParams.ExternalGalParams externalGalParams, String str, int i, LdapGalMapRules ldapGalMapRules, String str2, Provisioning.SearchGalResult searchGalResult) throws NamingException, ServiceException {
        try {
            LdapGalCredential credential = externalGalParams.credential();
            Krb5Login.performAs(credential.getKrb5Principal(), credential.getKrb5Keytab(), new SearchGalAction(externalGalParams, str, i, ldapGalMapRules, str2, searchGalResult));
        } catch (PrivilegedActionException e) {
            NamingException exception = e.getException();
            if (!(exception instanceof NamingException)) {
                throw ServiceException.FAILURE("caught exception, unable to search GAL", exception);
            }
            throw exception;
        } catch (LoginException e2) {
            throw ServiceException.FAILURE("login failed, unable to search GAL", e2);
        }
    }

    public static void galSearch(GalSearchParams galSearchParams) throws ServiceException, NamingException, IOException {
        if (galSearchParams.getConfig().getAuthMech().equals("kerberos5")) {
            galSearchKrb5(galSearchParams);
        } else {
            doGalSearch(galSearchParams);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void doGalSearch(GalSearchParams galSearchParams) throws ServiceException, NamingException, IOException {
        ZimbraLdapContext zimbraLdapContext = null;
        try {
            GalSearchConfig config = galSearchParams.getConfig();
            GalSearchConfig.GalType galType = galSearchParams.getConfig().getGalType();
            zimbraLdapContext = galType == GalSearchConfig.GalType.zimbra ? new ZimbraLdapContext(false) : new ZimbraLdapContext(config.getUrl(), config.getStartTlsEnabled(), config.getAuthMech(), config.getBindDn(), config.getBindPassword(), config.getRules().getBinaryLdapAttrs(), "external GAL");
            searchGal(zimbraLdapContext, galType, config.getPageSize(), config.getSearchBase(), galSearchParams.generateLdapQuery(), galSearchParams.getLimit(), config.getRules(), galSearchParams.getSyncToken(), galSearchParams.getResult());
            ZimbraLdapContext.closeContext(zimbraLdapContext);
        } catch (Throwable th) {
            ZimbraLdapContext.closeContext(zimbraLdapContext);
            throw th;
        }
    }

    private static void galSearchKrb5(GalSearchParams galSearchParams) throws NamingException, ServiceException {
        try {
            Krb5Login.performAs(galSearchParams.getConfig().getKerberosPrincipal(), galSearchParams.getConfig().getKerberosKeytab(), new GalSearchAction(galSearchParams));
        } catch (PrivilegedActionException e) {
            NamingException exception = e.getException();
            if (!(exception instanceof NamingException)) {
                throw ServiceException.FAILURE("caught exception, unable to search GAL", exception);
            }
            throw exception;
        } catch (LoginException e2) {
            throw ServiceException.FAILURE("login failed, unable to search GAL", e2);
        }
    }

    public static String getLaterTimestamp(String str, String str2) {
        if (str == null) {
            return str2;
        }
        if (str2 != null && str.compareTo(str2) <= 0) {
            return str2;
        }
        return str;
    }

    public static String getEarlierTimestamp(String str, String str2) {
        if (str == null) {
            return str2;
        }
        if (str2 != null && str.compareTo(str2) >= 0) {
            return str2;
        }
        return str;
    }

    public static String escapeRDNValue(String str) {
        return Rdn.escapeValue(str);
    }

    public static String unescapeRDNValue(String str) {
        return (String) Rdn.unescapeValue(str);
    }

    public static String formatMultipleMatchedEntries(SearchResult searchResult, NamingEnumeration namingEnumeration) throws NamingException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[" + searchResult.getNameInNamespace() + "] ");
        while (namingEnumeration.hasMore()) {
            stringBuffer.append("[" + ((SearchResult) namingEnumeration.next()).getNameInNamespace() + "] ");
        }
        return new String(stringBuffer);
    }

    public static int adjustPageSize(int i, int i2) {
        return i2 < 2 ? i2 : (i < i2 || i % i2 != 0) ? i2 : i2 - 1;
    }

    public static String getZimbraSearchBase(Domain domain, GalOp galOp) {
        String attr;
        if (galOp == GalOp.sync) {
            attr = domain.getAttr(ZAttrProvisioning.A_zimbraGalSyncInternalSearchBase);
            if (attr == null) {
                attr = domain.getAttr(ZAttrProvisioning.A_zimbraGalInternalSearchBase, "DOMAIN");
            }
        } else {
            attr = domain.getAttr(ZAttrProvisioning.A_zimbraGalInternalSearchBase, "DOMAIN");
        }
        LdapDomain ldapDomain = (LdapDomain) domain;
        if (!attr.equalsIgnoreCase("DOMAIN") && !attr.equalsIgnoreCase("SUBDOMAINS")) {
            return attr.equalsIgnoreCase("ROOT") ? OperationContextData.GranteeNames.EMPTY_NAME : OperationContextData.GranteeNames.EMPTY_NAME;
        }
        return ldapDomain.getDN();
    }

    private static Object decodeBase64IfBinary(boolean z, String str) {
        return z ? ByteUtil.decodeLDAPBase64(str) : str;
    }

    private static BasicAttribute newBasicAttribute(boolean z, String str) {
        return new BasicAttribute(attrNameToBinaryTransferAttrName(z, str));
    }

    private static String attrNameToBinaryTransferAttrName(boolean z, String str) {
        return z ? str + ";binary" : str;
    }

    private static String binaryTransferAttrNameToAttrName(String str) {
        if (str.endsWith(";binary")) {
            String[] split = str.split(";");
            if (split.length == 2) {
                return split[0];
            }
        }
        return str;
    }

    public static void main(String[] strArr) {
        binaryTransferAttrNameToAttrName("userCertificate;binary");
        binaryTransferAttrNameToAttrName(ZAttrProvisioning.A_userCertificate);
    }
}
