package com.zimbra.cs.account.ldap;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ExceptionToString;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.GalContact;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.gal.GalOp;
import com.zimbra.cs.account.gal.GalParams;
import com.zimbra.cs.fb.ExchangeEWSFreeBusyProvider;
import com.zimbra.cs.fb.ExchangeFreeBusyProvider;
import com.zimbra.cs.mailbox.OperationContextData;
import java.io.IOException;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.CommunicationException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.directory.InvalidSearchFilterException;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: input_file:com/zimbra/cs/account/ldap/Check.class */
public class Check {
    public static final String STATUS_OK = "check.OK";
    public static final String STATUS_UNKNOWN_HOST = "check.UNKNOWN_HOST";
    public static final String STATUS_CONNECTION_REFUSED = "check.CONNECTION_REFUSED";
    public static final String STATUS_SSL_HANDSHAKE_FAILURE = "check.SSL_HANDSHAKE_FAILURE";
    public static final String STATUS_COMMUNICATION_FAILURE = "check.COMMUNICATION_FAILURE";
    public static final String STATUS_AUTH_FAILED = "check.AUTH_FAILED";
    public static final String STATUS_AUTH_NOT_SUPPORTED = "check.AUTH_NOT_SUPPORTED";
    public static final String STATUS_NAME_NOT_FOUND = "check.NAME_NOT_FOUND";
    public static final String STATUS_INVALID_SEARCH_FILTER = "check.INVALID_SEARCH_FILTER";
    public static final String STATUS_FAILURE = "check.FAILURE";
    public static final String STATUS_BAD_URL = "check.BAD_URL";
    public static final String STATUS_FORBIDDEN = "check.FORBIDDEN";

    /* loaded from: input_file:com/zimbra/cs/account/ldap/Check$GalResult.class */
    public static class GalResult extends Result {
        private List<GalContact> mResult;

        public GalResult(String str, String str2, List<GalContact> list) {
            super(str, str2, (String) null);
            this.mResult = list;
        }

        public List<GalContact> getContacts() {
            return this.mResult;
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/ldap/Check$Result.class */
    public static class Result {
        String code;
        String message;
        String detail;

        public String getCode() {
            return this.code;
        }

        public String getMessage() {
            return this.message;
        }

        public String getComputedDn() {
            return this.detail;
        }

        public Object getDetail() {
            return this.detail;
        }

        public Result(String str, String str2, String str3) {
            this.code = str;
            this.message = str2;
            this.detail = str3;
        }

        public Result(String str, Exception exc, String str2) {
            this.code = str;
            this.message = ExceptionToString.ToString(exc);
            this.detail = str2;
        }

        public String toString() {
            return "Result { code: " + this.code + " detail: " + this.detail + " message: " + this.message + " }";
        }
    }

    private static String getRequiredAttr(Map map, String str) throws ServiceException {
        String str2 = (String) map.get(str);
        if (str2 == null) {
            throw ServiceException.INVALID_REQUEST("must specifiy: " + str, (Throwable) null);
        }
        return str2;
    }

    private static String[] getRequiredMultiAttr(Map map, String str) throws ServiceException {
        String[] strArr;
        Object obj = map.get(str);
        if (obj instanceof String) {
            return new String[]{(String) obj};
        }
        if (!(obj instanceof String[]) || (strArr = (String[]) obj) == null || strArr.length <= 0) {
            throw ServiceException.INVALID_REQUEST("must specifiy: " + str, (Throwable) null);
        }
        return strArr;
    }

    public static Result checkHostnameResolve(String str) {
        try {
            InetAddress.getByName(str);
            return new Result(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
        } catch (UnknownHostException e) {
            return new Result(STATUS_UNKNOWN_HOST, e, (String) null);
        }
    }

    public static Result checkAuthConfig(Map map, String str, String str2) throws ServiceException {
        String requiredAttr = getRequiredAttr(map, ZAttrProvisioning.A_zimbraAuthMech);
        if (!requiredAttr.equals(Provisioning.AM_LDAP) && !requiredAttr.equals(Provisioning.AM_AD)) {
            throw ServiceException.INVALID_REQUEST("auth mech must be: ldap or ad", (Throwable) null);
        }
        String[] requiredMultiAttr = getRequiredMultiAttr(map, ZAttrProvisioning.A_zimbraAuthLdapURL);
        String str3 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapStartTlsEnabled);
        boolean requireStartTLS = ZimbraLdapContext.requireStartTLS(requiredMultiAttr, str3 == null ? false : "TRUE".equals(str3));
        try {
            String str4 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapSearchFilter);
            if (str4 == null) {
                String str5 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapBindDn);
                if (str5 == null) {
                    throw ServiceException.INVALID_REQUEST("must specify zimbraAuthLdapSearchFilter or zimbraAuthLdapBindDn", (Throwable) null);
                }
                String computeAuthDn = LdapUtil.computeAuthDn(str, str5);
                if (ZimbraLog.account.isDebugEnabled()) {
                    ZimbraLog.account.debug("auth with bind dn template of " + computeAuthDn);
                }
                LdapUtil.ldapAuthenticate(requiredMultiAttr, requireStartTLS, computeAuthDn, str2);
                return new Result(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, computeAuthDn);
            }
            String str6 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapSearchBindPassword);
            String str7 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapSearchBindDn);
            String str8 = (String) map.get(ZAttrProvisioning.A_zimbraAuthLdapSearchBase);
            if (str8 == null) {
                str8 = OperationContextData.GranteeNames.EMPTY_NAME;
            }
            String computeAuthDn2 = LdapUtil.computeAuthDn(str, str4);
            if (ZimbraLog.account.isDebugEnabled()) {
                ZimbraLog.account.debug("auth with search filter of " + computeAuthDn2);
            }
            LdapUtil.ldapAuthenticate(requiredMultiAttr, requireStartTLS, str2, str8, computeAuthDn2, str7, str6);
            return new Result(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, computeAuthDn2);
        } catch (IOException e) {
            return toResult(e, OperationContextData.GranteeNames.EMPTY_NAME);
        } catch (NamingException e2) {
            return toResult(e2, OperationContextData.GranteeNames.EMPTY_NAME);
        }
    }

    public static Result checkGalConfig(Map map, String str, int i, GalOp galOp) throws ServiceException {
        Provisioning.SearchGalResult searchLdapGal;
        if (Provisioning.GalMode.fromString(getRequiredAttr(map, ZAttrProvisioning.A_zimbraGalMode)) != Provisioning.GalMode.ldap) {
            throw ServiceException.INVALID_REQUEST("gal mode must be: " + Provisioning.GalMode.ldap.toString(), (Throwable) null);
        }
        GalParams.ExternalGalParams externalGalParams = new GalParams.ExternalGalParams(map, galOp);
        LdapGalMapRules ldapGalMapRules = new LdapGalMapRules(Provisioning.getInstance().getConfig(), false);
        try {
            if (galOp == GalOp.autocomplete) {
                searchLdapGal = LdapUtil.searchLdapGal(externalGalParams, GalOp.autocomplete, str, i, ldapGalMapRules, null, null);
            } else if (galOp == GalOp.search) {
                searchLdapGal = LdapUtil.searchLdapGal(externalGalParams, GalOp.search, str, i, ldapGalMapRules, null, null);
            } else {
                if (galOp != GalOp.sync) {
                    throw ServiceException.INVALID_REQUEST("invalid GAL op: " + galOp.toString(), (Throwable) null);
                }
                searchLdapGal = LdapUtil.searchLdapGal(externalGalParams, GalOp.sync, str, i, ldapGalMapRules, OperationContextData.GranteeNames.EMPTY_NAME, null);
            }
            return new GalResult(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, searchLdapGal.getMatches());
        } catch (IOException e) {
            return toResult(e, OperationContextData.GranteeNames.EMPTY_NAME);
        } catch (NamingException e2) {
            return toResult(e2, OperationContextData.GranteeNames.EMPTY_NAME);
        }
    }

    public static Result checkExchangeAuth(ExchangeFreeBusyProvider.ServerInfo serverInfo, Account account) throws ServiceException {
        try {
            switch (ExchangeFreeBusyProvider.checkAuth(serverInfo, account)) {
                case 400:
                case 404:
                    return new Result(STATUS_BAD_URL, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
                case 401:
                case 403:
                    return new Result(STATUS_AUTH_FAILED, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
                case 402:
                default:
                    return new Result(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
            }
        } catch (IOException e) {
            return toResult(e, OperationContextData.GranteeNames.EMPTY_NAME);
        }
    }

    public static Result checkExchangeEWSAuth(ExchangeFreeBusyProvider.ServerInfo serverInfo, Account account) throws ServiceException {
        try {
            switch (ExchangeEWSFreeBusyProvider.checkAuth(serverInfo, account)) {
                case 400:
                case 404:
                    return new Result(STATUS_BAD_URL, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
                case 401:
                case 403:
                    return new Result(STATUS_AUTH_FAILED, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
                case 402:
                default:
                    return new Result(STATUS_OK, OperationContextData.GranteeNames.EMPTY_NAME, (String) null);
            }
        } catch (IOException e) {
            return toResult(e, OperationContextData.GranteeNames.EMPTY_NAME);
        }
    }

    private static Result toResult(IOException iOException, String str) {
        return iOException instanceof UnknownHostException ? new Result(STATUS_UNKNOWN_HOST, iOException, str) : iOException instanceof ConnectException ? new Result(STATUS_CONNECTION_REFUSED, iOException, str) : iOException instanceof SSLHandshakeException ? new Result(STATUS_SSL_HANDSHAKE_FAILURE, iOException, str) : new Result(STATUS_COMMUNICATION_FAILURE, iOException, str);
    }

    private static Result toResult(NamingException namingException, String str) {
        return namingException instanceof CommunicationException ? namingException.getRootCause() instanceof UnknownHostException ? new Result(STATUS_UNKNOWN_HOST, (Exception) namingException, str) : namingException.getRootCause() instanceof ConnectException ? new Result(STATUS_CONNECTION_REFUSED, (Exception) namingException, str) : namingException.getRootCause() instanceof SSLHandshakeException ? new Result(STATUS_SSL_HANDSHAKE_FAILURE, (Exception) namingException, str) : new Result(STATUS_COMMUNICATION_FAILURE, (Exception) namingException, str) : namingException instanceof AuthenticationException ? new Result(STATUS_AUTH_FAILED, (Exception) namingException, str) : namingException instanceof AuthenticationNotSupportedException ? new Result(STATUS_AUTH_NOT_SUPPORTED, (Exception) namingException, str) : namingException instanceof NameNotFoundException ? new Result(STATUS_NAME_NOT_FOUND, (Exception) namingException, str) : namingException instanceof InvalidSearchFilterException ? new Result(STATUS_INVALID_SEARCH_FILTER, (Exception) namingException, str) : new Result(STATUS_FAILURE, (Exception) namingException, str);
    }

    private static void testCheckAuth() {
        HashMap hashMap = new HashMap();
        hashMap.put(ZAttrProvisioning.A_zimbraAuthMech, Provisioning.AM_LDAP);
        hashMap.put(ZAttrProvisioning.A_zimbraAuthLdapURL, "ldap://exch1.example.zimbra.com/");
        hashMap.put(ZAttrProvisioning.A_zimbraAuthLdapBindDn, "%u@example.zimbra.com");
        try {
            System.out.println(checkAuthConfig(hashMap, "schemers", "xxxxx"));
        } catch (ServiceException e) {
            e.printStackTrace();
        }
    }

    private static void testCheckHostnameResolve() {
        System.out.println(checkHostnameResolve("slapshot"));
    }

    private static void testCheckGal() {
        HashMap hashMap = new HashMap();
        hashMap.put(ZAttrProvisioning.A_zimbraGalMode, Provisioning.GalMode.ldap.toString());
        hashMap.put(ZAttrProvisioning.A_zimbraGalLdapURL, "ldap://exch1.example.zimbra.com/");
        hashMap.put(ZAttrProvisioning.A_zimbraGalLdapBindDn, "zz_gal");
        hashMap.put(ZAttrProvisioning.A_zimbraGalLdapBindPassword, "zz_gal");
        hashMap.put(ZAttrProvisioning.A_zimbraGalLdapSearchBase, "dc=example,dc=zimbra,dc=com");
        hashMap.put(ZAttrProvisioning.A_zimbraGalLdapFilter, Provisioning.AM_AD);
        try {
            System.out.println(checkGalConfig(hashMap, "sam", 10, GalOp.search));
        } catch (ServiceException e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] strArr) {
        testCheckHostnameResolve();
    }
}
