package com.ibm.ws.security.registry.ldap.internal;

import com.ibm.etools.wdt.server.core.WDTConstants;
import com.ibm.websphere.ras.ProtectedString;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.NotImplementedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.registry.CertificateMapFailedException;
import com.ibm.ws.security.registry.CertificateMapNotSupportedException;
import com.ibm.ws.security.registry.EntryNotFoundException;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.SearchResult;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.ldap.UserInfoManager;
import com.ibm.ws.security.registry.ldap.internal.IdMap;
import java.net.URLDecoder;
import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.concurrent.LinkedBlockingDeque;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.NameClassPair;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapName;
import org.apache.bcel.Constants;
import org.apache.commons.lang.time.DateUtils;
import org.apache.wink.common.model.atom.AtomConstants;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;

@TraceOptions(traceGroups = {"LDAP"}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.registry.ldap_1.0.1.jar:com/ibm/ws/security/registry/ldap/internal/LdapRegistry.class */
public class LdapRegistry implements UserRegistry {
    private static final TraceComponent tc = Tr.register(LdapRegistry.class);
    private static final String iPlanet_OBJECT_FILTER = "(|(objectclass=*)(objectclass=ldapsubentry))";
    private static final String MS_OBJECT_FILTER = "(objectCategory=*)";
    private final DirContextFactory dirContextFactory;
    private static final String RACF_GROUP_ATTRIBUTE = "racfconnectgroupname";
    public static final String USERTYPE = "user";
    public static final String GROUPTYPE = "group";
    public static final String nullString = "";
    private static final String[] noAttrs;
    private static final int RETRIES = 3;
    private LdapConfig ldapConfig;
    private IdMap idMap;
    private CertificateMapper certMap;
    static final long serialVersionUID = 3049633826470701409L;
    private String realm = LdapConfig.DEFAULT_REALM_NAME;
    private String objectFilter = "(objectclass=*)";
    private String objectGroupDnFilter = "(objectclass=*)";
    private String objectUserDnFilter = "(objectclass=*)";
    private Long searchTimeLimit = Long.valueOf(DateUtils.MILLIS_PER_MINUTE);
    private final Object lockObj = new Object() { // from class: com.ibm.ws.security.registry.ldap.internal.LdapRegistry.1
        static final long serialVersionUID = -3052623910139172099L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);
    };
    private String LdapURL = null;
    private boolean useGetAllGroupMembershipsByUserObject = false;
    private boolean useMixedAttributeSearch = false;
    private final LinkedBlockingDeque<DirContext> DirContextPool = new LinkedBlockingDeque<>();
    private int ContextPoolSize = 0;
    private boolean refresh = true;
    private String bindDN = null;
    private String bindPWD = null;
    private String bindHost = null;
    private String currentActiveLDAP = null;
    private final int maxIdleContext = 30;
    private final int maxContextPerConnection = 5;

    /* JADX INFO: Access modifiers changed from: package-private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public LdapRegistry(Map<String, Object> map, DirContextFactory dirContextFactory) throws RegistryException {
        this.dirContextFactory = dirContextFactory;
        updateConfiguration(map, dirContextFactory);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v32, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v37, types: [com.ibm.ws.security.registry.ldap.internal.CertificateMapper] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void updateConfiguration(Map<String, Object> map, DirContextFactory dirContextFactory) throws RegistryException {
        this.currentActiveLDAP = null;
        this.ldapConfig = new LdapConfig(map, dirContextFactory);
        this.realm = (String) this.ldapConfig.get(LdapConfig.REALM);
        this.idMap = new IdMap(this.ldapConfig);
        IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
        if (groupMembers.length > 0) {
            String lowerCase = ((Filter) this.ldapConfig.get(LdapConfig.GROUP_FILTER)).prepare("*").toLowerCase();
            if (lowerCase.indexOf("ldapsubentry") > -1) {
                this.objectFilter = iPlanet_OBJECT_FILTER;
            }
            if (lowerCase.indexOf("objectcategory") > -1) {
                this.objectFilter = MS_OBJECT_FILTER;
            }
            this.objectGroupDnFilter = this.objectFilter;
            this.objectUserDnFilter = this.objectFilter;
            initializeAttributeSettings(groupMembers);
        }
        this.certMap = new CertificateMapper();
        if (this.ldapConfig.get(LdapConfig.CERTIFICATE_MAP_MODE) != null && (r0 = this.ldapConfig.get(LdapConfig.CERTIFICATE_MAP_FILTER)) != 0) {
            try {
                this.certMap.setLdapMapMode((String) this.ldapConfig.get(LdapConfig.CERTIFICATE_MAP_MODE));
                ?? r0 = this.certMap;
                r0.setLdapFilterDescriptor((String) this.ldapConfig.get(LdapConfig.CERTIFICATE_MAP_FILTER));
            } catch (RegistryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "157", this, new Object[]{map, dirContextFactory});
            }
        }
        Long l = (Long) this.ldapConfig.get(LdapConfig.SEARCH_TIMEOUT);
        if (l != null && l.longValue() > 0) {
            this.searchTimeLimit = l;
        }
        Boolean bool = (Boolean) this.ldapConfig.get(LdapConfig.LDAP_REUSE_CONN);
        if (bool == null || bool.booleanValue()) {
            return;
        }
        this.LdapURL = this.ldapConfig.getDirectoryUrl();
    }

    @FFDCIgnore({NamingException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void initializeAttributeSettings(IdMap.IdEntry[] idEntryArr) {
        boolean z = true;
        boolean z2 = false;
        StringTokenizer stringTokenizer = new StringTokenizer(this.ldapConfig.getDirectoryUrl());
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using schema on host: " + nextToken, new Object[0]);
            }
            LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
            if (ldapConfig != null) {
                ldapConfig.setDirectoryUrl(nextToken);
                DirContext dirContext = null;
                if (z) {
                    try {
                        dirContext = this.dirContextFactory.createDirContext(ldapConfig);
                        boolean z3 = false;
                        boolean z4 = false;
                        for (IdMap.IdEntry idEntry : idEntryArr) {
                            try {
                                dirContext.getSchema("").lookup("AttributeDefinition/" + idEntry.getObjectClassName());
                                z3 = true;
                                if (z2) {
                                    z4 = true;
                                }
                            } catch (NamingException e) {
                                z2 = true;
                                if (z3) {
                                    z4 = true;
                                }
                            }
                        }
                        z = false;
                        this.useGetAllGroupMembershipsByUserObject = z3;
                        this.useMixedAttributeSearch = z4;
                        safeClose((Context) dirContext);
                        return;
                    } catch (NamingException e2) {
                        safeClose((Context) dirContext);
                    } catch (Throwable th) {
                        safeClose((Context) dirContext);
                        throw th;
                    }
                } else {
                    safeClose((Context) null);
                }
            }
        }
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getRealm() {
        return this.realm;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [com.ibm.ws.security.registry.ldap.UserInfoManager] */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v20 */
    /* JADX WARN: Type inference failed for: r0v21 */
    /* JADX WARN: Type inference failed for: r0v22 */
    /* JADX WARN: Type inference failed for: r0v27, types: [com.ibm.websphere.ras.TraceComponent] */
    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String checkPassword(String str, @Sensitive String str2) throws RegistryException {
        String ldapName;
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is empty");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("password is null");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("password is empty");
        }
        LdapName fullDN = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
        if (fullDN == null) {
            str = LDAPRegistryUtil.escapeChar(str, '*');
            SearchResult users = getUsers(str, 2);
            int size = users.getList().size();
            if (size > 1) {
                throw new RegistryException("Multiple users with the name of " + str);
            }
            if (size == 0) {
                return null;
            }
            ldapName = users.getList().get(0);
        } else {
            ldapName = fullDN.toString();
        }
        if (!validatePassword(ldapName, str2)) {
            return null;
        }
        ?? userInfoManager = new UserInfoManager();
        try {
            userInfoManager.setUserInfo(createCredentialInfo(str));
            if (tc.isDebugEnabled()) {
                userInfoManager = tc;
                Tr.debug(userInfoManager, "UserInfoThreadLocal: added: " + str, new Object[0]);
            }
        } catch (CustomRegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "292", this, new Object[]{str, "<sensitive java.lang.String>"});
        } catch (NotImplementedException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "293", this, new Object[]{str, "<sensitive java.lang.String>"});
        } catch (EntryNotFoundException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "295", this, new Object[]{str, "<sensitive java.lang.String>"});
        } catch (RemoteException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "294", this, new Object[]{str, "<sensitive java.lang.String>"});
        }
        return ldapName;
    }

    @FFDCIgnore({AuthenticationException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean validatePassword(String str, @Sensitive String str2) throws RegistryException {
        boolean z = true;
        LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
        ldapConfig.put("java.naming.security.principal", str);
        ldapConfig.put("java.naming.security.credentials", new ProtectedString(str2.toCharArray()));
        Context context = null;
        try {
            try {
                context = this.dirContextFactory.createDirContext(ldapConfig);
                safeClose(context);
            } catch (AuthenticationException e) {
                z = false;
                safeClose(context);
            } catch (NamingException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "327", this, new Object[]{str, "<sensitive java.lang.String>"});
                z = false;
                safeClose(context);
            }
            return z;
        } catch (Throwable th) {
            safeClose(context);
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [java.lang.Throwable, javax.naming.NamingException, int, java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Object, com.ibm.ws.security.registry.ldap.internal.LdapRegistry] */
    /* JADX WARN: Type inference failed for: r1v12, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r1v21, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r1v36, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r1v6, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r2v21, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r2v32, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r2v38, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r2v43, types: [java.lang.StringBuilder] */
    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String mapCertificate(X509Certificate x509Certificate) throws CertificateMapNotSupportedException, CertificateMapFailedException, RegistryException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("cert is null");
        }
        String str = null;
        Throwable name = x509Certificate.getSubjectX500Principal().getName();
        try {
            String ldapSearchFilter = this.certMap.getLdapSearchFilter(x509Certificate);
            name = this.certMap.getLdapSearchScope();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "in map certificate, filter = " + ldapSearchFilter + " searchScope = " + name, new Object[0]);
            }
            try {
                if (name == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Searching for users", new Object[0]);
                    }
                    SearchResult users = getUsers(ldapSearchFilter, 2);
                    if (users.getList().size() > 1) {
                        throw new CertificateMapFailedException("Multiple users with the name of " + name);
                    }
                    if (users.getList().size() == 0) {
                        throw new CertificateMapFailedException("No user " + name + " found");
                    }
                    str = users.getList().get(0);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Search for users but searchScope is not OBJECT_SCOPE: searchScope = " + name + " filter = " + ldapSearchFilter, new Object[0]);
                    }
                    NamingEnumeration<javax.naming.directory.SearchResult> search = search((LdapName) this.ldapConfig.get(LdapConfig.BASE_DN), name, ldapSearchFilter, 2);
                    if (search.hasMoreElements()) {
                        str = ((javax.naming.directory.SearchResult) search.next()).getNameInNamespace();
                        if (search.hasMoreElements()) {
                            search.close();
                            throw new CertificateMapFailedException("Multiple users with the name of " + name);
                        }
                    }
                }
                if (str == null) {
                    throw new CertificateMapFailedException("The name in the certificate: " + name + " cannot be found in the registry");
                }
                return str;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "397", this, new Object[]{x509Certificate});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught during LDAP operation while looking for: " + name, new Object[0]);
                }
                throw new CertificateMapFailedException(name.getMessage(), name);
            } catch (NamingException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "393", this, new Object[]{x509Certificate});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "NamingException caught during LDAP operation while looking for: " + name, new Object[0]);
                }
                throw new CertificateMapFailedException(name.getMessage(), name);
            }
        } catch (RegistryException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "357", this, new Object[]{x509Certificate});
            throw new CertificateMapFailedException("Failed to retrieve certificate search filer and scope", name);
        }
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidUser(String str) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is empty");
        }
        return getUsers(str, 2).getList().size() == 1;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @FFDCIgnore({NameNotFoundException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getUsers(String str, int i) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("pattern is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("pattern is empty");
        }
        if (i < 0) {
            return new SearchResult();
        }
        LdapName ldapName = (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN);
        LdapName fullDN = LDAPRegistryUtil.fullDN(str, ldapName);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LdapName baseDn = " + ldapName + " baseDn.toString() = " + ldapName.toString(), new Object[0]);
        }
        if (tc.isDebugEnabled()) {
            if (fullDN != null) {
                Tr.debug(tc, "userLdapName, using new LdapName = " + fullDN.toString(), new Object[0]);
            } else {
                Tr.debug(tc, "userLdapName, using new LdapName = null", new Object[0]);
            }
        }
        Boolean valueOf = Boolean.valueOf(LDAPRegistryUtil.fullDNLegacy(str, ldapName.toString()));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "with legacy fullDN, fDN = " + valueOf, new Object[0]);
        }
        LdapName ldapName2 = fullDN;
        try {
            ldapName2 = enumerate(ldapName2 == null ? search(ldapName, 2, ((Filter) this.ldapConfig.get(LdapConfig.USER_FILTER)).prepare(str), i) : search(fullDN, 0, this.objectUserDnFilter, i), i);
            return ldapName2;
        } catch (NameNotFoundException e) {
            return new SearchResult();
        } catch (NamingException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "479", this, new Object[]{str, Integer.valueOf(i)});
            throw new RegistryException("Naming exception during getUsers", ldapName2);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private SearchResult enumerate(NamingEnumeration<javax.naming.directory.SearchResult> namingEnumeration, int i) throws NamingException {
        if (namingEnumeration == null) {
            return new SearchResult();
        }
        ArrayList arrayList = new ArrayList(i);
        int i2 = 0;
        do {
            try {
                if (!namingEnumeration.hasMoreElements()) {
                    break;
                }
                arrayList.add(((javax.naming.directory.SearchResult) namingEnumeration.next()).getNameInNamespace());
                i2++;
            } catch (Throwable th) {
                safeClose((NamingEnumeration<?>) namingEnumeration);
                throw th;
            }
        } while (i2 != i);
        SearchResult searchResult = new SearchResult(arrayList, namingEnumeration.hasMoreElements());
        safeClose((NamingEnumeration<?>) namingEnumeration);
        return searchResult;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @FFDCIgnore({NamingException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is empty");
        }
        UserInfoManager userInfoManager = new UserInfoManager();
        UserInfo userInfo = userInfoManager.getUserInfo();
        if (userInfo != null && userInfo.getDn().equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "found userInfo on threadlocal for: " + str, new Object[0]);
            }
            return userInfo.getSecurityName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "did not find userInfo in threadlocal for: " + str, new Object[0]);
        }
        userInfoManager.clearUserInfo();
        LdapName fullDN = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
        Attributes attributes = null;
        if (fullDN == null) {
            try {
                List<javax.naming.directory.SearchResult> attributes2 = getAttributes(((Filter) this.ldapConfig.get(LdapConfig.USER_FILTER)).prepare(str), this.idMap.getAttributes(), 2);
                if (attributes2 != null && attributes2.size() > 0) {
                    if (attributes2.size() > 1) {
                        throw new RegistryException("Multiple users with the name of " + str);
                    }
                    attributes = attributes2.get(0).getAttributes();
                }
            } catch (NamingException e) {
                throw new RegistryException("Error during getUserDisplayName", e);
            }
        } else {
            try {
                attributes = getAttributes(fullDN, this.idMap.getAttributes());
            } catch (NamingException e2) {
            }
        }
        if (attributes == null) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        return this.idMap.getUserName(attributes);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueUserId(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is empty");
        }
        UserInfoManager userInfoManager = new UserInfoManager();
        UserInfo userInfo = userInfoManager.getUserInfo();
        if (userInfo != null && userInfo.getDn().equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "found userInfo on threadlocal for: " + str, new Object[0]);
            }
            return userInfo.getUniqueSecurityName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "did not find userInfo in threadlocal for: " + str, new Object[0]);
        }
        userInfoManager.clearUserInfo();
        SearchResult users = getUsers(str, 2);
        int size = users.getList().size();
        if (size > 1) {
            throw new RegistryException("Multiple users with the name of " + str);
        }
        if (size == 0) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        return users.getList().get(0);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("uniqueUserId is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("uniqueUserId is empty");
        }
        return getUniqueUserId(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isValidGroup(String str) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is empty");
        }
        return getGroups(str, 2).getList().size() == 1;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SearchResult getGroups(String str, int i) throws RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("pattern is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("pattern is empty");
        }
        if (i < 0) {
            return new SearchResult();
        }
        LdapName ldapName = (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN);
        LdapName fullDN = LDAPRegistryUtil.fullDN(str, ldapName);
        LdapName ldapName2 = fullDN;
        try {
            ldapName2 = enumerate(ldapName2 != null ? search(fullDN, 0, this.objectGroupDnFilter, 2) : search(ldapName, 2, ((Filter) this.ldapConfig.get(LdapConfig.GROUP_FILTER)).prepare(str), i), i);
            return ldapName2;
        } catch (NamingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "669", this, new Object[]{str, Integer.valueOf(i)});
            throw new RegistryException("Naming exception during search", ldapName2);
        }
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @FFDCIgnore({NamingException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupDisplayName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is empty");
        }
        if (!isValidGroup(str)) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        String str2 = null;
        try {
            str2 = this.idMap.getGroupName(getAttributes(new LdapName(str), this.idMap.getAttributes()));
        } catch (NamingException e) {
        }
        return str2;
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUniqueGroupId(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("groupSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("groupSecurityName is empty");
        }
        SearchResult groups = getGroups(str, 2);
        int size = groups.getList().size();
        if (size > 1) {
            throw new RegistryException("Multiple groups with the name of " + str);
        }
        if (size == 0) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        return groups.getList().get(0);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getGroupSecurityName(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("uniqueGroupId is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("uniqueGroupId is empty");
        }
        return getUniqueGroupId(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getUniqueGroupIdsForUser(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("uniqueUserId is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("uniqueUserId is empty");
        }
        if (!isValidUser(str)) {
            throw new EntryNotFoundException(str + " does not exist");
        }
        UserInfoManager userInfoManager = new UserInfoManager();
        UserInfo userInfo = userInfoManager.getUserInfo();
        if (userInfo != null && userInfo.getDn().equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "found userInfo on threadlocal for " + str, new Object[0]);
            }
            return userInfo.getGroupIds();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "did not find userInfo in threadlocal for: " + str, new Object[0]);
        }
        userInfoManager.clearUserInfo();
        return getGroupsForUser(str);
    }

    @Override // com.ibm.ws.security.registry.UserRegistry
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getGroupsForUser(String str) throws EntryNotFoundException, RegistryException {
        if (str == null) {
            throw new IllegalArgumentException("userSecurityName is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("userSecurityName is empty");
        }
        String fullDN = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
        if (fullDN == null) {
            String uniqueUserId = getUniqueUserId(str);
            try {
                uniqueUserId = new LdapName(uniqueUserId);
                fullDN = uniqueUserId;
            } catch (InvalidNameException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "787", this, new Object[]{uniqueUserId});
            }
        }
        IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
        if (groupMembers.length == 0) {
            return new ArrayList(0);
        }
        Set<String> hashSet = new HashSet<>();
        if (this.useMixedAttributeSearch) {
            String[] strArr = new String[groupMembers.length];
            for (int i = 0; i < groupMembers.length; i++) {
                strArr[i] = groupMembers[i].getObjectClassName();
            }
            getAllGroupMembershipsByUserObject(fullDN, hashSet, new HashSet<>(), strArr);
            String str2 = "objectclass";
            int i2 = 0;
            while (true) {
                if (i2 >= groupMembers.length) {
                    break;
                }
                if (groupMembers[i2].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    str2 = "objectCategory";
                    break;
                }
                i2++;
            }
            HashSet hashSet2 = new HashSet(3);
            hashSet2.add(fullDN);
            getAllGroupMembersByGroupObject(hashSet2, hashSet, groupMembers, str2);
        } else if (this.useGetAllGroupMembershipsByUserObject) {
            getAllGroupMembershipsByUserObject(fullDN, hashSet, new HashSet<>(), new String[]{groupMembers[0].getObjectClassName()});
        } else {
            String str3 = "objectclass";
            int i3 = 0;
            while (true) {
                if (i3 >= groupMembers.length) {
                    break;
                }
                if (groupMembers[i3].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    str3 = "objectCategory";
                    break;
                }
                i3++;
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add(fullDN);
            getAllGroupMembersByGroupObject(hashSet3, hashSet, groupMembers, str3);
        }
        return new ArrayList(hashSet);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.util.Collection, java.util.ArrayList] */
    /* JADX WARN: Type inference failed for: r0v5 */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void getAllGroupMembersByGroupObject(Set<LdapName> set, Set<String> set2, IdMap.IdEntry[] idEntryArr, String str) throws RegistryException {
        if (set.isEmpty()) {
            return;
        }
        String composeAllGroupMembersFilter = composeAllGroupMembersFilter(set, idEntryArr, str);
        ?? arrayList = new ArrayList();
        try {
            NamingEnumeration<javax.naming.directory.SearchResult> search = search((LdapName) this.ldapConfig.get(LdapConfig.BASE_DN), 2, composeAllGroupMembersFilter, noAttrs, 0);
            while (search.hasMore()) {
                arrayList.add(((javax.naming.directory.SearchResult) search.next()).getNameInNamespace());
            }
            if (arrayList.isEmpty()) {
                return;
            }
            arrayList = set2.addAll(arrayList);
        } catch (NamingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "871", this, new Object[]{set, set2, idEntryArr, str});
            NamingException namingException = arrayList;
            throw new RegistryException(namingException.getMessage(), namingException);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String composeAllGroupMembersFilter(Set<LdapName> set, IdMap.IdEntry[] idEntryArr, String str) {
        if (set == null || set.isEmpty() || idEntryArr == null || str == null) {
            return null;
        }
        boolean z = set.size() > 1 || idEntryArr.length > 1;
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append("(|");
        }
        for (LdapName ldapName : set) {
            for (int i = 0; i < idEntryArr.length; i++) {
                if (!idEntryArr[i].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    sb.append("(&(").append(str).append(WDTConstants.EQUAL_TAG).append(idEntryArr[i].getObjectClassName()).append(")(");
                    sb.append(idEntryArr[i].getAttributeName()).append(WDTConstants.EQUAL_TAG).append(ldapName).append("))");
                }
            }
        }
        if (z) {
            sb.append(")");
        }
        return sb.toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void getAllGroupMembershipsByUserObject(LdapName ldapName, Set<String> set, Set<LdapName> set2, String[] strArr) throws EntryNotFoundException {
        if (set2.contains(ldapName)) {
            return;
        }
        set2.add(ldapName);
        LdapRegistry ldapRegistry = null;
        NamingEnumeration<javax.naming.directory.SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = search(ldapName, 0, this.objectUserDnFilter, strArr, 0);
                if (namingEnumeration.hasMoreElements()) {
                    ldapRegistry = this;
                    ldapRegistry.processSearchResultsForGroupMembership((javax.naming.directory.SearchResult) namingEnumeration.next(), set, set2, strArr);
                }
                safeClose((NamingEnumeration<?>) namingEnumeration);
            } catch (NamingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "948", this, new Object[]{ldapName, set, set2, strArr});
                throw new EntryNotFoundException("", ldapRegistry);
            }
        } catch (Throwable th) {
            safeClose((NamingEnumeration<?>) namingEnumeration);
            throw th;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void processSearchResultsForGroupMembership(javax.naming.directory.SearchResult searchResult, Set<String> set, Set<LdapName> set2, String[] strArr) throws NamingException, EntryNotFoundException {
        NamingEnumeration all = searchResult.getAttributes().getAll();
        List asList = Arrays.asList(strArr);
        while (all.hasMoreElements()) {
            Attribute attribute = (Attribute) all.next();
            if (asList.contains(attribute.getID())) {
                for (int i = 0; i < attribute.size(); i++) {
                    set.add((String) attribute.get(i));
                }
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected NamingEnumeration<javax.naming.directory.SearchResult> search(LdapName ldapName, int i, String str, int i2) throws NamingException {
        return search(ldapName, i, str, noAttrs, i2);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected NamingEnumeration<javax.naming.directory.SearchResult> search(LdapName ldapName, int i, String str, String[] strArr, int i2) throws NamingException {
        if (str.indexOf(92) > 0) {
            str = LDAPRegistryUtil.escapeChar(str, '\\');
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(i);
        searchControls.setReturningAttributes(strArr);
        searchControls.setReturningObjFlag(false);
        if (i2 != 0) {
            searchControls.setCountLimit(i2);
        }
        searchControls.setTimeLimit(this.searchTimeLimit.intValue());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, AtomConstants.ATOM_REL_SEARCH, new Object[0]);
            StringBuffer stringBuffer = new StringBuffer("DN: ");
            stringBuffer.append(ldapName);
            Tr.debug(tc, stringBuffer.toString(), new Object[0]);
            StringBuffer stringBuffer2 = new StringBuffer("Search scope: ");
            stringBuffer2.append(i);
            Tr.debug(tc, stringBuffer2.toString(), new Object[0]);
            StringBuffer stringBuffer3 = new StringBuffer("Filter: ");
            stringBuffer3.append(str);
            Tr.debug(tc, stringBuffer3.toString(), new Object[0]);
            StringBuffer stringBuffer4 = new StringBuffer("Time limit: ");
            stringBuffer4.append(i2);
            Tr.debug(tc, stringBuffer4.toString(), new Object[0]);
            for (int i3 = 0; i3 < strArr.length; i3++) {
                StringBuffer stringBuffer5 = new StringBuffer("Attr[");
                stringBuffer5.append(i3);
                stringBuffer5.append("]: ");
                stringBuffer5.append(strArr[i3]);
                Tr.debug(tc, stringBuffer5.toString(), new Object[0]);
            }
        }
        return performSearch(ldapName, str, searchControls);
    }

    /* JADX WARN: Removed duplicated region for block: B:48:0x0123 A[Catch: all -> 0x0130, TRY_ENTER, TryCatch #0 {all -> 0x0130, blocks: (B:6:0x000f, B:8:0x0019, B:10:0x0024, B:13:0x003f, B:14:0x0049, B:17:0x004a, B:19:0x005d, B:21:0x0077, B:23:0x0083, B:31:0x0096, B:32:0x002d, B:55:0x00c4, B:40:0x0106, B:46:0x0112, B:48:0x0123, B:58:0x00dd), top: B:54:0x00c4, inners: #2, #3, #5 }] */
    /* JADX WARN: Removed duplicated region for block: B:49:0x011a A[SYNTHETIC] */
    @com.ibm.ws.ffdc.annotation.FFDCIgnore({javax.naming.NamingException.class, javax.naming.AuthenticationException.class})
    @com.ibm.websphere.ras.annotation.InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> performSearch(javax.naming.ldap.LdapName r11, java.lang.String r12, javax.naming.directory.SearchControls r13) throws javax.naming.NamingException {
        /*
            Method dump skipped, instructions count: 324
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.registry.ldap.internal.LdapRegistry.performSearch(javax.naming.ldap.LdapName, java.lang.String, javax.naming.directory.SearchControls):javax.naming.NamingEnumeration");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v37, types: [com.ibm.ws.security.registry.ldap.internal.LdapConfig] */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.String] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void refresh() {
        LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
        if (this.bindDN != null) {
            ldapConfig.put(LdapConfig.BIND_DN, this.bindDN);
        }
        if (this.bindPWD != null) {
            ldapConfig.put(LdapConfig.BIND_PASSWORD, this.bindPWD);
        }
        ?? r0 = this.bindHost;
        LdapRegistry ldapRegistry = r0;
        if (r0 != 0) {
            ?? r02 = ldapConfig;
            r02.setDirectoryUrl(this.bindHost);
            ldapRegistry = r02;
        }
        try {
            safeClose((Context) this.dirContextFactory.createDirContext(ldapConfig));
            if (this.bindHost != null) {
                this.ldapConfig.setDirectoryUrl(this.bindHost);
            }
            if (this.bindDN != null) {
                this.ldapConfig.put(LdapConfig.BIND_DN, this.bindDN);
            }
            if (this.bindPWD != null) {
                this.ldapConfig.put(LdapConfig.BIND_PASSWORD, this.bindPWD);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LDAP registry has been refreshed.", new Object[0]);
            }
            this.bindHost = null;
            this.bindDN = null;
            this.bindPWD = null;
            ldapRegistry = this;
            ldapRegistry.flushDirContexts();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1169", this, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LDAP registry can NOT be refreshed.", new Object[0]);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v20 */
    /* JADX WARN: Type inference failed for: r0v26, types: [com.ibm.ws.security.registry.ldap.internal.LdapRegistry] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected DirContext getDirContext() throws NamingException {
        DirContext dirContext = null;
        synchronized (this.lockObj) {
            if (this.refresh) {
                refresh();
                this.refresh = false;
            }
            DirContext dirContext2 = this.DirContextPool;
            if (dirContext2 != null) {
                while (this.DirContextPool.size() > 30) {
                    DirContext pollLast = this.DirContextPool.pollLast();
                    if (pollLast != null) {
                        safeClose((Context) pollLast);
                        this.ContextPoolSize--;
                    }
                }
                DirContext pollLast2 = this.DirContextPool.pollLast();
                dirContext2 = pollLast2;
                if (dirContext2 != null) {
                    return pollLast2;
                }
            }
            try {
                dirContext2 = connectToLDAP(null);
                dirContext = dirContext2;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1216", this, new Object[0]);
            }
            if (dirContext != null) {
                int i = 0;
                while (true) {
                    ?? r0 = i;
                    if (r0 >= 5) {
                        break;
                    }
                    try {
                        this.DirContextPool.addLast((DirContext) dirContext.lookup(""));
                        r0 = this;
                        r0.ContextPoolSize++;
                        i++;
                    } catch (Exception e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1226", this, new Object[0]);
                    }
                }
            }
            if (dirContext != null) {
                this.currentActiveLDAP = (String) dirContext.getEnvironment().get("java.naming.provider.url");
            }
            return dirContext;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [com.ibm.ws.security.registry.ldap.internal.LdapConfig] */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.lang.Throwable] */
    @FFDCIgnore({CommunicationException.class, AuthenticationException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public DirContext connectToLDAP(DirContext dirContext) throws NamingException {
        String directoryUrl = this.ldapConfig.getDirectoryUrl();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Establishing connection to LDAP using the following URLs: " + directoryUrl, new Object[0]);
        }
        StringTokenizer stringTokenizer = new StringTokenizer(directoryUrl);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Will try to connect with ldapHost = " + nextToken, new Object[0]);
            }
            LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
            Throwable th = ldapConfig;
            th.setDirectoryUrl(nextToken);
            try {
                try {
                    dirContext = this.dirContextFactory.createDirContext(ldapConfig);
                    break;
                } catch (Throwable th2) {
                    th = th2;
                    throw th;
                    break;
                }
            } catch (NamingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1286", this, new Object[]{dirContext});
                throw th;
            } catch (AuthenticationException e2) {
                Tr.error(tc, "LDAP_REGISTRY_UNABLE_TO_AUTHENTICATE", nextToken, ldapConfig.get(LdapConfig.BIND_DN));
                throw e2;
            } catch (CommunicationException e3) {
                Tr.audit(tc, "LDAP_REGISTRY_UNREACHABLE_SERVER", nextToken);
                if (!stringTokenizer.hasMoreTokens()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No more servers to try. Exhausted known all URLs.", directoryUrl);
                    }
                    throw e3;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "More LDAP URLs to try, continuing", new Object[0]);
                }
            }
        }
        return dirContext;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v13 */
    /* JADX WARN: Type inference failed for: r0v20, types: [com.ibm.ws.security.registry.ldap.internal.LdapRegistry] */
    /* JADX WARN: Type inference failed for: r0v23, types: [javax.naming.directory.DirContext] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v6 */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private DirContext generateDirContext() {
        DirContext dirContext = null;
        ?? r0 = this.lockObj;
        synchronized (r0) {
            try {
                r0 = this.dirContextFactory.createDirContext(this.ldapConfig);
                dirContext = r0;
            } catch (NamingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1307", this, new Object[0]);
            }
            if (dirContext != null) {
                int i = 0;
                while (true) {
                    ?? r02 = i;
                    if (r02 >= 5) {
                        break;
                    }
                    try {
                        this.DirContextPool.addLast((DirContext) dirContext.lookup(""));
                        r02 = this;
                        r02.ContextPoolSize++;
                    } catch (NamingException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1316", this, new Object[0]);
                    }
                    i++;
                }
                this.ContextPoolSize++;
            }
        }
        return dirContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getUniqueGroupIds(String str) throws EntryNotFoundException, RegistryException {
        return getGroupsForUser(str);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void flushDirContexts() {
        if (this.DirContextPool == null) {
            return;
        }
        while (true) {
            DirContext pollLast = this.DirContextPool.pollLast();
            if (pollLast == null) {
                this.ContextPoolSize = 0;
                return;
            }
            safeClose((Context) pollLast);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected Attributes getAttributes(LdapName ldapName, String[] strArr) throws NamingException {
        NamingEnumeration<javax.naming.directory.SearchResult> search = search(ldapName, 0, this.objectFilter, strArr, 0);
        Attributes attributes = null;
        try {
            if (search.hasMoreElements()) {
                attributes = ((javax.naming.directory.SearchResult) search.nextElement()).getAttributes();
            }
            return attributes;
        } finally {
            safeClose((NamingEnumeration<?>) search);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected List<javax.naming.directory.SearchResult> getAttributes(String str, String[] strArr, int i) throws NamingException {
        NamingEnumeration<javax.naming.directory.SearchResult> search = search((LdapName) this.ldapConfig.get(LdapConfig.BASE_DN), 2, str, strArr, i);
        ArrayList arrayList = null;
        try {
            if (!search.hasMoreElements()) {
                arrayList = new ArrayList(i);
                while (search.hasMoreElements()) {
                    arrayList.add(search.nextElement());
                }
            }
            return arrayList;
        } finally {
            safeClose((NamingEnumeration<?>) search);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void disconnect() {
        flushDirContexts();
    }

    @FFDCIgnore({NamingException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void safeClose(NamingEnumeration<?> namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
            }
        }
    }

    @FFDCIgnore({NamingException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void safeClose(Context context) {
        if (context != null) {
            try {
                context.close();
            } catch (NamingException e) {
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    NamingEnumeration<javax.naming.directory.SearchResult> searchSubtreeThenObject(String str, String[] strArr, LdapName ldapName) throws NamingException {
        NamingEnumeration<javax.naming.directory.SearchResult> namingEnumeration = null;
        NamingEnumeration<javax.naming.directory.SearchResult> namingEnumeration2 = null;
        try {
            namingEnumeration = search(ldapName, 2, ((Filter) this.ldapConfig.get(LdapConfig.USER_FILTER)).prepare(str), strArr, 0);
            namingEnumeration2 = namingEnumeration;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1434", this, new Object[]{str, strArr, ldapName});
            NamingEnumeration<javax.naming.directory.SearchResult> namingEnumeration3 = namingEnumeration;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "an excaption is caught in subtree search :" + namingEnumeration3, new Object[0]);
            }
        }
        LdapName fullDN = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
        if (namingEnumeration2 == null || !namingEnumeration2.hasMoreElements()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "no result from subtree search, fall back to fullDN search.", new Object[0]);
            }
            namingEnumeration2 = search(fullDN, 0, this.objectUserDnFilter, strArr, 0);
        }
        return namingEnumeration2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v158, types: [int] */
    /* JADX WARN: Type inference failed for: r0v159 */
    /* JADX WARN: Type inference failed for: r0v163, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v176, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v183, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v184 */
    /* JADX WARN: Type inference failed for: r0v190, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v214, types: [javax.naming.ldap.LdapName] */
    /* JADX WARN: Type inference failed for: r0v215 */
    /* JADX WARN: Type inference failed for: r0v256, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v257 */
    /* JADX WARN: Type inference failed for: r0v259, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r0v282, types: [int] */
    /* JADX WARN: Type inference failed for: r0v283 */
    /* JADX WARN: Type inference failed for: r0v287, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v307, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v308 */
    /* JADX WARN: Type inference failed for: r0v314, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v320 */
    /* JADX WARN: Type inference failed for: r0v321 */
    /* JADX WARN: Type inference failed for: r0v52, types: [javax.naming.ldap.LdapName, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v53 */
    /* JADX WARN: Type inference failed for: r0v6, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v7 */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r0v9 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Object, com.ibm.ws.security.registry.ldap.internal.LdapRegistry] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public UserInfo createCredentialInfo(String str) throws CustomRegistryException, EntryNotFoundException, NotImplementedException, RemoteException {
        ?? r0;
        List<String> list;
        NamingEnumeration<javax.naming.directory.SearchResult> search;
        NamingEnumeration<javax.naming.directory.SearchResult> search2;
        ?? hasMoreElements;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "createCredential", str);
        }
        List list2 = null;
        String str2 = null;
        String str3 = null;
        ?? r02 = this.useMixedAttributeSearch;
        if (r02 == 1) {
            try {
                r02 = LDAPRegistryUtil.removeDNSpace(getUniqueUserId(str), 0);
                str2 = r02;
                r0 = r02;
            } catch (RegistryException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1464", this, new Object[]{str});
                r0 = r02;
            }
            try {
                r0 = getUserDisplayName(str2);
                str3 = r0;
                list = r0;
            } catch (RegistryException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1470", this, new Object[]{str});
                list = r0;
            }
            try {
                list = getUniqueGroupIds(str2);
                list2 = list;
            } catch (RegistryException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1476", this, new Object[]{str});
            }
        } else if (this.useGetAllGroupMembershipsByUserObject) {
            IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
            String[] strArr = new String[groupMembers.length];
            for (int i = 0; i < groupMembers.length; i++) {
                strArr[i] = groupMembers[i].getObjectClassName();
            }
            String[] strArr2 = new String[2];
            strArr2[0] = this.idMap.getAttributes()[1];
            String fullDN = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
            if (groupMembers.length > 0) {
                strArr2[1] = groupMembers[0].getObjectClassName();
                if (RACF_GROUP_ATTRIBUTE.equalsIgnoreCase(strArr2[1]) && (r0 = fullDN) != null) {
                    try {
                        String str4 = getUniqueUserId(str);
                        str = str4;
                    } catch (RegistryException e4) {
                        FFDCFilter.processException(e4, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1579", this, new Object[]{str});
                    }
                }
            }
            Vector vector = new Vector(5);
            ?? r03 = (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN);
            try {
                if (LDAPRegistryUtil.fullDNwOneEqual(str)) {
                    str = LDAPRegistryUtil.escapeChar(str, '*');
                    search = searchSubtreeThenObject(str, strArr2, r03);
                } else if (fullDN != null) {
                    search = search(fullDN, 0, this.objectUserDnFilter, strArr2, 0);
                } else {
                    str = LDAPRegistryUtil.escapeChar(str, '*');
                    search = search(r03, 2, ((Filter) this.ldapConfig.get(LdapConfig.USER_FILTER)).prepare(str), strArr2, 0);
                }
                if (!search.hasMoreElements()) {
                    throw new EntryNotFoundException("Cannot find the user: " + str);
                }
                Object next = search.next();
                NameClassPair nameClassPair = (NameClassPair) next;
                String name = nameClassPair.getName();
                if (name != null && name.trim().length() > 1 && (r03 = nameClassPair.isRelative()) != 0) {
                    try {
                        r03 = new CompositeName(name).get(0);
                        name = r03;
                    } catch (Exception e5) {
                        FFDCFilter.processException(e5, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1611", this, new Object[]{str});
                    }
                    if (name.charAt(0) == '\"') {
                        name = name.substring(1, name.length() - 1);
                    }
                }
                if (name != null && name.length() > 0 && nameClassPair.isRelative()) {
                    str = name;
                    if (r03 != 0 && r03.toString().trim().length() > 1) {
                        str = name + "," + r03;
                    }
                }
                if (!nameClassPair.isRelative() && name != null && name.length() > 0) {
                    int indexOf = name.indexOf(47, 9);
                    if (indexOf <= -1 || (r03 = name.length()) <= indexOf + 1) {
                        str = "";
                    } else {
                        try {
                            r03 = URLDecoder.decode(name, "UTF8");
                            name = r03;
                        } catch (Exception e6) {
                            FFDCFilter.processException(e6, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1630", this, new Object[]{str});
                        }
                        str = name.substring(indexOf + 1);
                    }
                }
                str2 = LDAPRegistryUtil.removeDNSpace(str, 0);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "uniqueUserId = " + str2, new Object[0]);
                }
                NamingEnumeration all = ((javax.naming.directory.SearchResult) next).getAttributes().getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    String id = attribute.getID();
                    if (id.equalsIgnoreCase(strArr2[0])) {
                        str3 = (String) attribute.get(0);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "displayName = " + str3, new Object[0]);
                        }
                    } else if (id.equalsIgnoreCase(strArr2[1])) {
                        for (int i2 = 0; i2 < attribute.size(); i2++) {
                            vector.addElement(LDAPRegistryUtil.unescapeChars(LDAPRegistryUtil.removeDNSpace((String) attribute.get(i2), 0)));
                        }
                    }
                }
                if (vector.size() > 0) {
                    String[] strArr3 = new String[vector.size()];
                    vector.copyInto(strArr3);
                    list2 = new ArrayList(strArr3.length);
                    HashSet hashSet = new HashSet();
                    if (((Boolean) this.ldapConfig.get(LdapConfig.RECURSIVE_SEARCH)).booleanValue()) {
                        getAllGroupMembershipsByUserObject(new LdapName(str2), hashSet, new HashSet(), strArr);
                        list2.addAll(hashSet);
                    } else {
                        for (String str5 : strArr3) {
                            list2.add(str5);
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "grops length = " + list2.size(), new Object[0]);
                        for (int i3 = 0; i3 < list2.size(); i3++) {
                            Tr.debug(tc, "groups name = " + ((String) list2.get(i3)), new Object[0]);
                        }
                    }
                }
                if (search.hasMoreElements()) {
                    search.close();
                }
            } catch (NamingException e7) {
                FFDCFilter.processException(e7, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1689", this, new Object[]{str});
                NamingException namingException = r03;
                throw new EntryNotFoundException(namingException.toString(), namingException);
            }
        } else {
            String[] strArr4 = {this.idMap.getAttributes()[1]};
            LdapName ldapName = (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN);
            ?? fullDN2 = LDAPRegistryUtil.fullDN(str, (LdapName) this.ldapConfig.get(LdapConfig.BASE_DN));
            try {
                if (LDAPRegistryUtil.fullDNwOneEqual(str)) {
                    str = LDAPRegistryUtil.escapeChar(str, '*');
                    search2 = searchSubtreeThenObject(str, strArr4, ldapName);
                } else if (fullDN2 != 0) {
                    search2 = search(fullDN2, 0, this.objectUserDnFilter, strArr4, 0);
                } else {
                    str = LDAPRegistryUtil.escapeChar(str, '*');
                    search2 = search(ldapName, 2, ((Filter) this.ldapConfig.get(LdapConfig.USER_FILTER)).prepare(str), strArr4, 0);
                }
                if (!search2.hasMoreElements()) {
                    throw new EntryNotFoundException("Cannot find the user: " + str);
                }
                Object next2 = search2.next();
                NameClassPair nameClassPair2 = (NameClassPair) next2;
                String name2 = nameClassPair2.getName();
                if (name2 != null && name2.trim().length() > 1 && (fullDN2 = nameClassPair2.isRelative()) != 0) {
                    try {
                        fullDN2 = new CompositeName(name2).get(0);
                        name2 = fullDN2;
                    } catch (Exception e8) {
                        FFDCFilter.processException(e8, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1508", this, new Object[]{str});
                    }
                    if (name2.charAt(0) == '\"') {
                        name2 = name2.substring(1, name2.length() - 1);
                    }
                }
                if (name2 != null && name2.length() > 0 && nameClassPair2.isRelative()) {
                    str = name2;
                    if (ldapName != null && ldapName.toString().trim().length() > 1) {
                        str = name2 + "," + ldapName;
                    }
                }
                if (!nameClassPair2.isRelative() && name2 != null && name2.length() > 0) {
                    int indexOf2 = name2.indexOf(47, 9);
                    if (indexOf2 <= -1 || (fullDN2 = name2.length()) <= indexOf2 + 1) {
                        str = "";
                    } else {
                        try {
                            fullDN2 = URLDecoder.decode(name2, "UTF8");
                            name2 = fullDN2;
                        } catch (Exception e9) {
                            FFDCFilter.processException(e9, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1527", this, new Object[]{str});
                        }
                        str = name2.substring(indexOf2 + 1);
                    }
                }
                str2 = LDAPRegistryUtil.removeDNSpace(str, 0);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "uniqueUserId = " + str2, new Object[0]);
                }
                NamingEnumeration all2 = ((javax.naming.directory.SearchResult) next2).getAttributes().getAll();
                while (true) {
                    hasMoreElements = all2.hasMoreElements();
                    if (hasMoreElements == 0) {
                        break;
                    }
                    Attribute attribute2 = (Attribute) all2.next();
                    if (attribute2.getID().equalsIgnoreCase(strArr4[0])) {
                        str3 = (String) attribute2.get(0);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "displayName = " + str3, new Object[0]);
                        }
                    }
                }
                try {
                    hasMoreElements = getUniqueGroupIds(str2);
                    list2 = hasMoreElements;
                } catch (RegistryException e10) {
                    FFDCFilter.processException(e10, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1559", this, new Object[]{str});
                }
            } catch (NamingException e11) {
                FFDCFilter.processException(e11, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1553", this, new Object[]{str});
                NamingException namingException2 = fullDN2;
                throw new EntryNotFoundException(namingException2.toString(), namingException2);
            }
        }
        if (str3 == null || str3.trim().length() <= 0) {
            str3 = str2;
        }
        return createUserInfoObject(str, list2, str2, str3);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, java.lang.Exception] */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected UserInfo createUserInfoObject(String str, List<String> list, String str2, String str3) throws EntryNotFoundException {
        TraceComponent traceComponent = null;
        try {
            String appendRealm = LDAPRegistryUtil.appendRealm("user", str2, this.realm);
            String str4 = null;
            if (list != null && list.size() > 0) {
                str4 = list.get(0);
            }
            String str5 = str4;
            UserInfo userInfo = new UserInfo(str, this.realm, str3, str2, str5 != null ? str5 : "", appendRealm, (ArrayList) list);
            if (tc.isDebugEnabled()) {
                traceComponent = tc;
                Tr.debug(traceComponent, "ldap cached info = " + userInfo.toString(), new Object[0]);
            }
            return userInfo;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.internal.LdapRegistry", "1734", this, new Object[]{str, list, str2, str3});
            ?? r16 = traceComponent;
            throw new EntryNotFoundException(r16.getMessage(), r16);
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, Constants.STATIC_INITIALIZER_NAME, new Object[0]);
        }
        noAttrs = new String[]{CompilerOptions.VERSION_1_1};
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, Constants.STATIC_INITIALIZER_NAME);
        }
    }
}
