package com.ibm.ws.security.registry.ldap;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.security.CertificateMapFailedException;
import com.ibm.websphere.security.CertificateMapNotSupportedException;
import com.ibm.websphere.security.CustomRegistryException;
import com.ibm.websphere.security.EntryNotFoundException;
import com.ibm.websphere.security.NotImplementedException;
import com.ibm.websphere.security.PasswordCheckFailedException;
import com.ibm.websphere.security.Result;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.auth.AuthenticationFailedException;
import com.ibm.websphere.security.auth.AuthenticationNotSupportedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfigManagerImpl;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.registry.RegistryErrorException;
import com.ibm.ws.security.registry.RegistryUtil;
import com.ibm.ws.security.registry.ldap.IdMap;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.net.URLDecoder;
import java.rmi.RemoteException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.ListIterator;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/registry/ldap/LdapRegistryImpl.class */
public class LdapRegistryImpl implements UserRegistry {
    private static final int RETRIES = 3;
    public static final String USER_FILTER = "user.filter";
    public static final String GROUP_FILTER = "group.filter";
    public static final String CERTIFICATE_MAP_MODE = "certificate.map.mode";
    public static final String CERTIFICATE_MAP_FILTER = "certificate.map.filter";
    public static final String OBJECT_FILTER = "(objectclass=*)";
    private static final String RACF_GROUP_ATTRIBUTE = "racfconnectgroupname";
    private static final String iPlanet_OBJECT_FILTER = "(|(objectclass=*)(objectclass=ldapsubentry))";
    private static final String MS_OBJECT_FILTER = "(objectCategory=*)";
    public static final String NONE = "";
    public static final String USERTYPE = "user";
    public static final String GROUPTYPE = "group";
    public static final String ROLETYPE = "role";
    protected static final String realmSeparator = "/";
    public static final String typeSeparator = ":";
    private LdapConfig ldapConfig;
    private IdMap idMap;
    private CertificateMapper certMap;
    private static TraceComponent tc = Tr.register(LdapRegistryImpl.class, (String) null, "com.ibm.ejs.resources.security");
    private static final String[] noAttrs = {"1.1"};
    private static final String[] dnAttrib = {"dn"};
    private static final String[] GROUP_ATTRIBUTES = {"nsroledn", "nsrole", "ibm-allGroups", "memberof"};
    private static boolean useMixedSearch = false;
    private static Thread LdapMonitorThread = null;
    protected static final String nullString = RegistryUtil.nullString;
    protected static final String[] nullStringArray = RegistryUtil.nullStringArray;
    protected static final byte[] nullByteArray = RegistryUtil.nullByteArray;
    private static TraceComponent innerTc = Tr.register(LdapMonitor.class.getName(), (String) null, "com.ibm.ejs.resources.security");
    private boolean URLContextImpl = false;
    private String LdapURL = null;
    private int searchTimeLimit = 120000;
    private final String[] krbAttr = {"krbprincipalname"};
    private String objectFilter = OBJECT_FILTER;
    private String objectGroupDnFilter = OBJECT_FILTER;
    private String objectUserDnFilter = OBJECT_FILTER;
    private boolean ignoreCaseMatch = false;
    private boolean useAttributeGroupMethod = false;
    private boolean registryExist = false;
    private Vector DirContextPool = new Vector();
    private int ContextPoolSize = 0;
    private boolean recursiveSearch = false;
    private int busyCount = 0;
    private Object lockObj1 = new Object();
    private Object lockObj2 = new Object();
    private Vector table1 = new Vector();
    private Vector table2 = new Vector();
    private Vector table3 = new Vector();
    private String realm = null;
    private boolean refresh = false;
    private String bindDN = null;
    private String bindPWD = null;
    private String bindHost = null;
    private String currentActiveLDAP = null;
    private int maxContextPerConnection = 5;
    private int maxIdleContext = 30;

    /* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/registry/ldap/LdapRegistryImpl$LdapMonitor.class */
    private final class LdapMonitor extends Thread {
        private LdapMonitor() {
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            if (LdapRegistryImpl.tc.isEntryEnabled()) {
                Tr.entry(LdapRegistryImpl.innerTc, "run");
            }
            while (true) {
                try {
                    try {
                        Thread unused = LdapRegistryImpl.LdapMonitorThread;
                        Thread.sleep(LdapRegistryImpl.this.searchTimeLimit / 2);
                    } catch (Exception e) {
                        if (LdapRegistryImpl.tc.isEntryEnabled()) {
                            Tr.exit(LdapRegistryImpl.innerTc, "run");
                        }
                        if (LdapRegistryImpl.tc.isEntryEnabled()) {
                            Tr.exit(LdapRegistryImpl.innerTc, "run");
                            return;
                        }
                        return;
                    }
                } catch (InterruptedException e2) {
                }
                LdapRegistryImpl.this.interruptJNDI();
            }
        }
    }

    protected DirContext getRootDSE() throws NamingException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRootDSE");
        }
        while (this.DirContextPool != null && this.DirContextPool.size() > 30) {
            try {
                DirContext dirContext = (DirContext) this.DirContextPool.lastElement();
                this.DirContextPool.removeElement(dirContext);
                dirContext.close();
                this.ContextPoolSize--;
            } catch (Exception e) {
            }
        }
        try {
            DirContext dirContext2 = (DirContext) this.DirContextPool.lastElement();
            this.DirContextPool.removeElement(dirContext2);
            Tr.exit(tc, "getRootDSE");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRootDSE");
            }
            return dirContext2;
        } catch (Exception e2) {
            DirContext rootDSE = this.ldapConfig.getRootDSE();
            if (this.ContextPoolSize == 0) {
                for (int i = 0; i < 10; i++) {
                    this.DirContextPool.addElement((DirContext) rootDSE.lookup(""));
                    this.ContextPoolSize++;
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "DirContext pool initialized.");
                }
            }
            DirContext dirContext3 = (DirContext) rootDSE.lookup("");
            this.ContextPoolSize++;
            if (tc.isDebugEnabled() && this.ContextPoolSize > 30) {
                Tr.debug(tc, "DirContext pool size = " + this.ContextPoolSize);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getRootDSE");
            }
            return dirContext3;
        }
    }

    protected void disconnect() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "disconnect");
        }
        while (!this.DirContextPool.isEmpty()) {
            try {
                DirContext dirContext = (DirContext) this.DirContextPool.lastElement();
                this.DirContextPool.removeElement(dirContext);
                dirContext.close();
            } catch (Exception e) {
            }
        }
        this.ContextPoolSize = 0;
        this.ldapConfig.disconnect();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "disconnect");
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String checkPassword(String str, String str2) throws PasswordCheckFailedException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkPassword", str);
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authenticating", str);
            }
            if (str.length() == 0 || str2.length() == 0) {
                PasswordCheckFailedException passwordCheckFailedException = new PasswordCheckFailedException("The userId and/or password is empty");
                Tr.error(tc, "security.authn.failed.foruser", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkPassword", passwordCheckFailedException);
                }
                throw passwordCheckFailedException;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Searching for users");
            }
            if (!fullDN(str, this.ldapConfig.getBaseDn())) {
                str = escapeChar(str, '*');
            }
            Result users = getUsers(str, 2);
            int size = users.getList().size();
            if (size > 1) {
                String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("security.authn.failed.multiusers", new Object[]{str}, "Multiple users with the name of " + str);
                PasswordCheckFailedException passwordCheckFailedException2 = new PasswordCheckFailedException(formattedMessage);
                Tr.error(tc, formattedMessage);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkPassword", passwordCheckFailedException2);
                }
                throw passwordCheckFailedException2;
            }
            if (size == 0) {
                String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("security.authn.failed.nouser", new Object[]{str}, "No user " + str + " found");
                PasswordCheckFailedException passwordCheckFailedException3 = new PasswordCheckFailedException(formattedMessage2);
                Tr.error(tc, formattedMessage2);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkPassword", passwordCheckFailedException3);
                }
                throw passwordCheckFailedException3;
            }
            String str3 = (String) users.getList().get(0);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found user", str3);
            }
            String authenticate = authenticate(str3, str2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authenticated with", str3);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkPassword", authenticate);
            }
            return authenticate;
        } catch (Exception e) {
            if (!(e instanceof AuthenticationNotSupportedException) && !(e instanceof AuthenticationFailedException) && !(e instanceof RegistryErrorException)) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword", "356", this);
                Tr.error(tc, "security.authn.error", new Object[]{str, e.toString()});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkPassword", e);
            }
            if (e.getCause() != null) {
                throw new CustomRegistryException(e.getCause().toString(), e);
            }
            throw new CustomRegistryException(e.getMessage(), e);
        }
    }

    protected String authenticate(String str, String str2) throws AuthenticationFailedException, AuthenticationNotSupportedException, RegistryErrorException, CustomRegistryException {
        LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
        ldapConfig.setAuthenticationPrincipal(str);
        ldapConfig.setAuthenticationCredentials(str2);
        String directoryUrl = this.ldapConfig.getDirectoryUrl();
        boolean isRetryBind = this.ldapConfig.isRetryBind();
        if (isRetryBind && str.equalsIgnoreCase(this.ldapConfig.getAuthenticationPrincipal())) {
            StringTokenizer stringTokenizer = new StringTokenizer(directoryUrl);
            if (stringTokenizer.countTokens() > 1) {
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    ldapConfig.setDirectoryUrl(nextToken);
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "(Bind ID) Bind to " + nextToken);
                        }
                        long currentTimeMillis = System.currentTimeMillis();
                        enterJNDI();
                        InitialDirContext initialDirContext = new InitialDirContext(ldapConfig);
                        exitJNDI();
                        initialDirContext.close();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer("Same DN - Time elapsed to open/close DirContext: ").append(System.currentTimeMillis() - currentTimeMillis).toString());
                        }
                        return str;
                    } catch (NamingException e) {
                    } finally {
                    }
                }
            }
        }
        if (!isRetryBind) {
            String str3 = null;
            if (this.currentActiveLDAP != null) {
                str3 = this.currentActiveLDAP;
            } else if (directoryUrl != null) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(directoryUrl);
                if (stringTokenizer2.hasMoreTokens()) {
                    str3 = stringTokenizer2.nextToken();
                }
            }
            if (str3 != null) {
                ldapConfig.setDirectoryUrl(str3);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "isRetry:false Bind to " + ldapConfig.getDirectoryUrl());
            }
        } else if (directoryUrl != null && this.currentActiveLDAP != null && !directoryUrl.startsWith(this.currentActiveLDAP)) {
            ldapConfig.setDirectoryUrl(this.currentActiveLDAP + RASFormatter.DEFAULT_SEPARATOR + directoryUrl);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Bind to " + ldapConfig.getDirectoryUrl());
            }
        }
        try {
            try {
                try {
                    try {
                        long currentTimeMillis2 = System.currentTimeMillis();
                        enterJNDI();
                        InitialDirContext initialDirContext2 = new InitialDirContext(ldapConfig);
                        exitJNDI();
                        initialDirContext2.close();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer("Time elapsed to open/close DirContext: ").append(System.currentTimeMillis() - currentTimeMillis2).toString());
                        }
                        return str;
                    } catch (NamingException e2) {
                        exitJNDI();
                        FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.authenticate", "469", (Object) this);
                        Tr.error(tc, "security.authn.error", new Object[]{str, e2.toString()});
                        logNamingException(e2, str);
                        if (e2 instanceof CommunicationException) {
                            Tr.audit(tc, "security.registry.ldap.connect.audit", new Object[]{this.ldapConfig.getDirectoryUrl()});
                        }
                        throw new RegistryErrorException(e2.getMessage(), e2);
                    }
                } catch (AuthenticationException e3) {
                    exitJNDI();
                    FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.authenticate", "463", (Object) this);
                    throw new AuthenticationFailedException(e3.getMessage(), e3);
                }
            } catch (javax.naming.AuthenticationNotSupportedException e4) {
                exitJNDI();
                FFDCFilter.processException((Throwable) e4, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.authenticate", "457", (Object) this);
                Tr.error(tc, "security.authn.error", new Object[]{str, e4.toString()});
                throw new AuthenticationNotSupportedException(e4.getMessage(), e4);
            }
        } finally {
        }
    }

    private static String normalizeDN(String str) {
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(length);
        boolean z = true;
        boolean z2 = true;
        char c = ' ';
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (!z) {
                if ((charAt == ',' || charAt == ';') && c != '\\') {
                    z = true;
                    z2 = true;
                }
                stringBuffer.append(charAt);
            } else if (charAt != ' ') {
                if (z2) {
                    stringBuffer.append(Character.toLowerCase(charAt));
                } else {
                    stringBuffer.append(charAt);
                    z = false;
                }
                if (charAt == '=') {
                    z2 = false;
                }
            }
            c = charAt;
        }
        return stringBuffer.toString();
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String mapCertificate(X509Certificate[] x509CertificateArr) throws CertificateMapNotSupportedException, CertificateMapFailedException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapCertificate");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        String str = null;
        try {
            String ldapSearchFilter = this.certMap.getLdapSearchFilter(x509Certificate);
            int ldapSearchScope = this.certMap.getLdapSearchScope();
            try {
                if (ldapSearchScope == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Searching for users");
                    }
                    Result users = getUsers(ldapSearchFilter, 2);
                    int size = users.getList().size();
                    if (size > 1) {
                        CertificateMapFailedException certificateMapFailedException = new CertificateMapFailedException("Multiple users with the name of " + ((String) null));
                        Tr.error(tc, "security.authn.failed.multiusers", new Object[]{null});
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "mapCertificate", certificateMapFailedException);
                        }
                        throw certificateMapFailedException;
                    }
                    if (size == 0) {
                        CertificateMapFailedException certificateMapFailedException2 = new CertificateMapFailedException("No user " + ((String) null) + " found");
                        Tr.error(tc, "security.authn.failed.nouser", new Object[]{null});
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "mapCertificate", certificateMapFailedException2);
                        }
                        throw certificateMapFailedException2;
                    }
                    str = (String) users.getList().get(0);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "certificate dn =", ldapSearchFilter);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "normalized  dn =", str);
                    }
                } else {
                    EntryEnumeration search = search(ldapSearchScope, ldapSearchFilter, 2);
                    if (search.hasMoreElements()) {
                        str = (String) search.nextElement();
                        if (search.hasMoreElements()) {
                            search.close();
                            Tr.error(tc, "security.authn.failed.multiusers", new Object[]{x509Certificate.getSubjectDN().getName()});
                            throw new CertificateMapFailedException("Multiple users with the name of " + x509Certificate.getSubjectDN().getName());
                        }
                    }
                }
                if (str == null) {
                    Tr.error(tc, "security.registry.ldap.mapcredentialNotFound", new Object[]{x509Certificate.getSubjectDN().getName(), ldapSearchFilter});
                    throw new CertificateMapFailedException("The name in the certificate: " + x509Certificate.getSubjectDN().getName() + " cannot be found in the registry");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "mapCertificate");
                }
                return str;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.mapCertificate", "617", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught during LDAP operation while looking for: " + x509Certificate.getSubjectDN().getName());
                }
                throw new CertificateMapFailedException(e.getMessage(), e);
            } catch (NamingException e2) {
                FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.mapCertificate", "609", (Object) this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "NamingException caught during LDAP operation while looking for: " + x509Certificate.getSubjectDN().getName());
                }
                Tr.error(tc, "security.registry.ldap.mapcredentialNamingEx", new Object[]{x509Certificate.getSubjectDN().getName(), ldapSearchFilter});
                logNamingException(e2);
                throw new CertificateMapFailedException(e2.getMessage(), e2);
            }
        } catch (CertificateMapperException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.mapCertificate", "552", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CertificatMapperException caught during LDAP operation while looking for: " + x509Certificate.getSubjectDN().getName());
            }
            Tr.error(tc, "security.registry.ldap.mapcredentialBadFilter", new Object[]{x509Certificate.getSubjectDN().getName()});
            throw new CertificateMapFailedException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupDisplayName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupDisplayName", str);
        }
        String str2 = null;
        try {
            Attributes attributes = getAttributes(str, this.idMap.getAttributes());
            str2 = this.idMap.getGroupName(attributes);
            if (tc.isDebugEnabled()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Security name =", str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Attributes =", attributes);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Name =", attributes);
                }
            }
        } catch (NamingException e) {
            logNamingException(e);
        }
        if (str2 == null) {
            str2 = "";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupDisplayName", str2);
        }
        return str2;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueGroupId(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupId", str);
        }
        try {
            Result groups = getGroups(str, 2);
            int size = groups.getList().size();
            if (size > 1) {
                CustomRegistryException customRegistryException = new CustomRegistryException("Multiple groups with the name of " + str);
                Tr.error(tc, "security.authn.failed.multiusers", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueGroupId", customRegistryException);
                }
                throw customRegistryException;
            }
            if (size == 0) {
                EntryNotFoundException entryNotFoundException = new EntryNotFoundException("No group " + str + " found");
                Tr.error(tc, "security.registry.uniquegrpid.notfound", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueGroupId", entryNotFoundException);
                }
                throw entryNotFoundException;
            }
            String str2 = (String) groups.getList().get(0);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found group", str2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueGroupId", str2);
            }
            return str2;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUniqueGroupId", "716", this);
            if (e instanceof CustomRegistryException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueGroupId");
                }
                throw new CustomRegistryException(e.getMessage(), e);
            }
            if (e instanceof EntryNotFoundException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueGroupId");
                }
                throw new EntryNotFoundException(e.getMessage(), e);
            }
            Tr.error(tc, "security.registry.uniquegrpid.error", new Object[]{null});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueGroupId");
            }
            throw new CustomRegistryException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List getUniqueGroupIds(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueGroupIds", str);
        }
        List groupsForUser = getGroupsForUser(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueGroupIds");
        }
        return groupsForUser;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getGroups(String str, int i) throws CustomRegistryException {
        EntryEnumeration search;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroups", new StringBuffer(str).append(":").append(i).toString());
        }
        Result result = new Result();
        if (i < 0) {
            result.setList(new ArrayList(0));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No groups searched as the limit is a negative number.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroups", new StringBuffer(str).append(":").append(i).toString());
            }
            return result;
        }
        int i2 = 0;
        if (i != 0 && i < Integer.MAX_VALUE) {
            i++;
        }
        try {
            if (fullDN(str, this.ldapConfig.getGroupBaseDn())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "pattern is full DN");
                }
                search = search(str, 0, this.objectGroupDnFilter, i);
            } else {
                search = search(this.ldapConfig.getGroupBaseDn(), 2, this.ldapConfig.getFilter("group.filter").prepare(str), i);
            }
            if (search == null) {
                result.setList(new ArrayList(0));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No groups found");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getGroups", new StringBuffer(str).append(":").append(i).toString());
                }
                return result;
            }
            ArrayList arrayList = new ArrayList();
            if (i != 0) {
                arrayList = new ArrayList(i);
            }
            while (search.hasMoreElements()) {
                arrayList.add(search.nextElement());
                if (i != 0) {
                    i2++;
                    if (i2 == i) {
                        break;
                    }
                }
            }
            result.setList(arrayList);
            try {
                if (search.hasMoreElements()) {
                    result.setHasMore();
                    search.close();
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "no more groups");
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Number of groups returned = " + arrayList.size());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroups", new StringBuffer(str).append(":").append(i).toString());
            }
            return result;
        } catch (NamingException e2) {
            FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getGroups", "826", (Object) this);
            logNamingException(e2);
            Tr.error(tc, "security.registry.getgroups.error", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroups", e2);
            }
            throw new CustomRegistryException(e2.getMessage(), e2);
        }
    }

    private void getAllGroupMembersByGroupObject(ArrayList arrayList, ArrayList arrayList2, ArrayList arrayList3, IdMap.IdEntry[] idEntryArr, String str) throws CustomRegistryException {
        if (arrayList.isEmpty()) {
            return;
        }
        boolean z = true;
        int size = arrayList.size();
        for (int i = 0; i < size; i++) {
            String str2 = (String) arrayList.get(i);
            if (!arrayList3.contains(str2)) {
                z = false;
                arrayList3.add(str2);
            }
        }
        if (z) {
            return;
        }
        String composeAllGroupMembersFilter = composeAllGroupMembersFilter(arrayList, idEntryArr, str);
        ArrayList arrayList4 = new ArrayList();
        try {
            this.ldapConfig.getBaseDn();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using group base dn for the search: " + this.ldapConfig.getGroupBaseDn());
            }
            EntryEnumeration entryEnumeration = new EntryEnumeration(this.ldapConfig.getGroupBaseDn(), search(this.ldapConfig.getGroupBaseDn(), 2, composeAllGroupMembersFilter, noAttrs, 0));
            while (entryEnumeration.hasMoreElements()) {
                arrayList4.add((String) entryEnumeration.nextElement());
            }
            if (arrayList4.isEmpty()) {
                return;
            }
            int size2 = arrayList4.size();
            for (int i2 = 0; i2 < size2; i2++) {
                arrayList2.add((String) arrayList4.get(i2));
            }
            if (this.recursiveSearch) {
                getAllGroupMembersByGroupObject(arrayList4, arrayList2, arrayList3, idEntryArr, str);
            }
        } catch (NamingException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getGroupsForUser", "883", (Object) this);
            Tr.error(tc, "security.registry.getgrpsforuser.error", new Object[]{arrayList3.get(0)});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupsForUser", e);
            }
            throw new CustomRegistryException(e.getMessage(), e);
        }
    }

    protected String composeAllGroupMembersFilter(ArrayList arrayList, IdMap.IdEntry[] idEntryArr, String str) {
        if (arrayList == null || arrayList.isEmpty() || idEntryArr == null || str == null) {
            return null;
        }
        int size = arrayList.size();
        boolean z = size > 1 || idEntryArr.length > 1;
        StringBuffer stringBuffer = new StringBuffer();
        if (z) {
            stringBuffer.append("(|");
        }
        for (int i = 0; i < size; i++) {
            String str2 = (String) arrayList.get(i);
            for (int i2 = 0; i2 < idEntryArr.length; i2++) {
                if (!idEntryArr[i2].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    stringBuffer.append("(&(").append(str).append("=").append(idEntryArr[i2].getObjectClassName()).append(")(");
                    stringBuffer.append(idEntryArr[i2].getAttributeName()).append("=").append(str2).append("))");
                }
            }
        }
        if (z) {
            stringBuffer.append(")");
        }
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "filter =", stringBuffer2);
        }
        return stringBuffer2;
    }

    private void getAllGroupMembershipsByUserObject(String str, ArrayList arrayList, ArrayList arrayList2, String[] strArr) throws EntryNotFoundException {
        if (arrayList2.contains(str)) {
            return;
        }
        arrayList2.add(str);
        HashSet<String> hashSet = new HashSet();
        try {
            NamingEnumeration search = fullDN(str, this.ldapConfig.getBaseDn()) ? search(str, 0, this.objectUserDnFilter, strArr, 0) : search(this.ldapConfig.getBaseDn(), 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr, 0);
            if (search.hasMoreElements()) {
                NamingEnumeration all = ((SearchResult) search.next()).getAttributes().getAll();
                HashSet hashSet2 = new HashSet();
                for (String str2 : strArr) {
                    hashSet2.add(str2);
                }
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    if (hashSet2.contains(attribute.getID())) {
                        for (int i = 0; i < attribute.size(); i++) {
                            hashSet.add(RegistryUtil.removeDNSpace((String) attribute.get(i), 0));
                        }
                    }
                }
                if (search.hasMoreElements()) {
                    search.close();
                }
                for (String str3 : hashSet) {
                    if (!arrayList.contains(str3)) {
                        arrayList.add(str3);
                    }
                    if (this.recursiveSearch) {
                        getAllGroupMembershipsByUserObject(str3, arrayList, arrayList2, strArr);
                    }
                }
            }
        } catch (NamingException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getGroupsForUser", "1004", (Object) this);
            logNamingException(e);
            Tr.error(tc, "security.registry.getgrpsforuser.error", new Object[]{str});
            throw new EntryNotFoundException(e.getMessage(), e);
        }
    }

    private void getAllGroupMembershipsByUserObject(String str, ArrayList arrayList, ArrayList arrayList2, String str2) throws EntryNotFoundException {
        if (arrayList2.contains(str)) {
            return;
        }
        arrayList2.add(str);
        String[] strArr = {str2};
        Vector vector = new Vector(5);
        try {
            NamingEnumeration search = fullDN(str, this.ldapConfig.getBaseDn()) ? search(str, 0, this.objectUserDnFilter, strArr, 0) : search(this.ldapConfig.getBaseDn(), 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr, 0);
            if (search.hasMoreElements()) {
                NamingEnumeration all = ((SearchResult) search.next()).getAttributes().getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equalsIgnoreCase(strArr[0])) {
                        for (int i = 0; i < attribute.size(); i++) {
                            vector.addElement(RegistryUtil.removeDNSpace((String) attribute.get(i), 0));
                        }
                    }
                }
                if (search.hasMoreElements()) {
                    search.close();
                }
                ListIterator listIterator = vector.listIterator();
                while (listIterator.hasNext()) {
                    String str3 = (String) listIterator.next();
                    if (!arrayList.contains(str3)) {
                        arrayList.add(str3);
                    }
                    if (this.recursiveSearch) {
                        getAllGroupMembershipsByUserObject(str3, arrayList, arrayList2, str2);
                    }
                }
            }
        } catch (NamingException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getGroupsForUser", "1077", (Object) this);
            logNamingException(e);
            Tr.error(tc, "security.registry.getgrpsforuser.error", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGroupsForUser");
            }
            throw new EntryNotFoundException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public List getGroupsForUser(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupsForUser", str);
        }
        if (!fullDN(str, this.ldapConfig.getBaseDn())) {
            str = getUniqueUserId(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "using DN: " + str);
            }
        }
        IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
        if (groupMembers.length == 0) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList();
        if (useMixedSearch) {
            String[] strArr = new String[groupMembers.length];
            for (int i = 0; i < groupMembers.length; i++) {
                strArr[i] = groupMembers[i].getObjectClassName();
            }
            getAllGroupMembershipsByUserObject(str, arrayList, new ArrayList(), strArr);
            String str2 = "objectclass";
            int i2 = 0;
            while (true) {
                if (i2 >= groupMembers.length) {
                    break;
                }
                if (groupMembers[i2].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    str2 = "objectCategory";
                    break;
                }
                i2++;
            }
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(str);
            getAllGroupMembersByGroupObject(arrayList2, arrayList, new ArrayList(), groupMembers, str2);
            arrayList = new ArrayList(new HashSet(arrayList));
        } else if (this.useAttributeGroupMethod) {
            getAllGroupMembershipsByUserObject(str, arrayList, new ArrayList(), groupMembers[0].getObjectClassName());
        } else {
            String str3 = "objectclass";
            int i3 = 0;
            while (true) {
                if (i3 >= groupMembers.length) {
                    break;
                }
                if (groupMembers[i3].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                    str3 = "objectCategory";
                    break;
                }
                i3++;
            }
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(str);
            getAllGroupMembersByGroupObject(arrayList3, arrayList, new ArrayList(), groupMembers, str3);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Number of groups returned = " + arrayList.size());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupsForUser", arrayList.toArray());
        }
        return arrayList;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsersForGroup(String str, int i) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsersForGroup");
        }
        Result result = new Result();
        int i2 = 0;
        if (i < 0) {
            result.setList(new ArrayList(0));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No groups searched for users as the limit is a negative number.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup");
            }
            return result;
        }
        IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
        if (groupMembers.length == 0) {
            result.setList(new ArrayList(0));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No filter specified for groupmeneber.idmap ");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup");
            }
            return result;
        }
        String[] strArr = new String[groupMembers.length];
        for (int i3 = 0; i3 < groupMembers.length; i3++) {
            strArr[i3] = groupMembers[i3].getAttributeName();
        }
        ArrayList arrayList = new ArrayList(0);
        if (i != 0 && i < Integer.MAX_VALUE) {
            arrayList = new ArrayList(i + 1);
        } else if (i == Integer.MAX_VALUE) {
            arrayList = new ArrayList(i);
        }
        try {
            NamingEnumeration search = search(str, 0, this.objectFilter, strArr, 1);
            if (search.hasMoreElements()) {
                NamingEnumeration all = ((SearchResult) search.next()).getAttributes().getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    int i4 = 0;
                    while (true) {
                        if (i4 < attribute.size()) {
                            String removeDNSpace = RegistryUtil.removeDNSpace((String) attribute.get(i4), 0);
                            arrayList.add(removeDNSpace);
                            if (i < Integer.MAX_VALUE && i != 0) {
                                i2++;
                                if (i2 >= i + 1) {
                                    result.setHasMore();
                                    arrayList.remove(removeDNSpace);
                                    break;
                                }
                            }
                            i4++;
                        }
                    }
                }
                if (search.hasMoreElements()) {
                    search.close();
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUsersForGroup");
                }
                result.setList(arrayList);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup");
            }
            return result;
        } catch (NamingException e) {
            logNamingException(e);
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsersForGroup", "1256", (Object) this);
            Tr.error(tc, "security.registry.getusrsforgrp.error", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsersForGroup", e);
            }
            throw new CustomRegistryException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getGroupSecurityName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGroupSecurityName", str);
        }
        String uniqueGroupId = getUniqueGroupId(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGroupSecurityName", uniqueGroupId);
        }
        return uniqueGroupId;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserDisplayName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserDisplayName", str);
        }
        String str2 = null;
        try {
            Attributes attributes = getAttributes(str, this.idMap.getAttributes());
            str2 = this.idMap.getUserName(attributes);
            if (tc.isDebugEnabled()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "securityName =", str);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attributes =", attributes);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "userName =", str2);
                }
            }
        } catch (NamingException e) {
            logNamingException(e);
        }
        if (str2 == null) {
            str2 = "";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserDisplayName");
        }
        return str2;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUniqueUserId(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueUserId", str);
        }
        try {
            Result users = getUsers(str, 2);
            int size = users.getList().size();
            if (size > 1) {
                CustomRegistryException customRegistryException = new CustomRegistryException("Multiple users with the name of " + str);
                Tr.error(tc, "security.authn.failed.multiusers", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueUserId", customRegistryException);
                }
                throw customRegistryException;
            }
            if (size == 0) {
                Tr.error(tc, "security.registry.uniqueusrid.notfound", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueUserId");
                }
                throw new EntryNotFoundException("Cannot find uniqueID for the user " + str);
            }
            String str2 = (String) users.getList().get(0);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found user", str2);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId", str2);
            }
            return str2;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUniqueUserId", "1366", this);
            if (e instanceof CustomRegistryException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueUserId");
                }
                throw new CustomRegistryException(e.getMessage(), e);
            }
            if (e instanceof EntryNotFoundException) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUniqueUserId");
                }
                throw new EntryNotFoundException(e.getMessage(), e);
            }
            Tr.error(tc, "security.registry.uniqueusrid.error", new Object[]{null});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUniqueUserId");
            }
            throw new CustomRegistryException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public Result getUsers(String str, int i) throws CustomRegistryException {
        EntryEnumeration search;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUsers", new Object[]{str, new Integer(i)});
        }
        Result result = new Result();
        if (i < 0) {
            result.setList(new ArrayList(0));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No users searched as the limit is a negative number.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", new Object[]{str, new Integer(i)});
            }
            return result;
        }
        int i2 = 0;
        if (i != 0 && i < Integer.MAX_VALUE) {
            i++;
        }
        try {
            if (fullDN(str, this.ldapConfig.getBaseDn())) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "pattern is full DN");
                }
                search = search(str, 0, this.objectUserDnFilter, i);
            } else {
                search = search(2, this.ldapConfig.getFilter("user.filter").prepare(str), i);
            }
            if (search == null) {
                result.setList(new ArrayList(0));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No users found");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getUsers", new Object[]{str, new Integer(i)});
                }
                return result;
            }
            ArrayList arrayList = new ArrayList();
            if (i != 0) {
                arrayList = new ArrayList(i);
            }
            while (search.hasMoreElements()) {
                SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getString(AuthMechanismConfig.OID);
                arrayList.add(search.nextElement());
                if (i != 0) {
                    i2++;
                    if (i2 == i) {
                        break;
                    }
                }
            }
            result.setList(arrayList);
            try {
                if (search.hasMoreElements()) {
                    result.setHasMore();
                    search.close();
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "no more users");
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Number of users returned = " + arrayList.size());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", new Object[]{str, new Integer(i)});
            }
            return result;
        } catch (AuthenticationException e2) {
            FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers", "1431", (Object) this);
            logNamingException(e2);
            Tr.error(tc, "security.registry.getusers.error", new Object[]{str, e2});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", new Object[]{str, new Integer(i), e2});
            }
            throw new CustomRegistryException(e2.getMessage(), e2);
        } catch (NamingException e3) {
            FFDCFilter.processException((Throwable) e3, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers", "1438", (Object) this);
            logNamingException(e3);
            Tr.error(tc, "security.registry.getusers.error", new Object[]{str, e3});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getUsers", new Object[]{str, new Integer(i), e3});
            }
            if (e3.getCause() != null) {
                throw new CustomRegistryException(e3.getCause().toString(), e3);
            }
            throw new CustomRegistryException(e3.getMessage(), e3);
        }
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getUserSecurityName(String str) throws EntryNotFoundException, CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUserSecurityName", str);
        }
        String uniqueUserId = getUniqueUserId(str);
        if (this.ldapConfig.performIdMap()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "As performIdMap property is, calling getUserDisplayName() using input : " + uniqueUserId);
            }
            uniqueUserId = getUserDisplayName(uniqueUserId);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Per performIdMap property,  getUserDisplayName() is called. Returned value is : " + uniqueUserId);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUserSecurityName", uniqueUserId);
        }
        return uniqueUserId;
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public void initialize(Properties properties) throws CustomRegistryException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        this.DirContextPool = new Vector();
        this.ContextPoolSize = 0;
        this.busyCount = 0;
        this.currentActiveLDAP = null;
        this.table1 = new Vector();
        this.table2 = new Vector();
        this.table3 = new Vector();
        String property = properties.getProperty("java.naming.provider.url");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "original uri: " + property);
        }
        if (property != null && property.length() > 0) {
            int indexOf = property.indexOf(":");
            if (indexOf < 0) {
                throw new CustomRegistryException("Invalid URI: " + property);
            }
            int i = indexOf + 1;
            StringBuffer stringBuffer = new StringBuffer();
            if (property.startsWith("//", i)) {
                int i2 = i + 2;
                int indexOf2 = property.indexOf("/", i2);
                if (indexOf2 < 0) {
                    indexOf2 = property.length();
                }
                if (property.startsWith(SecurityConfigManagerImpl.CFG_OBJ_DELIM, i2)) {
                    stringBuffer.append(property.substring(0, i2)).append(WorkSpaceConstant.FIELD_SEPERATOR);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "first newS: " + stringBuffer.toString());
                    }
                    int i3 = i2 + 2;
                    int indexOf3 = property.indexOf(":", i3);
                    String substring = property.substring(i3, indexOf3);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "hostname: " + substring);
                    }
                    stringBuffer.append(substring).append("]").append(property.substring(indexOf3 + 1, indexOf2));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "second newS: " + stringBuffer.toString());
                    }
                    properties.setProperty("java.naming.provider.url", stringBuffer.toString());
                }
            }
        }
        try {
            this.ldapConfig = new LdapConfig(properties);
            String directoryUrl = this.ldapConfig.getDirectoryUrl();
            if (directoryUrl == null || directoryUrl.length() == 0) {
                throw new CustomRegistryException("No Directory URL");
            }
            if (this.ldapConfig.getFilter("user.filter") == null) {
                throw new CustomRegistryException("No User Filter");
            }
            if (this.ldapConfig.getFilter("group.filter") == null) {
                throw new CustomRegistryException("No Group Filter");
            }
            this.realm = this.ldapConfig.getLogicRealm();
            if (this.realm == null || this.realm.length() == 0) {
                this.realm = properties.getProperty("LDAP.server.realm");
            }
            if (this.realm == null || this.realm.length() == 0) {
                int indexOf4 = directoryUrl.indexOf(RASFormatter.DEFAULT_SEPARATOR);
                if (indexOf4 > 0) {
                    directoryUrl = directoryUrl.substring(0, indexOf4);
                }
                int indexOf5 = directoryUrl.indexOf("://");
                if (directoryUrl.endsWith("/")) {
                    this.realm = directoryUrl.substring(indexOf5 + 3, directoryUrl.length() - 1);
                } else {
                    this.realm = directoryUrl.substring(indexOf5 + 3, directoryUrl.length());
                }
            }
            if (this.realm == null) {
                throw new CustomRegistryException("Realm is not specified in LDAPRegistry realm field of security.xml");
            }
            this.realm = this.realm.trim();
            this.idMap = new IdMap(this.ldapConfig);
            this.certMap = new CertificateMapper();
            try {
                this.certMap.setLdapMapMode(properties.getProperty("certificate.map.mode"));
                this.certMap.setLdapFilterDescriptor(properties.getProperty("certificate.map.filter"));
            } catch (CertificateMapperException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.initialize", "1643", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, AdminSubsystemExtensionHandler.INITIALIZE, e);
                }
            }
            try {
                int i4 = -1;
                String property2 = properties.getProperty(CommonConstants.LDAP_SEARCH_TIME_LIMIT);
                if (property2 != null && property2.length() > 0) {
                    i4 = new Integer(property2).intValue();
                }
                if (i4 > 0) {
                    this.searchTimeLimit = i4 * 1000;
                }
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, AdminSubsystemExtensionHandler.INITIALIZE, "will try for 2 minutes");
                }
            }
            try {
                if (properties.getProperty(CommonConstants.LDAP_REUSE_CONN).equalsIgnoreCase("false")) {
                    this.URLContextImpl = true;
                    this.LdapURL = directoryUrl;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Use URL Context Implementation.");
                    }
                }
            } catch (Exception e3) {
            }
            scanInactiveLDAP();
            if (LdapMonitorThread == null) {
                LdapMonitorThread = new LdapMonitor();
                LdapMonitorThread.setDaemon(true);
                LdapMonitorThread.start();
            }
            IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
            if (groupMembers.length > 0 && !this.registryExist) {
                this.recursiveSearch = this.ldapConfig.isRecursiveSearchEnabled();
                String lowerCase = this.ldapConfig.getFilter("group.filter").prepare("*").toLowerCase();
                if (lowerCase.indexOf("ldapsubentry") > -1) {
                    this.objectFilter = iPlanet_OBJECT_FILTER;
                }
                if (lowerCase.indexOf("objectcategory") > -1) {
                    this.objectFilter = MS_OBJECT_FILTER;
                }
                String groupDnSearchFilter = this.ldapConfig.getGroupDnSearchFilter();
                if (groupDnSearchFilter != null) {
                    this.objectGroupDnFilter = groupDnSearchFilter;
                } else {
                    this.objectGroupDnFilter = this.objectFilter;
                }
                String userDnSearchFilter = this.ldapConfig.getUserDnSearchFilter();
                if (userDnSearchFilter != null) {
                    this.objectUserDnFilter = userDnSearchFilter;
                } else {
                    this.objectUserDnFilter = this.objectFilter;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "objectGroupDnFilter : " + this.objectGroupDnFilter);
                    Tr.debug(tc, "objectUserDnFilter : " + this.objectUserDnFilter);
                }
                boolean z = true;
                StringTokenizer stringTokenizer = new StringTokenizer(this.ldapConfig.getDirectoryUrl());
                boolean z2 = false;
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
                    ldapConfig.setDirectoryUrl(nextToken);
                    try {
                        InitialDirContext initialDirContext = new InitialDirContext(ldapConfig);
                        if (z) {
                            z = false;
                            for (IdMap.IdEntry idEntry : groupMembers) {
                                try {
                                    this.useAttributeGroupMethod = true;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Found attribute of LDAP user object that specifies the distinguished name of those groups to which this user belongs.");
                                    }
                                    if (z2) {
                                        useMixedSearch = true;
                                    }
                                } catch (Exception e4) {
                                    z2 = true;
                                    if (this.useAttributeGroupMethod) {
                                        useMixedSearch = true;
                                    }
                                }
                            }
                        }
                        initialDirContext.close();
                        break;
                    } catch (NamingException e5) {
                    }
                }
                if (!this.useAttributeGroupMethod && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Will call getGroupsForUser() to get user's group memberships.");
                }
            }
            this.maxContextPerConnection = this.ldapConfig.getMaxConcurrentSearchNumberPerConnection();
            this.maxIdleContext = this.ldapConfig.getSizeOfIdleContextPool();
            this.registryExist = true;
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AdminSubsystemExtensionHandler.INITIALIZE);
            }
        } catch (Exception e6) {
            FFDCFilter.processException(e6, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.initialize", "1580", this);
            Tr.error(tc, "security.registry.ldap.initerror", new Object[]{e6});
            throw new CustomRegistryException(e6.toString(), e6);
        }
    }

    private void scanInactiveLDAP() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "scanInactiveLDAP");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(this.ldapConfig.getDirectoryUrl());
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
            ldapConfig.setDirectoryUrl(nextToken);
            try {
                new InitialDirContext(ldapConfig).close();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, nextToken + " is ready to accept request");
                }
            } catch (NamingException e) {
                Tr.audit(tc, "security.registry.ldap.connect.audit", new Object[]{nextToken});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "scanInactiveLDAP");
        }
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidGroup(java.lang.String r8) throws com.ibm.websphere.security.CustomRegistryException {
        /*
            r7 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L12
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "isValidGroup"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        L12:
            r0 = r7
            r1 = r8
            r2 = 2
            com.ibm.websphere.security.Result r0 = r0.getGroups(r1, r2)     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L5a
            r9 = r0
            r0 = r9
            java.util.List r0 = r0.getList()     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L5a
            int r0 = r0.size()     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L5a
            r10 = r0
            r0 = r10
            r1 = 1
            if (r0 != r1) goto L31
            r0 = 1
            r11 = r0
            r0 = jsr -> L62
        L2e:
            r1 = r11
            return r1
        L31:
            r0 = jsr -> L62
        L34:
            goto L78
        L37:
            r9 = move-exception
            r0 = r9
            java.lang.String r1 = "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.isValidGroup"
            java.lang.String r2 = "1837"
            r3 = r7
            com.ibm.ws.ffdc.FFDCFilter.processException(r0, r1, r2, r3)     // Catch: java.lang.Throwable -> L5a
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> L5a
            java.lang.String r1 = "security.registry.isvalidgroup.error"
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.lang.Throwable -> L5a
            r3 = r2
            r4 = 0
            r5 = r8
            r3[r4] = r5     // Catch: java.lang.Throwable -> L5a
            com.ibm.ejs.ras.Tr.error(r0, r1, r2)     // Catch: java.lang.Throwable -> L5a
            r0 = jsr -> L62
        L57:
            goto L78
        L5a:
            r12 = move-exception
            r0 = jsr -> L62
        L5f:
            r1 = r12
            throw r1
        L62:
            r13 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L76
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "isValidGroup"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
        L76:
            ret r13
        L78:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.registry.ldap.LdapRegistryImpl.isValidGroup(java.lang.String):boolean");
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    @Override // com.ibm.websphere.security.UserRegistry
    public boolean isValidUser(java.lang.String r8) throws com.ibm.websphere.security.CustomRegistryException {
        /*
            r7 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L12
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "isValidUser"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        L12:
            r0 = r7
            r1 = r8
            r2 = r7
            com.ibm.ws.security.registry.ldap.LdapConfig r2 = r2.ldapConfig     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            java.lang.String r2 = r2.getBaseDn()     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            boolean r0 = r0.fullDN(r1, r2)     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            if (r0 != 0) goto L28
            r0 = r8
            r1 = 42
            java.lang.String r0 = escapeChar(r0, r1)     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            r8 = r0
        L28:
            r0 = r7
            r1 = r8
            r2 = 2
            com.ibm.websphere.security.Result r0 = r0.getUsers(r1, r2)     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            r9 = r0
            r0 = r9
            java.util.List r0 = r0.getList()     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            int r0 = r0.size()     // Catch: java.lang.Exception -> L4d java.lang.Throwable -> L70
            r10 = r0
            r0 = r10
            r1 = 1
            if (r0 != r1) goto L47
            r0 = 1
            r11 = r0
            r0 = jsr -> L78
        L44:
            r1 = r11
            return r1
        L47:
            r0 = jsr -> L78
        L4a:
            goto L8e
        L4d:
            r9 = move-exception
            r0 = r9
            java.lang.String r1 = "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.isValidUser"
            java.lang.String r2 = "1869"
            r3 = r7
            com.ibm.ws.ffdc.FFDCFilter.processException(r0, r1, r2, r3)     // Catch: java.lang.Throwable -> L70
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> L70
            java.lang.String r1 = "security.registry.isvaliduser.error"
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.lang.Throwable -> L70
            r3 = r2
            r4 = 0
            r5 = r8
            r3[r4] = r5     // Catch: java.lang.Throwable -> L70
            com.ibm.ejs.ras.Tr.error(r0, r1, r2)     // Catch: java.lang.Throwable -> L70
            r0 = jsr -> L78
        L6d:
            goto L8e
        L70:
            r12 = move-exception
            r0 = jsr -> L78
        L75:
            r1 = r12
            throw r1
        L78:
            r13 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L8c
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "isValidUser"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
        L8c:
            ret r13
        L8e:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.registry.ldap.LdapRegistryImpl.isValidUser(java.lang.String):boolean");
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public String getRealm() throws CustomRegistryException, RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRealm");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRealm", this.realm);
        }
        return this.realm;
    }

    protected Attributes getAttributes(String str, String[] strArr) throws NamingException {
        NamingEnumeration search = search(str, 0, this.objectFilter, strArr, 0);
        if (!search.hasMoreElements()) {
            return null;
        }
        Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
        if (search.hasMoreElements()) {
            try {
                search.close();
            } catch (NamingException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurs while close NamingException.");
                }
            }
        }
        return attributes;
    }

    protected String getEntry(String str) throws NamingException {
        EntryEnumeration search = search(str, 0, this.objectFilter, 0);
        String str2 = null;
        if (search.hasMoreElements()) {
            str2 = (String) search.nextElement();
            if (search.hasMoreElements()) {
                try {
                    search.close();
                } catch (NamingException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurs while close NamingException.");
                    }
                }
            }
        }
        return str2;
    }

    protected String getNormalizedDN(String str) throws NamingException {
        String str2 = null;
        int indexOf = str.indexOf(44);
        if (indexOf == -1) {
            indexOf = str.indexOf(59);
        }
        if (indexOf == -1) {
            try {
                str = escapeChar(str, '*');
                EntryEnumeration search = search(str, 0, this.objectFilter, 0);
                if (search.hasMoreElements()) {
                    str2 = (String) search.nextElement();
                    if (search.hasMoreElements()) {
                        search.close();
                    }
                }
            } catch (NamingException e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getNormalizedDN", "1974", (Object) this);
                Tr.error(tc, "security.registry.ldap.invalidID");
                logNamingException(e, str);
                throw e;
            }
        } else {
            try {
                str.length();
                escapeChar(str.substring(0, indexOf), '*');
                EntryEnumeration search2 = search(escapeChar(str, '*'), 0, this.objectFilter, 0);
                String normalizeDN = normalizeDN(str);
                while (str2 == null && search2.hasMoreElements()) {
                    String str3 = (String) search2.nextElement();
                    if (normalizeDN(str3).equalsIgnoreCase(normalizeDN)) {
                        str2 = str3;
                    }
                }
                if (search2.hasMoreElements()) {
                    search2.close();
                }
            } catch (NamingException e2) {
                FFDCFilter.processException((Throwable) e2, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getNormalizedDN", "2016", (Object) this);
                Tr.error(tc, "security.registry.ldap.invalidID");
                logNamingException(e2, str);
                throw e2;
            }
        }
        return str2;
    }

    private boolean fullDNwOneEqual(String str) {
        int indexOf;
        if (str == null || str.length() == 0 || (indexOf = str.indexOf(61)) <= 0 || indexOf != str.lastIndexOf(61) || str.length() == indexOf + 1 || str.charAt(indexOf - 1) == '\\') {
            return false;
        }
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "one equal character only, returning true.");
        return true;
    }

    private boolean fullDN(String str) {
        int indexOf = str.indexOf(61);
        if (str.indexOf(61) < 0) {
            return false;
        }
        return (this.ldapConfig.getBaseDn().length() > 0 && RegistryUtil.removeDNSpace(str, 0).toLowerCase().endsWith(RegistryUtil.removeDNSpace(this.ldapConfig.getBaseDn(), 0).toLowerCase())) || this.ldapConfig.getBaseDn().length() < 1 || str.indexOf(61, indexOf + 1) < 0;
    }

    private boolean fullDN(String str, String str2) {
        if (str == null || str.length() < 3 || str.indexOf(61) < 0) {
            return false;
        }
        int indexOf = str.indexOf(61);
        if (!this.ldapConfig.isIgnoreBaseDn()) {
            return (str2.length() > 0 && RegistryUtil.removeDNSpace(str, 0).toLowerCase().endsWith(RegistryUtil.removeDNSpace(str2, 0).toLowerCase())) || str2.length() < 1 || str.indexOf(61, indexOf + 1) < 0;
        }
        if (str.indexOf(92) < 0 && str.indexOf(34) < 0) {
            return true;
        }
        if (str.charAt(indexOf - 1) == '\\' && str.indexOf(61, indexOf + 1) < 0) {
            return false;
        }
        boolean z = false;
        int i = 0;
        while (i < str.length()) {
            if (str.charAt(i) == '=') {
                z = true;
            }
            if (str.charAt(i) == '\\' && str.charAt(i + 1) == '=') {
                z = false;
                i++;
            } else if (str.charAt(i) == '\"') {
                boolean z2 = true;
                for (int i2 = i; i2 < str.length() && z2; i2++) {
                    if (str.charAt(i2) == '=') {
                        for (int i3 = i2 + 1; i3 < str.length() && z2; i3++) {
                            if (str.charAt(i3) == '\"') {
                                z = false;
                                z2 = false;
                                i = i3;
                            }
                        }
                    }
                }
            }
            i++;
        }
        return z;
    }

    protected EntryEnumeration search(int i, String str, int i2) throws NamingException {
        return search(this.ldapConfig.getBaseDn(), i, str, i2);
    }

    protected EntryEnumeration search(String str, int i, String str2, int i2) throws NamingException {
        return new EntryEnumeration(str, search(str, i, str2, noAttrs, i2));
    }

    /* JADX WARN: Code restructure failed: missing block: B:51:0x02a7, code lost:
    
        return r20;
     */
    /* JADX WARN: Removed duplicated region for block: B:94:0x0373 A[Catch: all -> 0x037d, TRY_ENTER, TryCatch #3 {all -> 0x037d, AuthenticationException -> 0x02a8, NamingException -> 0x02cd, blocks: (B:33:0x01a3, B:35:0x01af, B:37:0x01be, B:38:0x01dc, B:40:0x01fa, B:42:0x0206, B:43:0x0268, B:45:0x0271, B:55:0x0212, B:59:0x01cf, B:60:0x0221, B:62:0x023f, B:63:0x025d, B:64:0x0250, B:70:0x02aa, B:72:0x02be, B:78:0x02cf, B:80:0x02dc, B:81:0x0300, B:104:0x0312, B:85:0x0333, B:87:0x0359, B:92:0x0365, B:94:0x0373), top: B:32:0x01a3 }] */
    /* JADX WARN: Removed duplicated region for block: B:95:0x0385 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected javax.naming.NamingEnumeration search(java.lang.String r7, int r8, java.lang.String r9, java.lang.String[] r10, int r11) throws javax.naming.NamingException {
        /*
            Method dump skipped, instructions count: 948
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(java.lang.String, int, java.lang.String, java.lang.String[], int):javax.naming.NamingEnumeration");
    }

    @Override // com.ibm.websphere.security.UserRegistry
    public WSCredential createCredential(String str) throws CustomRegistryException, EntryNotFoundException, NotImplementedException, RemoteException {
        String removeDNSpace;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCredential", str);
        }
        List list = null;
        String str2 = null;
        if (useMixedSearch) {
            removeDNSpace = RegistryUtil.removeDNSpace(getUniqueUserId(str), 0);
            str2 = getUserDisplayName(removeDNSpace);
            list = getUniqueGroupIds(removeDNSpace);
        } else if (this.useAttributeGroupMethod) {
            IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
            String[] strArr = new String[2];
            strArr[0] = this.idMap.getAttributes()[1];
            if (groupMembers.length > 0) {
                strArr[1] = groupMembers[0].getObjectClassName();
                if (RACF_GROUP_ATTRIBUTE.equalsIgnoreCase(strArr[1]) && !fullDN(str, this.ldapConfig.getBaseDn())) {
                    str = getUniqueUserId(str);
                }
            }
            Vector vector = new Vector(5);
            String baseDn = this.ldapConfig.getBaseDn();
            try {
                NamingEnumeration namingEnumeration = null;
                if (fullDNwOneEqual(str)) {
                    try {
                        str = escapeChar(str, '*');
                        namingEnumeration = search(baseDn, 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr, 0);
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "an excaption is caught in subtree search. " + e);
                        }
                    }
                    if (namingEnumeration == null || !namingEnumeration.hasMoreElements()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "no result from subtree search, fall back to fullDN search.");
                        }
                        namingEnumeration = search(str, 0, this.objectUserDnFilter, strArr, 0);
                    }
                } else if (fullDN(str, this.ldapConfig.getBaseDn())) {
                    namingEnumeration = search(str, 0, this.objectUserDnFilter, strArr, 0);
                } else {
                    str = escapeChar(str, '*');
                    namingEnumeration = search(baseDn, 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr, 0);
                }
                if (!namingEnumeration.hasMoreElements()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "createCredential", "no users with name: " + str + " found");
                    }
                    Tr.error(tc, "security.registry.createcredential.nouser", new Object[]{str});
                    throw new EntryNotFoundException("Cannot find the user: " + str);
                }
                Object next = namingEnumeration.next();
                NameClassPair nameClassPair = (NameClassPair) next;
                String name = nameClassPair.getName();
                if (name != null && name.trim().length() > 1 && nameClassPair.isRelative()) {
                    try {
                        name = new CompositeName(name).get(0);
                    } catch (Exception e2) {
                    }
                    if (name.charAt(0) == '\"') {
                        name = name.substring(1, name.length() - 1);
                    }
                }
                if (name != null && name.length() > 0 && nameClassPair.isRelative()) {
                    str = name;
                    if (baseDn != null && baseDn.trim().length() > 1) {
                        str = name + "," + baseDn;
                    }
                }
                if (!nameClassPair.isRelative() && name != null && name.length() > 0) {
                    int indexOf = name.indexOf(47, 9);
                    if (indexOf <= -1 || name.length() <= indexOf + 1) {
                        str = "";
                    } else {
                        try {
                            name = URLDecoder.decode(name, "UTF8");
                        } catch (Exception e3) {
                        }
                        str = name.substring(indexOf + 1);
                    }
                }
                removeDNSpace = RegistryUtil.removeDNSpace(str, 0);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "uniqueUserId = " + removeDNSpace);
                }
                NamingEnumeration all = ((SearchResult) next).getAttributes().getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    String id = attribute.getID();
                    if (id.equalsIgnoreCase(strArr[0])) {
                        str2 = (String) attribute.get(0);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "displayName = " + str2);
                        }
                    } else if (id.equalsIgnoreCase(strArr[1])) {
                        for (int i = 0; i < attribute.size(); i++) {
                            vector.addElement(RegistryUtil.removeDNSpace((String) attribute.get(i), 0));
                        }
                    }
                }
                if (vector.size() > 0) {
                    String[] strArr2 = new String[vector.size()];
                    vector.copyInto(strArr2);
                    list = new ArrayList(strArr2.length);
                    ArrayList arrayList = new ArrayList();
                    if (this.recursiveSearch) {
                        getAllGroupMembershipsByUserObject(removeDNSpace, arrayList, new ArrayList(), strArr[1]);
                        list = arrayList;
                    } else {
                        for (String str3 : strArr2) {
                            list.add(str3);
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "grops length = " + list.size());
                        for (int i2 = 0; i2 < list.size(); i2++) {
                            Tr.debug(tc, "groups name = " + list.get(i2));
                        }
                    }
                }
                if (namingEnumeration.hasMoreElements()) {
                    namingEnumeration.close();
                }
            } catch (NamingException e4) {
                FFDCFilter.processException((Throwable) e4, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.createCredential", "2649", (Object) this);
                Tr.error(tc, "security.registry.createcredential.error", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createCredential", e4);
                }
                throw new EntryNotFoundException(e4.toString(), e4);
            }
        } else {
            String[] strArr3 = {this.idMap.getAttributes()[1]};
            String baseDn2 = this.ldapConfig.getBaseDn();
            try {
                NamingEnumeration namingEnumeration2 = null;
                if (fullDNwOneEqual(str)) {
                    try {
                        str = escapeChar(str, '*');
                        namingEnumeration2 = search(baseDn2, 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr3, 0);
                    } catch (Exception e5) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "an excaption is caught in subtree search :" + e5);
                        }
                    }
                    if (namingEnumeration2 == null || !namingEnumeration2.hasMoreElements()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "no result from subtree search, fall back to fullDN search.");
                        }
                        namingEnumeration2 = search(str, 0, this.objectUserDnFilter, strArr3, 0);
                    }
                } else if (fullDN(str)) {
                    namingEnumeration2 = search(str, 0, this.objectUserDnFilter, strArr3, 0);
                } else {
                    str = escapeChar(str, '*');
                    namingEnumeration2 = search(baseDn2, 2, this.ldapConfig.getFilter("user.filter").prepare(str), strArr3, 0);
                }
                if (!namingEnumeration2.hasMoreElements()) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "createCredential", "no users with name : " + str + " found (first occurrence)");
                    }
                    Tr.error(tc, "security.registry.createcredential.nouser", new Object[]{str});
                    throw new EntryNotFoundException("Cannot find the user: " + str);
                }
                Object next2 = namingEnumeration2.next();
                NameClassPair nameClassPair2 = (NameClassPair) next2;
                String name2 = nameClassPair2.getName();
                if (name2 != null && name2.trim().length() > 1 && nameClassPair2.isRelative()) {
                    try {
                        name2 = new CompositeName(name2).get(0);
                    } catch (Exception e6) {
                    }
                    if (name2.charAt(0) == '\"') {
                        name2 = name2.substring(1, name2.length() - 1);
                    }
                }
                if (name2 != null && name2.length() > 0 && nameClassPair2.isRelative()) {
                    str = name2;
                    if (baseDn2 != null && baseDn2.trim().length() > 1) {
                        str = name2 + "," + baseDn2;
                    }
                }
                if (!nameClassPair2.isRelative() && name2 != null && name2.length() > 0) {
                    int indexOf2 = name2.indexOf(47, 9);
                    if (indexOf2 <= -1 || name2.length() <= indexOf2 + 1) {
                        str = "";
                    } else {
                        try {
                            name2 = URLDecoder.decode(name2, "UTF8");
                        } catch (Exception e7) {
                        }
                        str = name2.substring(indexOf2 + 1);
                    }
                }
                removeDNSpace = RegistryUtil.removeDNSpace(str, 0);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "uniqueUserId = " + removeDNSpace);
                }
                NamingEnumeration all2 = ((SearchResult) next2).getAttributes().getAll();
                while (all2.hasMoreElements()) {
                    Attribute attribute2 = (Attribute) all2.next();
                    if (attribute2.getID().equalsIgnoreCase(strArr3[0])) {
                        str2 = (String) attribute2.get(0);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "displayName = " + str2);
                        }
                    }
                }
                list = getUniqueGroupIds(removeDNSpace);
            } catch (NamingException e8) {
                FFDCFilter.processException((Throwable) e8, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.createCredential", "2471", (Object) this);
                Tr.error(tc, "security.registry.createcredential.error", new Object[]{str});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createCredential", e8);
                }
                throw new EntryNotFoundException(e8.toString(), e8);
            }
        }
        if (str2 == null || str2.trim().length() <= 0) {
            str2 = removeDNSpace;
        }
        try {
            final String appendRealm = RegistryUtil.appendRealm("user", removeDNSpace, this.realm);
            final String str4 = removeDNSpace;
            final ArrayList arrayList2 = new ArrayList();
            String str5 = null;
            if (list != null && list.size() > 0) {
                String[] strArr4 = (String[]) list.toArray(new String[list.size()]);
                for (int i3 = 0; i3 < strArr4.length; i3++) {
                    if (i3 == 0) {
                        str5 = RegistryUtil.appendRealm("group", strArr4[i3], this.realm);
                    }
                    arrayList2.add(RegistryUtil.appendRealm("group", strArr4[i3], this.realm));
                }
            }
            boolean preserveTaiUsername = this.ldapConfig.getPreserveTaiUsername();
            if (preserveTaiUsername && tc.isEntryEnabled()) {
                Tr.debug(tc, "Custom Property - PreserveTaiUserName found.  Creating WSCredential with " + str + "instead of" + str2);
            }
            final String str6 = this.realm;
            final String str7 = preserveTaiUsername ? str : str2;
            final String str8 = str5;
            try {
                WSCredential wSCredential = (WSCredential) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.registry.ldap.LdapRegistryImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new WSCredentialImpl(str6, str7, str4, str8 != null ? str8 : LdapRegistryImpl.nullString, appendRealm, null, arrayList2);
                    }
                });
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createCredential", str);
                }
                return wSCredential;
            } catch (PrivilegedActionException e9) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred creating new WS cred.", new Object[]{e9.getException()});
                }
                FFDCFilter.processException(e9.getException(), "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.createCredential", "2719", this);
                throw e9.getException();
            }
        } catch (Exception e10) {
            FFDCFilter.processException(e10, "com.ibm.ws.security.registry.ldap.LdapRegistryImpl.createCredential", "2725", this);
            Tr.error(tc, "security.registry.createcredential.error", new Object[]{str});
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createCredential", e10);
            }
            throw new EntryNotFoundException(e10.getMessage(), e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String escapeChar(String str, char c) {
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(2 * length);
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt == c) {
                stringBuffer.append('\\').append(charAt);
            } else {
                stringBuffer.append(charAt);
            }
        }
        return stringBuffer.toString();
    }

    private static String escapeFirstChar(String str, char c) {
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(2 * length);
        char c2 = ' ';
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (i > 1) {
                c2 = str.charAt(i - 1);
            }
            if (charAt == c && c2 == '=') {
                stringBuffer.append('\\').append(charAt);
            } else {
                stringBuffer.append(charAt);
            }
        }
        return stringBuffer.toString();
    }

    private void logNamingException(NamingException namingException) {
        logNamingException(namingException, null);
    }

    private void logNamingException(NamingException namingException, String str) {
        if (str != null && tc.isDebugEnabled()) {
            Tr.debug(tc, "name = " + str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, namingException.getMessage());
        }
        if (namingException.getExplanation() != null && tc.isDebugEnabled()) {
            Tr.debug(tc, namingException.getExplanation());
        }
        if (namingException.getRootCause() == null || !tc.isDebugEnabled()) {
            return;
        }
        Tr.debug(tc, namingException.getRootCause().getMessage(), namingException.getRootCause());
    }

    protected DirContext getDirContext() throws NamingException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDirContext");
        }
        synchronized (this.lockObj1) {
            if (this.refresh) {
                refresh();
                this.refresh = false;
            }
            while (this.DirContextPool != null && this.DirContextPool.size() > this.maxIdleContext) {
                try {
                    DirContext dirContext = (DirContext) this.DirContextPool.lastElement();
                    this.DirContextPool.removeElement(dirContext);
                    dirContext.close();
                    this.ContextPoolSize--;
                } catch (Exception e) {
                }
            }
            if (this.DirContextPool != null && this.DirContextPool.size() > 0) {
                DirContext dirContext2 = (DirContext) this.DirContextPool.lastElement();
                this.DirContextPool.removeElement(dirContext2);
                Tr.exit(tc, "getDirContext");
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getDirContext");
                }
                return dirContext2;
            }
            InitialDirContext initialDirContext = null;
            synchronized (this.lockObj2) {
                if (this.DirContextPool != null && this.DirContextPool.size() > 0) {
                    DirContext dirContext3 = (DirContext) this.DirContextPool.lastElement();
                    this.DirContextPool.removeElement(dirContext3);
                    Tr.exit(tc, "getRootDSE");
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getDirContext");
                    }
                    return dirContext3;
                }
                String directoryUrl = this.ldapConfig.getDirectoryUrl();
                StringTokenizer stringTokenizer = new StringTokenizer(directoryUrl);
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
                    ldapConfig.setDirectoryUrl(nextToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "try connect to " + nextToken);
                    }
                    try {
                        enterJNDI();
                        initialDirContext = new InitialDirContext(ldapConfig);
                        exitJNDI();
                        break;
                    } catch (NamingException e2) {
                        exitJNDI();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, e2.toString());
                        }
                        if (!stringTokenizer.hasMoreTokens()) {
                            if (e2 instanceof CommunicationException) {
                                Tr.audit(tc, "security.registry.ldap.connect.audit", new Object[]{directoryUrl});
                            }
                            if ((e2 instanceof AuthenticationException) && tc.isDebugEnabled()) {
                                Tr.debug(tc, "AuthenticationException is caught");
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.exit(tc, "getDirContext throwing ex=" + e2.toString());
                            }
                            throw e2;
                        }
                    }
                }
                for (int i = 0; i < this.maxContextPerConnection; i++) {
                    try {
                        enterJNDI();
                        DirContext dirContext4 = (DirContext) initialDirContext.lookup("");
                        exitJNDI();
                        this.DirContextPool.addElement(dirContext4);
                        this.ContextPoolSize++;
                    } catch (Exception e3) {
                        exitJNDI();
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, "create DirContext pool for this connection.");
                }
                this.ContextPoolSize++;
                if (tc.isDebugEnabled() && this.DirContextPool.size() + this.busyCount > 30) {
                    Tr.debug(tc, "DirContext pool size => " + this.DirContextPool.size() + this.busyCount);
                }
                this.currentActiveLDAP = (String) initialDirContext.getEnvironment().get("java.naming.provider.url");
                Tr.audit(tc, "security.registry.ldap.connected.audit", new Object[]{this.currentActiveLDAP});
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getDirContext");
                }
                return initialDirContext;
            }
        }
    }

    protected void recycle() {
        if (this.DirContextPool == null) {
            return;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "recycle");
        }
        while (!this.DirContextPool.isEmpty()) {
            try {
                DirContext dirContext = (DirContext) this.DirContextPool.lastElement();
                this.DirContextPool.removeElement(dirContext);
                dirContext.close();
            } catch (Exception e) {
            }
        }
        this.ContextPoolSize = 0;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "recycle");
        }
    }

    private synchronized void refresh() {
        LdapConfig ldapConfig = new LdapConfig(this.ldapConfig);
        if (this.bindDN != null) {
            ldapConfig.setAuthenticationPrincipal(this.bindDN);
        }
        if (this.bindPWD != null) {
            ldapConfig.setAuthenticationCredentials(this.bindPWD);
        }
        if (this.bindHost != null) {
            ldapConfig.setDirectoryUrl(this.bindHost);
        }
        try {
            new InitialDirContext(ldapConfig).close();
            if (this.bindHost != null) {
                this.ldapConfig.setDirectoryUrl(this.bindHost);
            }
            if (this.bindDN != null) {
                this.ldapConfig.setAuthenticationPrincipal(this.bindDN);
            }
            if (this.bindPWD != null) {
                this.ldapConfig.setAuthenticationCredentials(this.bindPWD);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LDAP registry has been refreshed.");
            }
            this.bindHost = null;
            this.bindDN = null;
            this.bindPWD = null;
            Tr.audit(tc, "security.registry.ldap.updated.audit");
            recycle();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LDAP registry can NOT be refreshed.");
            }
        }
    }

    public synchronized void refreshRegistry(String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = str2 != null ? "*****" : "null";
            objArr[2] = str3;
            Tr.entry(traceComponent, "refreshRegistry", objArr);
        }
        this.bindHost = null;
        this.bindDN = null;
        this.bindPWD = null;
        if (str3 != null && str3.length() > 0) {
            this.bindHost = str3;
        }
        if (str != null && str != "" && str2 != null && str2 != "") {
            this.bindDN = str;
            this.bindPWD = str2;
        }
        this.refresh = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshRegistry");
        }
    }

    private void exitJNDI() {
        Thread currentThread = Thread.currentThread();
        if (this.table1.contains(currentThread)) {
            this.table1.remove(currentThread);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exitJNDI:" + currentThread.getName());
            }
        }
        if (this.table2.contains(currentThread)) {
            this.table2.remove(currentThread);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exitJNDI:" + currentThread.getName());
            }
        }
        if (this.table3.contains(currentThread)) {
            this.table3.remove(currentThread);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "exitJNDI:" + currentThread.getName());
            }
        }
    }

    private void enterJNDI() {
        Thread currentThread = Thread.currentThread();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "enterJNDI:" + currentThread.getName());
        }
        this.table1.add(currentThread);
    }

    void interruptJNDI() {
        while (this.table3 != null && !this.table3.isEmpty()) {
            Thread thread = (Thread) this.table3.lastElement();
            this.table3.remove(thread);
            try {
                thread.interrupt();
                Thread.interrupted();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Thread interrupted: " + thread.getName());
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not interrupt thread: " + thread.getName());
                }
            }
        }
        while (this.table2 != null && !this.table2.isEmpty()) {
            Thread thread2 = (Thread) this.table2.lastElement();
            this.table2.removeElement(thread2);
            this.table3.addElement(thread2);
        }
        while (this.table1 != null && !this.table1.isEmpty()) {
            Thread thread3 = (Thread) this.table1.lastElement();
            this.table1.removeElement(thread3);
            this.table2.addElement(thread3);
        }
    }
}
