package com.ibm.ejs.security.registry.ldap;

import com.ibm.WebSphereSecurity.AuthenticationFailedException;
import com.ibm.WebSphereSecurity.AuthenticationNotSupportedException;
import com.ibm.WebSphereSecurity.BasicAuthData;
import com.ibm.WebSphereSecurity.Credential;
import com.ibm.WebSphereSecurity.ValidationNotSupportedException;
import com.ibm.ejs.models.base.config.server.impl.PathMapImpl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.auth.CredentialMapFailedException;
import com.ibm.ejs.security.auth.CredentialMapNotSupportedException;
import com.ibm.ejs.security.registry.NoSuchEntryException;
import com.ibm.ejs.security.registry.RegistryErrorException;
import com.ibm.ejs.security.registry.RegistryException;
import com.ibm.ejs.security.registry.UnsupportedEntryTypeException;
import com.ibm.ejs.security.registry.WSRegistryImpl;
import com.ibm.ejs.security.registry.WSRegistryImplFactory;
import com.ibm.ejs.security.registry.ldap.IdMap;
import com.ibm.ejs.security.util.Constants;
import com.ibm.ejs.security.util.TypedStringCollection;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.ConfigurationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.omg.CORBA.portable.IDLEntity;

/* loaded from: input_file:lib/security.jar:com/ibm/ejs/security/registry/ldap/LdapRegistryImpl.class */
public class LdapRegistryImpl extends WSRegistryImpl {
    private static TraceComponent tc;
    private static final int RETRIES = 3;
    private static final String USER_FILTER = "user.filter";
    private static final String GROUP_FILTER = "group.filter";
    private static final String CERTIFICATE_MAP_MODE = "certificate.map.mode";
    private static final String CERTIFICATE_MAP_FILTER = "certificate.map.filter";
    private static final String[] noAttrs;
    private static final String OBJECT_FILTER = "(objectclass=*)";
    private static final String[] dnAttrib;
    private static boolean URLContextImpl;
    private static String LdapURL;
    private static int searchTimeLimit;
    private LdapConfig ldapConfig;
    private IdMap idMap;
    private CertificateMapper certMap;
    static Class class$com$ibm$ejs$security$registry$ldap$LdapRegistryImpl;

    protected DirContext getRootDSE() throws NamingException {
        Tr.entry(tc, "getRootDSE");
        if (isStopped()) {
            Tr.exit(tc, "getRootDSE", "stopped");
            throw new ConfigurationException();
        }
        DirContext rootDSE = this.ldapConfig.getRootDSE();
        Tr.exit(tc, "getRootDSE");
        return rootDSE;
    }

    protected void disconnect() {
        Tr.entry(tc, "disconnect");
        this.ldapConfig.disconnect();
        Tr.exit(tc, "disconnect");
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl, com.ibm.ejs.security.registry.RegistryImpl
    public Credential authenticate(BasicAuthData basicAuthData) throws AuthenticationFailedException, AuthenticationNotSupportedException, RegistryErrorException {
        Tr.entry(tc, "authenticate");
        checkStopped();
        String str = null;
        try {
            String str2 = basicAuthData.userId;
            String str3 = basicAuthData.password;
            Tr.debug(tc, "Authenticating", str2);
            if (str2.length() == 0 || str3.length() == 0) {
                IDLEntity authenticationFailedException = new AuthenticationFailedException();
                Tr.exit(tc, "authenticate", authenticationFailedException);
                throw authenticationFailedException;
            }
            if (str2.indexOf(61) >= 0) {
                try {
                    str2 = getNormalizedDN(str2);
                    str = authenticate(str2, str3);
                } catch (RegistryException e) {
                }
            }
            if (str == null) {
                Tr.debug(tc, "Searching for users");
                Enumeration users = getUsers(escapeChar(str2, '*'));
                if (!users.hasMoreElements()) {
                    IDLEntity authenticationFailedException2 = new AuthenticationFailedException();
                    Tr.exit(tc, "authenticate", authenticationFailedException2);
                    throw authenticationFailedException2;
                }
                str2 = (String) users.nextElement();
                Tr.debug(tc, "Found user", str2);
                if (users.hasMoreElements()) {
                    IDLEntity authenticationFailedException3 = new AuthenticationFailedException();
                    Tr.exit(tc, "authenticate", authenticationFailedException3);
                    throw authenticationFailedException3;
                }
                str = authenticate(str2, str3);
            }
            Tr.debug(tc, "Authenticated with", str2);
            Credential createCredential = createCredential(str);
            Tr.exit(tc, "authenticate");
            return createCredential;
        } catch (Exception e2) {
            Tr.exit(tc, "authenticate", e2);
            throw new AuthenticationFailedException();
        }
    }

    protected String authenticate(String str, String str2) throws AuthenticationFailedException, AuthenticationNotSupportedException, RegistryErrorException {
        checkStopped();
        LdapConfig ldapConfig = new LdapConfig(this.ldapConfig, false);
        ldapConfig.setAuthenticationPrincipal(escapeChar(str, '*'));
        ldapConfig.setAuthenticationCredentials(str2);
        try {
            long currentTimeMillis = System.currentTimeMillis();
            new InitialDirContext(ldapConfig).close();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer("Time elapsed to open/close DirContext: ").append(System.currentTimeMillis() - currentTimeMillis).toString());
            }
            return str;
        } catch (AuthenticationException e) {
            throw new AuthenticationFailedException();
        } catch (javax.naming.AuthenticationNotSupportedException e2) {
            throw new AuthenticationNotSupportedException();
        } catch (NamingException e3) {
            logNamingException(e3, str);
            throw new RegistryErrorException(e3.getMessage());
        }
    }

    private static String normalizeDN(String str) {
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(length);
        boolean z = true;
        boolean z2 = true;
        char c = ' ';
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (!z) {
                if ((charAt == ',' || charAt == ';') && c != '\\') {
                    z = true;
                    z2 = true;
                }
                stringBuffer.append(charAt);
            } else if (charAt != ' ') {
                if (z2) {
                    stringBuffer.append(Character.toLowerCase(charAt));
                } else {
                    stringBuffer.append(charAt);
                    z = false;
                }
                if (charAt == '=') {
                    z2 = false;
                }
            }
            c = charAt;
        }
        return stringBuffer.toString();
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl, com.ibm.ejs.security.registry.RegistryImpl
    public Credential mapCredential(Credential credential) throws CredentialMapNotSupportedException, CredentialMapFailedException, RegistryErrorException {
        Tr.entry(tc, "mapCredential");
        checkStopped();
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(credential.credentialToken));
            String str = null;
            try {
                String ldapSearchFilter = this.certMap.getLdapSearchFilter(x509Certificate);
                int ldapSearchScope = this.certMap.getLdapSearchScope();
                try {
                    if (ldapSearchScope == 0) {
                        str = getNormalizedDN(ldapSearchFilter);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "certificate dn =", ldapSearchFilter);
                            Tr.debug(tc, "normalized  dn =", str);
                        }
                    } else {
                        EntryEnumeration search = search(ldapSearchScope, ldapSearchFilter, 0);
                        if (search.hasMoreElements()) {
                            str = (String) search.nextElement();
                            if (search.hasMoreElements()) {
                                String formattedMessage = Constants.nls.getFormattedMessage("security.registry.ldap.mapcredentialAmbiguous", new Object[]{x509Certificate.getSubjectDN().getName(), ldapSearchFilter}, "Cannot credential map given credential token for certificate subject DN {0} with filter {1} into LDAP because multiple entries match the filter.  This ambiguous condition is not supported.");
                                Tr.error(tc, formattedMessage);
                                throw new CredentialMapFailedException(formattedMessage);
                            }
                        }
                    }
                    if (str == null) {
                        String formattedMessage2 = Constants.nls.getFormattedMessage("security.registry.ldap.mapcredentialNotFound", new Object[]{x509Certificate.getSubjectDN().getName(), ldapSearchFilter}, "Cannot credential map given credential token for certificate subject DN {0} with filter {1} into LDAP because no entry in LDAP matches the DN or filter");
                        Tr.error(tc, formattedMessage2);
                        throw new CredentialMapFailedException(formattedMessage2);
                    }
                    try {
                        Credential createCredential = createCredential(str);
                        Tr.exit(tc, "mapCredential");
                        return createCredential;
                    } catch (NoSuchEntryException e) {
                        String formattedMessage3 = Constants.nls.getFormattedMessage("security.registry.ldap.mapcredentialNSEE", new Object[]{x509Certificate.getSubjectDN().getName(), str, ldapSearchFilter, e}, "Cannot create a credential for the mapped credential token into LDAP with subjectDN {0} and mapped name {1} using filter {2}. The exception is {3}");
                        Tr.error(tc, formattedMessage3);
                        throw new CredentialMapFailedException(formattedMessage3);
                    }
                } catch (NamingException e2) {
                    Tr.debug(tc, new StringBuffer().append("NamingException caught during LDAP operation while looking for: ").append(x509Certificate.getSubjectDN().getName()).toString());
                    String formattedMessage4 = Constants.nls.getFormattedMessage("security.registry.ldap.mapcredentialNamingEx", new Object[]{x509Certificate.getSubjectDN().getName(), ldapSearchFilter, e2}, "Cannot credential map given credential token for certificate subject DN {0} with filter {1} into LDAP because a NamingException occured when searching LDAP.  The NamingException is {2}");
                    logNamingException(e2);
                    Tr.error(tc, formattedMessage4);
                    throw new CredentialMapFailedException(formattedMessage4);
                }
            } catch (CertificateMapperException e3) {
                Tr.debug(tc, new StringBuffer().append("CertificatMapperException caught during LDAP operation while looking for: ").append(x509Certificate.getSubjectDN().getName()).toString());
                String formattedMessage5 = Constants.nls.getFormattedMessage("security.registry.ldap.mapcredentialBadFilter", new Object[]{x509Certificate.getSubjectDN().getName(), e3.getMessage()}, "Cannot credential map given credential token for certificate subject DN {0} into LDAP because of an LDAP filter mapping exception The CertificateMapperException is {1}");
                Tr.error(tc, formattedMessage5);
                throw new CredentialMapFailedException(formattedMessage5);
            }
        } catch (CertificateException e4) {
            Tr.exit(tc, "mapCredential", e4);
            throw new CredentialMapNotSupportedException("");
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl, com.ibm.ejs.security.registry.RegistryImpl
    public Credential validate(byte[] bArr) throws ValidationNotSupportedException, RegistryErrorException {
        Tr.entry(tc, "validate");
        IDLEntity validationNotSupportedException = new ValidationNotSupportedException();
        Tr.exit(tc, "validate", validationNotSupportedException);
        throw validationNotSupportedException;
    }

    public TypedStringCollection[] getAssociatedPrivilegeAttributeIds(String str, String str2) throws RegistryErrorException, UnsupportedEntryTypeException, NoSuchEntryException {
        Tr.entry(tc, "getAssociatedPrivilegeAttributeIds");
        TypedStringCollection[] associatedEntries = getAssociatedEntries(str, str2);
        Tr.exit(tc, "getAssociatedPrivilegeAttributeIds");
        return associatedEntries;
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getGroupDisplayName(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getGroupDisplayName");
        String str2 = null;
        try {
            Attributes attributes = getAttributes(str, this.idMap.getAttributes());
            str2 = this.idMap.getGroupName(attributes);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security name =", str);
                Tr.debug(tc, "Attributes =", attributes);
                Tr.debug(tc, "Name =", attributes);
            }
        } catch (NamingException e) {
            logNamingException(e);
        }
        if (str2 == null) {
            str2 = "";
        }
        Tr.exit(tc, "getGroupDisplayName");
        return str2;
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getGroupPrivilegeAttributeId(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getGroupPrivilegeAttributeId");
        try {
            str = getNormalizedDN(str);
            Tr.exit(tc, "getGroupPrivilegeAttributeId");
            return appendRealm("group", str);
        } catch (NamingException e) {
            throw new NoSuchEntryException(str);
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public Enumeration getGroups() throws RegistryErrorException {
        Tr.entry(tc, "getGroups");
        Enumeration groups = getGroups("*");
        Tr.exit(tc, "getGroups");
        return groups;
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public List getGroups(String str, int i) throws RegistryErrorException {
        Tr.entry(tc, "getGroups");
        if (str.indexOf(61) < 0 || str.indexOf(44) < 0) {
            try {
                try {
                    EntryEnumeration search = search(2, this.ldapConfig.getFilter(GROUP_FILTER).prepare(str), i);
                    if (search == null) {
                        return new ArrayList(0);
                    }
                    ArrayList arrayList = new ArrayList(i);
                    while (search.hasMoreElements()) {
                        arrayList.add(search.nextElement());
                    }
                    return arrayList;
                } catch (NamingException e) {
                    logNamingException(e);
                    Tr.exit(tc, "getGroups", e);
                    throw new RegistryErrorException(e.getMessage());
                }
            } finally {
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "pattern is full DN");
        }
        try {
            try {
                EntryEnumeration search2 = search(str, 0, OBJECT_FILTER, 0);
                if (search2 == null) {
                    return new ArrayList(0);
                }
                ArrayList arrayList2 = new ArrayList(i);
                while (search2.hasMoreElements()) {
                    arrayList2.add(search2.nextElement());
                }
                return arrayList2;
            } catch (NamingException e2) {
                logNamingException(e2);
                Tr.exit(tc, "getGroups", e2);
                throw new RegistryErrorException(e2.getMessage());
            }
        } finally {
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockSplitter
        jadx.core.utils.exceptions.JadxRuntimeException: Incorrect nodes count for selectOther: B:19:0x0061 in [B:10:0x003c, B:19:0x0061, B:12:0x003e, B:15:0x0059]
        	at jadx.core.utils.BlockUtils.selectOther(BlockUtils.java:64)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.processBlocks(ResolveJavaJSR.java:101)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.lambda$resolveForRetBlock$1(ResolveJavaJSR.java:59)
        	at jadx.core.utils.BlockUtils.traversePredecessors(BlockUtils.java:548)
        	at jadx.core.utils.BlockUtils.visitPredecessorsUntil(BlockUtils.java:536)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolveForRetBlock(ResolveJavaJSR.java:52)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolve(ResolveJavaJSR.java:42)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.process(ResolveJavaJSR.java:27)
        	at jadx.core.dex.visitors.blocks.BlockSplitter.visit(BlockSplitter.java:72)
        */
    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public java.util.Enumeration getGroups(java.lang.String r7) throws com.ibm.ejs.security.registry.RegistryErrorException {
        /*
            r6 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getGroups"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
            r0 = 0
            r8 = r0
            r0 = r7
            r1 = 61
            int r0 = r0.indexOf(r1)
            if (r0 < 0) goto L6d
            r0 = r7
            r1 = 44
            int r0 = r0.indexOf(r1)
            if (r0 < 0) goto L6d
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L2d
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "pattern is full DN"
            com.ibm.ejs.ras.Tr.debug(r0, r1)
        L2d:
            r0 = r6
            r1 = r7
            r2 = 0
            java.lang.String r3 = "(objectclass=*)"
            r4 = 0
            com.ibm.ejs.security.registry.ldap.EntryEnumeration r0 = r0.search(r1, r2, r3, r4)     // Catch: javax.naming.NamingException -> L3e java.lang.Throwable -> L59
            r8 = r0
            r0 = r8
            r9 = r0
            r0 = jsr -> L61
        L3c:
            r1 = r9
            return r1
        L3e:
            r9 = move-exception
            r0 = r6
            r1 = r9
            r0.logNamingException(r1)     // Catch: java.lang.Throwable -> L59
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> L59
            java.lang.String r1 = "getGroups"
            r2 = r9
            com.ibm.ejs.ras.Tr.exit(r0, r1, r2)     // Catch: java.lang.Throwable -> L59
            com.ibm.ejs.security.registry.RegistryErrorException r0 = new com.ibm.ejs.security.registry.RegistryErrorException     // Catch: java.lang.Throwable -> L59
            r1 = r0
            r2 = r9
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Throwable -> L59
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L59
            throw r0     // Catch: java.lang.Throwable -> L59
        L59:
            r10 = move-exception
            r0 = jsr -> L61
        L5e:
            r1 = r10
            throw r1
        L61:
            r11 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getGroups"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
            ret r11
        L6d:
            r0 = r6
            com.ibm.ejs.security.registry.ldap.LdapConfig r0 = r0.ldapConfig     // Catch: javax.naming.NamingException -> L8c java.lang.Throwable -> La7
            java.lang.String r1 = "group.filter"
            com.ibm.ejs.security.registry.ldap.Filter r0 = r0.getFilter(r1)     // Catch: javax.naming.NamingException -> L8c java.lang.Throwable -> La7
            r1 = r7
            java.lang.String r0 = r0.prepare(r1)     // Catch: javax.naming.NamingException -> L8c java.lang.Throwable -> La7
            r9 = r0
            r0 = r6
            r1 = 2
            r2 = r9
            r3 = 0
            com.ibm.ejs.security.registry.ldap.EntryEnumeration r0 = r0.search(r1, r2, r3)     // Catch: javax.naming.NamingException -> L8c java.lang.Throwable -> La7
            r8 = r0
            r0 = r8
            r10 = r0
            r0 = jsr -> Laf
        L89:
            r1 = r10
            return r1
        L8c:
            r9 = move-exception
            r0 = r6
            r1 = r9
            r0.logNamingException(r1)     // Catch: java.lang.Throwable -> La7
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> La7
            java.lang.String r1 = "getGroups"
            r2 = r9
            com.ibm.ejs.ras.Tr.exit(r0, r1, r2)     // Catch: java.lang.Throwable -> La7
            com.ibm.ejs.security.registry.RegistryErrorException r0 = new com.ibm.ejs.security.registry.RegistryErrorException     // Catch: java.lang.Throwable -> La7
            r1 = r0
            r2 = r9
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Throwable -> La7
            r1.<init>(r2)     // Catch: java.lang.Throwable -> La7
            throw r0     // Catch: java.lang.Throwable -> La7
        La7:
            r12 = move-exception
            r0 = jsr -> Laf
        Lac:
            r1 = r12
            throw r1
        Laf:
            r13 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getGroups"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
            ret r13
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.getGroups(java.lang.String):java.util.Enumeration");
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String[] getGroupsForUser(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getGroupsForUser");
        IdMap.IdEntry[] groupMembers = this.idMap.getGroupMembers();
        if (groupMembers.length == 0) {
            return new String[0];
        }
        StringBuffer stringBuffer = new StringBuffer(escapeChar(escapeChar(str, '\\'), '*'));
        String str2 = "objectclass";
        int i = 0;
        while (true) {
            if (i >= groupMembers.length) {
                break;
            }
            if (groupMembers[i].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                str2 = "objectCategory";
                break;
            }
            i++;
        }
        StringBuffer stringBuffer2 = new StringBuffer("(|");
        for (int i2 = 0; i2 < groupMembers.length; i2++) {
            if (!groupMembers[i2].getObjectClassName().equalsIgnoreCase("objectCategory")) {
                stringBuffer2.append("(&(").append(str2).append("=").append(groupMembers[i2].getObjectClassName()).append(")(");
                stringBuffer2.append(groupMembers[i2].getAttributeName()).append("=").append(stringBuffer.toString()).append("))");
            }
        }
        stringBuffer2.append(PathMapImpl.SYMBOLIC_RIGHT_ENCLOSING);
        String stringBuffer3 = stringBuffer2.toString();
        try {
            Vector vector = new Vector(5);
            EntryEnumeration entryEnumeration = new EntryEnumeration(this.ldapConfig.getBaseDn(), search(this.ldapConfig.getBaseDn(), 2, stringBuffer3, dnAttrib, 0));
            while (entryEnumeration.hasMoreElements()) {
                vector.addElement(entryEnumeration.nextElement());
            }
            String[] strArr = new String[vector.size()];
            vector.copyInto(strArr);
            Tr.exit(tc, "getGroupsForUser");
            return strArr;
        } catch (NamingException e) {
            logNamingException(e);
            Tr.exit(tc, "getGroupsForUser", e);
            throw new RegistryErrorException(e.getMessage());
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String[] getUsersForGroup(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getUsersForGroup");
        try {
            Vector vector = new Vector(5);
            Enumeration users = getUsers();
            while (users.hasMoreElements()) {
                String str2 = (String) users.nextElement();
                for (String str3 : getGroupsForUser(str2)) {
                    if (str3.equals(str)) {
                        vector.addElement(str2);
                    }
                }
            }
            String[] strArr = new String[vector.size()];
            vector.copyInto(strArr);
            Tr.exit(tc, "getUsersForGroup");
            return strArr;
        } catch (NoSuchEntryException e) {
            Tr.exit(tc, "getUsersForGroup", e);
            throw new NoSuchEntryException(e.getMessage());
        } catch (RegistryErrorException e2) {
            Tr.exit(tc, "getUsersForGroup", e2);
            throw new RegistryErrorException(e2.getMessage());
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getGroupSecurityName(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getGroupSecurityName");
        try {
            str = getNormalizedDN(str);
            Tr.exit(tc, "getGroupSecurityName");
            return str;
        } catch (NamingException e) {
            throw new NoSuchEntryException(str);
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getUserDisplayName(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getUserDisplayName");
        String str2 = null;
        try {
            Attributes attributes = getAttributes(str, this.idMap.getAttributes());
            str2 = this.idMap.getUserName(attributes);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "securityName =", str);
                Tr.debug(tc, "attributes =", attributes);
                Tr.debug(tc, "userName =", str2);
            }
        } catch (NamingException e) {
            logNamingException(e);
        }
        if (str2 == null) {
            str2 = "";
        }
        Tr.exit(tc, "getUserDisplayName");
        return str2;
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getUserPrivilegeAttributeId(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getUserPrivilegeAttributeId");
        try {
            str = getNormalizedDN(str);
            Tr.exit(tc, "getUserPrivilegeAttributeId");
            return appendRealm("user", str);
        } catch (NamingException e) {
            throw new NoSuchEntryException(str);
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public List getUsers(String str, int i) throws RegistryErrorException {
        Tr.entry(tc, "getUsers");
        if (str.indexOf(61) < 0 || str.indexOf(44) < 0) {
            try {
                try {
                    EntryEnumeration search = search(2, this.ldapConfig.getFilter(USER_FILTER).prepare(str), i);
                    if (search == null) {
                        return new ArrayList(0);
                    }
                    ArrayList arrayList = new ArrayList(i);
                    while (search.hasMoreElements()) {
                        arrayList.add(search.nextElement());
                    }
                    return arrayList;
                } finally {
                }
            } catch (NamingException e) {
                logNamingException(e);
                Tr.exit(tc, "getUsers", e);
                throw new RegistryErrorException(e.getMessage());
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "pattern is full DN");
        }
        try {
            try {
                EntryEnumeration search2 = search(str, 0, OBJECT_FILTER, i);
                if (search2 == null) {
                    return new ArrayList(0);
                }
                ArrayList arrayList2 = new ArrayList(i);
                while (search2.hasMoreElements()) {
                    arrayList2.add(search2.nextElement());
                }
                return arrayList2;
            } catch (NamingException e2) {
                logNamingException(e2);
                Tr.exit(tc, "getUsers", e2);
                throw new RegistryErrorException(e2.getMessage());
            }
        } finally {
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockSplitter
        jadx.core.utils.exceptions.JadxRuntimeException: Incorrect nodes count for selectOther: B:19:0x0060 in [B:10:0x003b, B:19:0x0060, B:12:0x003d, B:15:0x0058]
        	at jadx.core.utils.BlockUtils.selectOther(BlockUtils.java:64)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.processBlocks(ResolveJavaJSR.java:101)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.lambda$resolveForRetBlock$1(ResolveJavaJSR.java:59)
        	at jadx.core.utils.BlockUtils.traversePredecessors(BlockUtils.java:548)
        	at jadx.core.utils.BlockUtils.visitPredecessorsUntil(BlockUtils.java:536)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolveForRetBlock(ResolveJavaJSR.java:52)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolve(ResolveJavaJSR.java:42)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.process(ResolveJavaJSR.java:27)
        	at jadx.core.dex.visitors.blocks.BlockSplitter.visit(BlockSplitter.java:72)
        */
    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public java.util.Enumeration getUsers(java.lang.String r7) throws com.ibm.ejs.security.registry.RegistryErrorException {
        /*
            r6 = this;
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getUsers"
            r2 = r7
            com.ibm.ejs.ras.Tr.entry(r0, r1, r2)
            r0 = r7
            r1 = 61
            int r0 = r0.indexOf(r1)
            if (r0 < 0) goto L6c
            r0 = r7
            r1 = 44
            int r0 = r0.indexOf(r1)
            if (r0 < 0) goto L6c
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L2c
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "pattern is full DN"
            com.ibm.ejs.ras.Tr.debug(r0, r1)
        L2c:
            r0 = r6
            r1 = r7
            r2 = 0
            java.lang.String r3 = "(objectclass=*)"
            r4 = 0
            com.ibm.ejs.security.registry.ldap.EntryEnumeration r0 = r0.search(r1, r2, r3, r4)     // Catch: javax.naming.NamingException -> L3d java.lang.Throwable -> L58
            r8 = r0
            r0 = r8
            r9 = r0
            r0 = jsr -> L60
        L3b:
            r1 = r9
            return r1
        L3d:
            r8 = move-exception
            r0 = r6
            r1 = r8
            r0.logNamingException(r1)     // Catch: java.lang.Throwable -> L58
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> L58
            java.lang.String r1 = "getUsers"
            r2 = r8
            com.ibm.ejs.ras.Tr.exit(r0, r1, r2)     // Catch: java.lang.Throwable -> L58
            com.ibm.ejs.security.registry.RegistryErrorException r0 = new com.ibm.ejs.security.registry.RegistryErrorException     // Catch: java.lang.Throwable -> L58
            r1 = r0
            r2 = r8
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Throwable -> L58
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L58
            throw r0     // Catch: java.lang.Throwable -> L58
        L58:
            r10 = move-exception
            r0 = jsr -> L60
        L5d:
            r1 = r10
            throw r1
        L60:
            r11 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getUsers"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
            ret r11
        L6c:
            r0 = r6
            com.ibm.ejs.security.registry.ldap.LdapConfig r0 = r0.ldapConfig     // Catch: javax.naming.NamingException -> L8b java.lang.Throwable -> La6
            java.lang.String r1 = "user.filter"
            com.ibm.ejs.security.registry.ldap.Filter r0 = r0.getFilter(r1)     // Catch: javax.naming.NamingException -> L8b java.lang.Throwable -> La6
            r1 = r7
            java.lang.String r0 = r0.prepare(r1)     // Catch: javax.naming.NamingException -> L8b java.lang.Throwable -> La6
            r8 = r0
            r0 = r6
            r1 = 2
            r2 = r8
            r3 = 0
            com.ibm.ejs.security.registry.ldap.EntryEnumeration r0 = r0.search(r1, r2, r3)     // Catch: javax.naming.NamingException -> L8b java.lang.Throwable -> La6
            r9 = r0
            r0 = r9
            r10 = r0
            r0 = jsr -> Lae
        L88:
            r1 = r10
            return r1
        L8b:
            r8 = move-exception
            r0 = r6
            r1 = r8
            r0.logNamingException(r1)     // Catch: java.lang.Throwable -> La6
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc     // Catch: java.lang.Throwable -> La6
            java.lang.String r1 = "getUsers"
            r2 = r8
            com.ibm.ejs.ras.Tr.exit(r0, r1, r2)     // Catch: java.lang.Throwable -> La6
            com.ibm.ejs.security.registry.RegistryErrorException r0 = new com.ibm.ejs.security.registry.RegistryErrorException     // Catch: java.lang.Throwable -> La6
            r1 = r0
            r2 = r8
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Throwable -> La6
            r1.<init>(r2)     // Catch: java.lang.Throwable -> La6
            throw r0     // Catch: java.lang.Throwable -> La6
        La6:
            r12 = move-exception
            r0 = jsr -> Lae
        Lab:
            r1 = r12
            throw r1
        Lae:
            r13 = r0
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.tc
            java.lang.String r1 = "getUsers"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
            ret r13
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ejs.security.registry.ldap.LdapRegistryImpl.getUsers(java.lang.String):java.util.Enumeration");
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public Enumeration getUsers() throws RegistryErrorException {
        Tr.entry(tc, "getUsers");
        Enumeration users = getUsers("*");
        Tr.exit(tc, "getUsers");
        return users;
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public String getUserSecurityName(String str) throws RegistryErrorException, NoSuchEntryException {
        Tr.entry(tc, "getUserSecurityName");
        try {
            str = getNormalizedDN(str);
            Tr.exit(tc, "getUserSecurityName");
            return str;
        } catch (NamingException e) {
            throw new NoSuchEntryException(str);
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl, com.ibm.ejs.security.registry.RegistryImpl
    public void initialize(Properties properties) throws RegistryErrorException {
        Tr.entry(tc, "initialize");
        this.type = WSRegistryImplFactory.LDAP;
        try {
            this.ldapConfig = new LdapConfig(properties, true);
            String directoryUrl = this.ldapConfig.getDirectoryUrl();
            if (directoryUrl == null || directoryUrl.length() == 0) {
                throw new RegistryErrorException("No Directory URL");
            }
            if (this.ldapConfig.getFilter(USER_FILTER) == null) {
                throw new RegistryErrorException("No User Filter");
            }
            if (this.ldapConfig.getFilter(GROUP_FILTER) == null) {
                throw new RegistryErrorException("No Group Filter");
            }
            this.realm = directoryUrl.substring(directoryUrl.indexOf("://") + 3, directoryUrl.length() - 1);
            this.idMap = new IdMap(this.ldapConfig);
            this.certMap = new CertificateMapper();
            try {
                this.certMap.setLdapMapMode(properties.getProperty(CERTIFICATE_MAP_MODE));
                this.certMap.setLdapFilterDescriptor(properties.getProperty(CERTIFICATE_MAP_FILTER));
            } catch (CertificateMapperException e) {
                Tr.debug(tc, "initialize", e);
            }
            try {
                int intValue = new Integer(System.getProperty("jndi.LDAP.SearchControl.TimeLimit")).intValue();
                if (intValue > 0) {
                    searchTimeLimit = intValue;
                }
            } catch (Exception e2) {
            }
            try {
                if (System.getProperty("jndi.LDAP.URLContextImplementation").equalsIgnoreCase("true")) {
                    URLContextImpl = true;
                    LdapURL = directoryUrl;
                    Tr.debug(tc, "Use URL Context Implementation.");
                }
            } catch (Exception e3) {
            }
            Tr.exit(tc, "initialize");
        } catch (Exception e4) {
            Tr.error(tc, Constants.nls.getString("security.registry.ldap.initerror", "LDAP initialization error"), e4);
            throw new RegistryErrorException(e4.toString());
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    protected void doStop(Properties properties) {
        Tr.entry(tc, "doStop");
        disconnect();
        Tr.exit(tc, "doStop");
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public boolean isValidGroup(String str) throws RegistryErrorException {
        Tr.entry(tc, "isValidGroup");
        try {
            return getEntry(str) != null;
        } catch (NamingException e) {
            logNamingException(e, str);
            return false;
        } finally {
            Tr.exit(tc, "isValidGroup");
        }
    }

    @Override // com.ibm.ejs.security.registry.WSRegistryImpl
    public boolean isValidUser(String str) throws RegistryErrorException {
        Tr.entry(tc, "isValidUser");
        try {
            return getEntry(str) != null;
        } catch (NamingException e) {
            logNamingException(e, str);
            Tr.debug(tc, "isValidUser", e);
            Tr.exit(tc, "isValidUser");
            return false;
        }
    }

    protected Attributes getAttributes(String str, String[] strArr) throws NamingException {
        NamingEnumeration search = search(escapeChar(str, '*'), 0, OBJECT_FILTER, strArr, 0);
        if (search.hasMoreElements()) {
            return ((SearchResult) search.nextElement()).getAttributes();
        }
        return null;
    }

    protected String getEntry(String str) throws NamingException {
        EntryEnumeration search = search(str, 0, OBJECT_FILTER, 0);
        String str2 = null;
        if (search.hasMoreElements()) {
            str2 = (String) search.nextElement();
        }
        return str2;
    }

    protected String getNormalizedDN(String str) throws NamingException {
        String str2 = null;
        int indexOf = str.indexOf(44);
        if (indexOf == -1) {
            indexOf = str.indexOf(59);
        }
        if (indexOf == -1) {
            try {
                str = escapeChar(str, '*');
                EntryEnumeration search = search(str, 0, OBJECT_FILTER, 0);
                if (search.hasMoreElements()) {
                    str2 = (String) search.nextElement();
                }
            } catch (NamingException e) {
                String string = Constants.nls.getString("security.registry.ldap.invalidUserID", "Invalid user LDAP ID. Possible causes: using invalid user ID or the user ID is not a directory entry. The administration ID (root DN) is not a directory entry on most LDAP servers. ");
                logNamingException(e, str);
                Tr.error(tc, string);
                throw e;
            }
        } else {
            try {
                str.length();
                EntryEnumeration search2 = search(this.ldapConfig.getBaseDn(), 2, escapeChar(str.substring(0, indexOf), '*'), 0);
                String normalizeDN = normalizeDN(str);
                while (str2 == null && search2.hasMoreElements()) {
                    String str3 = (String) search2.nextElement();
                    if (normalizeDN(str3).equalsIgnoreCase(normalizeDN)) {
                        str2 = str3;
                    }
                }
                str = escapeChar(str, '*');
                if (str2 == null) {
                    EntryEnumeration search3 = search(str, 0, OBJECT_FILTER, 0);
                    if (search3.hasMoreElements()) {
                        str2 = (String) search3.nextElement();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The first attribute in DN is not searchable, and SSO with non WebSphere applications may not work.");
                        }
                    }
                }
            } catch (NamingException e2) {
                String string2 = Constants.nls.getString("security.registry.ldap.invalidUserID", "Invalid LDAP user ID. Possible causes: using invalid user ID or the user ID is not a directory entry. The administration ID (root DN) is not a directory entry on most LDAP servers. ");
                logNamingException(e2, str);
                Tr.error(tc, string2);
                throw e2;
            }
        }
        return str2;
    }

    protected EntryEnumeration search(int i, String str, int i2) throws NamingException {
        return search(this.ldapConfig.getBaseDn(), i, str, i2);
    }

    protected EntryEnumeration search(String str, int i, String str2, int i2) throws NamingException {
        return new EntryEnumeration(str, search(str, i, str2, noAttrs, i2));
    }

    protected NamingEnumeration search(String str, int i, String str2, String[] strArr, int i2) throws NamingException {
        long j = 0;
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "search");
            StringBuffer stringBuffer = new StringBuffer("DN: ");
            stringBuffer.append(str);
            Tr.debug(tc, stringBuffer.toString());
            StringBuffer stringBuffer2 = new StringBuffer("Search scope: ");
            stringBuffer2.append(i);
            Tr.debug(tc, stringBuffer2.toString());
            StringBuffer stringBuffer3 = new StringBuffer("Filter: ");
            stringBuffer3.append(str2);
            Tr.debug(tc, stringBuffer3.toString());
            StringBuffer stringBuffer4 = new StringBuffer("Time limit: ");
            stringBuffer4.append(i2);
            Tr.debug(tc, stringBuffer4.toString());
            for (int i3 = 0; i3 < strArr.length; i3++) {
                StringBuffer stringBuffer5 = new StringBuffer("Attr[");
                stringBuffer5.append(i3);
                stringBuffer5.append("]: ");
                stringBuffer5.append(strArr[i3]);
                Tr.debug(tc, stringBuffer5.toString());
            }
        }
        NamingException namingException = null;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(i);
        searchControls.setReturningAttributes(strArr);
        searchControls.setReturningObjFlag(false);
        if (i2 != 0) {
            searchControls.setCountLimit(i2);
        }
        searchControls.setTimeLimit(searchTimeLimit);
        StringBuffer stringBuffer6 = new StringBuffer();
        if (LdapURL == null) {
            stringBuffer6.append(str);
        } else {
            stringBuffer6.append(LdapURL).append(str);
        }
        for (int i4 = 0; i4 < 3; i4++) {
            try {
                j = System.currentTimeMillis();
                NamingEnumeration search = getRootDSE().search(stringBuffer6.toString(), str2, searchControls);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer("Time elapsed: ").append(System.currentTimeMillis() - j).toString());
                    Tr.exit(tc, "search");
                }
                return search;
            } catch (NamingException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer("Time elapsed: ").append(System.currentTimeMillis() - j).toString());
                }
                logNamingException(e);
                disconnect();
                namingException = e;
            }
        }
        Tr.exit(tc, "search");
        throw namingException;
    }

    protected Credential createCredential(String str) throws RegistryErrorException, NoSuchEntryException {
        String[] strArr = null;
        try {
            strArr = getGroupsForUser(str);
        } catch (Exception e) {
            Tr.debug(tc, "No valid groups for user", e);
        }
        if (strArr == null) {
            strArr = new String[0];
        }
        String str2 = null;
        try {
            str2 = getUserDisplayName(str);
        } catch (Exception e2) {
        }
        if (str2 == null || str2.length() == 0) {
            str2 = str;
        }
        Credential credential = new Credential(WSRegistryImpl.nullByteArray, -1L, str2, str, strArr, WSRegistryImpl.nullString, WSRegistryImpl.nullStringArray);
        appendRealm(credential);
        return credential;
    }

    private static String escapeChar(String str, char c) {
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(2 * length);
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt == c) {
                stringBuffer.append('\\').append(charAt);
            } else {
                stringBuffer.append(charAt);
            }
        }
        return stringBuffer.toString();
    }

    private void logNamingException(NamingException namingException) {
        logNamingException(namingException, null);
    }

    private void logNamingException(NamingException namingException, String str) {
        if (str != null) {
            Tr.debug(tc, new StringBuffer().append("name = ").append(str).toString());
        }
        Tr.debug(tc, namingException.getMessage());
        if (namingException.getExplanation() != null) {
            Tr.debug(tc, namingException.getExplanation());
        }
        if (namingException.getRootCause() != null) {
            Tr.debug(tc, namingException.getRootCause().getMessage(), namingException.getRootCause());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ejs$security$registry$ldap$LdapRegistryImpl == null) {
            cls = class$("com.ibm.ejs.security.registry.ldap.LdapRegistryImpl");
            class$com$ibm$ejs$security$registry$ldap$LdapRegistryImpl = cls;
        } else {
            cls = class$com$ibm$ejs$security$registry$ldap$LdapRegistryImpl;
        }
        tc = Tr.register(cls);
        noAttrs = new String[0];
        dnAttrib = new String[]{"dn"};
        URLContextImpl = false;
        LdapURL = null;
        searchTimeLimit = 300000;
    }
}
