package edu.internet2.middleware.ldappc.util;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.ldappc.Ldappc;
import edu.internet2.middleware.ldappc.LdappcConfig;
import edu.internet2.middleware.ldappc.exception.LdappcException;
import edu.internet2.middleware.ldappc.util.LdapSearchFilter;
import edu.internet2.middleware.subject.Subject;
import edu.vt.middleware.ldap.SearchFilter;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import javax.naming.Name;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/ldappc/util/SubjectCache.class */
public class SubjectCache {
    private static final Logger LOG = LoggerFactory.getLogger(SubjectCache.class);
    private static final int DEFAULT_HASH_ESTIMATE = 25000;
    private Map<String, Hashtable<String, Set<Name>>> subjectIdToDnTables;
    private int subjectIdLookups;
    private int subjectIdTableHits;
    private Ldappc ldappc;

    public SubjectCache(Ldappc ldappc) {
        this.ldappc = ldappc;
        init();
    }

    public int getSubjectIdLookups() {
        return this.subjectIdLookups;
    }

    public int getSubjectIdTableHits() {
        return this.subjectIdTableHits;
    }

    public String getSubjectData(Subject subject) {
        return getSubjectData(subject, false);
    }

    public String getSubjectData(Subject subject, boolean z) {
        String str = "null";
        if (subject != null) {
            str = "[ NAME = " + subject.getName() + " ][ ID = " + subject.getId() + " ]";
            if (z) {
                str = str + "[ ATTRIBUTES = " + subject.getAttributes() + " ]";
            }
        }
        return str;
    }

    public Set<Name> findSubjectDn(Member member) throws NamingException, LdappcException {
        LdapSearchFilter sourceSubjectLdapFilter;
        String attributeValue;
        String subjectSourceId = member.getSubjectSourceId();
        if (subjectSourceId.equals(SubjectFinder.internal_getGSA().getId()) && !this.ldappc.getConfig().getProvisionMemberGroups()) {
            return null;
        }
        if (this.subjectIdToDnTables.get(subjectSourceId) == null) {
            this.subjectIdToDnTables.put(subjectSourceId, new Hashtable<>(DEFAULT_HASH_ESTIMATE));
        } else {
            Set<Name> set = this.subjectIdToDnTables.get(subjectSourceId).get(member.getSubjectId());
            if (set != null) {
                this.subjectIdTableHits++;
                LOG.debug("cache found dns '{}' for sourceId '{}' subjectId '{}'", new Object[]{set, subjectSourceId, member.getSubjectId()});
                return set;
            }
        }
        if (subjectSourceId.equals(SubjectFinder.internal_getGSA().getId())) {
            Group group = member.toGroup();
            Name calculateGroupDn = this.ldappc.calculateGroupDn(group);
            attributeValue = group.getName();
            sourceSubjectLdapFilter = new LdapSearchFilter(calculateGroupDn.toString(), 0, "(objectclass=*)", LdapSearchFilter.OnNotFound.warn, false);
        } else {
            sourceSubjectLdapFilter = this.ldappc.getConfig().getSourceSubjectLdapFilter(subjectSourceId);
            if (sourceSubjectLdapFilter == null) {
                throw new LdappcException("Ldap search filter not found using sourceId '" + subjectSourceId + "'");
            }
            String sourceSubjectNamingAttribute = this.ldappc.getConfig().getSourceSubjectNamingAttribute(subjectSourceId);
            if (sourceSubjectNamingAttribute == null) {
                throw new LdappcException("Subject source [ " + subjectSourceId + " ] does not identify a source subject naming attribute");
            }
            LOG.debug("get source attribute '{}' for subject '{}'", sourceSubjectNamingAttribute, member.getSubjectId());
            attributeValue = member.getSubject().getAttributeValue(sourceSubjectNamingAttribute);
            if (attributeValue == null) {
                if (sourceSubjectNamingAttribute.equalsIgnoreCase(LdappcConfig.GROUPER_ID_ATTRIBUTE)) {
                    attributeValue = member.getSubject().getId();
                }
                if (sourceSubjectNamingAttribute.equalsIgnoreCase(LdappcConfig.GROUPER_NAME_ATTRIBUTE)) {
                    attributeValue = member.getSubject().getName();
                }
            }
            if (attributeValue == null) {
                throw new LdappcException("Subject " + attributeValue + " ] has no value for attribute [ " + sourceSubjectNamingAttribute + " ]");
            }
        }
        Set<Name> findSubjectDn = findSubjectDn(sourceSubjectLdapFilter, attributeValue);
        if (findSubjectDn != null) {
            if (this.subjectIdToDnTables.get(subjectSourceId).get(member.getSubjectId()) == null) {
                this.subjectIdToDnTables.get(subjectSourceId).put(member.getSubjectId(), new LinkedHashSet());
            }
            this.subjectIdToDnTables.get(subjectSourceId).get(member.getSubjectId()).addAll(findSubjectDn);
            LOG.debug("search found dn '{}' for sourceId '{}' subjectId '{}'", new Object[]{findSubjectDn, subjectSourceId, member.getSubjectId()});
        }
        return findSubjectDn;
    }

    private Set<Name> findSubjectDn(LdapSearchFilter ldapSearchFilter, String str) throws NamingException, LdappcException {
        this.subjectIdLookups++;
        String base = ldapSearchFilter.getBase();
        String filter = ldapSearchFilter.getFilter();
        Object[] objArr = {str};
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(ldapSearchFilter.getScope());
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setCountLimit(2L);
        String str2 = "search for subjectId '" + str + "' base '" + base + "' filter '" + filter + "' args " + Arrays.asList(objArr);
        LOG.debug(str2);
        try {
            SearchFilter searchFilter = new SearchFilter(filter);
            searchFilter.setFilterArgs(objArr);
            Iterator search = this.ldappc.getContext().search(LdapUtil.escapeForwardSlash(base), searchFilter, searchControls);
            if (!search.hasNext()) {
                if (ldapSearchFilter.getOnNotFound().equals(LdapSearchFilter.OnNotFound.fail)) {
                    LOG.error("Subject not found using " + str2);
                    throw new LdappcException("Subject not found using " + str2);
                }
                if (!ldapSearchFilter.getOnNotFound().equals(LdapSearchFilter.OnNotFound.warn)) {
                    return null;
                }
                LOG.warn("Subject not found using " + str2);
                return null;
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            while (search.hasNext()) {
                SearchResult searchResult = (SearchResult) search.next();
                if (search.hasNext() && !ldapSearchFilter.getMultipleResults()) {
                    throw new LdappcException("Multiple entries found using " + str2);
                }
                if (!searchResult.isRelative()) {
                    throw new LdappcException("Unable to resolve the reference found using " + str2);
                }
                LOG.trace("found {}", searchResult.getName());
                linkedHashSet.add(new LdapName(LdapUtil.unescapeForwardSlash(searchResult.getName())));
            }
            return linkedHashSet;
        } catch (NameNotFoundException e) {
            if (ldapSearchFilter.getOnNotFound().equals(LdapSearchFilter.OnNotFound.fail)) {
                LOG.error("Subject not found using " + str2, e);
                throw new LdappcException((Throwable) e);
            }
            if (!ldapSearchFilter.getOnNotFound().equals(LdapSearchFilter.OnNotFound.warn)) {
                return null;
            }
            LOG.warn("Subject not found using " + str2);
            return null;
        }
    }

    public void init() {
        this.subjectIdLookups = 0;
        this.subjectIdTableHits = 0;
        this.subjectIdToDnTables = new HashMap();
        Map<String, Integer> sourceSubjectHashEstimates = this.ldappc.getConfig().getSourceSubjectHashEstimates();
        for (String str : this.ldappc.getConfig().getSourceSubjectLdapFilters().keySet()) {
            int i = DEFAULT_HASH_ESTIMATE;
            if (sourceSubjectHashEstimates.get(str) != null) {
                i = sourceSubjectHashEstimates.get(str).intValue();
            }
            if (this.subjectIdToDnTables.get(str) == null) {
                this.subjectIdToDnTables.put(str, new Hashtable<>(i));
            } else {
                this.subjectIdToDnTables.get(str).clear();
            }
        }
    }
}
