package org.apache.ambari.server.security.ldap;

import com.google.common.collect.Sets;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.LdapUsernameCollisionHandlingBehavior;
import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
import org.apache.ambari.server.orm.DBAccessorImpl;
import org.apache.ambari.server.security.authorization.AmbariLdapUtils;
import org.apache.ambari.server.security.authorization.Group;
import org.apache.ambari.server.security.authorization.LdapServerProperties;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.control.PagedResultsCookie;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.filter.HardcodedFilter;
import org.springframework.ldap.filter.LikeFilter;
import org.springframework.ldap.filter.OrFilter;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.class */
public class AmbariLdapDataPopulator {
    private static final Logger LOG = LoggerFactory.getLogger(AmbariLdapDataPopulator.class);
    private Provider<AmbariLdapConfiguration> configurationProvider;
    private Users users;
    protected LdapServerProperties ldapServerProperties = null;
    private LdapTemplate ldapTemplate;
    private static final String UID_ATTRIBUTE = "uid";
    private static final String OBJECT_CLASS_ATTRIBUTE = "objectClass";
    private static final int USERS_PAGE_SIZE = 500;
    private static final String SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION = "com.sun.jndi.ldap.object.disableEndpointIdentification";
    private static final String IS_MEMBER_DN_REGEXP = "^(?i)(uid|cn|%s|%s)=.*$";
    private static final String MEMBER_ATTRIBUTE_REPLACE_STRING = "${member}";
    private static final String MEMBER_ATTRIBUTE_VALUE_PLACEHOLDER = "{member}";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator$LdapGroupContextMapper.class */
    public static class LdapGroupContextMapper implements ContextMapper {
        private final Set<LdapGroupDto> groups;
        private final LdapServerProperties ldapServerProperties;

        public LdapGroupContextMapper(Set<LdapGroupDto> set, LdapServerProperties ldapServerProperties) {
            this.groups = set;
            this.ldapServerProperties = ldapServerProperties;
        }

        public Object mapFromContext(Object obj) {
            DirContextAdapter dirContextAdapter = (DirContextAdapter) obj;
            String stringAttribute = dirContextAdapter.getStringAttribute(this.ldapServerProperties.getGroupNamingAttr());
            if (AmbariLdapUtils.isLdapObjectOutOfScopeFromBaseDn(dirContextAdapter, this.ldapServerProperties.getBaseDN())) {
                AmbariLdapDataPopulator.LOG.warn("Group '{}' is out of scope of the base DN. It will be skipped.", stringAttribute);
                return null;
            }
            if (stringAttribute == null) {
                return null;
            }
            LdapGroupDto ldapGroupDto = new LdapGroupDto();
            ldapGroupDto.setGroupName(stringAttribute.toLowerCase());
            String[] stringAttributes = dirContextAdapter.getStringAttributes(this.ldapServerProperties.getGroupMembershipAttr());
            if (stringAttributes != null) {
                for (String str : stringAttributes) {
                    ldapGroupDto.getMemberAttributes().add(str.toLowerCase());
                }
            }
            this.groups.add(ldapGroupDto);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator$LdapUserContextMapper.class */
    public static class LdapUserContextMapper implements ContextMapper {
        private final LdapServerProperties ldapServerProperties;

        public LdapUserContextMapper(LdapServerProperties ldapServerProperties) {
            this.ldapServerProperties = ldapServerProperties;
        }

        public Object mapFromContext(Object obj) {
            DirContextAdapter dirContextAdapter = (DirContextAdapter) obj;
            String stringAttribute = dirContextAdapter.getStringAttribute(this.ldapServerProperties.getUsernameAttribute());
            String stringAttribute2 = dirContextAdapter.getStringAttribute(AmbariLdapDataPopulator.UID_ATTRIBUTE);
            if (AmbariLdapUtils.isLdapObjectOutOfScopeFromBaseDn(dirContextAdapter, this.ldapServerProperties.getBaseDN())) {
                AmbariLdapDataPopulator.LOG.warn("User '{}' is out of scope of the base DN. It will be skipped.", stringAttribute);
                return null;
            }
            if (stringAttribute == null && stringAttribute2 == null) {
                AmbariLdapDataPopulator.LOG.warn("Ignoring LDAP user " + dirContextAdapter.getNameInNamespace() + " as it doesn't have required attributes uid and " + this.ldapServerProperties.getUsernameAttribute());
                return null;
            }
            LdapUserDto ldapUserDto = new LdapUserDto();
            ldapUserDto.setUserName(stringAttribute != null ? stringAttribute.toLowerCase() : null);
            ldapUserDto.setUid(stringAttribute2 != null ? stringAttribute2.toLowerCase() : null);
            ldapUserDto.setDn(dirContextAdapter.getNameInNamespace().toLowerCase());
            return ldapUserDto;
        }
    }

    @Inject
    public AmbariLdapDataPopulator(Provider<AmbariLdapConfiguration> provider, Users users) {
        this.configurationProvider = provider;
        this.users = users;
    }

    private synchronized LdapServerProperties getLdapProperties() {
        if (this.ldapServerProperties == null) {
            this.ldapServerProperties = getConfiguration().getLdapServerProperties();
        }
        return this.ldapServerProperties;
    }

    public boolean isLdapEnabled() {
        if (!getConfiguration().ldapEnabled()) {
            return false;
        }
        try {
            loadLdapTemplate().search(getLdapProperties().getBaseDN(), "uid=dummy_search", new AttributesMapper() { // from class: org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator.1
                public Object mapFromAttributes(Attributes attributes) throws NamingException {
                    return null;
                }
            });
            return true;
        } catch (Exception e) {
            LOG.error("Could not connect to LDAP server - " + e.getMessage());
            return false;
        }
    }

    public LdapSyncDto getLdapSyncInfo() {
        LdapSyncDto ldapSyncDto = new LdapSyncDto();
        Map<String, Group> internalGroups = getInternalGroups();
        Set<LdapGroupDto> externalLdapGroupInfo = getExternalLdapGroupInfo();
        for (LdapGroupDto ldapGroupDto : externalLdapGroupInfo) {
            if (internalGroups.containsKey(ldapGroupDto.getGroupName()) && internalGroups.get(ldapGroupDto.getGroupName()).isLdapGroup()) {
                ldapGroupDto.setSynced(true);
            } else {
                ldapGroupDto.setSynced(false);
            }
        }
        Map<String, User> internalUsers = getInternalUsers();
        Set<LdapUserDto> externalLdapUserInfo = getExternalLdapUserInfo();
        for (LdapUserDto ldapUserDto : externalLdapUserInfo) {
            String userName = ldapUserDto.getUserName();
            if (internalUsers.containsKey(userName) && internalUsers.get(userName).isLdapUser()) {
                ldapUserDto.setSynced(true);
            } else {
                ldapUserDto.setSynced(false);
            }
        }
        ldapSyncDto.setGroups(externalLdapGroupInfo);
        ldapSyncDto.setUsers(externalLdapUserInfo);
        return ldapSyncDto;
    }

    public LdapBatchDto synchronizeAllLdapGroups(LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize All LDAP groups...");
        Set<LdapGroupDto> externalLdapGroupInfo = getExternalLdapGroupInfo();
        Map<String, Group> internalGroups = getInternalGroups();
        Map<String, User> internalUsers = getInternalUsers();
        for (LdapGroupDto ldapGroupDto : externalLdapGroupInfo) {
            addLdapGroup(ldapBatchDto, internalGroups, ldapGroupDto);
            refreshGroupMembers(ldapBatchDto, ldapGroupDto, internalUsers, internalGroups, null, false);
        }
        for (Map.Entry<String, Group> entry : internalGroups.entrySet()) {
            if (entry.getValue().isLdapGroup()) {
                LdapGroupDto ldapGroupDto2 = new LdapGroupDto();
                ldapGroupDto2.setGroupName(entry.getValue().getGroupName());
                ldapBatchDto.getGroupsToBeRemoved().add(ldapGroupDto2);
            }
        }
        return ldapBatchDto;
    }

    public LdapBatchDto synchronizeAllLdapUsers(LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize All LDAP users...");
        Set<LdapUserDto> externalLdapUserInfo = getExternalLdapUserInfo();
        Map<String, User> internalUsers = getInternalUsers();
        for (LdapUserDto ldapUserDto : externalLdapUserInfo) {
            String userName = ldapUserDto.getUserName();
            if (internalUsers.containsKey(userName)) {
                User user = internalUsers.get(userName);
                if (user != null && !user.isLdapUser()) {
                    if (LdapUsernameCollisionHandlingBehavior.SKIP == getConfiguration().syncCollisionHandlingBehavior()) {
                        LOG.info("User '{}' skipped because it is local user", userName);
                        ldapBatchDto.getUsersSkipped().add(ldapUserDto);
                    } else {
                        ldapBatchDto.getUsersToBecomeLdap().add(ldapUserDto);
                        LOG.trace("Convert user '{}' to LDAP user.", userName);
                    }
                }
                internalUsers.remove(userName);
            } else {
                ldapBatchDto.getUsersToBeCreated().add(ldapUserDto);
            }
        }
        for (Map.Entry<String, User> entry : internalUsers.entrySet()) {
            if (entry.getValue().isLdapUser()) {
                LdapUserDto ldapUserDto2 = new LdapUserDto();
                ldapUserDto2.setUserName(entry.getValue().getUserName());
                ldapUserDto2.setDn(null);
                ldapBatchDto.getUsersToBeRemoved().add(ldapUserDto2);
            }
        }
        return ldapBatchDto;
    }

    public LdapBatchDto synchronizeLdapGroups(Set<String> set, LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize LDAP groups...");
        HashSet<LdapGroupDto> hashSet = new HashSet();
        for (String str : set) {
            Set<LdapGroupDto> ldapGroups = getLdapGroups(str);
            if (ldapGroups.isEmpty()) {
                throw new AmbariException("Couldn't sync LDAP group " + str + ", it doesn't exist");
            }
            hashSet.addAll(ldapGroups);
        }
        Map<String, Group> internalGroups = getInternalGroups();
        Map<String, User> internalUsers = getInternalUsers();
        for (LdapGroupDto ldapGroupDto : hashSet) {
            addLdapGroup(ldapBatchDto, internalGroups, ldapGroupDto);
            refreshGroupMembers(ldapBatchDto, ldapGroupDto, internalUsers, internalGroups, null, true);
        }
        return ldapBatchDto;
    }

    public LdapBatchDto synchronizeLdapUsers(Set<String> set, LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize LDAP users...");
        HashSet<LdapUserDto> hashSet = new HashSet();
        for (String str : set) {
            Set<LdapUserDto> ldapUsers = getLdapUsers(str);
            if (ldapUsers.isEmpty()) {
                throw new AmbariException("Couldn't sync LDAP user " + str + ", it doesn't exist");
            }
            hashSet.addAll(ldapUsers);
        }
        Map<String, User> internalUsers = getInternalUsers();
        for (LdapUserDto ldapUserDto : hashSet) {
            String userName = ldapUserDto.getUserName();
            if (internalUsers.containsKey(userName)) {
                User user = internalUsers.get(userName);
                if (user != null && !user.isLdapUser()) {
                    if (LdapUsernameCollisionHandlingBehavior.SKIP == getConfiguration().syncCollisionHandlingBehavior()) {
                        LOG.info("User '{}' skipped because it is local user", userName);
                        ldapBatchDto.getUsersSkipped().add(ldapUserDto);
                    } else {
                        ldapBatchDto.getUsersToBecomeLdap().add(ldapUserDto);
                    }
                }
                internalUsers.remove(userName);
            } else {
                ldapBatchDto.getUsersToBeCreated().add(ldapUserDto);
            }
        }
        return ldapBatchDto;
    }

    public LdapBatchDto synchronizeExistingLdapGroups(LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize Existing LDAP groups...");
        Map<String, Group> internalGroups = getInternalGroups();
        Map<String, User> internalUsers = getInternalUsers();
        for (Group group : Sets.newHashSet(internalGroups.values())) {
            if (group.isLdapGroup()) {
                Set<LdapGroupDto> ldapGroups = getLdapGroups(group.getGroupName());
                if (ldapGroups.isEmpty()) {
                    LdapGroupDto ldapGroupDto = new LdapGroupDto();
                    ldapGroupDto.setGroupName(group.getGroupName());
                    ldapBatchDto.getGroupsToBeRemoved().add(ldapGroupDto);
                } else {
                    refreshGroupMembers(ldapBatchDto, ldapGroups.iterator().next(), internalUsers, internalGroups, null, true);
                }
            }
        }
        return ldapBatchDto;
    }

    public LdapBatchDto synchronizeExistingLdapUsers(LdapBatchDto ldapBatchDto) throws AmbariException {
        LOG.trace("Synchronize Existing LDAP users...");
        for (User user : getInternalUsers().values()) {
            if (user.isLdapUser() && getLdapUsers(user.getUserName()).isEmpty()) {
                LdapUserDto ldapUserDto = new LdapUserDto();
                ldapUserDto.setUserName(user.getUserName());
                ldapUserDto.setDn(null);
                ldapBatchDto.getUsersToBeRemoved().add(ldapUserDto);
            }
        }
        return ldapBatchDto;
    }

    protected void refreshGroupMembers(LdapBatchDto ldapBatchDto, LdapGroupDto ldapGroupDto, Map<String, User> map, Map<String, Group> map2, Set<String> set, boolean z) throws AmbariException {
        LdapGroupDto ldapGroupByMemberAttr;
        HashSet<LdapUserDto> hashSet = new HashSet();
        if (set == null) {
            set = new HashSet();
        }
        for (String str : ldapGroupDto.getMemberAttributes()) {
            LdapUserDto ldapUserByMemberAttr = getLdapUserByMemberAttr(str);
            if (ldapUserByMemberAttr != null) {
                hashSet.add(ldapUserByMemberAttr);
            } else if (z && !set.contains(str) && (ldapGroupByMemberAttr = getLdapGroupByMemberAttr(str)) != null) {
                set.add(str);
                addLdapGroup(ldapBatchDto, map2, ldapGroupByMemberAttr);
                refreshGroupMembers(ldapBatchDto, ldapGroupByMemberAttr, map, map2, set, true);
            }
        }
        String groupName = ldapGroupDto.getGroupName();
        Map<String, User> internalMembers = getInternalMembers(groupName);
        for (LdapUserDto ldapUserDto : hashSet) {
            String userName = ldapUserDto.getUserName();
            if (map.containsKey(userName)) {
                User user = map.get(userName);
                if (user != null) {
                    if (!user.isLdapUser()) {
                        if (LdapUsernameCollisionHandlingBehavior.SKIP == getConfiguration().syncCollisionHandlingBehavior()) {
                            LOG.info("User '{}' skipped because it is local user", userName);
                            ldapBatchDto.getUsersSkipped().add(ldapUserDto);
                        } else {
                            ldapBatchDto.getUsersToBecomeLdap().add(ldapUserDto);
                        }
                    }
                    if (!internalMembers.containsKey(userName)) {
                        ldapBatchDto.getMembershipToAdd().add(new LdapUserGroupMemberDto(groupName, ldapUserDto.getUserName()));
                    }
                    internalMembers.remove(userName);
                } else if (!internalMembers.containsKey(userName)) {
                    ldapBatchDto.getMembershipToAdd().add(new LdapUserGroupMemberDto(groupName, ldapUserDto.getUserName()));
                }
            } else {
                ldapBatchDto.getUsersToBeCreated().add(ldapUserDto);
                ldapBatchDto.getMembershipToAdd().add(new LdapUserGroupMemberDto(groupName, ldapUserDto.getUserName()));
            }
        }
        Iterator<Map.Entry<String, User>> it = internalMembers.entrySet().iterator();
        while (it.hasNext()) {
            ldapBatchDto.getMembershipToRemove().add(new LdapUserGroupMemberDto(groupName, it.next().getValue().getUserName()));
        }
    }

    protected Set<LdapGroupDto> getLdapGroups(String str) {
        LdapServerProperties ldapProperties = getLdapProperties();
        return getFilteredLdapGroups(ldapProperties.getBaseDN(), new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getGroupObjectClass()), new LikeFilter(ldapProperties.getGroupNamingAttr(), str));
    }

    protected Set<LdapUserDto> getLdapUsers(String str) {
        LdapServerProperties ldapProperties = getLdapProperties();
        return getFilteredLdapUsers(ldapProperties.getBaseDN(), new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getUserObjectClass()), new LikeFilter(ldapProperties.getUsernameAttribute(), str));
    }

    protected LdapUserDto getLdapUserByMemberAttr(String str) {
        Set<LdapUserDto> filteredLdapUsers;
        LdapServerProperties ldapProperties = getLdapProperties();
        String uniqueIdByMemberPattern = getUniqueIdByMemberPattern(str, ldapProperties.getSyncUserMemberReplacePattern());
        Filter createCustomMemberFilter = createCustomMemberFilter(uniqueIdByMemberPattern, ldapProperties.getSyncUserMemberFilter());
        if (uniqueIdByMemberPattern != null && createCustomMemberFilter != null) {
            LOG.trace("Use custom filter '{}' for getting member user with default baseDN ('{}')", createCustomMemberFilter.encode(), ldapProperties.getBaseDN());
            filteredLdapUsers = getFilteredLdapUsers(ldapProperties.getBaseDN(), createCustomMemberFilter);
        } else if (uniqueIdByMemberPattern == null || !isMemberAttributeBaseDn(uniqueIdByMemberPattern)) {
            LOG.trace("Member cannot be used as baseDn: {}", uniqueIdByMemberPattern);
            filteredLdapUsers = getFilteredLdapUsers(ldapProperties.getBaseDN(), (Filter) new AndFilter().and(new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getUserObjectClass())).and(new EqualsFilter(ldapProperties.getUsernameAttribute(), uniqueIdByMemberPattern)));
        } else {
            LOG.trace("Member can be used as baseDn: {}", uniqueIdByMemberPattern);
            filteredLdapUsers = getFilteredLdapUsers(uniqueIdByMemberPattern, (Filter) new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getUserObjectClass()));
        }
        if (filteredLdapUsers.isEmpty()) {
            return null;
        }
        return filteredLdapUsers.iterator().next();
    }

    protected LdapGroupDto getLdapGroupByMemberAttr(String str) {
        Set<LdapGroupDto> filteredLdapGroups;
        LdapServerProperties ldapProperties = getLdapProperties();
        String uniqueIdByMemberPattern = getUniqueIdByMemberPattern(str, ldapProperties.getSyncGroupMemberReplacePattern());
        Filter createCustomMemberFilter = createCustomMemberFilter(uniqueIdByMemberPattern, ldapProperties.getSyncGroupMemberFilter());
        if (uniqueIdByMemberPattern != null && createCustomMemberFilter != null) {
            LOG.trace("Use custom filter '{}' for getting member group with default baseDN ('{}')", createCustomMemberFilter.encode(), ldapProperties.getBaseDN());
            filteredLdapGroups = getFilteredLdapGroups(ldapProperties.getBaseDN(), createCustomMemberFilter);
        } else if (uniqueIdByMemberPattern == null || !isMemberAttributeBaseDn(uniqueIdByMemberPattern)) {
            LOG.trace("Member cannot be used as baseDn: {}", uniqueIdByMemberPattern);
            filteredLdapGroups = getFilteredLdapGroups(ldapProperties.getBaseDN(), new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getGroupObjectClass()), getMemberFilter(uniqueIdByMemberPattern));
        } else {
            LOG.trace("Member can be used as baseDn: {}", uniqueIdByMemberPattern);
            filteredLdapGroups = getFilteredLdapGroups(uniqueIdByMemberPattern, (Filter) new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getGroupObjectClass()));
        }
        if (filteredLdapGroups.isEmpty()) {
            return null;
        }
        return filteredLdapGroups.iterator().next();
    }

    protected Filter createCustomMemberFilter(String str, String str2) {
        HardcodedFilter hardcodedFilter = null;
        if (StringUtils.isNotEmpty(str2)) {
            hardcodedFilter = new HardcodedFilter(str2.replace(MEMBER_ATTRIBUTE_VALUE_PLACEHOLDER, str));
        }
        return hardcodedFilter;
    }

    protected String getUniqueIdByMemberPattern(String str, String str2) {
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            try {
                Matcher matcher = Pattern.compile(str2).matcher(str);
                LOG.debug("Apply replace pattern '{}' on '{}' membership attribbute value.", str, str2);
                if (matcher.matches()) {
                    str = matcher.replaceAll(MEMBER_ATTRIBUTE_REPLACE_STRING);
                    LOG.debug("Membership attribute value after replace pattern applied: '{}'", str);
                } else {
                    LOG.warn("Membership attribute value pattern is not matched ({}) on '{}'", str2, str);
                }
            } catch (Exception e) {
                LOG.error("Error during replace memberAttribute '{}' with pattern '{}'", str, str2);
            }
        }
        return str;
    }

    protected void cleanUpLdapUsersWithoutGroup() throws AmbariException {
        for (User user : this.users.getAllUsers()) {
            if (user.isLdapUser() && user.getGroups().isEmpty()) {
                this.users.removeUser(user);
            }
        }
    }

    protected void addLdapGroup(LdapBatchDto ldapBatchDto, Map<String, Group> map, LdapGroupDto ldapGroupDto) {
        String groupName = ldapGroupDto.getGroupName();
        if (!map.containsKey(groupName)) {
            if (ldapBatchDto.getGroupsProcessedInternal().contains(ldapGroupDto)) {
                return;
            }
            ldapBatchDto.getGroupsToBeCreated().add(ldapGroupDto);
        } else {
            if (!map.get(groupName).isLdapGroup()) {
                ldapBatchDto.getGroupsToBecomeLdap().add(ldapGroupDto);
                LOG.trace("Convert group '{}' to LDAP group.", groupName);
            }
            map.remove(groupName);
            ldapBatchDto.getGroupsProcessedInternal().add(ldapGroupDto);
        }
    }

    protected boolean isMemberAttributeBaseDn(String str) {
        LdapServerProperties ldapProperties = getLdapProperties();
        return Pattern.compile(String.format(IS_MEMBER_DN_REGEXP, ldapProperties.getUsernameAttribute(), ldapProperties.getGroupNamingAttr())).matcher(str).find();
    }

    protected Set<LdapGroupDto> getExternalLdapGroupInfo() {
        LdapServerProperties ldapProperties = getLdapProperties();
        return getFilteredLdapGroups(ldapProperties.getBaseDN(), (Filter) new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getGroupObjectClass()));
    }

    private Filter getMemberFilter(String str) {
        return new OrFilter().or(new EqualsFilter(getLdapProperties().getDnAttribute(), str)).or(new EqualsFilter(UID_ATTRIBUTE, str));
    }

    private Set<LdapGroupDto> getFilteredLdapGroups(String str, Filter... filterArr) {
        AndFilter andFilter = new AndFilter();
        for (Filter filter : filterArr) {
            andFilter.and(filter);
        }
        return getFilteredLdapGroups(str, (Filter) andFilter);
    }

    private Set<LdapGroupDto> getFilteredLdapGroups(String str, Filter filter) {
        HashSet hashSet = new HashSet();
        LdapTemplate loadLdapTemplate = loadLdapTemplate();
        LdapServerProperties ldapProperties = getLdapProperties();
        LOG.trace("LDAP Group Query - Base DN: '{}' ; Filter: '{}'", str, filter.encode());
        loadLdapTemplate.search(str, filter.encode(), new LdapGroupContextMapper(hashSet, ldapProperties));
        return hashSet;
    }

    protected Set<LdapUserDto> getExternalLdapUserInfo() {
        LdapServerProperties ldapProperties = getLdapProperties();
        return getFilteredLdapUsers(ldapProperties.getBaseDN(), (Filter) new EqualsFilter(OBJECT_CLASS_ATTRIBUTE, ldapProperties.getUserObjectClass()));
    }

    private Set<LdapUserDto> getFilteredLdapUsers(String str, Filter... filterArr) {
        AndFilter andFilter = new AndFilter();
        for (Filter filter : filterArr) {
            andFilter.and(filter);
        }
        return getFilteredLdapUsers(str, (Filter) andFilter);
    }

    private Set<LdapUserDto> getFilteredLdapUsers(String str, Filter filter) {
        HashSet hashSet = new HashSet();
        LdapTemplate loadLdapTemplate = loadLdapTemplate();
        LdapServerProperties ldapProperties = getLdapProperties();
        PagedResultsDirContextProcessor createPagingProcessor = createPagingProcessor();
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningObjFlag(true);
        searchControls.setSearchScope(2);
        LdapUserContextMapper ldapUserContextMapper = new LdapUserContextMapper(ldapProperties);
        String encode = filter.encode();
        do {
            LOG.trace("LDAP User Query - Base DN: '{}' ; Filter: '{}'", str, encode);
            for (Object obj : ldapProperties.isPaginationEnabled() ? loadLdapTemplate.search(LdapUtils.newLdapName(str), encode, searchControls, ldapUserContextMapper, createPagingProcessor) : loadLdapTemplate.search(LdapUtils.newLdapName(str), encode, searchControls, ldapUserContextMapper)) {
                if (obj != null) {
                    hashSet.add((LdapUserDto) obj);
                }
            }
            if (!ldapProperties.isPaginationEnabled() || createPagingProcessor.getCookie() == null) {
                break;
            }
        } while (createPagingProcessor.getCookie().getCookie() != null);
        return hashSet;
    }

    protected Map<String, Group> getInternalGroups() {
        List<Group> allGroups = this.users.getAllGroups();
        HashMap hashMap = new HashMap();
        for (Group group : allGroups) {
            hashMap.put(group.getGroupName(), group);
        }
        return hashMap;
    }

    protected Map<String, User> getInternalUsers() {
        List<User> allUsers = this.users.getAllUsers();
        HashMap hashMap = new HashMap();
        LOG.trace("Get all users from Ambari Server.");
        for (User user : allUsers) {
            hashMap.put(user.getUserName(), user);
        }
        return hashMap;
    }

    protected Map<String, User> getInternalMembers(String str) {
        Collection<User> groupMembers = this.users.getGroupMembers(str);
        if (groupMembers == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        for (User user : groupMembers) {
            hashMap.put(user.getUserName(), user);
        }
        return hashMap;
    }

    protected LdapTemplate loadLdapTemplate() {
        LdapServerProperties ldapServerProperties = getConfiguration().getLdapServerProperties();
        if (this.ldapTemplate == null || !ldapServerProperties.equals(getLdapProperties())) {
            LOG.info("Reloading properties");
            this.ldapServerProperties = ldapServerProperties;
            LdapContextSource createLdapContextSource = createLdapContextSource();
            createLdapContextSource.setPooled(true);
            List<String> ldapUrls = this.ldapServerProperties.getLdapUrls();
            createLdapContextSource.setUrls((String[]) ldapUrls.toArray(new String[ldapUrls.size()]));
            if (!this.ldapServerProperties.isAnonymousBind()) {
                createLdapContextSource.setUserDn(this.ldapServerProperties.getManagerDn());
                createLdapContextSource.setPassword(this.ldapServerProperties.getManagerPassword());
            }
            if (this.ldapServerProperties.isUseSsl() && this.ldapServerProperties.isDisableEndpointIdentification()) {
                System.setProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION, DBAccessorImpl.TRUE);
                LOG.info("Disabled endpoint identification");
            } else {
                System.clearProperty(SYSTEM_PROPERTY_DISABLE_ENDPOINT_IDENTIFICATION);
                LOG.info("Removed endpoint identification disabling");
            }
            createLdapContextSource.setReferral(this.ldapServerProperties.getReferralMethod());
            try {
                createLdapContextSource.afterPropertiesSet();
                this.ldapTemplate = createLdapTemplate(createLdapContextSource);
                this.ldapTemplate.setIgnorePartialResultException(true);
            } catch (Exception e) {
                LOG.error("LDAP Context Source not loaded ", e);
                throw new UsernameNotFoundException("LDAP Context Source not loaded", e);
            }
        }
        return this.ldapTemplate;
    }

    protected LdapContextSource createLdapContextSource() {
        return new LdapContextSource();
    }

    protected PagedResultsDirContextProcessor createPagingProcessor() {
        return new PagedResultsDirContextProcessor(USERS_PAGE_SIZE, (PagedResultsCookie) null);
    }

    protected LdapTemplate createLdapTemplate(LdapContextSource ldapContextSource) {
        return new LdapTemplate(ldapContextSource);
    }

    private AmbariLdapConfiguration getConfiguration() {
        return (AmbariLdapConfiguration) this.configurationProvider.get();
    }
}
