package org.apache.james.user.ldap;

import com.github.fge.lambdas.Throwing;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import jakarta.annotation.PreDestroy;
import jakarta.inject.Inject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration2.tree.ImmutableNode;
import org.apache.james.core.Domain;
import org.apache.james.core.Username;
import org.apache.james.lifecycle.api.Configurable;
import org.apache.james.metrics.api.GaugeRegistry;
import org.apache.james.user.api.UsersRepositoryException;
import org.apache.james.user.api.model.User;
import org.apache.james.user.lib.UsersDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.class */
public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable {
    private static final Logger LOGGER = LoggerFactory.getLogger(ReadOnlyLDAPUsersDAO.class);
    private final GaugeRegistry gaugeRegistry;
    private final LdapRepositoryConfiguration ldapConfiguration;
    private LDAPConnectionPool ldapConnectionPool;
    private Optional<Filter> userExtraFilter;
    private Filter objectClassFilter;
    private Filter listingFilter;

    @Inject
    public ReadOnlyLDAPUsersDAO(GaugeRegistry gaugeRegistry, LDAPConnectionPool lDAPConnectionPool, LdapRepositoryConfiguration ldapRepositoryConfiguration) {
        this.gaugeRegistry = gaugeRegistry;
        this.ldapConnectionPool = lDAPConnectionPool;
        this.ldapConfiguration = ldapRepositoryConfiguration;
    }

    public void configure(HierarchicalConfiguration<ImmutableNode> hierarchicalConfiguration) throws ConfigurationException {
    }

    public void init() throws Exception {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(getClass().getName() + ".init()\nLDAP hosts: " + String.valueOf(this.ldapConfiguration.getLdapHosts()) + "\nUser baseDN: " + this.ldapConfiguration.getUserBase() + "\nuserIdAttribute: " + this.ldapConfiguration.getUserIdAttribute() + "\nGroup restriction: " + String.valueOf(this.ldapConfiguration.getRestriction()) + "\nconnectionTimeout: " + this.ldapConfiguration.getConnectionTimeout() + "\nreadTimeout: " + this.ldapConfiguration.getReadTimeout());
        }
        this.userExtraFilter = Optional.ofNullable(this.ldapConfiguration.getFilter()).map(Throwing.function(Filter::create).sneakyThrow());
        this.objectClassFilter = Filter.createEqualityFilter("objectClass", this.ldapConfiguration.getUserObjectClass());
        this.listingFilter = (Filter) this.userExtraFilter.map(filter -> {
            return Filter.createANDFilter(new Filter[]{this.objectClassFilter, filter});
        }).orElse(this.objectClassFilter);
        if (!this.ldapConfiguration.getPerDomainBaseDN().isEmpty()) {
            Preconditions.checkState(this.ldapConfiguration.supportsVirtualHosting(), "'virtualHosting' is needed for per domain DNs");
        }
        this.gaugeRegistry.register("ldap-connection-available-count", () -> {
            return Integer.valueOf(this.ldapConnectionPool.getConnectionPoolStatistics().getNumAvailableConnections());
        });
        this.gaugeRegistry.register("ldap-created-connection-count", () -> {
            return Long.valueOf(this.ldapConnectionPool.getConnectionPoolStatistics().getNumSuccessfulConnectionAttempts());
        });
    }

    @PreDestroy
    void dispose() {
        this.ldapConnectionPool.close();
    }

    private Filter createFilter(String str, String str2) {
        Filter createEqualityFilter = Filter.createEqualityFilter(str2, str);
        return (Filter) this.userExtraFilter.map(filter -> {
            return Filter.createANDFilter(new Filter[]{this.objectClassFilter, createEqualityFilter, filter});
        }).orElseGet(() -> {
            return Filter.createANDFilter(new Filter[]{this.objectClassFilter, createEqualityFilter});
        });
    }

    private boolean userInGroupsMembershipList(DN dn, Map<String, Collection<DN>> map) {
        boolean z = false;
        Iterator<Collection<DN>> it = map.values().iterator();
        while (it.hasNext() && !z) {
            z = it.next().contains(dn);
        }
        return z;
    }

    private String userBase(Domain domain) {
        return (String) this.ldapConfiguration.getPerDomainBaseDN().getOrDefault(domain, this.ldapConfiguration.getUserBase());
    }

    private String userBase(Username username) {
        return (String) username.getDomainPart().map(this::userBase).orElse(this.ldapConfiguration.getUserBase());
    }

    private Set<DN> getAllUsersDNFromLDAP() {
        return (Set) allDNs().flatMap(Throwing.function(this::entriesFromDN).sneakyThrow()).map(Throwing.function((v0) -> {
            return v0.getParsedDN();
        })).collect(ImmutableSet.toImmutableSet());
    }

    private Stream<String> allDNs() {
        return Stream.concat(Stream.of(this.ldapConfiguration.getUserListBase()), this.ldapConfiguration.getPerDomainBaseDN().values().stream());
    }

    private Stream<SearchResultEntry> entriesFromDN(String str) throws LDAPSearchException {
        return entriesFromDN(str, "1.1");
    }

    private Stream<SearchResultEntry> entriesFromDN(String str, String str2) throws LDAPSearchException {
        return this.ldapConnectionPool.search(new SearchRequest(str, SearchScope.SUB, this.listingFilter, new String[]{str2})).getSearchEntries().stream();
    }

    private Stream<Username> getAllUsernamesFromLDAP() throws LDAPException {
        String orElse = this.ldapConfiguration.getUsernameAttribute().orElse(this.ldapConfiguration.getUserIdAttribute());
        return allDNs().flatMap(Throwing.function(str -> {
            return entriesFromDN(str, orElse);
        }).sneakyThrow()).flatMap(searchResultEntry -> {
            return Optional.ofNullable(searchResultEntry.getAttribute(orElse)).stream();
        }).map((v0) -> {
            return v0.getValue();
        }).map(Username::of).distinct();
    }

    private Collection<ReadOnlyLDAPUser> buildUserCollection(Collection<DN> collection) throws LDAPException {
        ArrayList arrayList = new ArrayList();
        Iterator<DN> it = collection.iterator();
        while (it.hasNext()) {
            Optional<ReadOnlyLDAPUser> buildUser = buildUser(it.next());
            Objects.requireNonNull(arrayList);
            buildUser.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    private Optional<ReadOnlyLDAPUser> searchAndBuildUser(Username username) throws LDAPException {
        SearchResultEntry searchResultEntry = (SearchResultEntry) this.ldapConnectionPool.search(userBase(username), SearchScope.SUB, createFilter(username.asString(), evaluateLdapUserRetrievalAttribute(username, this.ldapConfiguration.getResolveLocalPartAttribute())), this.ldapConfiguration.getReturnedAttributes()).getSearchEntries().stream().findFirst().orElse(null);
        return searchResultEntry == null ? Optional.empty() : (!this.ldapConfiguration.getRestriction().isActivated() || userInGroupsMembershipList(searchResultEntry.getParsedDN(), this.ldapConfiguration.getRestriction().getGroupMembershipLists(this.ldapConnectionPool))) ? Optional.of(new ReadOnlyLDAPUser(Username.of(searchResultEntry.getAttributeValue(this.ldapConfiguration.getUsernameAttribute().orElse(this.ldapConfiguration.getUserIdAttribute()))), searchResultEntry.getParsedDN(), this.ldapConnectionPool)) : Optional.empty();
    }

    private String evaluateLdapUserRetrievalAttribute(Username username, Optional<String> optional) {
        return username.asString().contains("@") ? this.ldapConfiguration.getUserIdAttribute() : optional.orElse(this.ldapConfiguration.getUserIdAttribute());
    }

    private Optional<ReadOnlyLDAPUser> buildUser(DN dn) throws LDAPException {
        return Optional.ofNullable(this.ldapConnectionPool.getEntry(dn.toString()).getAttributeValue(this.ldapConfiguration.getUsernameAttribute().orElse(this.ldapConfiguration.getUserIdAttribute()))).map(Username::of).map(username -> {
            return new ReadOnlyLDAPUser(username, dn, this.ldapConnectionPool);
        });
    }

    public boolean contains(Username username) throws UsersRepositoryException {
        return getUserByName(username).filter(readOnlyLDAPUser -> {
            return readOnlyLDAPUser.getUserName().equals(username);
        }).isPresent();
    }

    public int countUsers() throws UsersRepositoryException {
        try {
            return Math.toIntExact(doCountUsers());
        } catch (LDAPException e) {
            throw new UsersRepositoryException("Unable to retrieve user count from ldap", e);
        }
    }

    private long doCountUsers() throws LDAPException {
        return !this.ldapConfiguration.getRestriction().isActivated() ? getAllUsernamesFromLDAP().count() : getValidUserDNs().stream().map(Throwing.function(this::buildUser).sneakyThrow()).flatMap((v0) -> {
            return v0.stream();
        }).map((v0) -> {
            return v0.getUserName();
        }).distinct().count();
    }

    public Optional<ReadOnlyLDAPUser> getUserByName(Username username) throws UsersRepositoryException {
        try {
            return searchAndBuildUser(username);
        } catch (Exception e) {
            throw new UsersRepositoryException("Unable check user existence from ldap", e);
        }
    }

    public Iterator<Username> list() throws UsersRepositoryException {
        try {
            return !this.ldapConfiguration.getRestriction().isActivated() ? getAllUsernamesFromLDAP().iterator() : buildUserCollection(getValidUserDNs()).stream().map((v0) -> {
                return v0.getUserName();
            }).distinct().iterator();
        } catch (LDAPException e) {
            throw new UsersRepositoryException("Unable to list users from ldap", e);
        }
    }

    private Collection<DN> getValidUserDNs() throws LDAPException {
        Collection collection;
        Set<DN> allUsersDNFromLDAP = getAllUsersDNFromLDAP();
        if (this.ldapConfiguration.getRestriction().isActivated()) {
            Map<String, Collection<DN>> groupMembershipLists = this.ldapConfiguration.getRestriction().getGroupMembershipLists(this.ldapConnectionPool);
            collection = new ArrayList();
            for (DN dn : allUsersDNFromLDAP) {
                if (userInGroupsMembershipList(dn, groupMembershipLists)) {
                    collection.add(dn);
                }
            }
        } else {
            collection = allUsersDNFromLDAP;
        }
        return collection;
    }

    public void removeUser(Username username) throws UsersRepositoryException {
        throw new UsersRepositoryException("This user-repository is read-only. Modifications are not permitted.");
    }

    public void updateUser(User user) throws UsersRepositoryException {
        throw new UsersRepositoryException("This user-repository is read-only. Modifications are not permitted.");
    }

    public void addUser(Username username, String str) throws UsersRepositoryException {
        throw new UsersRepositoryException("This user-repository is read-only. Modifications are not permitted.");
    }
}
