package tigase.ldap.processors;

import com.unboundid.ldap.protocol.ProtocolOp;
import com.unboundid.ldap.protocol.SearchRequestProtocolOp;
import com.unboundid.ldap.protocol.SearchResultDoneProtocolOp;
import com.unboundid.ldap.protocol.SearchResultEntryProtocolOp;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import java.util.List;
import java.util.function.Consumer;
import java.util.function.Predicate;
import java.util.logging.Logger;
import java.util.stream.Stream;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.config.ConfigField;
import tigase.ldap.LdapConnectionManager;
import tigase.ldap.utils.DN;
import tigase.ldap.utils.FilterHelper;
import tigase.ldap.utils.Group;
import tigase.ldap.utils.PermissionCheck;
import tigase.xmpp.jid.BareJID;

@Bean(name = "searchRequest", active = true, parent = LdapConnectionManager.class)
/* loaded from: input_file:tigase/ldap/processors/SearchRequestProcessor.class */
public class SearchRequestProcessor extends AbstractLDAPProcessor<SearchRequestProtocolOp> {
    private static final Logger log = Logger.getLogger(SearchRequestProcessor.class.getCanonicalName());

    @ConfigField(desc = "Administrators group name", alias = "adminsGroupName", allowAliasFromParent = true)
    private String adminsGroupName = "Administrators";

    @ConfigField(desc = "Users group name", alias = "usersGroupName", allowAliasFromParent = true)
    private String usersGroupName = "Users";

    @Override // tigase.ldap.processors.LDAPProcessor
    public Class<SearchRequestProtocolOp> getSupportedProtocolOp() {
        return SearchRequestProtocolOp.class;
    }

    public void process(LDAPSession lDAPSession, SearchRequestProtocolOp searchRequestProtocolOp, Consumer<ProtocolOp> consumer) throws Exception {
        if (searchRequestProtocolOp.getBaseDN().isEmpty()) {
            consumer.accept(new SearchResultEntryProtocolOp(searchRequestProtocolOp.getBaseDN(), List.of()));
            consumer.accept(new SearchResultDoneProtocolOp(0, (String) null, (String) null, (List) null));
            return;
        }
        try {
            checkAuthorization(lDAPSession);
            try {
                DN parse = DN.parse(searchRequestProtocolOp.getBaseDN());
                log.finest(() -> {
                    return "search request base DN: " + String.valueOf(parse);
                });
                Filter filter = searchRequestProtocolOp.getFilter();
                log.finest(() -> {
                    return "search request filter: " + FilterHelper.printFilterTree(filter);
                });
                String ou = parse.getOu();
                boolean z = -1;
                switch (ou.hashCode()) {
                    case 82025960:
                        if (ou.equals("Users")) {
                            z = false;
                            break;
                        }
                        break;
                    case 2141373940:
                        if (ou.equals("Groups")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        processUserSearch(parse.getDomain(), filter, bareJID -> {
                            return canAccessToUserData(lDAPSession, bareJID);
                        }, consumer);
                        break;
                    case true:
                        processGroupSearch(parse.getDomain(), parse.getCn(), filter, bareJID2 -> {
                            return canAccessToUserData(lDAPSession, bareJID2);
                        }, consumer);
                        break;
                    default:
                        consumer.accept(new SearchResultDoneProtocolOp(92, (String) null, (String) null, (List) null));
                        break;
                }
            } catch (LDAPException e) {
                consumer.accept(new SearchResultDoneProtocolOp(e.toLDAPResult()));
            }
        } catch (LDAPException e2) {
            consumer.accept(new SearchResultDoneProtocolOp(e2.toLDAPResult()));
        }
    }

    private void processGroupSearch(String str, String str2, Filter filter, PermissionCheck permissionCheck, Consumer<ProtocolOp> consumer) throws Exception {
        List<Group> list = getGroups(str2 == null ? null : group -> {
            return group.name().equals(str2);
        }).filter(group2 -> {
            return FilterHelper.testGroup(str, group2, filter, permissionCheck);
        }).toList();
        DN dn = new DN();
        dn.setDomain(str);
        dn.setOU("Groups");
        for (Group group3 : list) {
            consumer.accept(new SearchResultEntryProtocolOp(dn.setCN(group3.name()).toString(), List.of(new Attribute("cn", group3.name()), new Attribute("objectclass", "posixGroup"))));
        }
        consumer.accept(new SearchResultDoneProtocolOp(0, (String) null, (String) null, (List) null));
    }

    private Stream<Group> getGroups(Predicate<Group> predicate) {
        Stream<Group> stream = getAllGroups().stream();
        if (predicate != null) {
            stream = stream.filter(predicate);
        }
        return stream;
    }

    private void processUserSearch(String str, Filter filter, PermissionCheck permissionCheck, Consumer<ProtocolOp> consumer) throws Exception {
        BareJID findUser = findUser(permissionCheck, str, filter);
        if (findUser != null) {
            List list = getAllGroups().stream().filter(group -> {
                return group.membershipPredicate().test(findUser);
            }).map((v0) -> {
                return v0.name();
            }).toList();
            DN dn = new DN();
            dn.setDomain(str);
            String dn2 = dn.copy().setOU("Users").setCN(findUser.getLocalpart()).toString();
            DN ou = dn.copy().setOU("Groups");
            consumer.accept(new SearchResultEntryProtocolOp(dn2, List.of(new Attribute("uid", findUser.getLocalpart()), new Attribute("cn", findUser.getLocalpart()), new Attribute("objectClass", "posixAccount"), new Attribute("mail", findUser.toString()), new Attribute("xmpp", findUser.toString()), new Attribute("memberOfGid", list), new Attribute("memberOf", list.stream().map(str2 -> {
                return ou.setCN(str2).toString();
            }).toList()), new Attribute("accountStatus", getAuthRepository().getAccountStatus(findUser).name()))));
        }
        consumer.accept(new SearchResultDoneProtocolOp(0, (String) null, (String) null, (List) null));
    }

    private BareJID findUser(PermissionCheck permissionCheck, String str, Filter filter) throws Exception {
        String extractUserId = FilterHelper.extractUserId(filter);
        log.finest(() -> {
            return "found user id " + extractUserId + " for domain " + str + " in filter...";
        });
        if (extractUserId == null) {
            return null;
        }
        BareJID bareJIDInstance = extractUserId.endsWith("@" + str) ? BareJID.bareJIDInstance(extractUserId) : BareJID.bareJIDInstance(extractUserId, str);
        permissionCheck.checkPermissionToAccess(bareJIDInstance);
        if (!getUserRepository().userExists(bareJIDInstance)) {
            log.finest(() -> {
                return "user " + String.valueOf(bareJIDInstance) + " not found in the user repository!";
            });
            return null;
        }
        if (FilterHelper.testUser(bareJIDInstance, filter, getAuthRepository(), str2 -> {
            Group groupByName = getGroupByName(str2);
            if (groupByName == null) {
                return false;
            }
            return groupByName.membershipPredicate().test(bareJIDInstance);
        })) {
            return bareJIDInstance;
        }
        log.finest(() -> {
            return "user " + String.valueOf(bareJIDInstance) + " do not match passed filter " + FilterHelper.printFilterTree(filter);
        });
        return null;
    }

    private Group getGroupByName(String str) {
        return getAllGroups().stream().filter(group -> {
            return group.name().equals(str);
        }).findFirst().orElse(null);
    }

    private List<Group> getAllGroups() {
        return List.of(new Group(this.adminsGroupName, this::isAdmin), new Group(this.usersGroupName, bareJID -> {
            return getUserRepository().userExists(bareJID);
        }));
    }

    @Override // tigase.ldap.processors.LDAPProcessor
    public /* bridge */ /* synthetic */ void process(LDAPSession lDAPSession, ProtocolOp protocolOp, Consumer consumer) throws Exception {
        process(lDAPSession, (SearchRequestProtocolOp) protocolOp, (Consumer<ProtocolOp>) consumer);
    }
}
