package org.openanzo.security.ldap;

import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPSearchConstraints;
import java.io.IOException;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.xml.datatype.XMLGregorianCalendar;
import org.openanzo.client.registry.LiteRegistryDataset;
import org.openanzo.datasource.IDatasourceListener;
import org.openanzo.datasource.services.AuthenticationCache;
import org.openanzo.datasource.services.BaseAuthenticationService;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.AnzoRuntimeException;
import org.openanzo.exceptions.EncryptionUtil;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.exceptions.IThrowingFunction1;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.IDataset;
import org.openanzo.rdf.MemURI;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.datatype.TypeMaps;
import org.openanzo.rdf.utils.Pair;
import org.openanzo.security.keystore.KeyStoreDictionary;
import org.openanzo.services.ActivityMessageBuilder;
import org.openanzo.services.AnzoPrincipal;
import org.openanzo.services.IClientEntitlementService;
import org.openanzo.services.IOperationContext;
import org.openanzo.services.ISystemTable;
import org.openanzo.services.ITokenAuthenticator;
import org.openanzo.services.LDAPDictionary;
import org.openanzo.services.ServicesDictionary;
import org.openanzo.services.SystemIssue;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openanzo/security/ldap/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends BaseAuthenticationService implements EventHandler {
    private String ldapHost;
    private Integer ldapPort;
    private String userBaseDN;
    private String roleBaseDN;
    private final String ldapPrefix = "ldap:///";
    private String rolesSearchTemplate;
    private MessageFormat rolesSearchTemplateFormat;
    private String userSearchTemplate;
    private MessageFormat userSearchTemplateFormat;
    private String uidIdAttribute;
    private String ldapAdministratorDN;
    private String ldapAdministratorPassword;
    private String serviceUserName;
    private String servicePassword;
    private boolean anonymousUserEnabled;
    private String keystoreFile;
    private String keystorePassword;
    private String keystoreType;
    private String truststoreFile;
    private String truststorePassword;
    private String truststoreType;
    private String sslProtocol;
    private LdapConnectionManager connectionManager;
    private final Set<URI> sysadminRoles;
    private Dictionary<String, ? extends Object> configProperties;
    private boolean connecting;
    private boolean offline;
    private boolean useSSL;
    private LDAPJSSESecureSocketFactory ssf;
    private final ReentrantReadWriteLock resetLock;
    public static final String KEY_OFFLINE = "org.openanzo.security.ldap.offline";
    private IDatasourceListener datasourceListener;
    private List<Pair<Long, Exception>> ldapExceptions;
    static final LDAPSearchConstraints userConstraints;
    ILdapAuthenticationStrategy authenticationStrategy;
    private boolean globalAnonymousEnabled;
    static final URI LDAP_DS = MemURI.create("http://cambridgesemantics.com/ontologies/2008/07/Ldap#LdapDatasource");
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LdapAuthenticationProvider.class);
    private static int MAX_RETRIES = 10;
    static final LDAPSearchConstraints defaultConstraints = new LDAPSearchConstraints();

    /* loaded from: input_file:org/openanzo/security/ldap/LdapAuthenticationProvider$UserResult.class */
    public static class UserResult {
        public String authenticateDN;
        public String uniqueID;

        public UserResult(String str, String str2) {
            this.authenticateDN = null;
            this.uniqueID = null;
            this.authenticateDN = str;
            this.uniqueID = str2;
        }
    }

    static {
        defaultConstraints.setServerTimeLimit(60);
        userConstraints = new LDAPSearchConstraints();
        userConstraints.setMaxResults(2);
        userConstraints.setServerTimeLimit(60);
        userConstraints.setReferralFollowing(false);
        userConstraints.setHopLimit(0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LdapAuthenticationProvider(ITokenAuthenticator iTokenAuthenticator, IClientEntitlementService iClientEntitlementService, Dictionary<String, ? extends Object> dictionary, AuthenticationCache authenticationCache) {
        super(iTokenAuthenticator, iClientEntitlementService, authenticationCache);
        this.ldapHost = null;
        this.ldapPort = null;
        this.userBaseDN = "ou=users,dc=openanzo,dc=org";
        this.roleBaseDN = "ou=groups,dc=openanzo,dc=org";
        this.ldapPrefix = "ldap:///";
        this.rolesSearchTemplate = "(&(member={0})(objectclass=groupOfNames))";
        this.rolesSearchTemplateFormat = null;
        this.userSearchTemplate = "(uid={0})";
        this.userSearchTemplateFormat = null;
        this.uidIdAttribute = null;
        this.ldapAdministratorDN = null;
        this.ldapAdministratorPassword = null;
        this.serviceUserName = null;
        this.servicePassword = null;
        this.anonymousUserEnabled = false;
        this.keystoreFile = null;
        this.keystorePassword = null;
        this.keystoreType = null;
        this.truststoreFile = null;
        this.truststorePassword = null;
        this.truststoreType = null;
        this.sslProtocol = null;
        this.connectionManager = null;
        this.sysadminRoles = new HashSet();
        this.configProperties = null;
        this.connecting = false;
        this.offline = false;
        this.useSSL = false;
        this.resetLock = new ReentrantReadWriteLock();
        this.datasourceListener = null;
        this.ldapExceptions = new ArrayList();
        this.configProperties = dictionary;
        Boolean anonymousAccessEnabled = LDAPAuthDictionary.getAnonymousAccessEnabled(dictionary);
        this.globalAnonymousEnabled = anonymousAccessEnabled == null ? false : anonymousAccessEnabled.booleanValue();
        this.datasourceListener = new IDatasourceListener() { // from class: org.openanzo.security.ldap.LdapAuthenticationProvider.1
            @Override // org.openanzo.datasource.IDatasourceListener
            public void resetStarting() throws AnzoException {
                if (LdapAuthenticationProvider.this.connectionManager == null || LdapAuthenticationProvider.this.connectionManager.pool == null) {
                    return;
                }
                LdapAuthenticationProvider.this.connectionManager.pool.clear();
            }

            @Override // org.openanzo.datasource.IDatasourceListener
            public void resetFinished() throws AnzoException {
            }
        };
    }

    public LdapAuthenticationProvider(ITokenAuthenticator iTokenAuthenticator, IClientEntitlementService iClientEntitlementService, Dictionary<String, ? extends Object> dictionary) {
        this(iTokenAuthenticator, iClientEntitlementService, dictionary, null);
    }

    protected LdapAuthenticationProvider(Dictionary<String, ? extends Object> dictionary) {
        this(null, null, dictionary, null);
    }

    @Override // org.openanzo.services.IStatisticsProvider
    public String getName() {
        return "LdapAuthenticationProvider";
    }

    @Override // org.openanzo.services.IStatisticsProvider
    public String getDescription() {
        return "Ldap Authentication Provider";
    }

    public void updateProperties(Dictionary<String, ? extends Object> dictionary) {
        this.configProperties = dictionary;
        try {
            start();
            disconnect();
            connect();
        } catch (AnzoException e) {
            if (log.isErrorEnabled()) {
                log.error(LogUtils.LIFECYCLE_MARKER, "Error updating ldap auth provider", (Throwable) e);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v54 */
    public void start() throws AnzoException {
        ?? r0 = this;
        synchronized (r0) {
            String rolesSearch = LDAPAuthDictionary.getRolesSearch(this.configProperties);
            if (rolesSearch != null) {
                this.rolesSearchTemplate = rolesSearch;
            }
            String userSearch = LDAPAuthDictionary.getUserSearch(this.configProperties);
            if (userSearch != null) {
                this.userSearchTemplate = userSearch;
            }
            String userIdAttribute = LDAPAuthDictionary.getUserIdAttribute(this.configProperties);
            if (userIdAttribute != null && userIdAttribute.length() > 0) {
                this.uidIdAttribute = userIdAttribute;
            }
            String userBaseDN = LDAPAuthDictionary.getUserBaseDN(this.configProperties);
            if (userBaseDN != null) {
                this.userBaseDN = userBaseDN;
            }
            String roleBaseDN = LDAPAuthDictionary.getRoleBaseDN(this.configProperties);
            if (roleBaseDN != null) {
                this.roleBaseDN = roleBaseDN;
            }
            String sysadminRole = LDAPAuthDictionary.getSysadminRole(this.configProperties);
            if (sysadminRole != null && !sysadminRole.equals("")) {
                StringTokenizer stringTokenizer = new StringTokenizer(sysadminRole, "|");
                while (stringTokenizer.hasMoreTokens()) {
                    this.sysadminRoles.add(Constants.valueFactory.createURI(stringTokenizer.nextToken()));
                }
            }
            Boolean useSSL = LDAPDictionary.getUseSSL(this.configProperties);
            if (useSSL != null) {
                this.useSSL = useSSL.booleanValue();
            }
            Boolean anonymousAccessEnabled = LDAPAuthDictionary.getAnonymousAccessEnabled(this.configProperties);
            this.anonymousUserEnabled = anonymousAccessEnabled == null ? false : anonymousAccessEnabled.booleanValue();
            this.serviceUserName = ServicesDictionary.getUser(this.configProperties, null);
            this.servicePassword = ServicesDictionary.getPassword(this.configProperties, null);
            this.ldapHost = LDAPDictionary.getHost(this.configProperties, null);
            this.ldapPort = (useSSL == null || !useSSL.booleanValue()) ? LDAPDictionary.getPort(this.configProperties, null) : LDAPDictionary.getSslPort(this.configProperties, null);
            this.ldapAdministratorDN = LDAPDictionary.getLdapServerUser(this.configProperties);
            this.ldapAdministratorPassword = LDAPDictionary.getLdapServerPassword(this.configProperties);
            this.ldapAdministratorDN = LDAPDictionary.getLdapServerUser(this.configProperties);
            this.ldapAdministratorPassword = LDAPDictionary.getLdapServerPassword(this.configProperties);
            this.keystoreFile = KeyStoreDictionary.getKeyFileLocation(this.configProperties);
            this.keystorePassword = KeyStoreDictionary.getKeyPassword(this.configProperties);
            this.keystoreType = KeyStoreDictionary.getKeystoreType(this.configProperties);
            this.truststoreFile = KeyStoreDictionary.getClientTrustFileLocation(this.configProperties);
            this.truststorePassword = KeyStoreDictionary.getClientTrustPassword(this.configProperties);
            this.truststoreType = KeyStoreDictionary.getClientTruststoreType(this.configProperties);
            this.sslProtocol = LDAPAuthDictionary.getSslProtocol(this.configProperties, "TLSv1.2");
            Object obj = this.configProperties.get(KEY_OFFLINE);
            if (obj != null && obj.equals("true")) {
                this.offline = true;
            }
            initialize();
            r0 = r0;
        }
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public void setPermissionRegistryDataset(IDataset iDataset) {
        if (getPermissionRegistryDataset() != null && (getPermissionRegistryDataset() instanceof LiteRegistryDataset)) {
            getPermissionRegistryDataset().unregisterDatasourceListener(this.datasourceListener);
        }
        super.setPermissionRegistryDataset(iDataset);
        if (iDataset instanceof LiteRegistryDataset) {
            ((LiteRegistryDataset) iDataset).registerDatasourceListener(this.datasourceListener);
        }
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public void stop() throws AnzoException {
        super.stop();
        disconnect();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v16 */
    /* JADX WARN: Type inference failed for: r0v17 */
    /* JADX WARN: Type inference failed for: r0v21 */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v40, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v47, types: [org.openanzo.security.ldap.LdapAuthenticationProvider] */
    /* JADX WARN: Type inference failed for: r0v49 */
    /* JADX WARN: Type inference failed for: r0v50 */
    /* JADX WARN: Type inference failed for: r0v9, types: [boolean] */
    private void connect() throws AnzoException {
        ?? r0 = this;
        synchronized (r0) {
            if (this.offline) {
                throw new AnzoException(ExceptionConstants.SERVER.LDAP_ERROR, new String[0]);
            }
            if (this.connectionManager == null) {
                AnzoException anzoException = null;
                r0 = this.connecting;
                if (r0 != 0) {
                    try {
                        r0 = this;
                        r0.wait(10000L);
                    } catch (InterruptedException e) {
                        if (log.isInfoEnabled()) {
                            log.info(LogUtils.LIFECYCLE_MARKER, "Connecting to LDAP interrupted", (Throwable) e);
                        }
                    }
                } else {
                    this.connecting = true;
                    r0 = 0;
                    int i = 0;
                    while (true) {
                        try {
                            r0 = i;
                            if (r0 >= MAX_RETRIES) {
                                break;
                            }
                            try {
                                bindUser(this.ldapAdministratorDN, this.ldapAdministratorPassword).disconnect();
                                r0 = this;
                                r0.connectionManager = new LdapConnectionManager(this.ldapAdministratorDN, this.ldapAdministratorPassword, this.ldapHost, this.ldapPort, this.useSSL, this.keystoreFile, this.keystorePassword, this.keystoreType, this.truststoreFile, this.truststorePassword, this.truststoreType, this.sslProtocol);
                                break;
                            } catch (Exception e2) {
                                if (log.isInfoEnabled()) {
                                    log.info(LogUtils.LIFECYCLE_MARKER, "Retrying connection to ldap server:" + i, (Throwable) e2);
                                }
                                boolean z = e2 instanceof AnzoException;
                                r0 = z;
                                if (z) {
                                    AnzoException anzoException2 = (AnzoException) e2;
                                    anzoException = anzoException2;
                                    r0 = anzoException2;
                                }
                                i++;
                                try {
                                    r0 = this;
                                    r0.wait(i * 1000);
                                } catch (InterruptedException e3) {
                                    if (log.isInfoEnabled()) {
                                        log.info(LogUtils.LIFECYCLE_MARKER, "Connecting to LDAP interrupted", (Throwable) e3);
                                    }
                                    return;
                                }
                            }
                        } finally {
                            notifyAll();
                            this.connecting = false;
                        }
                    }
                    if (this.connectionManager == null) {
                        if (anzoException != null) {
                            log.error(LogUtils.LIFECYCLE_MARKER, "Error connecting to ldap server", (Throwable) anzoException);
                        }
                        throw new AnzoException(ExceptionConstants.SERVER.LDAP_ERROR, new String[0]);
                    }
                }
            }
        }
    }

    private void disconnect() throws AnzoException {
        if (this.connectionManager != null) {
            this.connectionManager.close();
            this.connectionManager = null;
        }
    }

    private URI dnToUri(String str) throws AnzoException {
        try {
            return Constants.valueFactory.createURI(Utils.encodeLdapUri("ldap:///" + str));
        } catch (AnzoRuntimeException e) {
            throw e.getAnzoException();
        }
    }

    private String uriToDn(URI uri) throws AnzoException {
        return Utils.decodeLdapURI(uri.toString().substring("ldap:///".toString().length()));
    }

    private LDAPConnection bindUser(String str, String str2) throws AnzoException, LDAPException {
        LDAPConnection lDAPConnection = null;
        try {
            if (this.useSSL) {
                if (this.ssf == null) {
                    Security.addProvider(Security.getProvider("SunJSSE"));
                    this.ssf = new LDAPJSSESecureSocketFactory(Utils.getSSLSocketFactory(this.keystoreFile, this.keystorePassword, this.keystoreType, this.truststoreFile, this.truststorePassword, this.truststoreType, this.sslProtocol));
                }
                lDAPConnection = new LDAPConnection(this.ssf);
            } else {
                lDAPConnection = new LDAPConnection();
            }
            lDAPConnection.connect(this.ldapHost, this.ldapPort.intValue());
            log.debug("bindUser - connected to [{}:{}]", this.ldapHost, this.ldapPort);
            log.debug("bindUser - binding with userDN: {}, hasPassword: {}", str, Boolean.valueOf(str2 != null));
            lDAPConnection.bind(3, str, str2.getBytes(StandardCharsets.UTF_8));
            return lDAPConnection;
        } catch (LDAPException e) {
            this.ldapExceptions.add(new Pair<>(Long.valueOf(System.currentTimeMillis()), e));
            log.error(LogUtils.SECURITY_MARKER, "LdapException binding user [{}]:{}", str, e.getLDAPErrorMessage());
            try {
                lDAPConnection.disconnect();
            } catch (Exception unused) {
            }
            throw new AnzoException(ExceptionConstants.SERVER.BAD_USER_PASSWORD, (Throwable) e, str);
        }
    }

    public void setLdapAuthenticationStrategy(ILdapAuthenticationStrategy iLdapAuthenticationStrategy) {
        this.authenticationStrategy = iLdapAuthenticationStrategy;
    }

    private ILdapAuthenticationStrategy getLdapAuthenticationStrategy() {
        if (this.authenticationStrategy == null) {
            this.authenticationStrategy = new LdapAuthenticationStrategy();
        }
        return this.authenticationStrategy;
    }

    private UserResult searchForUser(IOperationContext iOperationContext, String str) throws AnzoException {
        if (this.connectionManager == null) {
            connect();
        }
        LDAPConnection connection = this.connectionManager.getConnection();
        try {
            try {
                UserResult searchForUser = getLdapAuthenticationStrategy().searchForUser(connection, this.userSearchTemplateFormat, str, this.userBaseDN, this.uidIdAttribute != null ? new String[]{this.uidIdAttribute} : null, userConstraints, iOperationContext);
                if (connection != null) {
                    if (0 != 0) {
                        this.connectionManager.abortConnection(connection);
                    } else {
                        this.connectionManager.returnConnection(connection);
                    }
                }
                return searchForUser;
            } catch (LDAPException e) {
                this.ldapExceptions.add(new Pair<>(Long.valueOf(System.currentTimeMillis()), e));
                log.error(LogUtils.SECURITY_MARKER, "LdapException searching for user", e);
                throw new AnzoException(e.getLDAPErrorMessage(), ExceptionConstants.SERVER.ERROR_SEARCHING_USERS, e, str);
            }
        } catch (Throwable th) {
            if (connection != null) {
                if (0 != 0) {
                    this.connectionManager.abortConnection(connection);
                } else {
                    this.connectionManager.returnConnection(connection);
                }
            }
            throw th;
        }
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    protected URI getUserURI(IOperationContext iOperationContext, String str) throws AnzoException {
        return dnToUri(searchForUser(iOperationContext, str).uniqueID);
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    protected AnzoPrincipal getIfSysadminUser(IOperationContext iOperationContext, String str) throws AnzoException {
        if (this.serviceUserName == null || !this.serviceUserName.equals(str)) {
            return null;
        }
        AnzoPrincipal sysadminPrincipal = this.cache.getSysadminPrincipal();
        if (sysadminPrincipal == null) {
            sysadminPrincipal = getPrincipal(str, Constants.DEFAULT_SYSADMIN, true, false, anzoPrincipal -> {
                return getSysadminRoles(iOperationContext, anzoPrincipal);
            });
            this.cache.setSysadminPrincipal(sysadminPrincipal);
        }
        return sysadminPrincipal;
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public String getServiceUsername() {
        return this.serviceUserName;
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public boolean isAnonymousUserEnabled() {
        return this.anonymousUserEnabled;
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public boolean isGlobalAnonymousEnabled() {
        return this.globalAnonymousEnabled;
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public Set<URI> getSysadminRoles() {
        return this.sysadminRoles;
    }

    private AnzoPrincipal getPrincipal(String str, URI uri, boolean z, boolean z2, IThrowingFunction1<AnzoPrincipal, Set<URI>, AnzoException> iThrowingFunction1) throws AnzoException {
        boolean z3;
        HashSet<URI> hashSet = new HashSet();
        hashSet.addAll(iThrowingFunction1.apply(new AnzoPrincipal(str, uri, hashSet, z, z2)));
        if (z) {
            z3 = true;
        } else if (this.sysadminRoles.isEmpty()) {
            z3 = z;
        } else {
            z3 = false;
            for (URI uri2 : hashSet) {
                if (!z3 && this.sysadminRoles.contains(uri2)) {
                    z3 = true;
                }
            }
        }
        return new AnzoPrincipal(str, uri, hashSet, z3, z2);
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    protected AnzoPrincipal authenticateUserInternal(IOperationContext iOperationContext, String str, String str2) throws AnzoException {
        if (str.equals(this.serviceUserName)) {
            if (str2.equals(this.servicePassword)) {
                return getPrincipal(str, Constants.DEFAULT_SYSADMIN, true, false, anzoPrincipal -> {
                    return getSysadminRoles(iOperationContext, anzoPrincipal);
                });
            }
            log.error(LogUtils.SECURITY_MARKER, "Exception authentication system user [{}] : password did not match.", str);
            throw new AnzoException(ExceptionConstants.SERVER.BAD_USER_PASSWORD, new String[0]);
        }
        if (this.anonymousUserEnabled && str.equals(Constants.DEFAULT_ANONYMOUS_USER)) {
            return getPrincipal(str, Constants.DEFAULT_ANONYMOUS, false, true, anzoPrincipal2 -> {
                return getAnonymousRoles(iOperationContext, anzoPrincipal2, this.globalAnonymousEnabled);
            });
        }
        if (str2 == null || str2.equals("")) {
            log.error(LogUtils.SECURITY_MARKER, "Ldap exception authentication user [{}] : non-empty password required.", str);
            throw new AnzoException(ExceptionConstants.SERVER.BAD_USER_PASSWORD, new String[0]);
        }
        if (this.connectionManager == null) {
            connect();
        }
        LDAPConnection lDAPConnection = null;
        try {
            log.debug("authenticateUserInternal - searching for user: {}", str);
            UserResult searchForUser = searchForUser(iOperationContext, str);
            try {
                log.debug("authenticateUserInternal - authenticate DN: {}", searchForUser.authenticateDN);
                lDAPConnection = bindUser(searchForUser.authenticateDN, str2);
                if (lDAPConnection != null) {
                    lDAPConnection.disconnect();
                }
                URI dnToUri = dnToUri(searchForUser.uniqueID);
                return getPrincipal(str, dnToUri, false, false, anzoPrincipal3 -> {
                    iOperationContext.setOperationPrincipal(anzoPrincipal3);
                    return getRolesForUser(iOperationContext, dnToUri);
                });
            } catch (Throwable th) {
                if (lDAPConnection != null) {
                    lDAPConnection.disconnect();
                }
                throw th;
            }
        } catch (LDAPException e) {
            this.ldapExceptions.add(new Pair<>(Long.valueOf(System.currentTimeMillis()), e));
            log.error(LogUtils.SECURITY_MARKER, "Ldap exception authentication user [" + str + "] : " + e.getLDAPErrorMessage(), e);
            throw new AnzoException(ExceptionConstants.SERVER.ERROR_SEARCHING_USERS, str);
        } catch (AnzoException e2) {
            log.info(LogUtils.SECURITY_MARKER, "Error authentication user", (Throwable) e2);
            throw e2;
        }
    }

    @Override // org.openanzo.datasource.services.BaseAuthenticationService
    public Set<URI> getRoles(IOperationContext iOperationContext, URI uri) throws AnzoException {
        String uriToDn = uriToDn(uri);
        if (this.connectionManager == null) {
            connect();
        }
        LDAPConnection connection = this.connectionManager.getConnection();
        if (this.roleBaseDN != null) {
            try {
                if (this.roleBaseDN.length() != 0) {
                    try {
                        HashSet hashSet = new HashSet(getLdapAuthenticationStrategy().getRoles(connection, this.rolesSearchTemplateFormat, uriToDn, this.roleBaseDN, null, defaultConstraints, iOperationContext));
                        if (connection != null) {
                            if (0 != 0) {
                                this.connectionManager.abortConnection(connection);
                            } else {
                                this.connectionManager.returnConnection(connection);
                            }
                        }
                        return hashSet;
                    } catch (LDAPException e) {
                        this.ldapExceptions.add(new Pair<>(Long.valueOf(System.currentTimeMillis()), e));
                        log.error(LogUtils.SECURITY_MARKER, "LdapException searching for user's [" + uriToDn + "] roles:" + e.getLDAPErrorMessage(), e);
                        throw new AnzoException(ExceptionConstants.SERVER.ERROR_SEARCHING_USERS, e, uriToDn);
                    }
                }
            } catch (Throwable th) {
                if (connection != null) {
                    if (0 != 0) {
                        this.connectionManager.abortConnection(connection);
                    } else {
                        this.connectionManager.returnConnection(connection);
                    }
                }
                throw th;
            }
        }
        return Collections.emptySet();
    }

    void initialize() throws AnzoException {
        this.rolesSearchTemplateFormat = new MessageFormat(this.rolesSearchTemplate);
        this.userSearchTemplateFormat = new MessageFormat(this.userSearchTemplate);
    }

    public ReentrantReadWriteLock getLockProvider() {
        return this.resetLock;
    }

    @Override // org.openanzo.services.ICancelableService
    public boolean cancel(IOperationContext iOperationContext, String str) throws AnzoException {
        return false;
    }

    @Override // org.openanzo.services.ICancelableService
    public void cancel(IOperationContext iOperationContext, String str, Writer writer) throws AnzoException {
        try {
            writer.write(Boolean.toString(cancel(iOperationContext, str)));
        } catch (IOException e) {
            throw new AnzoException(ExceptionConstants.IO.WRITE_ERROR, e, new String[0]);
        }
    }

    public void handleEvent(Event event) {
        if (this.cache != null) {
            this.cache.handleEvent(event);
        }
    }

    public void setConnectionManager(LdapConnectionManager ldapConnectionManager) {
        this.connectionManager = ldapConnectionManager;
    }

    public void populateIssues(ISystemTable iSystemTable, XMLGregorianCalendar xMLGregorianCalendar) {
        long currentTimeMillis = System.currentTimeMillis();
        Iterator<Pair<Long, Exception>> it = this.ldapExceptions.iterator();
        while (it.hasNext()) {
            Pair<Long, Exception> next = it.next();
            if (next.first.longValue() + TimeUnit.MILLISECONDS.convert(30L, TimeUnit.MINUTES) < currentTimeMillis) {
                try {
                    iSystemTable.updateRow(new SystemIssue().setCal(TypeMaps.getXMLCalendar(next.first.longValue())).setIssueUri(MemURI.create("http://cambridgesemantics.com/systemIssues/ldapIssue#", next.first.toString())).setIssueCategory("LDAP Connection").setComponentUri(MemURI.create("osgi://" + EncryptionUtil.getServerId())).setComponentTitle("Ldap Authentication Provider").setSeverity(SystemIssue.Severity.ERROR).setMessage("There was an ldap exception during the last 30 minutes: " + next.second.getMessage()).setComponentType(LDAP_DS).setDetailMessage("Ldap exceptions on **${linkTitle}** during the last 30 minutes.<br><br>**${link}**").setLinkAction(ActivityMessageBuilder.EDIT_ACTION).setLinkResource(Constants.OSGI.LDAP_DATASOURCE_URI).setLinkType(LDAP_DS).setLinkActionTitle(ActivityMessageBuilder.EDIT).setLinkTitle(this.ldapHost), true);
                } catch (AnzoException e) {
                    log.error(LogUtils.INTERNAL_MARKER, "Error adding server issue", (Throwable) e);
                }
            } else {
                it.remove();
            }
        }
    }
}
