package org.apache.directory.server.ldap.handlers;

import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ReferralException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.NamingListener;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang.time.DateUtils;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.jndi.ServerLdapContext;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.exception.OperationAbandonedException;
import org.apache.directory.shared.ldap.filter.PresenceNode;
import org.apache.directory.shared.ldap.message.AbandonListener;
import org.apache.directory.shared.ldap.message.LdapResult;
import org.apache.directory.shared.ldap.message.ManageDsaITControl;
import org.apache.directory.shared.ldap.message.PersistentSearchControl;
import org.apache.directory.shared.ldap.message.ReferralImpl;
import org.apache.directory.shared.ldap.message.Response;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.message.ResultResponse;
import org.apache.directory.shared.ldap.message.ScopeEnum;
import org.apache.directory.shared.ldap.message.SearchRequest;
import org.apache.directory.shared.ldap.message.SearchResponseDone;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.ArrayUtils;
import org.apache.directory.shared.ldap.util.ExceptionUtils;
import org.apache.mina.common.IoSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-1.5.3/apacheds-protocol-ldap-1.5.3.jar:org/apache/directory/server/ldap/handlers/DefaultSearchHandler.class */
public class DefaultSearchHandler extends SearchHandler {
    private static final String DEREFALIASES_KEY = "java.naming.ldap.derefAliases";
    private static final Logger LOG = LoggerFactory.getLogger(SearchHandler.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();

    private SearchControls getSearchControls(SearchRequest searchRequest, String[] strArr, boolean z, int i, int i2) {
        SearchControls searchControls = new SearchControls();
        if (z) {
            searchControls.setCountLimit(searchRequest.getSizeLimit());
            int timeLimit = searchRequest.getTimeLimit();
            if (timeLimit > 2147483) {
                timeLimit = 0;
            }
            searchControls.setTimeLimit(timeLimit * DateUtils.MILLIS_IN_SECOND);
        } else {
            searchControls.setCountLimit(Math.min(searchRequest.getSizeLimit(), i));
            searchControls.setTimeLimit(Math.min(searchRequest.getTimeLimit(), i2));
        }
        searchControls.setSearchScope(searchRequest.getScope().getValue());
        searchControls.setReturningObjFlag(searchRequest.getTypesOnly());
        searchControls.setReturningAttributes(strArr);
        searchControls.setDerefLinkFlag(true);
        return searchControls;
    }

    private static boolean isRootDSESearch(SearchRequest searchRequest) {
        boolean isEmpty = searchRequest.getBase().isEmpty();
        boolean z = searchRequest.getScope() == ScopeEnum.BASE_OBJECT;
        boolean z2 = false;
        if (searchRequest.getFilter() instanceof PresenceNode) {
            String attribute = ((PresenceNode) searchRequest.getFilter()).getAttribute();
            z2 = attribute.equalsIgnoreCase(SchemaConstants.OBJECT_CLASS_AT) || attribute.equals(SchemaConstants.OBJECT_CLASS_AT_OID);
        }
        return isEmpty && z && z2;
    }

    private void handlePersistentSearch(IoSession ioSession, SearchRequest searchRequest, ServerLdapContext serverLdapContext, SearchControls searchControls, PersistentSearchControl persistentSearchControl, NamingEnumeration<SearchResult> namingEnumeration) throws NamingException {
        searchControls.setCountLimit(0L);
        searchControls.setTimeLimit(0);
        if (!persistentSearchControl.isChangesOnly()) {
            NamingEnumeration<SearchResult> search = serverLdapContext.search(searchRequest.getBase(), searchRequest.getFilter(), searchControls);
            if (search instanceof AbandonListener) {
                searchRequest.addAbandonListener((AbandonListener) search);
            }
            if (search.hasMore()) {
                SearchResponseIterator searchResponseIterator = new SearchResponseIterator(searchRequest, serverLdapContext, search, searchControls.getSearchScope(), ioSession, getSessionRegistry());
                while (true) {
                    if (!searchResponseIterator.hasNext()) {
                        break;
                    }
                    Response next = searchResponseIterator.next();
                    if (!(next instanceof SearchResponseDone)) {
                        ioSession.write(next);
                    } else if (((SearchResponseDone) next).getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                        ioSession.write(next);
                        return;
                    }
                }
            }
        }
        serverLdapContext.addNamingListener((Name) searchRequest.getBase(), searchRequest.getFilter().toString(), searchControls, (NamingListener) new PersistentSearchListener(getSessionRegistry(), serverLdapContext, ioSession, searchRequest));
    }

    public void searchMessageReceived(IoSession ioSession, SearchRequest searchRequest) throws Exception {
        ServerLdapContext serverLdapContext;
        LdapServer ldapServer = (LdapServer) ioSession.getAttribute(LdapServer.class.toString());
        if (IS_DEBUG) {
            LOG.debug("Message received:  {}", searchRequest.toString());
        }
        NamingEnumeration namingEnumeration = null;
        String[] strArr = null;
        HashSet hashSet = new HashSet();
        hashSet.addAll(searchRequest.getAttributes());
        getSessionRegistry().addOutstandingRequest(ioSession, searchRequest);
        if (hashSet.size() > 0 && !hashSet.contains("ref")) {
            hashSet.add("ref");
            strArr = (String[]) hashSet.toArray(ArrayUtils.EMPTY_STRING_ARRAY);
        } else if (hashSet.size() > 0) {
            strArr = (String[]) hashSet.toArray(ArrayUtils.EMPTY_STRING_ARRAY);
        }
        try {
            try {
                try {
                    if (!isConfidentialityRequirementSatisfied(ioSession)) {
                        LdapResult ldapResult = searchRequest.getResultResponse().getLdapResult();
                        ldapResult.setResultCode(ResultCodeEnum.CONFIDENTIALITY_REQUIRED);
                        ldapResult.setErrorMessage("Confidentiality (TLS secured connection) is required.");
                        ioSession.write(searchRequest.getResultResponse());
                        if (0 != 0) {
                            try {
                                namingEnumeration.close();
                                return;
                            } catch (NamingException e) {
                                LOG.error("failed on list.close()", e);
                                return;
                            }
                        }
                        return;
                    }
                    boolean isRootDSESearch = isRootDSESearch(searchRequest);
                    if (isRootDSESearch) {
                        LdapContext ldapContextOnRootDSEAccess = getSessionRegistry().getLdapContextOnRootDSEAccess(ioSession, null);
                        serverLdapContext = !(ldapContextOnRootDSEAccess instanceof ServerLdapContext) ? (ServerLdapContext) ldapContextOnRootDSEAccess.lookup("") : (ServerLdapContext) ldapContextOnRootDSEAccess;
                    } else {
                        LdapContext ldapContext = getSessionRegistry().getLdapContext(ioSession, null, true);
                        serverLdapContext = !(ldapContext instanceof ServerLdapContext) ? (ServerLdapContext) ldapContext.lookup("") : (ServerLdapContext) ldapContext;
                    }
                    setRequestControls(serverLdapContext, searchRequest);
                    serverLdapContext.addToEnvironment("java.naming.ldap.derefAliases", searchRequest.getDerefAliases().getJndiValue());
                    if (searchRequest.getControls().containsKey(ManageDsaITControl.CONTROL_OID)) {
                        serverLdapContext.addToEnvironment(JndiPropertyConstants.JNDI_REFERRAL, "ignore");
                    } else {
                        serverLdapContext.addToEnvironment(JndiPropertyConstants.JNDI_REFERRAL, "throw-finding-base");
                    }
                    boolean isAllowAnonymousAccess = ldapServer.isAllowAnonymousAccess();
                    boolean equals = serverLdapContext.getPrincipal().getName().trim().equals("");
                    if (equals && !isAllowAnonymousAccess && !isRootDSESearch) {
                        LdapResult ldapResult2 = searchRequest.getResultResponse().getLdapResult();
                        ldapResult2.setResultCode(ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS);
                        ldapResult2.setErrorMessage("Bind failure: Anonymous binds have been disabled!");
                        ioSession.write(searchRequest.getResultResponse());
                        if (0 != 0) {
                            try {
                                namingEnumeration.close();
                                return;
                            } catch (NamingException e2) {
                                LOG.error("failed on list.close()", e2);
                                return;
                            }
                        }
                        return;
                    }
                    int maxSizeLimit = ldapServer.getMaxSizeLimit();
                    int maxTimeLimit = ldapServer.getMaxTimeLimit();
                    SearchControls searchControls = equals ? getSearchControls(searchRequest, strArr, false, maxSizeLimit, maxTimeLimit) : serverLdapContext.getPrincipal().getName().trim().equals(ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED) ? getSearchControls(searchRequest, strArr, true, maxSizeLimit, maxTimeLimit) : getSearchControls(searchRequest, strArr, false, maxSizeLimit, maxTimeLimit);
                    PersistentSearchControl persistentSearchControl = (PersistentSearchControl) searchRequest.getControls().get(PersistentSearchControl.CONTROL_OID);
                    if (persistentSearchControl != null) {
                        handlePersistentSearch(ioSession, searchRequest, serverLdapContext, searchControls, persistentSearchControl, null);
                        if (0 != 0) {
                            try {
                                namingEnumeration.close();
                                return;
                            } catch (NamingException e3) {
                                LOG.error("failed on list.close()", e3);
                                return;
                            }
                        }
                        return;
                    }
                    NamingEnumeration<SearchResult> search = serverLdapContext.search(searchRequest.getBase(), searchRequest.getFilter(), searchControls, (InetSocketAddress) ioSession.getRemoteAddress());
                    if (search instanceof AbandonListener) {
                        searchRequest.addAbandonListener((AbandonListener) search);
                    }
                    if (search.hasMore()) {
                        SearchResponseIterator searchResponseIterator = new SearchResponseIterator(searchRequest, serverLdapContext, search, searchControls.getSearchScope(), ioSession, getSessionRegistry());
                        while (searchResponseIterator.hasNext()) {
                            ioSession.write(searchResponseIterator.next());
                        }
                    } else {
                        search.close();
                        searchRequest.getResultResponse().getLdapResult().setResultCode(ResultCodeEnum.SUCCESS);
                        Iterator it = Collections.singleton(searchRequest.getResultResponse()).iterator();
                        while (it.hasNext()) {
                            ioSession.write((ResultResponse) it.next());
                        }
                    }
                    if (search != null) {
                        try {
                            search.close();
                        } catch (NamingException e4) {
                            LOG.error("failed on list.close()", e4);
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e5) {
                            LOG.error("failed on list.close()", e5);
                        }
                    }
                    throw th;
                }
            } catch (ReferralException e6) {
                LdapResult ldapResult3 = searchRequest.getResultResponse().getLdapResult();
                ReferralImpl referralImpl = new ReferralImpl();
                ldapResult3.setReferral(referralImpl);
                ldapResult3.setResultCode(ResultCodeEnum.REFERRAL);
                ldapResult3.setErrorMessage("Encountered referral attempting to handle add request.");
                do {
                    referralImpl.addLdapUrl((String) e6.getReferralInfo());
                } while (e6.skipReferral());
                ioSession.write(searchRequest.getResultResponse());
                getSessionRegistry().removeOutstandingRequest(ioSession, searchRequest.getMessageId());
                if (0 != 0) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e7) {
                        LOG.error("failed on list.close()", e7);
                    }
                }
            }
        } catch (NamingException e8) {
            if (e8 instanceof OperationAbandonedException) {
                if (0 != 0) {
                    try {
                        namingEnumeration.close();
                        return;
                    } catch (NamingException e9) {
                        LOG.error("failed on list.close()", e9);
                        return;
                    }
                }
                return;
            }
            String str = "failed on search operation: " + e8.getMessage();
            if (LOG.isDebugEnabled()) {
                str = str + ":\n" + searchRequest + ":\n" + ExceptionUtils.getStackTrace(e8);
            }
            ResultCodeEnum resultCode = e8 instanceof LdapException ? ((LdapException) e8).getResultCode() : ResultCodeEnum.getBestEstimate(e8, searchRequest.getType());
            LdapResult ldapResult4 = searchRequest.getResultResponse().getLdapResult();
            ldapResult4.setResultCode(resultCode);
            ldapResult4.setErrorMessage(str);
            if (e8.getResolvedName() != null && (resultCode == ResultCodeEnum.NO_SUCH_OBJECT || resultCode == ResultCodeEnum.ALIAS_PROBLEM || resultCode == ResultCodeEnum.INVALID_DN_SYNTAX || resultCode == ResultCodeEnum.ALIAS_DEREFERENCING_PROBLEM)) {
                ldapResult4.setMatchedDn((LdapDN) e8.getResolvedName());
            }
            Iterator it2 = Collections.singleton(searchRequest.getResultResponse()).iterator();
            while (it2.hasNext()) {
                ioSession.write((ResultResponse) it2.next());
            }
            getSessionRegistry().removeOutstandingRequest(ioSession, searchRequest.getMessageId());
            if (0 != 0) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e10) {
                    LOG.error("failed on list.close()", e10);
                }
            }
        }
    }
}
