package org.ejbca.core.model.ca.publisher;

import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPAttributeSet;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPConstraints;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;
import com.novell.ldap.LDAPJSSEStartTLSFactory;
import com.novell.ldap.LDAPModification;
import com.novell.ldap.LDAPSearchConstraints;
import java.io.UnsupportedEncodingException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.StringTokenizer;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x509.Extension;
import org.cesecore.authentication.tokens.AuthenticationToken;
import org.cesecore.certificates.endentity.ExtendedInformation;
import org.cesecore.certificates.util.DNFieldExtractor;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.ejbca.config.ScepConfiguration;
import org.ejbca.core.model.InternalEjbcaResources;
import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
import org.ejbca.util.LdapNameStyle;
import org.ejbca.util.LdapTools;
import org.ejbca.util.TCPTool;

/* loaded from: input_file:org/ejbca/core/model/ca/publisher/LdapPublisher.class */
public class LdapPublisher extends BasePublisher {
    private static final long serialVersionUID = -584431431033065114L;
    public static final float LATEST_VERSION = 12.0f;
    protected LDAPConstraints ldapConnectionConstraints = new LDAPConstraints();
    protected LDAPConstraints ldapBindConstraints = new LDAPConstraints();
    protected LDAPConstraints ldapStoreConstraints = new LDAPConstraints();
    protected LDAPConstraints ldapDisconnectConstraints = new LDAPConstraints();
    protected LDAPSearchConstraints ldapSearchConstraints = new LDAPSearchConstraints();
    protected boolean ADD_MODIFICATION_ATTRIBUTES = true;
    public static final String DEFAULT_USEROBJECTCLASS = "top;person;organizationalPerson;inetOrgPerson";
    public static final String DEFAULT_CAOBJECTCLASS = "top;applicationProcess;certificationAuthority-V2";
    public static final String DEFAULT_CACERTATTRIBUTE = "cACertificate;binary";
    public static final String DEFAULT_USERCERTATTRIBUTE = "userCertificate;binary";
    public static final String DEFAULT_CRLATTRIBUTE = "certificateRevocationList;binary";
    public static final String DEFAULT_DELTACRLATTRIBUTE = "deltaRevocationList;binary";
    public static final String DEFAULT_ARLATTRIBUTE = "authorityRevocationList;binary";
    public static final String DEFAULT_PORT = "389";
    public static final String DEFAULT_SSLPORT = "636";
    public static final String DEFAULT_TIMEOUT = "5000";
    public static final String DEFAULT_READTIMEOUT = "30000";
    public static final String DEFAULT_STORETIMEOUT = "60000";
    protected static final String HOSTNAMES = "hostname";
    protected static final String CONNECTIONSECURITY = "connectionsecurity";
    protected static final String USESSL = "usessl";
    protected static final String PORT = "port";
    protected static final String BASEDN = "baswdn";
    protected static final String LOGINDN = "logindn";
    protected static final String LOGINPASSWORD = "loginpassword";
    protected static final String TIMEOUT = "timeout";
    protected static final String READTIMEOUT = "readtimeout";
    protected static final String STORETIMEOUT = "storetimeout";
    protected static final String CREATENONEXISTING = "createnonexisting";
    protected static final String MODIFYEXISTING = "modifyexisting";
    protected static final String ADDNONEXISTINGATTR = "addnonexistingattr";
    protected static final String MODIFYEXISTINGATTR = "modifyexistingattr";
    protected static final String USEROBJECTCLASS = "userobjectclass";
    protected static final String CAOBJECTCLASS = "caobjectclass";
    protected static final String USERCERTATTRIBUTE = "usercertattribute";
    protected static final String CACERTATTRIBUTE = "cacertattribute";
    protected static final String CRLATTRIBUTE = "crlattribute";
    protected static final String DELTACRLATTRIBUTE = "deltacrlattribute";
    protected static final String ARLATTRIBUTE = "arlattribute";
    protected static final String USEFIELDINLDAPDN = "usefieldsinldapdn";
    protected static final String ADDMULTIPLECERTIFICATES = "addmultiplecertificates";
    protected static final String REMOVEREVOKED = "removerevoked";
    protected static final String REMOVEUSERONCERTREVOKE = "removeusersoncertrevoke";
    protected static final String CREATEINTERMEDIATENODES = "createintermediatenodes";
    protected static final String SETUSERPASSWORD = "setuserpasssword";
    private static final Logger log = Logger.getLogger(LdapPublisher.class);
    private static final InternalEjbcaResources intres = InternalEjbcaResources.getInstance();
    protected static final String[] MATCHINGEXTRAATTRIBUTES = {ScepConfiguration.DEFAULT_RA_NAME_GENERATION_PARAMETERS, "L", "OU"};
    protected static final String[] MATCHINGPERSONALATTRIBUTES = {"ST", "O", "uid", "initials", "title", "postalCode", "businessCategory", "postalAddress", "telephoneNumber"};
    protected static byte[] fakecrlbytes = Base64.decode("MIIBKDCBkgIBATANBgkqhkiG9w0BAQUFADAvMQ8wDQYDVQQDEwZUZXN0Q0ExDzANBgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UXDTA0MDExMjE0MTQyMloXDTA0MDExMzE0MTQyMlqgLzAtMB8GA1UdIwQYMBaAFK1tyidIzx1qpuj5OjHl/0Ro8xTDMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABBSCWRAX8xyWQSuZYqR9MC8t4/VTp4xTGJeT1OPlCfuyeHyjUdvdjB/TjTgc4EOJ7eIF7aQU8Mp6AcUAKil/qBlrTYaEFVr0WDeh2Aglgm4klAFnoJjDWfjTP1NVFdN4GMizqAz/vdXOY3DaDmkwx24eaRw7SzqXca4gE7f1GTO".getBytes());

    /* loaded from: input_file:org/ejbca/core/model/ca/publisher/LdapPublisher$ConnectionSecurity.class */
    public enum ConnectionSecurity {
        PLAIN,
        STARTTLS,
        SSL
    }

    public LdapPublisher() {
        this.data.put("type", 2);
        setHostnames("");
        setConnectionSecurity(ConnectionSecurity.STARTTLS);
        setPort(DEFAULT_PORT);
        setBaseDN("");
        setLoginDN("");
        setLoginPassword("");
        setConnectionTimeOut(getConnectionTimeOut());
        setCreateNonExistingUsers(true);
        setModifyExistingUsers(true);
        setModifyExistingAttributes(false);
        setAddNonExistingAttributes(true);
        setUserObjectClass(DEFAULT_USEROBJECTCLASS);
        setCAObjectClass(DEFAULT_CAOBJECTCLASS);
        setUserCertAttribute(DEFAULT_USERCERTATTRIBUTE);
        setCACertAttribute(DEFAULT_CACERTATTRIBUTE);
        setCRLAttribute(DEFAULT_CRLATTRIBUTE);
        setDeltaCRLAttribute(DEFAULT_DELTACRLATTRIBUTE);
        setARLAttribute(DEFAULT_ARLATTRIBUTE);
        setUseFieldInLdapDN(new ArrayList());
        setAddMultipleCertificates(false);
        setRemoveRevokedCertificates(true);
        setRemoveUsersWhenCertRevoked(false);
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public boolean storeCertificate(AuthenticationToken authenticationToken, Certificate certificate, String str, String str2, String str3, String str4, int i, int i2, long j, int i3, String str5, int i4, long j2, ExtendedInformation extendedInformation) throws PublisherException {
        String cACertAttribute;
        if (log.isTraceEnabled()) {
            log.trace(">storeCertificate(username=" + str + ")");
        }
        if (i == 40) {
            revokeCertificate(authenticationToken, certificate, str, i3, str3);
        } else if (i == 20) {
            LDAPConnection createLdapConnection = createLdapConnection();
            try {
                String subjectDN = CertTools.getSubjectDN(certificate);
                if (log.isDebugEnabled()) {
                    log.debug("Constructing DN for: " + str);
                }
                String constructLDAPDN = constructLDAPDN(subjectDN, str3);
                if (log.isDebugEnabled()) {
                    log.debug("LDAP DN for user " + str + " is '" + constructLDAPDN + "'");
                }
                String eMailAddress = CertTools.getEMailAddress(certificate);
                LDAPEntry searchOldEntity = searchOldEntity(str, 3, createLdapConnection, subjectDN, str3, eMailAddress);
                ArrayList<LDAPModification> arrayList = new ArrayList<>();
                LDAPAttributeSet lDAPAttributeSet = null;
                String str6 = null;
                if (i2 == 1) {
                    if (log.isDebugEnabled()) {
                        log.debug("Publishing end user certificate to first available server of " + getHostnames());
                    }
                    if (searchOldEntity != null) {
                        arrayList = getModificationSet(searchOldEntity, subjectDN, eMailAddress, this.ADD_MODIFICATION_ATTRIBUTES, true, str2, certificate);
                    } else {
                        str6 = getUserObjectClass();
                        lDAPAttributeSet = getAttributeSet(certificate, getUserObjectClass(), subjectDN, eMailAddress, true, true, str2, extendedInformation);
                    }
                    try {
                        cACertAttribute = getUserCertAttribute();
                        LDAPAttribute lDAPAttribute = new LDAPAttribute(getUserCertAttribute(), certificate.getEncoded());
                        if (searchOldEntity != null) {
                            String dn = searchOldEntity.getDN();
                            if (getAddMultipleCertificates()) {
                                arrayList.add(new LDAPModification(0, lDAPAttribute));
                                if (log.isDebugEnabled()) {
                                    log.debug("Appended new certificate in user entry; " + str + ": " + dn);
                                }
                            } else {
                                arrayList.add(new LDAPModification(2, lDAPAttribute));
                                if (log.isDebugEnabled()) {
                                    log.debug("Replaced certificate in user entry; " + str + ": " + dn);
                                }
                            }
                        } else {
                            lDAPAttributeSet.add(lDAPAttribute);
                            if (log.isDebugEnabled()) {
                                log.debug("Added new certificate to user entry; " + str + ": " + constructLDAPDN);
                            }
                        }
                    } catch (CertificateEncodingException e) {
                        String localizedMessage = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
                        log.error(localizedMessage, e);
                        throw new PublisherException(localizedMessage);
                    }
                } else {
                    if (i2 != 2 && i2 != 8) {
                        String localizedMessage2 = intres.getLocalizedMessage("publisher.notpubltype", Integer.valueOf(i2));
                        log.info(localizedMessage2);
                        throw new PublisherException(localizedMessage2);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Publishing CA certificate to first available server of " + getHostnames());
                    }
                    if (searchOldEntity != null) {
                        arrayList = getModificationSet(searchOldEntity, subjectDN, null, false, false, str2, certificate);
                    } else {
                        str6 = getCAObjectClass();
                        lDAPAttributeSet = getAttributeSet(certificate, getCAObjectClass(), subjectDN, null, true, false, str2, extendedInformation);
                    }
                    try {
                        cACertAttribute = getCACertAttribute();
                        LDAPAttribute lDAPAttribute2 = new LDAPAttribute(getCACertAttribute(), certificate.getEncoded());
                        if (searchOldEntity != null) {
                            arrayList.add(new LDAPModification(2, lDAPAttribute2));
                        } else {
                            lDAPAttributeSet.add(lDAPAttribute2);
                            lDAPAttributeSet.add(new LDAPAttribute(getCRLAttribute(), getFakeCRL()));
                            lDAPAttributeSet.add(new LDAPAttribute(getARLAttribute(), getFakeCRL()));
                            if (log.isDebugEnabled()) {
                                log.debug("Added (fake) attribute for CRL and ARL.");
                            }
                        }
                    } catch (CertificateEncodingException e2) {
                        String localizedMessage3 = intres.getLocalizedMessage("publisher.errorldapencodestore", "certificate");
                        log.error(localizedMessage3, e2);
                        throw new PublisherException(localizedMessage3);
                    }
                }
                Iterator<String> it = getHostnameList().iterator();
                do {
                    boolean z = false;
                    String next = it.next();
                    try {
                        try {
                            TCPTool.probeConnectionLDAP(next, Integer.parseInt(getPort()), getConnectionTimeOut());
                            createLdapConnection.connect(next, Integer.parseInt(getPort()));
                            if (getConnectionSecurity() == ConnectionSecurity.STARTTLS) {
                                if (log.isDebugEnabled()) {
                                    log.debug("STARTTLS to LDAP server " + next);
                                }
                                createLdapConnection.startTLS();
                            }
                            createLdapConnection.bind(3, getLoginDN(), getLoginPassword().getBytes("UTF8"), this.ldapBindConstraints);
                            if (searchOldEntity != null && getModifyExistingUsers()) {
                                LDAPModification[] lDAPModificationArr = (LDAPModification[]) arrayList.toArray(new LDAPModification[arrayList.size()]);
                                String dn2 = searchOldEntity.getDN();
                                if (log.isDebugEnabled()) {
                                    log.debug("Writing modification to DN: " + dn2);
                                }
                                createLdapConnection.modify(dn2, lDAPModificationArr, this.ldapStoreConstraints);
                                log.info(intres.getLocalizedMessage("publisher.ldapmodify", "CERT", dn2));
                            } else if (getCreateNonExistingUsers() && searchOldEntity == null) {
                                if (getCreateIntermediateNodes()) {
                                    String parentDN = CertTools.getParentDN(constructLDAPDN);
                                    try {
                                        createLdapConnection.read(parentDN, this.ldapSearchConstraints);
                                    } catch (LDAPException e3) {
                                        if (e3.getResultCode() == 32) {
                                            createIntermediateNodes(createLdapConnection, constructLDAPDN);
                                            log.info(intres.getLocalizedMessage("publisher.ldapaddedintermediate", "CERT", parentDN));
                                        }
                                    }
                                }
                                LDAPEntry lDAPEntry = new LDAPEntry(constructLDAPDN, lDAPAttributeSet);
                                if (log.isDebugEnabled()) {
                                    log.debug("Adding DN: " + constructLDAPDN);
                                }
                                createLdapConnection.add(lDAPEntry, this.ldapStoreConstraints);
                                log.info(intres.getLocalizedMessage("publisher.ldapadd", "CERT", constructLDAPDN));
                            }
                            try {
                                createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                            } catch (LDAPException e4) {
                                log.error(intres.getLocalizedMessage("publisher.errordisconnect", getLoginPassword()), e4);
                            }
                        } catch (Throwable th) {
                            try {
                                createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                            } catch (LDAPException e5) {
                                log.error(intres.getLocalizedMessage("publisher.errordisconnect", getLoginPassword()), e5);
                            }
                            throw th;
                        }
                    } catch (LDAPException e6) {
                        z = true;
                        if (e6.getResultCode() == 20) {
                            log.info(intres.getLocalizedMessage("publisher.certalreadyexists", CertTools.getFingerprintAsString(certificate), constructLDAPDN, e6.getMessage()));
                        } else {
                            if (!it.hasNext()) {
                                String localizedMessage4 = intres.getLocalizedMessage("publisher.errorldapstore", "certificate", cACertAttribute, str6, constructLDAPDN, e6.getMessage());
                                log.error(localizedMessage4, e6);
                                throw new PublisherException(localizedMessage4);
                            }
                            log.warn("Failed to publish to " + next + ". Trying next in list.");
                        }
                        try {
                            createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e7) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", getLoginPassword()), e7);
                        }
                    } catch (UnsupportedEncodingException e8) {
                        String localizedMessage5 = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
                        log.error(localizedMessage5, e8);
                        throw new PublisherException(localizedMessage5);
                    }
                    if (!z) {
                        break;
                    }
                } while (it.hasNext());
            } catch (Exception e9) {
                String localizedMessage6 = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate");
                log.error(localizedMessage6, e9);
                throw new PublisherException(localizedMessage6);
            }
        } else {
            log.info(intres.getLocalizedMessage("publisher.notpublwithstatus", Integer.valueOf(i)));
        }
        if (!log.isTraceEnabled()) {
            return true;
        }
        log.trace("<storeCertificate()");
        return true;
    }

    private void createIntermediateNodes(LDAPConnection lDAPConnection, String str) throws PublisherException {
        for (String str2 : LdapTools.getIntermediateDNs(str, getBaseDN())) {
            try {
                lDAPConnection.read(str2, this.ldapSearchConstraints);
            } catch (LDAPException e) {
                if (e.getResultCode() == 32) {
                    String firstDNComponent = LdapTools.getFirstDNComponent(str2);
                    String str3 = new String(firstDNComponent.substring(0, firstDNComponent.indexOf(61)));
                    String str4 = new String(firstDNComponent.substring(firstDNComponent.indexOf(61) + 1));
                    LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
                    lDAPAttributeSet.add(getObjectClassAttribute(str3));
                    lDAPAttributeSet.add(new LDAPAttribute(str3.toLowerCase(), str4));
                    try {
                        lDAPConnection.add(new LDAPEntry(str2, lDAPAttributeSet), this.ldapStoreConstraints);
                        if (log.isDebugEnabled()) {
                            log.debug("Created node " + str2);
                        }
                    } catch (LDAPException e2) {
                        String localizedMessage = intres.getLocalizedMessage("publisher.ldapaddedintermediate", str2);
                        log.error(localizedMessage, e2);
                        throw new PublisherException(localizedMessage);
                    }
                } else {
                    continue;
                }
            }
        }
    }

    private LDAPAttribute getObjectClassAttribute(String str) {
        String lowerCase = str.toLowerCase();
        if (lowerCase.equals("o")) {
            return new LDAPAttribute("objectclass", new String[]{"top", "organization"});
        }
        if (lowerCase.equals("ou")) {
            return new LDAPAttribute("objectclass", new String[]{"top", "organizationalUnit"});
        }
        log.warn(intres.getLocalizedMessage("publisher.ldapintermediatenotappropriate", str));
        return new LDAPAttribute("objectclass");
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public boolean storeCRL(AuthenticationToken authenticationToken, byte[] bArr, String str, int i, String str2) throws PublisherException {
        if (log.isTraceEnabled()) {
            log.trace(">storeCRL");
        }
        try {
            X509CRL cRLfromByteArray = CertTools.getCRLfromByteArray(bArr);
            String stringToBCDNString = CertTools.stringToBCDNString(cRLfromByteArray.getIssuerDN().toString());
            boolean z = cRLfromByteArray.getExtensionValue(Extension.deltaCRLIndicator.getId()) != null;
            String constructLDAPDN = constructLDAPDN(stringToBCDNString, str2);
            LDAPConnection createLdapConnection = createLdapConnection();
            LDAPEntry searchOldEntity = searchOldEntity(null, 3, createLdapConnection, stringToBCDNString, str2, null);
            LDAPEntry lDAPEntry = null;
            ArrayList<LDAPModification> arrayList = new ArrayList<>();
            LDAPAttributeSet lDAPAttributeSet = null;
            if (searchOldEntity != null) {
                arrayList = getModificationSet(searchOldEntity, stringToBCDNString, null, false, false, null, null);
            } else {
                lDAPAttributeSet = getAttributeSet(null, getCAObjectClass(), stringToBCDNString, null, true, false, null, null);
            }
            if (z) {
                LDAPAttribute lDAPAttribute = new LDAPAttribute(getDeltaCRLAttribute(), bArr);
                if (searchOldEntity != null) {
                    arrayList.add(new LDAPModification(2, lDAPAttribute));
                } else {
                    lDAPAttributeSet.add(lDAPAttribute);
                }
            } else {
                LDAPAttribute lDAPAttribute2 = new LDAPAttribute(getCRLAttribute(), bArr);
                LDAPAttribute lDAPAttribute3 = new LDAPAttribute(getARLAttribute(), bArr);
                if (searchOldEntity != null) {
                    arrayList.add(new LDAPModification(2, lDAPAttribute2));
                    arrayList.add(new LDAPModification(2, lDAPAttribute3));
                } else {
                    lDAPAttributeSet.add(lDAPAttribute2);
                    lDAPAttributeSet.add(lDAPAttribute3);
                }
            }
            if (searchOldEntity == null) {
                lDAPEntry = new LDAPEntry(constructLDAPDN, lDAPAttributeSet);
            }
            Iterator<String> it = getHostnameList().iterator();
            do {
                boolean z2 = false;
                String next = it.next();
                try {
                    try {
                        TCPTool.probeConnectionLDAP(next, Integer.parseInt(getPort()), getConnectionTimeOut());
                        createLdapConnection.connect(next, Integer.parseInt(getPort()));
                        if (getConnectionSecurity() == ConnectionSecurity.STARTTLS) {
                            if (log.isDebugEnabled()) {
                                log.debug("STARTTLS to LDAP server " + next);
                            }
                            createLdapConnection.startTLS();
                        }
                        createLdapConnection.bind(3, getLoginDN(), getLoginPassword().getBytes("UTF8"), this.ldapBindConstraints);
                        if (searchOldEntity != null) {
                            createLdapConnection.modify(constructLDAPDN, (LDAPModification[]) arrayList.toArray(new LDAPModification[arrayList.size()]), this.ldapStoreConstraints);
                            log.info(intres.getLocalizedMessage("publisher.ldapmodify", "CRL", constructLDAPDN));
                        } else {
                            createLdapConnection.add(lDAPEntry, this.ldapStoreConstraints);
                            log.info(intres.getLocalizedMessage("publisher.ldapadd", "CRL", constructLDAPDN));
                        }
                        try {
                            createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e);
                        }
                    } catch (Throwable th) {
                        try {
                            createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e2) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e2);
                        }
                        throw th;
                    }
                } catch (LDAPException e3) {
                    z2 = true;
                    if (!it.hasNext()) {
                        String localizedMessage = intres.getLocalizedMessage("publisher.errorldapstore", "CRL", getCRLAttribute(), getCAObjectClass(), constructLDAPDN, e3.getMessage());
                        log.error(localizedMessage, e3);
                        throw new PublisherException(localizedMessage);
                    }
                    log.warn("Failed to publish to " + next + ". Trying next in list.");
                    try {
                        createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                    } catch (LDAPException e4) {
                        log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e4);
                    }
                } catch (UnsupportedEncodingException e5) {
                    String localizedMessage2 = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
                    log.error(localizedMessage2, e5);
                    throw new PublisherException(localizedMessage2);
                }
                if (!z2) {
                    break;
                }
            } while (it.hasNext());
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("<storeCRL");
            return true;
        } catch (Exception e6) {
            String localizedMessage3 = intres.getLocalizedMessage("publisher.errorldapdecode", "CRL");
            log.error(localizedMessage3, e6);
            throw new PublisherException(localizedMessage3);
        }
    }

    public void revokeCertificate(AuthenticationToken authenticationToken, Certificate certificate, String str, int i, String str2) throws PublisherException {
        LDAPEntry lDAPEntry;
        if (log.isTraceEnabled()) {
            log.trace(">revokeCertificate()");
        }
        boolean removeRevokedCertificates = getRemoveRevokedCertificates();
        boolean removeUsersWhenCertRevoked = getRemoveUsersWhenCertRevoked();
        if (!removeRevokedCertificates && !removeUsersWhenCertRevoked) {
            if (log.isDebugEnabled()) {
                log.debug("The configuration for the publisher '" + getDescription() + "' does not allow removing of certificates or users.");
                return;
            }
            return;
        }
        if (removeRevokedCertificates && log.isDebugEnabled()) {
            log.debug("Removing user certificate from ldap");
        }
        if (removeUsersWhenCertRevoked && log.isDebugEnabled()) {
            log.debug("Removing user entry from ldap");
        }
        LDAPConnection createLdapConnection = createLdapConnection();
        try {
            String subjectDN = CertTools.getSubjectDN(certificate);
            String constructLDAPDN = constructLDAPDN(subjectDN, str2);
            String eMailAddress = CertTools.getEMailAddress(certificate);
            ArrayList<LDAPModification> arrayList = null;
            if (CertTools.isCA(certificate)) {
                lDAPEntry = null;
                if (log.isDebugEnabled()) {
                    log.debug("Not removing CA certificate from first available server of " + getHostnames() + ", because of object class restrictions.");
                }
            } else {
                lDAPEntry = searchOldEntity(str, 3, createLdapConnection, subjectDN, str2, eMailAddress);
                if (log.isDebugEnabled()) {
                    log.debug("Removing end user certificate from first available server of " + getHostnames());
                }
                if (lDAPEntry == null) {
                    log.warn(intres.getLocalizedMessage("publisher.errorrevokenoentry", new Object[0]));
                } else if (removeRevokedCertificates) {
                    if (lDAPEntry.getAttribute(getUserCertAttribute()) != null) {
                        arrayList = getModificationSet(lDAPEntry, subjectDN, null, false, true, null, certificate);
                        arrayList.add(new LDAPModification(1, new LDAPAttribute(getUserCertAttribute())));
                    } else {
                        log.info(intres.getLocalizedMessage("publisher.inforevokenocert", new Object[0]));
                    }
                }
            }
            Iterator<String> it = getHostnameList().iterator();
            boolean z = true;
            if (log.isDebugEnabled() && lDAPEntry == null) {
                log.debug("Not modifying LDAP entry because there is no existing entry.");
            }
            while (lDAPEntry != null && z && it.hasNext()) {
                z = false;
                String next = it.next();
                if (log.isDebugEnabled()) {
                    log.debug("currentServer: " + next);
                }
                try {
                    try {
                        TCPTool.probeConnectionLDAP(next, Integer.parseInt(getPort()), getConnectionTimeOut());
                        createLdapConnection.connect(next, Integer.parseInt(getPort()));
                        if (getConnectionSecurity() == ConnectionSecurity.STARTTLS) {
                            if (log.isDebugEnabled()) {
                                log.debug("STARTTLS to LDAP server " + next);
                            }
                            createLdapConnection.startTLS();
                        }
                        createLdapConnection.bind(3, getLoginDN(), getLoginPassword().getBytes("UTF8"), this.ldapBindConstraints);
                        if (arrayList != null && getModifyExistingUsers()) {
                            if (removeRevokedCertificates) {
                                createLdapConnection.modify(lDAPEntry.getDN(), (LDAPModification[]) arrayList.toArray(new LDAPModification[arrayList.size()]), this.ldapStoreConstraints);
                            }
                            if (removeUsersWhenCertRevoked) {
                                createLdapConnection.delete(lDAPEntry.getDN(), this.ldapStoreConstraints);
                            }
                            log.info(intres.getLocalizedMessage("publisher.ldapremove", constructLDAPDN));
                        } else if (log.isDebugEnabled()) {
                            if (arrayList == null) {
                                log.debug("Not modifying LDAP entry because we don't have anything to modify.");
                            }
                            if (!getModifyExistingUsers()) {
                                log.debug("Not modifying LDAP entry because we're not configured to do so.");
                            }
                        }
                        try {
                            createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e);
                        }
                    } catch (Throwable th) {
                        try {
                            createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e2) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e2);
                        }
                        throw th;
                    }
                } catch (LDAPException e3) {
                    z = true;
                    if (!it.hasNext()) {
                        String localizedMessage = intres.getLocalizedMessage("publisher.errorldapremove", constructLDAPDN);
                        log.error(localizedMessage, e3);
                        throw new PublisherException(localizedMessage);
                    }
                    log.warn("Failed to publish to " + next + ". Trying next in list.");
                    try {
                        createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                    } catch (LDAPException e4) {
                        log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e4);
                    }
                } catch (UnsupportedEncodingException e5) {
                    String localizedMessage2 = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
                    log.error(localizedMessage2, e5);
                    throw new PublisherException(localizedMessage2);
                }
            }
            if (log.isTraceEnabled()) {
                log.trace("<revokeCertificate()");
            }
        } catch (Exception e6) {
            String localizedMessage3 = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate");
            log.error(localizedMessage3, e6);
            throw new PublisherException(localizedMessage3);
        }
    }

    protected LDAPEntry searchOldEntity(String str, int i, LDAPConnection lDAPConnection, String str2, String str3, String str4) throws PublisherException {
        LDAPEntry lDAPEntry = null;
        Iterator<String> it = getHostnameList().iterator();
        do {
            boolean z = false;
            String next = it.next();
            if (log.isDebugEnabled()) {
                log.debug("Current server is: " + next);
            }
            String constructLDAPDN = constructLDAPDN(str2, str3);
            try {
                try {
                    try {
                        TCPTool.probeConnectionLDAP(next, Integer.parseInt(getPort()), getConnectionTimeOut());
                        lDAPConnection.connect(next, Integer.parseInt(getPort()));
                        if (getConnectionSecurity() == ConnectionSecurity.STARTTLS) {
                            if (log.isDebugEnabled()) {
                                log.debug("STARTTLS to LDAP server " + next);
                            }
                            lDAPConnection.startTLS();
                        }
                        lDAPConnection.bind(i, getLoginDN(), getLoginPassword().getBytes("UTF8"), this.ldapBindConstraints);
                        if (log.isDebugEnabled()) {
                            log.debug("Searching for old entry with DN '" + constructLDAPDN + "'");
                        }
                        lDAPEntry = lDAPConnection.read(constructLDAPDN, this.ldapSearchConstraints);
                        if (log.isDebugEnabled()) {
                            if (lDAPEntry != null) {
                                log.debug("Found an old entry with DN '" + constructLDAPDN + "'");
                            } else {
                                log.debug("Did not find an old entry with DN '" + constructLDAPDN + "'");
                            }
                        }
                        try {
                            lDAPConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e);
                        }
                    } catch (Throwable th) {
                        try {
                            lDAPConnection.disconnect(this.ldapDisconnectConstraints);
                        } catch (LDAPException e2) {
                            log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e2);
                        }
                        throw th;
                    }
                } catch (UnsupportedEncodingException e3) {
                    throw new PublisherException(intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword()));
                }
            } catch (LDAPException e4) {
                if (e4.getResultCode() != 32) {
                    z = true;
                    if (!it.hasNext()) {
                        String localizedMessage = intres.getLocalizedMessage("publisher.errorldapbind", e4.getMessage());
                        log.error(localizedMessage, e4);
                        throw new PublisherException(localizedMessage);
                    }
                    log.warn("Failed to publish to " + next + ". Trying next in list.");
                } else if (log.isDebugEnabled()) {
                    log.debug("No old entry exist for '" + constructLDAPDN + "'.");
                }
                try {
                    lDAPConnection.disconnect(this.ldapDisconnectConstraints);
                } catch (LDAPException e5) {
                    log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e5);
                }
            }
            if (!z) {
                break;
            }
        } while (it.hasNext());
        return lDAPEntry;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public void testConnection() throws PublisherConnectionException {
        LDAPEntry read;
        LDAPConnection createLdapConnection = createLdapConnection();
        Iterator<String> it = getHostnameList().iterator();
        do {
            boolean z = false;
            String next = it.next();
            try {
                try {
                    TCPTool.probeConnectionLDAP(next, Integer.parseInt(getPort()), getConnectionTimeOut());
                    createLdapConnection.connect(next, Integer.parseInt(getPort()));
                    if (getConnectionSecurity() == ConnectionSecurity.STARTTLS) {
                        if (log.isDebugEnabled()) {
                            log.debug("STARTTLS to LDAP server " + next);
                        }
                        createLdapConnection.startTLS();
                    }
                    createLdapConnection.bind(3, getLoginDN(), getLoginPassword().getBytes("UTF8"), this.ldapBindConstraints);
                    String baseDN = getBaseDN();
                    if (log.isDebugEnabled()) {
                        log.debug("Trying to read top node '" + baseDN + "'");
                    }
                    read = createLdapConnection.read(baseDN, this.ldapSearchConstraints);
                } catch (Throwable th) {
                    try {
                        createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                    } catch (LDAPException e) {
                        log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e);
                    }
                    throw th;
                }
            } catch (LDAPException e2) {
                z = true;
                if (!it.hasNext()) {
                    String localizedMessage = intres.getLocalizedMessage("publisher.errorldapbind", e2.getMessage());
                    log.error(localizedMessage, e2);
                    throw new PublisherConnectionException(localizedMessage);
                }
                log.warn("Failed to connect to " + next + ". Trying next in list.", e2);
                try {
                    createLdapConnection.disconnect(this.ldapDisconnectConstraints);
                } catch (LDAPException e3) {
                    log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e3);
                }
            } catch (UnsupportedEncodingException e4) {
                String localizedMessage2 = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
                log.error(localizedMessage2, e4);
                throw new PublisherConnectionException(localizedMessage2);
            }
            if (read == null) {
                throw new PublisherConnectionException(intres.getLocalizedMessage("publisher.errornobinddn", new Object[0]));
                break;
            }
            if (log.isDebugEnabled()) {
                log.debug("Entry" + read.toString());
            }
            try {
                createLdapConnection.disconnect(this.ldapDisconnectConstraints);
            } catch (LDAPException e5) {
                log.error(intres.getLocalizedMessage("publisher.errordisconnect", new Object[0]), e5);
            }
            if (!z) {
                return;
            }
        } while (it.hasNext());
    }

    protected LDAPConnection createLdapConnection() {
        LDAPConnection lDAPConnection;
        int connectionTimeOut = getConnectionTimeOut();
        this.ldapBindConstraints.setTimeLimit(connectionTimeOut);
        this.ldapDisconnectConstraints.setTimeLimit(connectionTimeOut);
        this.ldapConnectionConstraints.setTimeLimit(connectionTimeOut);
        this.ldapSearchConstraints.setTimeLimit(getReadTimeOut());
        this.ldapStoreConstraints.setTimeLimit(getStoreTimeOut());
        if (log.isDebugEnabled()) {
            log.debug("connecttimeout: " + this.ldapConnectionConstraints.getTimeLimit());
            log.debug("bindtimeout: " + this.ldapBindConstraints.getTimeLimit());
            log.debug("disconnecttimeout: " + this.ldapDisconnectConstraints.getTimeLimit());
            log.debug("readtimeout: " + this.ldapSearchConstraints.getTimeLimit());
            log.debug("storetimeout: " + this.ldapStoreConstraints.getTimeLimit());
            log.debug("connectionsecurity: " + getConnectionSecurity());
        }
        switch (getConnectionSecurity()) {
            case STARTTLS:
                lDAPConnection = new LDAPConnection(new LDAPJSSEStartTLSFactory());
                break;
            case SSL:
                lDAPConnection = new LDAPConnection(new LDAPJSSESecureSocketFactory());
                break;
            default:
                lDAPConnection = new LDAPConnection();
                break;
        }
        lDAPConnection.setConstraints(this.ldapConnectionConstraints);
        return lDAPConnection;
    }

    public List<String> getHostnameList() {
        ArrayList arrayList = new ArrayList();
        for (String str : getHostnames().split(EndEntityProfile.SPLITCHAR)) {
            arrayList.add(str);
        }
        return arrayList;
    }

    public String getHostnames() {
        return (String) this.data.get(HOSTNAMES);
    }

    public void setHostnames(String str) {
        this.data.put(HOSTNAMES, str);
    }

    public void setConnectionSecurity(ConnectionSecurity connectionSecurity) {
        this.data.put(CONNECTIONSECURITY, connectionSecurity);
    }

    public ConnectionSecurity getConnectionSecurity() {
        Object obj = this.data.get(CONNECTIONSECURITY);
        ConnectionSecurity connectionSecurity = ConnectionSecurity.PLAIN;
        if (obj == null) {
            Object obj2 = this.data.get(USESSL);
            if (obj2 != null && ((Boolean) obj2).booleanValue()) {
                connectionSecurity = ConnectionSecurity.SSL;
            }
        } else {
            connectionSecurity = (ConnectionSecurity) obj;
        }
        return connectionSecurity;
    }

    public String getPort() {
        return (String) this.data.get(PORT);
    }

    public void setPort(String str) {
        this.data.put(PORT, str);
    }

    public String getBaseDN() {
        return (String) this.data.get(BASEDN);
    }

    public void setBaseDN(String str) {
        this.data.put(BASEDN, str);
    }

    public String getLoginDN() {
        return (String) this.data.get(LOGINDN);
    }

    public void setLoginDN(String str) {
        this.data.put(LOGINDN, str);
    }

    public String getLoginPassword() {
        return (String) this.data.get(LOGINPASSWORD);
    }

    public void setLoginPassword(String str) {
        this.data.put(LOGINPASSWORD, str);
    }

    public boolean getCreateNonExistingUsers() {
        return ((Boolean) this.data.get(CREATENONEXISTING)).booleanValue();
    }

    public void setCreateNonExistingUsers(boolean z) {
        this.data.put(CREATENONEXISTING, Boolean.valueOf(z));
    }

    public boolean getModifyExistingUsers() {
        return ((Boolean) this.data.get(MODIFYEXISTING)).booleanValue();
    }

    public void setModifyExistingUsers(boolean z) {
        this.data.put(MODIFYEXISTING, Boolean.valueOf(z));
    }

    public boolean getModifyExistingAttributes() {
        return ((Boolean) this.data.get(MODIFYEXISTINGATTR)).booleanValue();
    }

    public void setModifyExistingAttributes(boolean z) {
        this.data.put(MODIFYEXISTINGATTR, Boolean.valueOf(z));
    }

    public boolean getAddNonExistingAttributes() {
        return ((Boolean) this.data.get(ADDNONEXISTINGATTR)).booleanValue();
    }

    public void setAddNonExistingAttributes(boolean z) {
        this.data.put(ADDNONEXISTINGATTR, Boolean.valueOf(z));
    }

    public String getUserObjectClass() {
        return (String) this.data.get(USEROBJECTCLASS);
    }

    public void setUserObjectClass(String str) {
        this.data.put(USEROBJECTCLASS, str);
    }

    public String getCAObjectClass() {
        return (String) this.data.get(CAOBJECTCLASS);
    }

    public void setCAObjectClass(String str) {
        this.data.put(CAOBJECTCLASS, str);
    }

    public String getUserCertAttribute() {
        return (String) this.data.get(USERCERTATTRIBUTE);
    }

    public void setUserCertAttribute(String str) {
        this.data.put(USERCERTATTRIBUTE, str);
    }

    public String getCACertAttribute() {
        return (String) this.data.get(CACERTATTRIBUTE);
    }

    public void setCACertAttribute(String str) {
        this.data.put(CACERTATTRIBUTE, str);
    }

    public String getCRLAttribute() {
        return (String) this.data.get(CRLATTRIBUTE);
    }

    public void setCRLAttribute(String str) {
        this.data.put(CRLATTRIBUTE, str);
    }

    public String getDeltaCRLAttribute() {
        if (this.data.get(DELTACRLATTRIBUTE) != null) {
            return (String) this.data.get(DELTACRLATTRIBUTE);
        }
        setDeltaCRLAttribute(DEFAULT_DELTACRLATTRIBUTE);
        return DEFAULT_DELTACRLATTRIBUTE;
    }

    public void setDeltaCRLAttribute(String str) {
        this.data.put(DELTACRLATTRIBUTE, str);
    }

    public String getARLAttribute() {
        return (String) this.data.get(ARLATTRIBUTE);
    }

    public void setARLAttribute(String str) {
        this.data.put(ARLATTRIBUTE, str);
    }

    public Collection<Integer> getUseFieldInLdapDN() {
        return (Collection) this.data.get(USEFIELDINLDAPDN);
    }

    public void setUseFieldInLdapDN(Collection<Integer> collection) {
        this.data.put(USEFIELDINLDAPDN, collection);
    }

    public boolean getAddMultipleCertificates() {
        return ((Boolean) this.data.get(ADDMULTIPLECERTIFICATES)).booleanValue();
    }

    public void setAddMultipleCertificates(boolean z) {
        this.data.put(ADDMULTIPLECERTIFICATES, Boolean.valueOf(z));
    }

    public void setRemoveRevokedCertificates(boolean z) {
        this.data.put(REMOVEREVOKED, Boolean.valueOf(z));
    }

    public boolean getRemoveRevokedCertificates() {
        boolean z = true;
        if (this.data.get(REMOVEREVOKED) != null) {
            z = ((Boolean) this.data.get(REMOVEREVOKED)).booleanValue();
        }
        return z;
    }

    public void setRemoveUsersWhenCertRevoked(boolean z) {
        this.data.put(REMOVEUSERONCERTREVOKE, Boolean.valueOf(z));
    }

    public boolean getRemoveUsersWhenCertRevoked() {
        boolean z = false;
        if (this.data.get(REMOVEUSERONCERTREVOKE) != null) {
            z = ((Boolean) this.data.get(REMOVEUSERONCERTREVOKE)).booleanValue();
        }
        return z;
    }

    public void setCreateIntermediateNodes(boolean z) {
        this.data.put(CREATEINTERMEDIATENODES, Boolean.valueOf(z));
    }

    public boolean getCreateIntermediateNodes() {
        boolean z = false;
        if (this.data.get(CREATEINTERMEDIATENODES) != null) {
            z = ((Boolean) this.data.get(CREATEINTERMEDIATENODES)).booleanValue();
        }
        return z;
    }

    public void setUserPassword(boolean z) {
        this.data.put(SETUSERPASSWORD, Boolean.valueOf(z));
    }

    public boolean getSetUserPassword() {
        boolean z = false;
        if (this.data.get(SETUSERPASSWORD) != null) {
            z = ((Boolean) this.data.get(SETUSERPASSWORD)).booleanValue();
        }
        return z;
    }

    public int getConnectionTimeOut() {
        int parseInt = Integer.parseInt(DEFAULT_TIMEOUT);
        if (this.data.get(TIMEOUT) != null) {
            parseInt = Integer.parseInt((String) this.data.get(TIMEOUT));
        }
        return parseInt;
    }

    public int getReadTimeOut() {
        int parseInt = Integer.parseInt(DEFAULT_READTIMEOUT);
        if (this.data.get(READTIMEOUT) != null) {
            parseInt = Integer.parseInt((String) this.data.get(READTIMEOUT));
        }
        return parseInt;
    }

    public int getStoreTimeOut() {
        int parseInt = Integer.parseInt(DEFAULT_STORETIMEOUT);
        if (this.data.get(STORETIMEOUT) != null) {
            parseInt = Integer.parseInt((String) this.data.get(STORETIMEOUT));
        }
        return parseInt;
    }

    public void setConnectionTimeOut(int i) {
        this.data.put(TIMEOUT, Integer.toString(i));
        this.ldapBindConstraints.setTimeLimit(i);
        this.ldapConnectionConstraints.setTimeLimit(i);
        this.ldapDisconnectConstraints.setTimeLimit(i);
    }

    public void setReadTimeOut(int i) {
        this.data.put(READTIMEOUT, Integer.toString(i));
        this.ldapSearchConstraints.setTimeLimit(i);
    }

    public void setStoreTimeOut(int i) {
        this.data.put(STORETIMEOUT, Integer.toString(i));
        this.ldapStoreConstraints.setTimeLimit(i);
    }

    protected Collection<LDAPAttribute> getAttributesFromDN(String str, String[] strArr) {
        LinkedList linkedList = new LinkedList();
        for (int i = 0; i < strArr.length; i++) {
            String partFromDN = CertTools.getPartFromDN(str, strArr[i]);
            if (partFromDN != null) {
                linkedList.add(new LDAPAttribute(strArr[i], partFromDN));
            }
        }
        return linkedList;
    }

    protected ArrayList<LDAPModification> getModificationSetFromDN(String str, LDAPEntry lDAPEntry, String[] strArr) {
        ArrayList<LDAPModification> arrayList = new ArrayList<>();
        boolean modifyExistingAttributes = getModifyExistingAttributes();
        boolean addNonExistingAttributes = getAddNonExistingAttributes();
        for (int i = 0; i < strArr.length; i++) {
            String partFromDN = CertTools.getPartFromDN(str, strArr[i]);
            LDAPAttribute attribute = lDAPEntry.getAttribute(strArr[i]);
            if (log.isDebugEnabled()) {
                if (attribute != null) {
                    log.debug("removeme, oldattribute=" + attribute.toString());
                }
                if (str != null) {
                    log.debug("removeme, dn=" + str);
                }
            }
            if ((partFromDN != null && attribute == null && addNonExistingAttributes) || (partFromDN != null && attribute != null && modifyExistingAttributes)) {
                arrayList.add(new LDAPModification(2, new LDAPAttribute(strArr[i], partFromDN)));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPAttributeSet getAttributeSet(Certificate certificate, String str, String str2, String str3, boolean z, boolean z2, String str4, ExtendedInformation extendedInformation) {
        String serialNumberAsString;
        String partFromDN;
        if (log.isTraceEnabled()) {
            log.trace(">getAttributeSet(dn=" + str2 + ", email=" + str3 + ")");
        }
        LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
        LDAPAttribute lDAPAttribute = new LDAPAttribute("objectclass");
        StringTokenizer stringTokenizer = new StringTokenizer(str, EndEntityProfile.SPLITCHAR);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (log.isDebugEnabled()) {
                log.debug("Adding objectclass value: " + nextToken);
            }
            lDAPAttribute.addValue(nextToken);
        }
        lDAPAttributeSet.add(lDAPAttribute);
        if (z) {
            lDAPAttributeSet.addAll(getAttributesFromDN(str2, MATCHINGEXTRAATTRIBUTES));
            if (z2) {
                lDAPAttributeSet.addAll(getAttributesFromDN(str2, MATCHINGPERSONALATTRIBUTES));
                String partFromDN2 = CertTools.getPartFromDN(str2, ScepConfiguration.DEFAULT_RA_NAME_GENERATION_PARAMETERS);
                String partFromDN3 = CertTools.getPartFromDN(str2, "SURNAME");
                if (partFromDN3 == null && partFromDN2 != null && str.contains("inetOrgPerson")) {
                    int lastIndexOf = partFromDN2.lastIndexOf(32);
                    if (lastIndexOf <= 0) {
                        partFromDN3 = partFromDN2;
                    } else if (lastIndexOf < partFromDN2.length()) {
                        partFromDN3 = new String(partFromDN2.substring(lastIndexOf + 1));
                    }
                }
                if (partFromDN3 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("sn", partFromDN3));
                }
                String partFromDN4 = CertTools.getPartFromDN(str2, "GIVENNAME");
                if (partFromDN4 == null && partFromDN2 != null && str.contains("inetOrgPerson")) {
                    int indexOf = partFromDN2.indexOf(32);
                    if (indexOf > 0) {
                        partFromDN4 = new String(partFromDN2.substring(0, indexOf));
                    } else if (partFromDN3 == null) {
                        partFromDN4 = partFromDN2;
                    }
                }
                if (partFromDN4 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("givenName", partFromDN4));
                }
                String partFromDN5 = CertTools.getPartFromDN(str2, "T");
                if (partFromDN5 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("title", partFromDN5));
                }
                if (str3 != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("mail", str3));
                }
                if (getUseFieldInLdapDN().contains(3) && (partFromDN = CertTools.getPartFromDN(str2, "SN")) != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("serialNumber", partFromDN));
                }
                if (str.contains("inetOrgPersonWithCertSerno") && certificate != null && (serialNumberAsString = CertTools.getSerialNumberAsString(certificate)) != null) {
                    lDAPAttributeSet.add(new LDAPAttribute("certificateSerialNumber", serialNumberAsString));
                }
                if (getSetUserPassword() && str4 != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Adding userPassword attribute");
                    }
                    lDAPAttributeSet.add(new LDAPAttribute("userPassword", str4));
                }
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getAttributeSet()");
        }
        return lDAPAttributeSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ArrayList<LDAPModification> getModificationSet(LDAPEntry lDAPEntry, String str, String str2, boolean z, boolean z2, String str3, Certificate certificate) {
        String serialNumberAsString;
        if (log.isTraceEnabled()) {
            log.trace(">getModificationSet(dn=" + str + ", email=" + str2 + ")");
        }
        boolean modifyExistingAttributes = getModifyExistingAttributes();
        boolean addNonExistingAttributes = getAddNonExistingAttributes();
        String userObjectClass = getUserObjectClass();
        ArrayList<LDAPModification> arrayList = new ArrayList<>();
        if (z) {
            if (log.isDebugEnabled()) {
                log.debug("Adding extra attributes to modificationSet");
            }
            arrayList.addAll(getModificationSetFromDN(str, lDAPEntry, MATCHINGEXTRAATTRIBUTES));
            if (z2) {
                String partFromDN = CertTools.getPartFromDN(str, ScepConfiguration.DEFAULT_RA_NAME_GENERATION_PARAMETERS);
                String partFromDN2 = CertTools.getPartFromDN(str, "SURNAME");
                if (partFromDN2 == null && partFromDN != null && userObjectClass.contains("inetOrgPerson")) {
                    int lastIndexOf = partFromDN.lastIndexOf(32);
                    if (lastIndexOf <= 0) {
                        partFromDN2 = partFromDN;
                    } else if (lastIndexOf < partFromDN.length()) {
                        partFromDN2 = new String(partFromDN.substring(lastIndexOf + 1));
                    }
                }
                LDAPAttribute attribute = lDAPEntry.getAttribute("sn");
                if ((partFromDN2 != null && attribute == null && addNonExistingAttributes) || (partFromDN2 != null && attribute != null && modifyExistingAttributes)) {
                    arrayList.add(new LDAPModification(2, new LDAPAttribute("sn", partFromDN2)));
                }
                String partFromDN3 = CertTools.getPartFromDN(str, "GIVENNAME");
                LDAPAttribute attribute2 = lDAPEntry.getAttribute("GIVENNAME");
                if (partFromDN3 == null && partFromDN != null) {
                    if (userObjectClass.contains("inetOrgPerson")) {
                        int indexOf = partFromDN.indexOf(32);
                        if (indexOf > 0) {
                            partFromDN3 = new String(partFromDN.substring(0, indexOf));
                        } else if (partFromDN2 == null) {
                            partFromDN3 = partFromDN;
                        }
                    }
                    if ((partFromDN3 != null && attribute2 == null && addNonExistingAttributes) || (partFromDN3 != null && attribute2 != null && modifyExistingAttributes)) {
                        arrayList.add(new LDAPModification(2, new LDAPAttribute("givenName", partFromDN3)));
                    }
                }
                String partFromDN4 = CertTools.getPartFromDN(str, "T");
                LDAPAttribute attribute3 = lDAPEntry.getAttribute("Title");
                if ((partFromDN4 != null && attribute3 == null && addNonExistingAttributes) || (partFromDN4 != null && attribute3 != null && modifyExistingAttributes)) {
                    arrayList.add(new LDAPModification(2, new LDAPAttribute("givenName", partFromDN4)));
                }
                LDAPAttribute attribute4 = lDAPEntry.getAttribute("mail");
                if ((str2 != null && attribute4 == null && addNonExistingAttributes) || (str2 != null && attribute4 != null && modifyExistingAttributes)) {
                    arrayList.add(new LDAPModification(2, new LDAPAttribute("mail", str2)));
                }
                arrayList.addAll(getModificationSetFromDN(str, lDAPEntry, MATCHINGPERSONALATTRIBUTES));
                if (getUseFieldInLdapDN().contains(3)) {
                    String partFromDN5 = CertTools.getPartFromDN(str, "SN");
                    LDAPAttribute attribute5 = lDAPEntry.getAttribute("SN");
                    if ((partFromDN5 != null && attribute5 == null && addNonExistingAttributes) || (partFromDN5 != null && attribute5 != null && modifyExistingAttributes)) {
                        arrayList.add(new LDAPModification(2, new LDAPAttribute("serialNumber", partFromDN5)));
                    }
                }
                if (userObjectClass.contains("inetOrgPersonWithCertSerno") && certificate != null && (serialNumberAsString = CertTools.getSerialNumberAsString(certificate)) != null) {
                    arrayList.add(new LDAPModification(2, new LDAPAttribute("certificateSerialNumber", serialNumberAsString)));
                }
                if (getSetUserPassword() && str3 != null && (addNonExistingAttributes || modifyExistingAttributes)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Modifying userPassword attribute");
                    }
                    arrayList.add(new LDAPModification(2, new LDAPAttribute("userPassword", str3)));
                }
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getModificationSet()");
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String constructLDAPDN(String str, String str2) {
        if (log.isDebugEnabled()) {
            log.debug("DN in certificate '" + str + "'. DN in user data '" + str2 + "'.");
        }
        DNFieldExtractor dNFieldExtractor = new DNFieldExtractor(str, 0);
        DNFieldExtractor dNFieldExtractor2 = str2 != null ? new DNFieldExtractor(str2, 0) : null;
        Collection<Integer> useFieldInLdapDN = getUseFieldInLdapDN();
        if (useFieldInLdapDN instanceof List) {
            Collections.sort((List) useFieldInLdapDN);
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(LdapNameStyle.INSTANCE);
        for (Integer num : useFieldInLdapDN) {
            String fieldString = dNFieldExtractor.getFieldString(num.intValue());
            if (StringUtils.isEmpty(fieldString) && dNFieldExtractor2 != null) {
                fieldString = dNFieldExtractor2.getFieldString(num.intValue());
            }
            if (StringUtils.isNotEmpty(fieldString)) {
                x500NameBuilder.addRDN(new X500Name(LdapNameStyle.INSTANCE, fieldString).getRDNs()[0].getFirst());
            }
        }
        String str3 = x500NameBuilder.build().toString() + "," + getBaseDN();
        if (log.isDebugEnabled()) {
            log.debug("LdapPublisher: constructed DN: " + str3);
        }
        return str3;
    }

    protected byte[] getFakeCRL() {
        byte[] bArr = null;
        try {
            bArr = CertTools.getCRLfromByteArray(fakecrlbytes).getEncoded();
        } catch (CRLException e) {
        }
        return bArr;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public Object clone() throws CloneNotSupportedException {
        LdapPublisher ldapPublisher = new LdapPublisher();
        HashMap hashMap = (HashMap) ldapPublisher.saveData();
        for (Object obj : this.data.keySet()) {
            hashMap.put(obj, this.data.get(obj));
        }
        ldapPublisher.loadData(hashMap);
        return ldapPublisher;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public float getLatestVersion() {
        return 12.0f;
    }

    @Override // org.ejbca.core.model.ca.publisher.BasePublisher
    public void upgrade() {
        log.trace(">upgrade");
        if (Float.compare(12.0f, getVersion()) != 0) {
            log.info(intres.getLocalizedMessage("publisher.upgrade", new Float(getVersion())));
            if (this.data.get(ADDMULTIPLECERTIFICATES) == null) {
                setAddMultipleCertificates(false);
            }
            if (this.data.get(REMOVEREVOKED) == null) {
                setRemoveRevokedCertificates(true);
            }
            if (this.data.get(REMOVEUSERONCERTREVOKE) == null) {
                setRemoveUsersWhenCertRevoked(false);
            }
            if (this.data.get(CREATEINTERMEDIATENODES) == null) {
                setCreateIntermediateNodes(false);
            }
            if (this.data.get(DELTACRLATTRIBUTE) == null) {
                setDeltaCRLAttribute(DEFAULT_DELTACRLATTRIBUTE);
            }
            if (this.data.get(ADDNONEXISTINGATTR) == null) {
                setModifyExistingAttributes(false);
                setAddNonExistingAttributes(true);
            }
            if (getVersion() < 9.0f) {
                setConnectionTimeOut(getConnectionTimeOut());
            }
            if (this.data.get(SETUSERPASSWORD) == null) {
                setUserPassword(false);
            }
            if (this.data.get(READTIMEOUT) == null) {
                setStoreTimeOut(getStoreTimeOut());
                setReadTimeOut(getReadTimeOut());
            }
            if (this.data.get(CONNECTIONSECURITY) == null) {
                if (((Boolean) this.data.get(USESSL)).booleanValue()) {
                    setConnectionSecurity(ConnectionSecurity.SSL);
                } else {
                    setConnectionSecurity(ConnectionSecurity.PLAIN);
                }
            }
            this.data.put("version", new Float(12.0f));
        }
        log.trace("<upgrade");
    }
}
