package com.orientechnologies.security.ldap;

import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.core.db.ODatabase;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.metadata.schema.OProperty;
import com.orientechnologies.orient.core.metadata.schema.OType;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.sql.executor.OResult;
import com.orientechnologies.orient.core.sql.executor.OResultSet;
import com.orientechnologies.orient.server.OServer;
import com.orientechnologies.orient.server.config.OServerConfigurationManager;
import com.orientechnologies.orient.server.security.OSecurityAuthenticator;
import com.orientechnologies.orient.server.security.OSecurityComponent;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.naming.directory.DirContext;
import javax.security.auth.Subject;

/* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter.class */
public class OLDAPImporter implements OSecurityComponent {
    private OServer server;
    private Timer importTimer;
    private final String oldapUserClass = "_OLDAPUser";
    private boolean debug = false;
    private boolean enabled = true;
    private int importPeriod = 60;
    private final ConcurrentHashMap<String, Database> databaseMap = new ConcurrentHashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter$Database.class */
    public class Database {
        private String name;
        private boolean ignoreLocal;
        private List<DatabaseDomain> databaseDomains;

        public String getName() {
            return this.name;
        }

        public boolean ignoreLocal() {
            return this.ignoreLocal;
        }

        public List<DatabaseDomain> getDatabaseDomains() {
            return this.databaseDomains;
        }

        public Database(String str, boolean z, List<DatabaseDomain> list) {
            this.name = str;
            this.ignoreLocal = z;
            this.databaseDomains = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter$DatabaseDomain.class */
    public class DatabaseDomain {
        private String domain;
        private String authenticator;
        private List<OLDAPServer> ldapServers;
        private List<User> users;

        public String getDomain() {
            return this.domain;
        }

        public String getAuthenticator() {
            return this.authenticator;
        }

        public List<OLDAPServer> getLDAPServers() {
            return this.ldapServers;
        }

        public List<User> getUsers() {
            return this.users;
        }

        public DatabaseDomain(String str, List<OLDAPServer> list, List<User> list2, String str2) {
            this.domain = str;
            this.ldapServers = list;
            this.users = list2;
            this.authenticator = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter$DatabaseUser.class */
    public class DatabaseUser {
        private String user;
        private Set<String> roles = new LinkedHashSet();

        private String getUser() {
            return this.user;
        }

        public Set<String> getRoles() {
            return this.roles;
        }

        public void addRoles(Set<String> set) {
            if (set != null) {
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    this.roles.add(it.next());
                }
            }
        }

        public DatabaseUser(String str) {
            this.user = str;
        }
    }

    /* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter$ImportTask.class */
    private class ImportTask extends TimerTask {
        private ImportTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            OLDAPImporter.this.importLDAP();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/orientechnologies/security/ldap/OLDAPImporter$User.class */
    public class User {
        private String baseDN;
        private String filter;
        private Set<String> roles = new LinkedHashSet();

        public String getBaseDN() {
            return this.baseDN;
        }

        public String getFilter() {
            return this.filter;
        }

        public Set<String> getRoles() {
            return this.roles;
        }

        public User(String str, String str2, List<String> list) {
            this.baseDN = str;
            this.filter = str2;
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                this.roles.add(it.next());
            }
        }
    }

    public void active() {
        Iterator<Map.Entry<String, Database>> it = this.databaseMap.entrySet().iterator();
        while (it.hasNext()) {
            Database value = it.next().getValue();
            ODatabase<?> oDatabase = null;
            try {
                try {
                    oDatabase = this.server.getSecurity().openDatabase(value.getName());
                    verifySchema(oDatabase);
                    if (oDatabase != null) {
                        oDatabase.close();
                    }
                } catch (Exception e) {
                    OLogManager.instance().error(this, "OLDAPImporter.active() Database: %s", e, new Object[]{value.getName()});
                    if (oDatabase != null) {
                        oDatabase.close();
                    }
                }
            } catch (Throwable th) {
                if (oDatabase != null) {
                    oDatabase.close();
                }
                throw th;
            }
        }
        ImportTask importTask = new ImportTask();
        this.importTimer = new Timer(true);
        this.importTimer.scheduleAtFixedRate(importTask, 30000L, this.importPeriod * 1000);
        OLogManager.instance().info(this, "**************************************", new Object[0]);
        OLogManager.instance().info(this, "** OrientDB LDAP Importer Is Active **", new Object[0]);
        OLogManager.instance().info(this, "**************************************", new Object[0]);
    }

    public void config(OServer oServer, OServerConfigurationManager oServerConfigurationManager, ODocument oDocument) {
        try {
            this.server = oServer;
            this.databaseMap.clear();
            if (oDocument.containsField("debug")) {
                this.debug = ((Boolean) oDocument.field("debug")).booleanValue();
            }
            if (oDocument.containsField("enabled")) {
                this.enabled = ((Boolean) oDocument.field("enabled")).booleanValue();
            }
            if (oDocument.containsField("period")) {
                this.importPeriod = ((Integer) oDocument.field("period")).intValue();
                if (this.debug) {
                    OLogManager.instance().info(this, "Import Period = " + this.importPeriod, new Object[0]);
                }
            }
            if (oDocument.containsField("databases")) {
                for (ODocument oDocument2 : (List) oDocument.field("databases")) {
                    if (oDocument2.containsField("database")) {
                        String str = (String) oDocument2.field("database");
                        if (this.debug) {
                            OLogManager.instance().info(this, "config() database: %s", new Object[]{str});
                        }
                        boolean booleanValue = oDocument2.containsField("ignoreLocal") ? ((Boolean) oDocument2.field("ignoreLocal")).booleanValue() : true;
                        if (oDocument2.containsField("domains")) {
                            ArrayList arrayList = new ArrayList();
                            for (ODocument oDocument3 : (List) oDocument2.field("domains")) {
                                if (oDocument3.containsField("domain")) {
                                    String str2 = (String) oDocument3.field("domain");
                                    String str3 = oDocument3.containsField("authenticator") ? (String) oDocument3.field("authenticator") : null;
                                    if (oDocument3.containsField("servers")) {
                                        ArrayList arrayList2 = new ArrayList();
                                        for (ODocument oDocument4 : (List) oDocument3.field("servers")) {
                                            String str4 = (String) oDocument4.field("url");
                                            OLDAPServer validateURL = OLDAPServer.validateURL(str4, oDocument4.containsField("isAlias") ? ((Boolean) oDocument4.field("isAlias")).booleanValue() : false);
                                            if (validateURL != null) {
                                                arrayList2.add(validateURL);
                                            } else {
                                                OLogManager.instance().error(this, "Import LDAP Invalid server URL for database: %s, domain: %s, URL: %s", (Throwable) null, new Object[]{str, str2, str4});
                                            }
                                        }
                                        ArrayList arrayList3 = new ArrayList();
                                        List<ODocument> list = (List) oDocument3.field("users");
                                        if (list != null) {
                                            for (ODocument oDocument5 : list) {
                                                if (!oDocument5.containsField("baseDN") || !oDocument5.containsField("filter")) {
                                                    OLogManager.instance().error(this, "Import LDAP The User's \"baseDN\" or \"filter\" property is missing for database %s", (Throwable) null, new Object[0]);
                                                } else if (oDocument5.containsField("roles")) {
                                                    String str5 = (String) oDocument5.field("baseDN");
                                                    String str6 = (String) oDocument5.field("filter");
                                                    if (this.debug) {
                                                        OLogManager.instance().info(this, "config() database: %s, baseDN: %s, filter: %s", new Object[]{str, str5, str6});
                                                    }
                                                    arrayList3.add(new User(str5, str6, (List) oDocument5.field("roles")));
                                                } else {
                                                    OLogManager.instance().error(this, "Import LDAP The User's \"roles\" property is missing for database %s", (Throwable) null, new Object[0]);
                                                }
                                            }
                                        }
                                        arrayList.add(new DatabaseDomain(str2, arrayList2, arrayList3, str3));
                                    } else {
                                        OLogManager.instance().error(this, "Import LDAP database %s \"domain\" is missing its \"servers\" property", (Throwable) null, new Object[0]);
                                    }
                                } else {
                                    OLogManager.instance().error(this, "Import LDAP database %s \"domain\" object is missing its \"domain\" property", (Throwable) null, new Object[0]);
                                }
                            }
                            if (str != null) {
                                this.databaseMap.put(str, new Database(str, booleanValue, arrayList));
                            }
                        } else {
                            OLogManager.instance().error(this, "Import LDAP database %s contains no \"domains\" property", (Throwable) null, new Object[0]);
                        }
                    } else {
                        OLogManager.instance().error(this, "Import LDAP databases contains no \"database\" property", (Throwable) null, new Object[0]);
                    }
                }
            } else {
                OLogManager.instance().error(this, "Import LDAP contains no \"databases\" property", (Throwable) null, new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.config()", e, new Object[0]);
        }
    }

    public void dispose() {
        if (this.importTimer != null) {
            this.importTimer.cancel();
            this.importTimer = null;
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    private void verifySchema(ODatabase<?> oDatabase) {
        try {
            System.out.println("calling existsClass odb = " + oDatabase);
            if (!oDatabase.getMetadata().getSchema().existsClass("_OLDAPUser")) {
                System.out.println("calling createClass");
                OClass createClass = oDatabase.getMetadata().getSchema().createClass("_OLDAPUser");
                System.out.println("calling createProperty");
                OProperty createProperty = createClass.createProperty("Domain", OType.STRING);
                System.out.println("calling setMandatory");
                createProperty.setMandatory(true);
                createProperty.setNotNull(true);
                OProperty createProperty2 = createClass.createProperty("BaseDN", OType.STRING);
                createProperty2.setMandatory(true);
                createProperty2.setNotNull(true);
                OProperty createProperty3 = createClass.createProperty("Filter", OType.STRING);
                createProperty3.setMandatory(true);
                createProperty3.setNotNull(true);
                OProperty createProperty4 = createClass.createProperty("Roles", OType.STRING);
                createProperty4.setMandatory(true);
                createProperty4.setNotNull(true);
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.verifySchema()", e, new Object[0]);
        }
    }

    public Subject getLDAPSubject(String str) {
        Subject subject = null;
        OSecurityAuthenticator primaryAuthenticator = str == null ? this.server.getSecurity().getPrimaryAuthenticator() : this.server.getSecurity().getAuthenticator(str);
        if (primaryAuthenticator != null) {
            subject = primaryAuthenticator.getClientSubject();
        }
        return subject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Finally extract failed */
    public synchronized void importLDAP() {
        DatabaseUser databaseUser;
        if (this.server.getSecurity() == null) {
            OLogManager.instance().error(this, "OLDAPImporter.importLDAP() ServerSecurity is null", (Throwable) null, new Object[0]);
            return;
        }
        if (this.debug) {
            OLogManager.instance().info(this, "OLDAPImporter.importLDAP() \n", new Object[0]);
        }
        Iterator<Map.Entry<String, Database>> it = this.databaseMap.entrySet().iterator();
        while (it.hasNext()) {
            try {
                Database value = it.next().getValue();
                ODatabase<?> openDatabase = this.server.getSecurity().openDatabase(value.getName());
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
                try {
                    boolean z = false;
                    retrieveAllUsers(openDatabase, value.ignoreLocal(), linkedHashSet);
                    for (DatabaseDomain databaseDomain : value.getDatabaseDomains()) {
                        try {
                            Subject lDAPSubject = getLDAPSubject(databaseDomain.getAuthenticator());
                            if (lDAPSubject != null) {
                                DirContext openContext = OLDAPLibrary.openContext(lDAPSubject, databaseDomain.getLDAPServers(), this.debug);
                                if (openContext != null) {
                                    z = true;
                                    try {
                                        ArrayList arrayList = new ArrayList();
                                        arrayList.addAll(databaseDomain.getUsers());
                                        retrieveLDAPUsers(openDatabase, databaseDomain.getDomain(), arrayList);
                                        for (User user : arrayList) {
                                            ArrayList<String> arrayList2 = new ArrayList();
                                            OLogManager.instance().info(this, "OLDAPImporter.importLDAP() Calling retrieveUsers for Database: %s, Filter: %s", new Object[]{value.getName(), user.getFilter()});
                                            OLDAPLibrary.retrieveUsers(openContext, user.getBaseDN(), user.getFilter(), arrayList2, this.debug);
                                            if (arrayList2.isEmpty()) {
                                                OLogManager.instance().info(this, "OLDAPImporter.importLDAP() No users found at BaseDN: %s, Filter: %s, for Database: %s", new Object[]{user.getBaseDN(), user.getFilter(), value.getName()});
                                            } else {
                                                for (String str : arrayList2) {
                                                    if (linkedHashSet.contains(str)) {
                                                        linkedHashSet.remove(str);
                                                    }
                                                    OLogManager.instance().info(this, "OLDAPImporter.importLDAP() Database: %s, Filter: %s, UPN: %s", new Object[]{value.getName(), user.getFilter(), str});
                                                    if (concurrentHashMap.containsKey(str)) {
                                                        databaseUser = concurrentHashMap.get(str);
                                                    } else {
                                                        databaseUser = new DatabaseUser(str);
                                                        concurrentHashMap.put(str, databaseUser);
                                                    }
                                                    if (databaseUser != null) {
                                                        databaseUser.addRoles(user.getRoles());
                                                    }
                                                }
                                            }
                                        }
                                        openContext.close();
                                    } catch (Throwable th) {
                                        openContext.close();
                                        throw th;
                                        break;
                                    }
                                } else {
                                    OLogManager.instance().error(this, "OLDAPImporter.importLDAP() Could not obtain an LDAP DirContext for Database %s", (Throwable) null, new Object[]{value.getName()});
                                }
                            } else {
                                OLogManager.instance().error(this, "OLDAPImporter.importLDAP() Could not obtain an LDAP Subject for Database %s", (Throwable) null, new Object[]{value.getName()});
                            }
                        } catch (Exception e) {
                            OLogManager.instance().error(this, "OLDAPImporter.importLDAP() Database: %s", e, new Object[]{value.getName()});
                        }
                    }
                    importUsers(openDatabase, concurrentHashMap);
                    if (z) {
                        deleteUsers(openDatabase, linkedHashSet);
                    }
                    if (concurrentHashMap != null) {
                        concurrentHashMap.clear();
                    }
                    if (linkedHashSet != null) {
                        linkedHashSet.clear();
                    }
                    if (openDatabase != null) {
                        openDatabase.close();
                    }
                } catch (Throwable th2) {
                    if (concurrentHashMap != null) {
                        concurrentHashMap.clear();
                    }
                    if (linkedHashSet != null) {
                        linkedHashSet.clear();
                    }
                    if (openDatabase != null) {
                        openDatabase.close();
                    }
                    throw th2;
                }
            } catch (Exception e2) {
                OLogManager.instance().error(this, "OLDAPImporter.importLDAP()", e2, new Object[0]);
            }
        }
    }

    private void retrieveLDAPUsers(ODatabase<?> oDatabase, String str, List<User> list) {
        try {
            OResultSet query = oDatabase.query(String.format("SELECT FROM `%s` WHERE Domain = ?", "_OLDAPUser"), new Object[]{str});
            while (query.hasNext()) {
                OResult next = query.next();
                String str2 = (String) next.getProperty("Roles");
                if (str2 != null) {
                    ArrayList arrayList = new ArrayList();
                    for (String str3 : str2.split(",")) {
                        arrayList.add(str3.trim());
                    }
                    list.add(new User((String) next.getProperty("BaseDN"), (String) next.getProperty("Filter"), arrayList));
                } else {
                    OLogManager.instance().error(this, "OLDAPImporter.retrieveLDAPUsers() Roles is missing for entry Database: %s, Domain: %s", (Throwable) null, new Object[]{oDatabase.getName(), str});
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.retrieveLDAPUsers() Database: %s, Domain: %s", e, new Object[]{oDatabase.getName(), str});
        }
    }

    private void retrieveAllUsers(ODatabase<?> oDatabase, boolean z, Set<String> set) {
        try {
            OResultSet query = oDatabase.query(z ? "SELECT FROM OUser WHERE _externalUser = true" : "SELECT FROM OUser", new Object[0]);
            while (query.hasNext()) {
                String str = (String) query.next().getProperty("name");
                if (str != null && !str.equals("admin") && !str.equals("reader") && !str.equals("writer")) {
                    set.add(str);
                    OLogManager.instance().info(this, "OLDAPImporter.retrieveAllUsers() Database: %s, User: %s", new Object[]{oDatabase.getName(), str});
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.retrieveAllUsers() Database: %s", e, new Object[]{oDatabase.getName()});
        }
    }

    private void deleteUsers(ODatabase<?> oDatabase, Set<String> set) {
        try {
            for (String str : set) {
                oDatabase.command("DELETE FROM OUser WHERE name = ?", new Object[]{str});
                OLogManager.instance().info(this, "OLDAPImporter.deleteUsers() Deleted User: %s from Database: %s", new Object[]{str, oDatabase.getName()});
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.deleteUsers() Database: %s", e, new Object[]{oDatabase.getName()});
        }
    }

    private void importUsers(ODatabase<?> oDatabase, Map<String, DatabaseUser> map) {
        try {
            for (Map.Entry<String, DatabaseUser> entry : map.entrySet()) {
                String key = entry.getKey();
                if (upsertDbUser(oDatabase, key, entry.getValue().getRoles())) {
                    OLogManager.instance().info(this, "Added/Modified Database User %s in Database %s", new Object[]{key, oDatabase.getName()});
                } else {
                    OLogManager.instance().error(this, "Failed to add/update Database User %s in Database %s", (Throwable) null, new Object[]{key, oDatabase.getName()});
                }
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.importUsers() Database: %s", e, new Object[]{oDatabase.getName()});
        }
    }

    private boolean upsertDbUser(ODatabase<?> oDatabase, String str, Set<String> set) {
        try {
            String uuid = UUID.randomUUID().toString();
            StringBuilder sb = new StringBuilder();
            sb.append("UPDATE OUser SET name = ?, password = ?, status = \"ACTIVE\", _externalUser = true, roles = (SELECT FROM ORole WHERE name in [");
            String[] strArr = new String[set.size()];
            Iterator<String> it = set.iterator();
            int i = 0;
            while (it.hasNext()) {
                String next = it.next();
                sb.append("'");
                sb.append(next);
                sb.append("'");
                if (it.hasNext()) {
                    sb.append(", ");
                }
                strArr[i] = next;
                i++;
            }
            sb.append("]) UPSERT WHERE name = ?");
            oDatabase.command(sb.toString(), new Object[]{str, uuid, str});
            return true;
        } catch (Exception e) {
            OLogManager.instance().error(this, "OLDAPImporter.upsertDbUser()", e, new Object[0]);
            return false;
        }
    }
}
