package org.apache.airavata.accountprovisioning.provisioner;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import org.apache.airavata.accountprovisioning.ConfigParam;
import org.apache.airavata.accountprovisioning.InvalidUsernameException;
import org.apache.airavata.accountprovisioning.SSHAccountManager;
import org.apache.airavata.accountprovisioning.SSHAccountProvisioner;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.class */
public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner {
    private static final Logger logger = LoggerFactory.getLogger(SSHAccountManager.class);
    public static final String LDAP_PUBLIC_KEY_OBJECT_CLASS = "ldapPublicKey";
    public static final String SSH_PUBLIC_KEY_ATTRIBUTE_NAME = "sshPublicKey";
    public static final String GROUP_MEMBER_ATTRIBUTE_NAME = "memberUid";
    private String ldapHost;
    private String ldapUsername;
    private String ldapPassword;
    private String ldapBaseDN;
    private String canonicalScratchLocation;
    private String cybergatewayGroupDN;
    private int ldapPort;

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public void init(Map<ConfigParam, String> map) {
        this.ldapHost = map.get(IULdapSSHAccountProvisionerProvider.LDAP_HOST);
        this.ldapPort = Integer.valueOf(map.get(IULdapSSHAccountProvisionerProvider.LDAP_PORT)).intValue();
        this.ldapUsername = map.get(IULdapSSHAccountProvisionerProvider.LDAP_USERNAME);
        this.ldapPassword = map.get(IULdapSSHAccountProvisionerProvider.LDAP_PASSWORD);
        this.ldapBaseDN = map.get(IULdapSSHAccountProvisionerProvider.LDAP_BASE_DN);
        this.canonicalScratchLocation = map.get(IULdapSSHAccountProvisionerProvider.CANONICAL_SCRATCH_LOCATION);
        this.cybergatewayGroupDN = map.get(IULdapSSHAccountProvisionerProvider.CYBERGATEWAY_GROUP_DN);
    }

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public boolean hasAccount(String str) throws InvalidUsernameException {
        String username = getUsername(str);
        return ((Boolean) withLdapConnection(ldapConnection -> {
            try {
                return Boolean.valueOf(hasClusterAccount(ldapConnection, username));
            } catch (LdapException e) {
                throw new RuntimeException((Throwable) e);
            }
        })).booleanValue();
    }

    private boolean hasClusterAccount(LdapConnection ldapConnection, String str) throws LdapException {
        return ldapConnection.exists("uid=" + str + "," + this.ldapBaseDN);
    }

    private boolean isInCybergatewayGroup(LdapConnection ldapConnection, String str) throws LdapException {
        try {
            EntryCursor<Entry> search = ldapConnection.search(this.cybergatewayGroupDN, "(memberUid=" + str + ")", SearchScope.OBJECT, new String[0]);
            Throwable th = null;
            try {
                try {
                    int i = 0;
                    for (Entry entry : search) {
                        i++;
                        logger.info("Found {} in cybergateway group", str);
                    }
                    boolean z = i == 1;
                    if (search != null) {
                        if (0 != 0) {
                            try {
                                search.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            search.close();
                        }
                    }
                    return z;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public String createAccount(String str, String str2) throws InvalidUsernameException {
        throw new UnsupportedOperationException("IULdapSSHAccountProvisioner does not support creating cluster accounts at this time.");
    }

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public boolean isSSHAccountProvisioningComplete(String str, String str2) throws InvalidUsernameException {
        String username = getUsername(str);
        return ((Boolean) withLdapConnection(ldapConnection -> {
            try {
                return Boolean.valueOf(hasClusterAccount(ldapConnection, username) && isInCybergatewayGroup(ldapConnection, username) && isSSHKeyInstalled(ldapConnection, username, str2));
            } catch (LdapException e) {
                throw new RuntimeException((Throwable) e);
            }
        })).booleanValue();
    }

    public boolean isSSHKeyInstalled(LdapConnection ldapConnection, String str, String str2) throws LdapException {
        String ldapPublicKey = getLdapPublicKey(ldapConnection, str);
        return ldapPublicKey != null && ldapPublicKey.equals(str2.trim());
    }

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public String installSSHKey(String str, String str2) throws InvalidUsernameException {
        String username = getUsername(str);
        String trim = str2.trim();
        ((Boolean) withLdapConnection(ldapConnection -> {
            try {
                if (!isSSHKeyInstalled(ldapConnection, username, trim)) {
                    installLdapPublicKey(ldapConnection, username, trim);
                }
                if (!isInCybergatewayGroup(ldapConnection, username)) {
                    addUserToCybergatewayGroup(ldapConnection, username);
                }
                return true;
            } catch (LdapException e) {
                throw new RuntimeException((Throwable) e);
            }
        })).booleanValue();
        return username;
    }

    private void addUserToCybergatewayGroup(LdapConnection ldapConnection, String str) throws LdapException {
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(new Dn(new String[]{this.cybergatewayGroupDN}));
        modifyRequestImpl.addModification(new DefaultAttribute(GROUP_MEMBER_ATTRIBUTE_NAME, new String[]{str}), ModificationOperation.ADD_ATTRIBUTE);
        ModifyResponse modify = ldapConnection.modify(modifyRequestImpl);
        if (modify.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
            logger.warn("add member to cybergateway group ldap operation reported not being successful: " + modify);
        } else {
            logger.debug("add member to cybergateway group ldap operation was successful: " + modify);
        }
    }

    private void installLdapPublicKey(LdapConnection ldapConnection, String str, String str2) throws LdapException {
        String str3 = "uid=" + str + "," + this.ldapBaseDN;
        String ldapPublicKey = getLdapPublicKey(ldapConnection, str);
        if (ldapConnection.lookup(str3) == null) {
            throw new RuntimeException("User [" + str + "] has no entry for " + str3);
        }
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(new Dn(new String[]{str3}));
        if (ldapPublicKey == null) {
            modifyRequestImpl.addModification(new DefaultAttribute("objectclass", new String[]{LDAP_PUBLIC_KEY_OBJECT_CLASS}), ModificationOperation.ADD_ATTRIBUTE);
            modifyRequestImpl.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, new String[]{str2}), ModificationOperation.ADD_ATTRIBUTE);
        } else if (!ldapPublicKey.equals(str2)) {
            modifyRequestImpl.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, new String[]{str2}), ModificationOperation.REPLACE_ATTRIBUTE);
        }
        ModifyResponse modify = ldapConnection.modify(modifyRequestImpl);
        if (modify.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
            logger.warn("installSSHKey ldap operation reported not being successful: " + modify);
        } else {
            logger.debug("installSSHKey ldap operation was successful: " + modify);
        }
    }

    private String getLdapPublicKey(LdapConnection ldapConnection, String str) throws LdapException {
        String str2 = "uid=" + str + "," + this.ldapBaseDN;
        Entry lookup = ldapConnection.lookup(str2);
        if (lookup == null) {
            throw new RuntimeException("User [" + str + "] has no entry for " + str2);
        }
        if (lookup.hasObjectClass(new String[]{LDAP_PUBLIC_KEY_OBJECT_CLASS})) {
            return lookup.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString();
        }
        return null;
    }

    @Override // org.apache.airavata.accountprovisioning.SSHAccountProvisioner
    public String getScratchLocation(String str) throws InvalidUsernameException {
        return this.canonicalScratchLocation.replace("${username}", getUsername(str));
    }

    private <R> R withLdapConnection(Function<LdapConnection, R> function) {
        try {
            LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(this.ldapHost, this.ldapPort, true);
            Throwable th = null;
            try {
                ldapNetworkConnection.bind(this.ldapUsername, this.ldapPassword);
                R apply = function.apply(ldapNetworkConnection);
                ldapNetworkConnection.unBind();
                if (ldapNetworkConnection != null) {
                    if (0 != 0) {
                        try {
                            ldapNetworkConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        ldapNetworkConnection.close();
                    }
                }
                return apply;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (LdapException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private String getUsername(String str) throws InvalidUsernameException {
        int indexOf = str.indexOf("@");
        if (indexOf < 0) {
            throw new InvalidUsernameException("userId is not an email address: " + str);
        }
        return str.substring(0, indexOf);
    }

    public static void main(String[] strArr) throws InvalidUsernameException {
        String str = strArr[0];
        IULdapSSHAccountProvisioner iULdapSSHAccountProvisioner = new IULdapSSHAccountProvisioner();
        HashMap hashMap = new HashMap();
        hashMap.put(IULdapSSHAccountProvisionerProvider.LDAP_HOST, "bazooka.hps.iu.edu");
        hashMap.put(IULdapSSHAccountProvisionerProvider.LDAP_PORT, "9000");
        hashMap.put(IULdapSSHAccountProvisionerProvider.LDAP_USERNAME, "cn=sgrcusr,dc=rt,dc=iu,dc=edu");
        hashMap.put(IULdapSSHAccountProvisionerProvider.LDAP_PASSWORD, str);
        hashMap.put(IULdapSSHAccountProvisionerProvider.LDAP_BASE_DN, "ou=bigred2-sgrc,dc=rt,dc=iu,dc=edu");
        hashMap.put(IULdapSSHAccountProvisionerProvider.CANONICAL_SCRATCH_LOCATION, "/N/dc2/scratch/${username}/iu-gateway");
        hashMap.put(IULdapSSHAccountProvisionerProvider.CYBERGATEWAY_GROUP_DN, "cn=cybergateway,ou=Group,dc=rt,dc=iu,dc=edu");
        iULdapSSHAccountProvisioner.init(hashMap);
        System.out.println("hasAccount=" + iULdapSSHAccountProvisioner.hasAccount("machrist@iu.edu"));
        System.out.println("scratchLocation=" + iULdapSSHAccountProvisioner.getScratchLocation("machrist@iu.edu"));
        boolean isSSHAccountProvisioningComplete = iULdapSSHAccountProvisioner.isSSHAccountProvisioningComplete("machrist@iu.edu", "foobar12345");
        System.out.println("isSSHAccountProvisioningComplete=" + isSSHAccountProvisioningComplete);
        if (isSSHAccountProvisioningComplete) {
            return;
        }
        iULdapSSHAccountProvisioner.installSSHKey("machrist@iu.edu", "foobar12345");
        System.out.println("isSSHAccountProvisioningComplete=" + iULdapSSHAccountProvisioner.isSSHAccountProvisioningComplete("machrist@iu.edu", "foobar12345"));
    }
}
